Operational Risk Management (ORM) in a growing microfinance industry
The Future of Operational Risk Management - Enablon® · 2019-08-19 · Why is Operational Risk...
Transcript of The Future of Operational Risk Management - Enablon® · 2019-08-19 · Why is Operational Risk...
An Enablon White Paper
The Future of Operational Risk Management: The Oil & Gas and Chemicals Approach
www.enablon.com © Enablon 2015 // 1
TABLE OF CONTENTS
// DEFINING OPERATIONAL RISK MANAGEMENT 2
// THE TRANSFORMING OPERATIONAL RISK LANDSCAPE 4
// IMPLEMENTING A WORLD-CLASS RISK MANAGEMENT PROGRAM 6
// SUMMARY & CONCLUSION 10
EXECUTIVE SUMMARY
The Oil & Gas industry is constantly changing. These changes affect a lot of other industries as well,
including the Chemicals and Transportation industries. Market volatility within these industries
creates various challenges and risks, making a strong Operational Risk Management program to deal
with uncertainty all the more important.
This white paper will dive into these issues and answer the pressing questions facing Oil & Gas and
Chemicals professionals.
Why is Operational Risk Management (ORM) important? What are the latest ORM issues and trends?
How can companies manage operational risk and enable a sustainable company?
What you will learn from this report:
- A better understanding of ORM
- Expert insight into the top ORM issues and trends shaping the Oil & Gas and Chemicals sectors
- Actionable best practices for leveraging technology and mobility to address ORM challenges
This report is intended for the following audience:
- Industries: Oil & Gas, Chemicals, Energy & Utilities, Mining & Metals, Transportation…
- Job roles: Manager, VP and Director Level in Risk, EHS and IT functions
- Level of expertise: both ORM beginners and pros
www.enablon.com © Enablon 2015 // 2
Before proceeding any further, a clear understanding of ORM is necessary. This section defines ORM,
describes the concept of holistic risk management and discusses its benefits.
// DEFINITIONS
Risk is uncertainty with respect to achieving
objectives. Risk management is a pillar of
Governance, Risk and Compliance (GRC), "a
capability to reliably achieve objectives
(governance) while addressing uncertainty
(risk management) and acting with integrity
(compliance).”
Operational risk is the risk of loss resulting
from inadequate or failed internal processes,
people and systems or from external events
(Figure 1). It includes legal risks such as fines,
penalties, punitive damages, and private
settlements. Operational risk falls under
enterprise risk (the high level roll up of
potential risks), along with strategic, market
and financial risk.
// RISK MANAGEMENT FRAMEWORK
Risk management is an integrated framework that
takes a holistic view of risks throughout the
organization. The framework helps companies to
prioritize all risks and apply appropriate resources. It
provides transparency, enhances decision making
and maximizes a company's ability to achieve its
objectives. While risk management can shape and
control risk, it cannot eliminate all risk options.
Companies have the choice to accept, avoid, manage
or transfer risk (a few examples of transferring risk
are partnering with another company or buying
insurance)(Figure 2).
z
Figure 2. Risk management options depend upon the risk's impact and likelihood of occurrence.
Figure 1. Four elements produce operational risk.
Defining Operational Risk Management
www.enablon.com © Enablon 2015 // 3
Risk management is most successful when the organization adopts a "risk culture" where people
accept accountability for risk within their functions. This calls for input from a variety of experts and
the use of a variety of tools. In addition, it requires function-appropriate training.
// RISK AS AN OPPORTUNITY
While risk is traditionally a negative term to many organizations, this is beginning to change. Over the
past ten years companies have started to view risk as
an opportunity and have adopted frameworks to
better identify, assess and quantify strategic, financial
and operational risks (forming what we call enterprise
risk). Most large public companies put risk programs in
place in response to Sarbanes-Oxley; others put
programs in place because it makes good business
sense.
Why is risk an opportunity? Risk management helps
companies to identify and act upon business
opportunities. It helps them decide where to invest
resources, using Return on Investment metrics that
consider the cost to manage and reduce risk, as well as
returns.
According to the RIMS Risk Maturity Model, companies with enterprise-wide risk management
initiatives can see up to a 25% increase in value when compared to similar companies without a risk
culture (Figure 3).
We must continue to assess risks in innovative ways that reduce risks that are present, and risks that may become threatening in the future.
