At Bonova Advisory we interview Industry Thought Leaders, C-suite from large firms and Influencers on a variety of topics pertaining to Risk, Regulation, Corporate Governance and Digital Innovations.

Last week, I had the pleasure of interviewing Soubhagya Parija Chief Risk Officer of nation’s largest public power authority New York Power Authority established in 1931 by President Franklin Roosevelt. Prior to joining NYPA, Soubhagya spearheaded Risk departments at Walmart, Duke Energy and other large firms.

Thank you so much for doing this with us! What is your “backstory”?

Well, I call myself a passionate risk professional. I am still fascinated by the promises of risk management even after spending bulk of my career in this field. Never before have been so many uncertainties and uncertainties drive value of risk management.

How has your role evolved in managing risks from private to public sector?

To the extent risk management is about managing risk-reward tradeoffs so as to ensure optimal resource allocation, the role has not changed in a fundamental way. However, both risks and rewards are different in private sector vs public sector. In the public sector risk management is more challenging because one cannot potentially use a market based indicator such as stock price to quantify risk or reward. The public sector is there to drive value mostly through a public good. Because of these externalities, it is difficult to price the product. At the same time there are costs of operation that the company needs to cover. The company still needs to make strategic investments which need capital. So operationally the organization still need to optimize. At the same time, the public sector has what we call patient capital. Without the pressure of a quarterly earnings call, the public sector can make strategic long term bets where few private sector companies will venture. So my job has evolved in this way — i.e., to redefine the risk and reward appropriately.

There are several projects my team has worked on. One of the exciting projects was to analyze and develop a plan for managing reputation risk. Another one that comes to mind is about resource allocation — should we extend the life of a plant or not.

What are the top risks that you and your board is concerned about?

At NYPA, we have made a commitment towards becoming the first end to end digital utility. While cyber is a top risk for any utility, for us it has a special meaning. The other risk I am concerned about is the talent risk. As our business model is undergoing a change we need a talent profile that is different from what characterizes a standard utility workforce. But this new talent does not want to commit to a company for long years and does not even want to commit to a 9–5 job. So how do you run a 24/7 operation with talent that is both elusive and non-committal?

Utility Industry is getting very competitive. How are you addressing the risks associated with maintaining a competitive edge?

The electricity utility business model is changing very fast. The way we try to address this risk at NYPA is by taking more risks in certain areas than ever before. As the utility value chain is threatened we want to lead the industry transformation. But we want to do so in a risk intelligent fashion.

Building a “Lean Risk Culture” is crucial in strengthening risk management practices at a holistic level. What is your approach in building a lean risk culture? Can you share a story or example?

We are trying to build a very agile risk management function at NYPA. We are embedded in the business as decisions are made. We do not view risk management as a function that steps in when people veer from their lanes. Rather we define lost opportunity as a risk and like to work with the business to drive value. One such example is how we monetize in the wholesale market. We provided a strategy to the front office to modify their bidding strategy.

What is your advice for a Chief Risk Officer who is building an Enterprise Risk Management office ground up? Can you share 5 things they should avoid doing?

Enterprise risk management should be geared towards identifying, quantifying and mitigating the business model risks. It is easy to fall prey to a transactional process defined from bottoms-up perspective and produce heat maps on a regular basis. But that should be of the least priority. There is no one size fits all model despite what the GRC Software vendors or some consultants would like you to believe. You have to understand the business and its strategic goals. Another thing to avoid is making enterprise risk management a bureaucratic process.