White Papers Risk Monitoring and Management Trends In Commoditi

Risk Monitoring & Management Trends in Commodities Where are the different risks managed? According to the respondents, most risks are managed at both the enterprise and departmental levels as might be expected. However, whereas legal, regulatory and treasury risks have a strong enterprise management aspect, operational risks like scheduling are more often managed at the department level. However, the data does suggest that there are broad differences in approach across the industry as there seems to be little agreement between the respondents on which risks should be managed at what level (Figure 5). Figure 5: At What Organizational Level are Risks Best Managed 100% 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Legal Risk Regulatory Risk Treasury Risk Enterprise IT risk Operational Market risk Credit Risk Operational Operational monitoring risk - other risk - risk - scheduling employee & analytics activities Department Both Don't Know A ComTechAdvisory Whitepaper developed solutions were also sometimes deployed in areas like regulatory risk, IT risk and legal risk. Given the depth of concern over effective risk management, there isn’t significant agreement among the respondents on how to manage risks systematically. However, the continuing use of spreadsheets in particular as a risk tool causes concern for a number of reasons. Aside from well- publicized issues related to errors and omissions, spreadsheets are not easily scalable and the data and information on which risk decisions are made can become cloistered within an organization. This reliance on tribal knowledge introduces any number of additional potential risk variables, and as such, spreadsheets should not be considered a replacement for enterprise grade, commercial-off- the-shelf commodity trading and risk management solutions. Figure 6: How are Risks Managed? 100% Finally, we asked the respondents how risks were measured, monitored, and managed. The CTRM solution was most often used to perform these activities only for market risk, scheduling and credit risk (Figure 6). Specific risk tools or software were also often used in market risk, credit risk, treasury risk, IT risk and regulatory risk. Spreadsheets continue to be popular risk management tool for market risk and treasury risk specifically, while business processes and controls were mechanisms often used for operational risk management, legal risk and regulatory risk. Internally 90% 80% 70% 60% 50% 40% 30% 20% 10% 0% Market Risk Operational Credit Risk Monitoring Risk - & Analytics Scheduling Treasury Operational Operational Risk Risk - Other Risk - Employee Activities E/CTRM Solution ERP Solution Internal Solution Spreadsheets Business Processes Don't Know IT Risk Legal Risk Regulatory Risk Specific Risk Package The low number of respondents noting that their E/CTRM systems are utilized to address many of the common risks faced by market participants is somewhat surprising in light of the broad and sophisticated capabilities offered by the larger © Commodity Technology Advisory LLC, 2017, All Rights Reserved.

White Papers Risk Monitoring and Management Trends In Commoditi | Page 5