To develop and deliver safe, reliable and affordable energy and energy services to more than 32 million consumers, our company and subsidiaries must prepare for adverse events and uncertainties. We take this responsibility very seriously.
Sempra Energy identifies, assesses and, where possible, mitigates a broad and complex set of risks commonly associated with the energy industry. Our 10-K provides a description of these risks.
Types of risk assessed include financial risks; operational risks, including safety and cybersecurity risks; regulatory and compliance risks; and other risks (examples are listed below).
- Safety risk – There are inherent public and employee safety risks associated with operating natural gas pipelines, electric transmission and distribution lines, LNG receipt terminals, natural gas storage, natural gas-fired power plants, solar plants and wind turbines.
- Financial risk – Sempra Energy’s cash flows, ability to pay dividends and ability to meet its debt obligations largely depend on the performance of its subsidiaries and the ability to utilize the cash flows from those subsidiaries.
- Operational risk – Severe weather conditions, natural disasters, catastrophic accidents or acts of terrorism could materially adversely affect our businesses, financial condition, results of operations, cash flows and/or prospects.
- Cybersecurity risk – The malicious use of technology could present a risk to our information systems and the integrity of our energy grid and our natural gas pipeline infrastructure and storage.
- Regulatory risk – Our businesses are subject to complex government regulations and may be materially adversely affected by changes in these regulations or in their interpretation or implementation.
- Reputational risk – The reputation of our companies is fundamental to our license to operate in or near communities. This includes impacting our ability to site projects and receive needed approvals and permits from local governments, regulatory and permitting agencies.
- Compliance risk – Our businesses incur environmental compliance costs, and future environmental compliance costs could have a material adverse effect on our cash flows and results of operations.
Climate change and regulatory risk
Sempra Energy’s businesses are subject to many rules and regulations that encourage or require us to limit our greenhouse gas emissions and water use.
We are required to obtain permits, licenses, certificates and other approvals to operate our businesses. And we must monitor and control our environmental impact. Failure to comply with these requirements could subject our businesses to substantial penalties and fines – and might even result in the significant curtailment of our operations.
The way we operate our infrastructure helps to mitigate these risks. Our natural gas power plants are built to standards that minimize the amount of water needed. Our solar and wind assets require negligible amounts of water to operate. And we operate our natural gas infrastructure efficiently, working to assure the integrity of our pipelines and other assets.
Risk management process
At Sempra Energy, we assess a risk based on its ability, probability and potential to have a significant adverse impact on our business.
We take a rigorous approach to risk management. We use a risk framework and risk registry to assign and track risks internally. We also use a range of tools and methods, including risk maps, risk composition, risk correlation and sensitivity analysis. We look to share or transfer risk wherever possible through methods such as counterparty/liquidity risk in joint ventures; use of guarantees or long-term contracts; and risk indemnification.
Risk management teams from across the company use this approach. For each identified risk, the teams assess the potential impact, likelihood of the event and strength of controls. Once a risk has been assessed, risk managers work to mitigate it. Each principal subsidiary’s risk management department reports directly to its CEO or COO – and reports the risks it has identified to its board of directors. Sempra Energy’s corporate risk management department reports to the CFO – and reports aggregated risks to the Sempra Energy board of directors. Effective risk management is essential to maintaining stable operation of our businesses – and to achieving strong and predictable business outcomes.
Cybersecurity risk and mitigation
Cybersecurity is a priority at Sempra Energy. In addition to the cyber risks that all Fortune 500 corporations face, the utility industry faces evolving cybersecurity risks associated with protecting confidential customer information and electric and gas system infrastructure. An attack on our information systems or the electric or natural gas system infrastructure could have a material adverse effect on our businesses, cash flows, financial condition, results of operations and/or prospects. The theft, damage or improper disclosure of sensitive electronic data could subject us to penalties for violation of applicable privacy laws, subject us to claims from third parties, require compliance with notification and monitoring laws, regulations and requirements, and harm our reputation.
Sempra Energy has implemented a cybersecurity steering committee consisting of a team of company officers responsible for legal, human resources, compliance, information technology, audit and utility operations. The committee is chaired by Mark Snell, President of Sempra Energy, and covers cybersecurity for all Sempra Energy companies.
