Full Title: Risk Management in Critical Infrastructure Protection: An Introduction for State Utility Regulators
Author(s): Miles Keogh, Sharon Thomas, NARUC Research Lab
Publisher(s): The National Association of Regulatory Utility Commissioners
Publication Date: September 1, 2016
Full Text: Download Resource
Description (excerpt):
This is a paper about risk management: what it is, how regulators can use it, and how they can ask questions to explore its use by the regulated utilities and other stakeholders they interact with. Regulators are increasingly advised to rely on decisions based on risk management – that’s often good advice, but to take advantage of it, state commission officials may want to become more familiar with what risk management is and how it is employed. Many regulators are familiar and comfortable with risk-based processes and the qualitative and quantitative methods for understanding risk, but many are not. If you don’t know a stochastic method from a kick in the knee, this primer is meant for you. It’s not our goal to be comprehensive here, just to get you on-boarded to the conversation. Risk management is a complex discipline that leverages statistics and other quantitative methods, as well as psychology and other qualitative methods, and you can spend your entire life earning degrees in its theory and application. Instead, this paper lays out an introduction to what risk management is, and gives a few starting points for regulators interested in augmenting their processes with it. In particular, it focuses on the basic concepts of risk management and on ways that regulators can employ riskinformed thinking to make choices around the areas of critical infrastructure protection and energy assurance.