–JOHN KILL, GLOBAL RISK PARTNER, ERM
”
“’“”
Figure 3. Simply put, companies with more mature risk programs are worth more (adapted from RIMS Risk Maturity Model).
www.enablon.com © Enablon 2015 // 4
The volatility in the Oil & Gas and Chemicals sectors creates both risks and opportunities. The Oil &
Gas sector uses new technologies like hydraulic fracturing and horizontal drilling while regulatory
bodies and other stakeholders’ requirements are putting increased pressure on businesses. Several
issues and trends will impact how Oil & Gas and Chemical companies operate in the near future:
Lessons learned in the Gulf of Mexico
Executive Order 13650
Process Safety Management (PSM) challenges
// LESSONS LEARNED IN THE GULF OF MEXICO
The American Petroleum Institute (API) says that the drilling industry has improved safety since the
April 2010 well blowout in the Gulf of Mexico. New and revised API standards plus Safety and
Environmental Management Systems (SEMS) regulations developed by U.S. Bureau of Safety and
Environmental Enforcement (BSEE) address safety issues. Still, the Chemical Safety Board says that
gaps remain about how companies address major
incidents.
So, is the Gulf of Mexico safer today? Award-
winning author and journalist Loren Steffy says,
"we don't know what we don't know." Drillers in
the Gulf do not consistently collect "near miss"
data or report hydrocarbon releases; the data
available is often lacking and inaccurate. This
differs from the North Sea, where drillers have
adopted a safety culture. Steffy has the following
observations regarding the Gulf of Mexico:
Companies must find better ways to collect and assess data. Data must be readily accessible
to be able to identify trends, assess system effectiveness and conduct benchmarking on
safety performance
We need more industry scrutiny and more transparency of shared best practices
The Transforming Operational Risk Landscape
www.enablon.com © Enablon 2015 // 5
// EXECUTIVE ORDER 13650 In August 2013, the U.S. President signed Executive Order 13650, "Improving Chemical Facility Safety
and Security." This Order directs the federal government to improve coordination with state and
local partners; enhance federal agency coordination and information sharing; modernize policies,
regulations and standards; and work with stakeholders to identify best practices.
Expected impacts include:
Changes to OSHA PSM and Emergency Action Plan standards
Additional scrutiny of the Oil & Gas and Chemicals sectors
Regulation of industries not currently covered by PSM regulations, e.g., fertilizer plants, the
Food & Beverage industry
Integration with other emergency planning standards, e.g., U.S. Environmental Protection
Agency (EPA) Risk Management Plan and Community Right-to-Know programs and
Department of Homeland Security (DHS) Chemical Facility Anti-Terrorism Standards
// PROCESS SAFETY MANAGEMENT COMPLIANCE
Industries that deal with specific toxic and reactive chemicals, flammable liquids or gases in listed
quantities fall under PSM regulations. Two key elements of PSM are Process Hazard Analysis, which
requires companies to identify, evaluate, prioritize
and act upon risk; and Management of Change,
which requires companies to anticipate changes in
facilities, equipment, process chemicals and
technology.
PSM creates four primary challenges:
1. Aligning PSM with corporate strategy. There
is a "disconnect" between corporate strategy
and operational tactics, especially in a highly
technical area like PSM.
2. Assembling the right people to evaluate risk. Risk management calls for varied perspectives
in different subject matter areas, the right level of experience and a system of checks and
balances—all in light of limited resources.
3. Selecting the appropriate risk methodology. It is difficult to select a method, harder to
implement it, and even harder to train employees to use that method properly.
4. Management of Change. In a perfect world, all potential changes would be predicted
beforehand. But in the real word, not all changes can be anticipated.
www.enablon.com © Enablon 2015 // 6
// ESTABLISHING A RISK MANAGEMENT CULTURE
The traditional approach to risk management places responsibility in a central corporate function.
The businesses and functions where much of risk resides either downplay their responsibility or
address risks with ad hoc business processes
and tools. The resulting fragmented
processes and data silos make it difficult to
see the big picture and address risk
holistically.
The new approach is a risk culture that
embeds risk management into employees'
daily activities. This approach places risk
responsibility at all levels of operations; from
bottom to top. The organization achieves
holistic risk management that aligns with
business strategies.
BSEE Director Brian Salerno says that risk is an integral component of a safety culture, and that
regulators and businesses need to focus on 1) technology, 2) the human element and 3) an
understanding of risk and how to effectively manage it. BSEE, which regulates offshore Oil & Gas
facilities, is developing a robust risk methodology. Salerno believes that greater emphasis on risk
methodologies can improve Safety and Environmental Management Systems (SEMS), accident
reporting and investigation, near miss reporting and the ability to view trends.