Compliance and management systems
As an energy services holding company, Sempra Energy expects its subsidiaries to utilize effective processes and management systems to optimize performance and ensure compliance with company policies and all applicable laws, rules and regulations.
Sempra Energy and its businesses use a range of management systems and processes. By tracking performance, compliance and key metrics, we protect our company from exposure to unnecessary risk and help ensure strong performance.
A partial list of systems, functions and processes is below:
- Audit services department – completed 138 audits in 2015, reviewing existing business practices and identifying additional improvements.
- Corporate responsibility data system – used to collect, aggregate and analyze a wide range of performance data, including emissions, safety and diversity data, from Sempra Energy’s principal subsidiaries.
- Safety information management system — used by our California utility employees to report employee injuries and incidents (including near-miss incidents) and facility safety inspections.
- GIFTS – a comprehensive grants-management tool we use to administer all our philanthropic grants. Through this tool we manage the entire grant-making process including applications, payments, tracking, coding, outcomes measurement, communication with grantees, and reporting.
- Injury and illness prevention program — a written plan for preventing injury and illness that includes management responsibilities; employee communications and compliance systems; scheduled inspections/evaluations; accident investigation; and procedures for correcting unsafe or unhealthy conditions when found.
- Environmental and safety compliance management program — used to manage California utility compliance with environmental and safety laws; rules and regulations; and company standards. Sempra Energy’s other subsidiaries use similar systems, including ISO 14001 and OSHAS 18001, to monitor environmental and safety compliance.
- Employment training and performance system — an online system that tracks employee goals and performance as well as completion of required training courses.
- Business resumption plans — plans that address recovery and resumption of critical business functions and applications in response to a wide range of events such as natural or human-made disasters or disruptions. Regular reviews are completed according to the level of criticality for each business function.
- Lobbying activity tracking system — to manage political activity and meet political reporting requirements, certain employees are required to submit monthly lobbying activity reports using this web-based reporting tool.
- Anti-corruption system and process — used to manage compliance with all applicable anti-corruption and anti-bribery laws, including the U.S. Foreign Corrupt Practices Act.
- Geographic environmental analysis and reporting system — a centralized system that our California utilities use to map, screen and track projects for environmental review.
- Corporate compliance group – provides training to employees according to their position and responsibilities, generates employee awareness of issues relating to compliance and ethics, and requires subsidiaries to submit annual compliance plans.
Supplier selection and monitoring
Sempra Energy subsidiaries work to select dependable suppliers and business partners and monitor their performance. This plays an important role in limiting risk. (Note: information on the impact of our supply chain may be found in the “Environment” section of this report.)
When a subsidiary identifies a need that would be best met by a third party, its procurement personnel identify qualified suppliers. Procurement policies specify the insurance certificate and legal review requirements as well as the contract risk management procedures that must be followed. Information on how to do business with Sempra Energy companies can be found in the supplier diversity section of sempra.com. SDG&E also describes electric and fuel procurement opportunities on its website.
It’s important to note that as part of our approach to risk management, Sempra Energy’s subsidiaries work with a range of suppliers. Providing reliable energy to our customers is essential to our business, so we work with small, mid-sized and large companies; new as well as more established companies; and companies with operations in different locations. We need suppliers that will dependably provide us with essential equipment, parts and services – even in the event of adverse conditions such as a natural or man-made disaster. Working with a range of suppliers helps ensure system reliability. It also results in better services and lower costs.
Once a supplier has been selected, supply chain managers in our businesses monitor their performance. Certain suppliers in our subsidiaries’ supply chains are critical to their operations. We need to know: Will they deliver the goods or services as expected – and are their operations in alignment with Sempra Energy’s values and standards? This includes acting with integrity (suppliers are subject to anti-corruption review); complying with applicable laws and regulations; achieving strong health and safety performance; respecting employee rights and minimizing impact on the environment. These expectations are described in detail in our Supplier Code of Conduct.
To complement the work of supply chain managers, our internal audit group conducts supplier audits, reviewing safety procedures and performance; training programs; and subcontracting policies, among other topics.
We understand suppliers are independent entities. However, supplier business practices and actions, including but not limited to failing to deliver goods or services, can impact Sempra Energy subsidiaries and their customers.