Global Chaos as Microsoft Outage Disrupts Critical Services

View All

Case Studies

Securing Cyber-Physical Systems for a Defence Manufacturer

View All

Upcoming Events

LEMA Summit 2024

View All


Image of Thermal power stations and power lines during sunsetImage of Thermal power stations and power lines during sunset


Assuring Utility Markets

18th Sep, 2023

Utilities such as gas, water and electricity are, by definition, commodities. That is to say that all units of production are identical, regardless of who produces or supplies them. Utilities are essential to everyday living now; we find it incredibly hard to live without them.

So, how do we, as market participants, movers, makers, and shakers ensure that the consumer can have trust in the products and services that we provide, given that they have options about which business they choose to get exactly the same product from?

Building trust in utility markets

The presence of robust assurance mechanisms empowers our regulatory bodies to exercise effective oversight and hold businesses accountable. Regulatory bodies use assurance processes to monitor market entry and performance, assess compliance, and enforce penalties and/or remedial actions for non-compliance. This accountability aims to ensure that businesses operate ethically and responsibly, safeguarding the interests of consumers.

We have infrastructure, systems, human resources, data that all must be in good working order. Good working order is both demanded and ensured by the rules and regulations held as the legal standards by the regulatory bodies. These are for us all to adhere to.

Underneath that we have designed processes and standards for our markets to ensure that we can meet the rules and regulations, and all operate in the same manner. However, this only works if we adhere to these standards, right? If we don’t, we introduce disruption to the market and in doing so we deliver a less than desired service and/or product to our consumers and can ultimately disrupt the market and its operation. If one business fails, who picks up the pieces, including costs? We all do. So, its in our best interests to meet the standards set out for us.

The trouble is that as there are a number of different parties performing different roles with different business goals and objectives. How do we make sure that they come together, to work together, effectively in the same market? A market that has some newbies, some old hats, some naïve parties, and others who have much more experience and potential influence into the mechanics and makings of the rules that we must follow? This increases the risk that there is disruption to the market and to the consumers and so on and so forth.

How do we manage this? Well, one way is to use assurance mechanisms.

What is assurance?

  • Assurance of new market entrants – processes that are designed to help parties meet the rules, regulation, processes, and standards of service. It should provide empirical evidence that can be used to inform decisions.
  • Assurance of existing market participants – processes that are designed to detect that they continue to meet the rules, processes, and standards of service despite any internal change of external change within the market. Not adhering should be met with remedial actions or penalties.
  • Technical Assurance of processes – this sort of assurance requires digging into the detail of processes where there is shown to be a disconnect or poor performance.
  • Technical Assurance of devices – processes that are designed for assessing devices and skills to make sure that equipment used to measure and maintain accurate data are capable of doing so and continue to do so, including the skillset of the human resources that interact with the devices.
  • Assurance of performance – processes designed to monitor, assess and mitigate risk at both a party and market level and sometimes introducing mutually agreed incentives and / or penalties to maintain or meet standards of performance.
  • Assurance of Cyber & Digital practices – Processes designed to monitor, assess, and mitigate risk to legal and regulatory requirements of secure networks, technologies and cloud solutions.

Examples of assurance, that maybe aren’t obvious! Do you do these, can you think of anymore examples?

  • Utility Business related

    Project management | Regular internal review | Process review | Process audit | Documented procedures & review schedules | Version histories & controls for documents & processes | Documented governance & approval processes |
    Risk assessment & strategy | Obligation registers | Traceability matrices | Education | Training | Monitoring & reporting | ISO Assessments & Audits | Cyber Security Services | Data Security Services

  • Non-Business related

    Dentistry check-up & remedial actions | Car MOT | Regular home cleaning schedule |
    Health check-up & remedial actions | Home maintenance | Garden maintenance |
    Financial budgeting | Using instructions to build flat pack furniture | Researching Broadband providers to get the most appropriate service

Examples of what can go wrong and the impact that might have:

  • Failure

    Market rules are not met | Operational rules not met | Poor data quality and / or accuracy | Lack of change management | Poor design | Lack of expertise / knowledge skill set | Internal reviews not implemented

  • Impact

    Legal challenge | Regulatory challenge | Loss of business licences |
    Remedial action | Financial Impact | Reputational | Market fails

The final thing about assurance is this……

… shouldn’t create burden for burdens sake, it needs to be proportionate. This can be achieved by detailing, monitoring and managing risk/s to the business, processes, outputs et al. so that we can see what may be creating risk. We want to be able to apply big assurance to big impact changes, and small assurance to small impact changes. It’s a sliding scale that should be assessed and applied based on the individual circumstance, which means that an agreed method needs to be reached.

Examples of the types of engagement Gemserv has made in assurance services.

Market Entry

Provider of market entry services in the UK & Ireland.

Market Readiness

Consultancy services for market opening in the English water market and the Emirates Energy and Water markets

Market Design

Establishing the market design and associated requirements for the Scottish water market.

Provider of market design assurance in Electricity in the UK & Ireland.

Performance Assurance

Designing and delivering gas performance assurance services in the UK and delivering performance assurance services for the electricity markets in the UK & Ireland leading to market wide change.

Technical Assurance

Provision of audit of metering services in the UK for Electricity.

Designing and delivering process assurance in the UK Water & Electricity markets, leading to both business and market wide change.

Regulatory Audit & Investigation

Designing and delivering audits on behalf of the UK, NI, Irish and the Emirates regulators for electricity on specific areas of risk to the market.

Cyber Security

Delivering cyber threat intelligence and building security into the design of corporate change programmes, embedding cyber and privacy practices.

Risk Management & Strategy Development

Aligning cyber risk, security, and data privacy with business objectives as well as risk assessment, treatment and management.


Looking forward

All types of assurance offer the opportunity to promote industry improvement and innovation and is often the catalyst for both. Over the coming weeks I’ll be writing in a bit more depth about these types of assurance. IF we can get the processes and outputs right consistently – we’re more than halfway there to building trust and confidence.


Elizabeth Montgomerie

Compliance & Assurance Specialist

Read Bio