Oppurtunities & Risk management
The above is a quote from FINANCIAL Reporting Council Internal Control Revised Guidance for Directors on the Combined Code October 2005. It should be noted that it refers to the management and control of risks rather than their elimination. No organization can progress in the modern business climate and maximize the benefits of opportunities without taking risks. The risks, however, must be clearly understood and evaluated before an informed decision can be made. Once the risks have been identified and assessed, informed decisions can be made as to whether the risk can be taken, treated, transferred or avoided altogether by not going ahead with the action that causes the risk.
- Take the risk is acceptable without any action.
- Treat Instigate mitigation measures to reduce the risk to an acceptable level.
- Transfer the risk to another party by means of contractual arrangements or by insurance.
Petroka personnel are multi-disciplinary and have very diverse backgrounds, giving great depth and breadth to our risk assessment capability. In addition to facilitating risk management workshops, other specialist risk assessments include:
- Cost Risk assessment.
- Schedule Risk assessment.
- Decision Risk Assessment using Event Tree Analysis.
Risk management is an ongoing process. Once risks have been identified, assessed and mitigating actions raised, it is crucial that the actions are followed through to completion and regular risk review meetings should be held to monitor the progress.
Petroka has developed software that is tailored for the management of risks. It covers the entire life of risks including:
- Identify risk.
- Assess the risk.
- Assign mitigation actions.
- Monitor mitigation actions.
- Identify recovery or contingency measures.
- Re-assessment.
- Close-out.
It must be understood that the above is essentially a semi-quantitative process that may not cover all of the risks in sufficient detail. It may be therefore that other techniques such as Event Tree Analysis need to be used for fully evaluating business risks and opportunities.
Typical project risks include:
- Reservoir uncertainty
- Permitting
- Land acquisition
- Right of way
- Late delivery of materials
- Failure of new technology to perform as required
- Lack of definition of quality levels
- Inadequate or erroneous survey data
Petroka personnel are multi-disciplinary and have very diverse backgrounds, giving great depth and breadth to our risk assessment capability. In addition to facilitating risk management workshops, other specialist risk assessments include:
- Cost Risk assessment.
- Schedule Risk assessment.
- Decision Risk Assessment using Event Tree Analysis.
- Quantitative Risk Analysis.
It is clearly recognized that business objectives, cash flow and payback targets and company HSE goals may be primary drivers of a project schedule. Meeting these objectives may require that projects are sanctioned before all front-end work is complete, or project phases may run in parallel.
Such ‘fast tracking’ of projects will invariably introduce additional risks being carried forward into the project.
Our risk management process will ensure that these risks, along with their consequences, are understood and managed to mitigate later impact on the successful outcome of the project.
Risk management consists of the following main steps:
- Identify risk.
- Assess the risk (using a three stage approach).
- Identify and assign mitigation actions.
- Monitor mitigation actions.
- Re-assess risks regularly.
Petroka always recommends that a risk register is created as early as possible during the conceptual engineering so that mitigating actions can be carried out in good time. We routinely begin with a facilitated risk workshop; the most effective means of collecting risks “in bulk”.
It must be understood that the above process is essentially a semi-quantitative process that may not cover all of the risks in sufficient detail. Therefore one of the mitigation actions may be to perform a quantitative risk analysis (QRA) or a cost benefit analysis before a final decision can be made.
A risk management system requires:
- Policy statement approved by the board of directors.
- Risk management manual.
- Risk management tool.
Petroka has the expertise to provide consultancy and implementation in the following areas:
- Facilitating risk workshops.
- Establishing the initial risks register.
- Drafting the corporate risk policy.
- Preparing the corporate risk manual.
- Customising the risk tool.
- Training personnel in the principles of risk management.
- Organising a risk awareness campaign.
Risk management consists of the following main steps:
- Identify risk.
- Assess the risk (using a three-stage approach).
- Assign mitigation actions.
- Monitor mitigation actions.
- Re-assess risks regularly.