// NEW APPLICATIONS OF RISK TECHNIQUES
In the U.S., prescriptive regulations leave little room for interpretation. Still, companies can apply risk
management techniques to improve performance. At Enablon's 2014 Sustainable Performance
Forum in Houston, ERM Partner John Kill noted an increase in the number, types and robustness of
risk management techniques used to enhance regulatory compliance. Used early in a project's
design phase, he says that risk techniques can help identify potential major events and prioritize
efforts. In day-to-day operations, risk techniques can "operationalize" risk management, helping each
person in the organization to understand their roles and responsibilities in risk prevention and
mitigation.
Innovative uses of conventional risk management techniques in new areas include applying Bow-Tie
diagrams to environmental excursions and applying risk management principles to hazardous waste
site cleanup.
Risk is an integral component of a safety culture. It must be the lens through which we view the interaction between technology and the human element.
–BRIAN SALERNO, BSEE DIRECTOR ”
“’“”
Implementing a World-Class Risk Management Program
www.enablon.com © Enablon 2015 // 7
// TECHNOLOGY IS A GAME CHANGER
With all the issues and challenges above, how can companies manage operational risk and enable a
sustainable company? One way is to leverage information technology—an enterprise-capable
software platform supported by rich, embedded content and robust reporting and analytics.
Risk and IT trends driving companies to use information technology to support a risk management
framework include the following:
Understanding the pervasiveness of risk amidst expanding boundaries and blurred lines
Using risk intelligence to drive performance metrics and business critical processes
Leveraging and harnessing the power of big data and robust reporting
Consolidating and replacing legacy systems
Increased acceptance of hosted and on-demand software
Harnessing the power of mobility
Understanding the pervasiveness of risk. The 21st century "energy boom" illustrates a competitive
landscape with new exploration & production technologies, emerging regulations and as yet
undiscovered risks. Companies are tempted to move quickly to capitalize on the next opportunity.
They should identify (and catalog), assess, evaluate,
control and monitor risks to protect stakeholder
interests. Just as importantly, when business slows
companies need to protect their assets. Information
technology can support the entire process.
Drive performance metrics with risk intelligence. More
and more companies use risk metrics in contract
negotiations and in executive compensation. They
generate massive amounts of data and need the ability
to quickly analyze it, put it into context and make
intelligent business decisions to provide a competitive
edge. This requires robust risk and IT frameworks.
Leveraging and harnessing big data for robust
reporting. Today, senior management requires
enterprise-wide visibility and the ability to use structured and unstructured data to better
understand the potential impact of a range of risks. Big data and analytics tools help to consolidate
data in a usable form, showing forward- and backward-looking trends.
www.enablon.com © Enablon 2015 // 8
Consolidating and replacing legacy systems. IT departments cannot support multiple legacy
systems, especially those using outdated platforms, spreadsheets or one-off databases. Also, many
legacy systems are not accounted for. For security and resource reasons, companies are
consolidating and replacing legacy systems with current technology that allows data roll-up and
reporting and the ability to view trends in real-time. They prefer a single platform or a limited
number of integrated applications. An example of this is Axiall, a Fortune 500 sized Chemicals
company that is currently in the process of consolidating 70 legacy applications into one platform
using Enablon’s EHS software solution.
Increased acceptance of hosted and on-demand software. Lean IT staffing, high-speed internet
connections, cheap data storage and the cloud make hosted and on-demand software attractive.
Today, many companies that once insisted on installing all software on-premises are moving
enterprise applications to the cloud.
Harnessing the power of mobility. Mobility can be a powerful operational risk tool, particularly in the
Oil & Gas and Chemicals sector. Enterprise solutions that offer robust mobile capabilities provide
employees with the ability to access information and perform tasks from anywhere, at any time, and
on any device. Aberdeen Group explained in a recent report on mobility and safety: “mobility saves
operator time and bolsters labor productivity, provides a system of record with one-to-one accuracy
verification, and limits incidents by granting employees access to data in real-time. However, there is
more to a mobile initiative than giving an employee a mobile device and sending them on their way:
they must have access to the right tools, and you must focus on the right areas of EH&S to get the
most out of your efforts.”
