During the past 10 years, oil, mining, and other resource-based industries have been impacted by a significant shift in public attitudes and policymakers' waning appetite for risk-taking. Events ranging from massive oil spills and tsunamis to nuclear meltdowns have drawn increased scrutiny worldwide. Stakeholders are more and more concerned about the adverse impact that failed risk management functions have on the environment, employees, and the bottom line.
While risk-taking remains a fundamental component of the growth and competitiveness of any business, the way corporations identify and manage their internal and external risks has become increasingly important to shareholders, governments, capital markets, and the general public – and critical to the sustainable growth of today's global businesses.
A broad spectrum of regulations, standards, and policies have set out to govern the risk management activities of global industries, such as Basel I, II, & III; Committee of Sponsoring Organizations; ISO 31000; the US Occupational Safety and Health Administration's Process Safety Management; and the Bureau of Ocean Energy Management, Regulation and Enforcement's Safety and Environmental Management System. Many of these, however, fall short by only providing a tactical outline of what should be done, not a strategic prescription for how to manage risk in a large, complex business.
Risk management is a series of five steps that are employed when managing any risk in any department of any business. (Image courtesy of Dyadem)(Images courtesy of Nabors Industries Ltd.)
The inherent challenge with these management models is that risk is being approached from a single perspective. For most major corporations, risks fall into one of two categories, financial or operational, with each representing a vital component of a company's overall risk profile. Typically, finance is responsible for credit, market, and insurance risks, while operations is responsible for HSE, capital projects, IT, human resources, quality, etc. Unfortunately, traditional "enterprise" risk practices have focused primarily on financially based risks and have ignored, if not dismissed, risks from other areas of the business. True enterprise risk management (ERM) examines risk exposure across both finance and operational silos to identify unforeseen, unwanted events that may be lurking in the business and that could have a material negative impact on corporate goals. In addition, enterprise risk management is rapidly evolving within major corporations by extending beyond reactive fulfillment of compliance requirements to proactively strive for strategic competitive advantages. Organizational leaders from the boardroom to the plant floor are fuelling this evolutionary shift by recognizing that better risk management practice results in real, tangible business benefits, including:
Lower cost of capital;
Improved ability to achieve corporate goals and objectives;
Better, more reliable relationships with the capital markets;
Improved corporate reputation;
Lower operational costs; and
Better regulatory and community relations. But to achieve these benefits, companies must treat risk holistically across the entire business – including opera- tional risks as well as financial ones – and reaching beyond compliance.
Fundamentally, enterprise risk management starts with three questions:
"What are the risks to my business?"
"What controls do I have in place to mitigate those risks?"
"Are those controls working?"
To effectively manage risk, every manager must be able to answer these questions on a day-to-day basis. To achieve this goal, organizations must have a core process for identifying and understanding their risks and determining how they are being addressed.
Five steps to success
Fundamentally, risk management is a straightforward series of five steps. These same five steps are employed when managing any risk in any department of any business.
The simplicity of this process is what makes a true ERM solution valuable and manageable.
Step 1 is risk identification. Risk ID is the cornerstone of an effective ERM program because a risk has to be identified before it can be managed. There are thousands of ways to identify risks, but whatever the methodology used, it must be accurate.
Step 2 is risk analysis. An organization must understand the impact of a risk on its objectives and goals. A functional ERM solution enables identified risks to be evaluated in terms of an organization's risk appetite. Risk matrices, scoring models, and materiality thresholds contribute to the level of impact a particular risk may have on business.
Step 3 is control identification. A company has to determine what is currently being done to manage risks and what else can be done to further minimize them. This step is crucial for compliance and providing confidence to stakeholders that a company is in control of critical risks.
For many, this is a serious challenge. Many organizations are very good at steps 1 and 2, but when it comes to determining what they are actually doing to control their risks and who is responsible for that control, they fall down. A working ERM solution provides senior management with traceability and accountability to improve their risk control process.
Step 4 is implementation of control. Control implementation and control assurance are vital to the ongoing viability of a business. For many organizations, an audit is the first indication that there is a problem with control. A robust ERM solution provides the ability to ensure controls are properly assigned, accepted, and implemented, providing accountability and governance over risk control.
Step 5 is monitoring and reporting. For many companies, this is the risk assurance or governance issue. It is the ability to determine if commitments are being kept and if risk management processes are working. This step is critical for continuous improvement. An organization should be able to determine if the controls it has in place are in fact reducing its risk, if the company is meeting its goals, if departments are lagging, or if critical actions are not being completed.
This step answers that critical question, "Are my controls working?" and enables organizations to learn from experience, track performance, and improve operations.
The competitive advantage
Identifying, understanding, and mitigating key risks are critical to sustainable growth in today's complex global markets. Investment banks are looking for more reliable bets. Governments are looking for better business partners. Communities are looking for safer places to work.
A corporation in control of its risks provides these benefits and has a tremendous advantage over its competition in the race for resources.
Recommended Reading
LongPath Ditches Up-in-the-Air Tech for Emissions Reduction Closer to Ground
2024-12-17 - LongPath Technologies has received a federal loan to develop a monitoring network and conditional approval from the state of New Mexico for use of its system at oil and gas operations.
Methanol Microreactor Project Aims to Convert CO2 into Liquid Fuel
2024-12-03 - The SRI International-led project, which received a Department of Energy grant, would use renewable energy to convert CO2 into liquid fuel.
CRC's Carbon TerraVault, Net Power to Develop Low Emissions Power Plants
2024-12-10 - California Resources Corp.'s Carbon TerraVault and Net Power will conduct feasibility studies on locating power plants near underground CO2 storage vaults, according to a news release.
BP Monitoring Air Following Leak at Whiting Refinery
2024-12-27 - BP says the Midwest refinery is now operating normally.
Equigas, CO2Meter to Partner in Offering Gaslab Detection Devices
2025-02-14 - The devices are used in industrial operations to monitor gas leaks and maintain air quality and safety compliance.
Comments
Add new comment
This conversation is moderated according to Hart Energy community rules. Please read the rules before joining the discussion. If you’re experiencing any technical problems, please contact our customer care team.