Rick:  

Thanks for the information on the task at hand regarding operational risk.  We will certainly name an appropriate person from Operations to be involved in this project, and will work with you to help in achieving your objectives.  There doesn't appear to be anyone from ETS on your distribution list.  Operational risk is broad and would seem to be present in all of Enron's businesses.  Is the initial focus simply on the "wholesale businesses", or is there an intent to make this enterprise-wide?  

I suspect that it would be helpful for all of us on the distribution list to have a context for the way in which you see this RAC initiative complementing, replacing, overlapping, or perhaps duplicating the work of EAS, AA's internal audit engagement, the critical self assessment process being piloted in London this year by the operations team in conjuction with the AA audits, Doorstep reviews, current operational risk reporting done by the various operations teams, and our major initiatives for EES tracked every other Thursday with you and Rick Causey.   Before we each choose our appropriate representatives from our respective areas, it might be constructive to cover this in a kick-off meeting with the addressees on your memo.  

I might also suggest that we work to clearly define roles and responsibilities at the beginning of this project.  The creation of a framework for quantifying enterprise-wide operational risk is perhaps different from the implementation of daily processes or systems that are used at the business unit levels.  As on other policies devised by RAC, it would seem that implementation of anything new to meet reporting requirements against the to-be-developed operational risk policy should rest with the appropriate business unit/functional area outside RAC.  The cross-functional team that will be formed is probably best used to give input to RAC in creating the policy, but may not necessarily be the right body for implementation of specific initiatives.  

Finally, the second bullet point in Wanda's list below is already being addressed through the project that you and I agreed upon in August to insure that information from all source systems to RisktRAC is complete, accurate and efficiently handled. As you and I discussed, this is a global effort spanning all commodities/all locations/all source systems.   We have formed a steering committee with appropriate project managers and have worked closely with Debbie Brackett in defining the scope, approach, key milestones, resource requirements and projected timeline (Project Greenlight).  A team of stakeholders from Operations, IT and Debbie Brackett will meet tomorrow in order to review the project plan with David Port and Bill Bradford for final input.  My assistant is working with yours to set up a meeting then for Debbie and me to review the work done to date and to review the proposed plan and timeline.   Assuming that you are comfortable with Project Greenlight when we review the details with you,  I think that it would be appropriate to take this item off of the Wanda's list.  We can certainly update the cross-functional team on efforts underway, but there is no need for a new team to focus on this bullet point.  

Sally 

 -----Original Message-----
From: 	Heathman, Karen K.   On Behalf Of Buy, Rick
Sent:	Tuesday, October  2, 2001 11:26 AM
To:	Causey, Richard; Beck, Sally; Pickering, Mark; Gorte, David; Dyson, Fernley; Jordan, Mike; Colwell, Wes; Kaminski, Vince J; 'thomas.h.bauer@us.andersen.com'
Cc:	Kilchrist, Shawn; Bharati, Rakesh; Walker, Mark A.; 'john.e.sorrells@us.andersen.com'
Subject:	Operational Risk Management


As you are all aware, the latest Risk Management Policy specifically addresses Operational Risk, and more specifically commits Enron to develop systems and processes that enable Enron to better evaluate its operational risk.  To that end, I have asked Wanda Curry to lead a cross-functional team (the "Operational Risk Committee"), which will be jointly accountable for meeting this commitment. I would like to have representatives from Enron Assurance Services, RAC, Research, Information Technology, GRMO and Arthur Anderson.  

Enron's primary objective for monitoring its exposure to operational risk is to (a) identify the derivation of operational risk exposures and (b) improve the Company's systems and processes to mitigate such risk. The guidelines for operational risk assessment are essentially undeveloped.  It will be our challenge to identify, assess, categorize, quantify and mitigate exposure to operational risk.   

The risk capital allocation process includes the consideration of operational risk.  Initially, this assessment will be based on a qualitative view of the business unit's internal processes, people and systems. The initial goal, for completion prior to year-end 2001, is to establish a baseline and/or report card to convey a sense for where we are now.  It is Enron's objective, as reflected in the Risk Management Policy, to increase the sophistication of risk measurement for operational risks through documented qualitative assessments and quantitative measurements.  

A list of additional objectives to be addressed by the cross functional team has been prepared by Wanda.  These include:
	
Develop a qualitative operational risk assessment approach and implement.  This approach should enable a quick review of key functions and standards to identify weaknesses, monitor progress over time, and provide management with a representation of operational risk.
Assess and improve integrity of daily risk reports, i.e. require confirmation that all books are captured, aggregated and processed through RisktRAC, CreditAg, and Infinity applications
Ascertain the extent of spreadsheet usage across Enron and develop the ability to monitor NOP, V@R, and MTM for spreadsheets separately, i.e. a Spreadsheet DPR.  Work with GRMO to develop "rules of use" for financial valuation models and spreadsheet "books"
Utilize the existing RMS database and develop the ability to monitor intercompany - interbook activity (initially for forward positions only) and report variances 
Recommend metrics for quantitative measurement of operational risk
Access need for additional or improved risk databases

Wanda will be contacting each of you to identify your designated operational risk contact that will participate on this cross-functional team.  

Thanks,

Rick Buy