www.enablon.com © Enablon 2015 // 9
// FEATURES OF BEST-IN-CLASS PLATFORMS
Information technology enables companies to proactively manage operational risk. Leveraging
technology such as enterprise EH&S and Sustainability software, mobile, social, cloud and big data
enables companies to:
Collaborate to identify, evaluate and analyze risk and make real time decisions
Manage the policies, procedures and regulations that drive data collection
Drive risk accountability throughout all levels of the organization
Consolidate and integrate data, with audit trails and transparency
Establish and track performance against key performance indicators (KPIs)
Access embedded rich content to support risk decisions
Visualize data on dashboards and interactive queries to easily spot trends
Easily generate reports and forms that historically took weeks of effort
Access data anytime, anywhere, in the office and in the field, on a variety of devices
www.enablon.com © Enablon 2015 // 10
Oil & Gas and Chemicals are complex, market-driven industries that carry a multitude of risks and
opportunities. This creates the need to identify and understand the risks that impact stakeholders.
Implementing a holistic risk management approach makes sense for regulatory, competitive and
financial reasons. The risk management framework must address operational risk as part of
enterprise risk. Innovative companies find ways to apply risk management tools in new ways to gain
a competitive edge.
To get the greatest benefit from a risk framework, companies should integrate standard business
processes, software and analytical tools. Information technology helps companies to document the
policies and regulations that drive data collection; collect the right data; as well as manage and make
sense of the massive amounts of data generated. A single enterprise software platform enables them
to view trends across business lines and geographies, put data in context and collaborate on risk-
based decisions.
// ABOUT ENABLON
Enablon is the world's leading provider of Sustainability, EH&S and Operational Risk
Management solutions. More than 1,000 global companies and 1 million users worldwide use
Enablon software solutions to manage environmental and social performance, minimize risks
and improve profitability. Enablon’s enterprise-class platform is at the heart of a worldwide
ecosystem of more than 80 content, technology and service partners. Enablon offers
complete Operational Risk Management solutions including Incident Management, Process
Safety Management including Management of Change and PHA applications. Enablon has
been named a visionary in Gartner’s Magic Quadrant for Operational Risk Management
released in December 2014.
// GOING FURTHER
Like what you read? Check out the content library on www.enablon.com for more
educational resources on Operational Risk, EH&S and Sustainability Management topics.
Summary & Conclusion
www.enablon.com © Enablon 2015 // 11
// REFERENCES
- Defining Operational Risk Management
U.S. Energy Information Agency, Short Term Energy Outlook, May 2014.
OCEG (Open Compliance and Ethics Group), www.oceg.org.
Basel II Framework, http://www.basel-2.org/.
Global Association of Risk Professionals, The GARP Risk Series, Operational Risk Management Chapter 12, Operational
Risk, http://www.garp.org.
U.S. Department of Homeland Security, Risk Management Fundamentals| Homeland Security Risk Management Doctrine,
April 2011.
Russ Banham, "Rising Trends in Risk Management | RIMS members tackle new challenges; role broadens." The Wall
Street Journal, http://online.wsj.com/ad/article/managingrisk-trends.
Farrell, Mark and Ronan Gallagher, The Journal of Risk and Insurance, "The Valuation Implications of Enterprise Risk
Management Maturity." March 10, 2014.
RIMS Risk Maturity Model, https://www.rims.org/resources/ERM/Pages/RiskMaturityModel.aspx
- The Transforming Operational Risk Landscape
BSEE Press Release, BSEE Director Delivers Remarks at 2014 Offshore Technology Conference, May 8, 2014.
www.bsee.gov.
Dittrick, Paula, Oil & Gas Journal, "API: Industry made strides in offshore safety since Macondo." June 5, 2014.
www.ogj,com/.
Gronewold, Nathanial, Greenwire, "Offshore Drilling: Gulf operations still unsafe despite reforms – CSB probe." June 5,
2014. www.eenews.net/.
- Implementing a World-Class Risk Management Program
Steffy, Loren, "Is the Gulf of Mexico Safer Today?" Presentation at the Enablon Sustainable Performance Forum,
Houston, Texas, May 21, 2014.
Kapoor, Gurav, 3 Key Risk Management Trends for 2014, Global Association of Risk Professionals, January 2, 2014.
www.garp.org.
Aberdeen Group, “Improve Safety, Accuracy and Productivity with Mobility.” March 2014.
http://enablon.com/reports/mobility-from-the-plant-floor-to-the-store-door-improve-safety-accuracy-and-
productivity-aberdeen-research
The Future of Operational Risk Management
Copyright © 2015 Enablon
All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including
photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in
the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law.
Published in the United States of America by Enablon, February 2015.
www.enablon.com