Risk Management at Energy Suppliers
The changing energy market
Energy suppliers play an enormous role in public life. Aside from utilities, they provide critical infrastructures that are essential for maintaining core social functions as well as health, security and socio-economic well-being of the general public. Any disruption, let alone destruction, of energy plants due to cyberattacks or blackouts would have an enormous impact - especially when their functions can neither be maintained nor taken over.
Recent news: Reports from the cybersecurity company ESET, which analyzed the “Crash Override” malware behind the smart grid blackout in Kiev, cite evidence that the malware’s modular structure could be easily adapted to other electric companies and systems. Longer, more significant power failures are predicted for the future.
The energy market also faces growing complexity with regard to:
- Infrastructure maintenance and construction including intelligent networks
- High pressure to minimize costs
- Demands for renewable energy
- Customer loyalty
- Mounting regulations
- EU guidelines on network and information security (NIS) for critical infrastructures
- EU data protection regulations
- EU guidelines for smart grid/market (electricity, energy efficiency, measuring equipment)
- ISO/IEC 27001/2: Information security management / code of practice
- ISO/IEC TR 27019: Information security management guidelines based on
ISO/IEC 27002: Process control systems specific to the energy utility industry
- Increasing digitalization
- Greater risk of cyberattacks
Energy providers are not only obliged to ensure a reliable energy supply. They also need to effectively prepare for potential emergencies, for example, by identifying risks at an early stage. Due to these factors, managing energy companies is more complex than ever – especially in light of the expectations for higher efficiency. To address these challenges, insurance providers must develop processes and establish standards for modern, efficient enterprise management. Governance, risk and compliance (GRC) processes are taking on a growing role in this regard.
Core responsibilities of top management
GRC entails much more than individual processes such as an internal control system, compliance or risk management. It combines all capabilities that enable organizations to reliably achieve their goals, cope with uncertainty, and take action with integrity.
Establishing GRC processes and overseeing their ongoing development is one of the main responsibilities of top management – not only due to the tangible benefits they can generate across the company. These types of processes generate synergistic effects, promote collaboration, and ensure long-term performance.
- avedos risk2value 2018 en.pdfRisk management software, risk2value
- avedos RISK 2018 en.pdfRisk Management at energy suppliers
- avedos BCM 2018 en.pdfBusiness Continuity Management at energy suppliers
- avedos ISMS 2018 en.pdfInformation Security Management at energy suppliers
- avedos ICS 2018 en.pdfInternal Control System at energy suppliers
- avedos EnBW Success Story 2018 en.pdfDetailed case study, EnBW
“After our implementation of iRiS, we were able to reduce the controls for integrated risk management in our company by 85.25%.” confirmed Sven Waldecker, Risk Management & ICS Officer at EnBW (Energie Baden-Württemberg AG).
GRC sets the guidelines for transparent, sustainable enterprise and performance management that weighs risks and opportunities to generate value. Companies with a comprehensive GRC concept also have more resources to utilize opportunities because they have a better understanding of the risks and contingent liabilities.
Individual software solution
All companies want to differentiate themselves from competitors – in their market presence, product and service offerings, operational and organizational structures, but also their business and GRC processes. GRC software, therefore, must be very flexible in order to map the designated processes and grow with them over time.
Marco Mannes, Corporate Risk Manager at Energie Baden-Württemberg AG (EnBW), works with risk2value from avedos. “The software’s greatest advantage is its incredible flexibility,” he explained. “Once you have internalized the functionality and structure, you realize that you can use the software as building blocks to address many different requirements.”
Many energy providers are taking steps to implement integrated GRC projects. Back in the year 2000, EnBW began building a risk management system that would be later dovetailed with its internal control system. Another example is TransnetBW, which deployed an integrated governance, risk and compliance organization in order to increase efficiency and improve the coordination of different risk information. The maturity level for management and monitoring instruments such as risk management, compliance management and the internal control system have improved as a result.
Our on-demand webinars keep you informed on how you can benefit from our solutions for risk management, ISMS and GRC. Learn from the hands-on experience of our clients and experts. Our current library includes:
EnBW (Energie Baden-Württemberg AG) is one of the largest energy suppliers in Germany and Europe. The company with a workforce of 20,000 people and supplies 5.5 million customers with electricity, gas, water and energy-related products and services. EnBW is committed to expanding sources of renewable energy, especially wind and hydraulic power. At the same time, the company is securing the energy supply with modern, conventional power plants.
TransnetBW GmbH operates the electricity transmission grid in the German state of Baden-Württemberg. Approximately 80 transformers connect its transmission grid to the distribution grids in Baden-Württemberg and supply electricity to internationally renowned industrial enterprises and more than 11 million people throughout the state - reliably and at every hour of the day. In this way, TransnetBW ensures the economic strength and quality of life in southwest Germany.
avedos GRC GmbH is a European software vendor that has specialized in developing integrated solutions for Governance, Risk and Compliance (GRC). avedos software solutions serve as a link between business operations and top management to enable risk-conscious, value-driven decisions in today’s complex business world. The software platform risk2value supports a wide range of GRC disciplines including enterprise risk management, internal control systems, compliance management, audit management and information security management. Its clients include the world’s largest and most successful automobile manufacturers, insurance companies, telecommunications providers and retailers.
Questions? Simply complete our online contact form, give us a call, or send us an email.
We look forward to hearing from you!