A key aspect of the risk management system is the fostering of a culture of risk awareness throughout the organization. This is very important since it can be very easy to hold a risk workshop only to have everyone return to their day-to-day jobs without further attention to the risk management system. So it is essential that actions raised in the workshop are carried out in a timely manner and followed through to completion. Also, everyone in the organization must be risk aware and any risks identified outside the workshop environment must be recorded and processed without waiting for another risk workshop to be held.
As well as being very efficient at identifying risks, workshops encourage involvement and ownership in the entire risk management process. By following a structured process, each risk is considered objectively so that it can then be ranked and prioritised. The advantages of risk workshops include:
- Identification, assessment, prioritisation and embedment of Risk Management.
- Meeting best practice.
- Seeking to identify opportunities as well as risks.
- Encouraging management discussion and facilitating clarity on risks.
- Facilitating 100% participation.
- Seeking to create awareness, education, compliance and embedding of RM.
- Allocating ownership of potential hazards and ensuring an ongoing Risk Management process.
Many companies recognize the importance of risk management, partly through changes in legislation, but also because companies have come to realize that it is necessary to recognize and understand risks in order to maximize opportunities. Over and above this, however, companies need to be aware of potential crises that, in the worst-case scenario, could have a catastrophic impact on the company. Some recent examples include:
- Enron financial scandal.
- Toyota brake failures.
- BP, Deepwater Horizon well blowout.
- Tepco, Japan, nuclear power plant disaster following earthquake and tsunami
Three elements are common to most definitions of crisis:
- A threat to the organization.
- The element of surprise.
- A short decision time.
For these types of crises, it is imperative to have a crisis management plan in place.
With extensive experience in opportunities and risk management, we can assist your company in setting up a crisis management plan.
In general, crises fit into one of seven categories:
- Natural disaster.
- Technological crises.
- Confrontation.
- Malevolence.
- Organizational Misdeeds.
- Workplace Violence.
- Rumours.
Some crises come “out of the blue” and, by definition, are almost impossible to prevent. On the other hand, some crises evolve over time perhaps due to inadequate internal controls or misguided management decisions. In this latter case, it is the responsibility of senior management to monitor the situation in order to recognize the danger signals, develop an appropriate containment strategy and implement the necessary actions.
In many cases, where the cause of the crisis is beyond the control of the organization e.g. natural disaster, the credibility of the organization rests on its response to the crisis both actual and perceived.
Two of the main elements of successful crisis management are openness and communication. Companies that lose the trust and goodwill of their customers may suffer long term effects that outweigh those of the initial crisis. Evidence or even the suspicion of a cover-up can totally destroy a company’s reputation.
Enterprise risk management (ERM) in business includes the methods and processes used by organizations to manage risks and seize opportunities related to the achievement of their objectives.
Enterprise risk management needs to be conducted within the framework of a complete risk management system consisting of:
- A policy statement approved by the board of directors.
- A risk management manual.
- A risk management tool.
Petroka personnel have the qualifications and experience to assist your in all of the above areas of risk management.
Our purpose-built software covers the entire life of risks including:
- Identify risk.
- Assess the risk (using a three stage process).
- Assign mitigation actions.
- Monitor mitigation actions.
- Identify recovery or contingency measures.
- Re-assessment.
- Close-out.
We have also developed a modified opportunity/risk matrix where risks are shown negatively below the X axis whilst opportunities are shown positively above the X axis.
Petroka personnel are multi-disciplinary and have very diverse backgrounds giving great depth and breadth to our risk assessment capability. In addition to facilitating risk management workshops, other specialist risk assessments include:
- Cost Risk assessment.
- Schedule Risk assessment.
- Decision Risk Assessment using Event Tree Analysis
Typical categories of risk that might impact an organisation include:
- Strategic.
- Financial.
- Commercial
- Operational.
- Organizational.
- Political
- Legal.
- Technical
Assessment of risks needs to be undertaken bearing in mind the risk appetite of the organisation. Companies preferring to be seen as ‘rock solid’ may be very much risk averse whereas others are more prepared to take risks in order to maximise returns for the stakeholders.
Petroka’s experienced personnel will help your organisation to identify its top risks – and determine the overall risk exposure. Based on projections of scope for improvement and effectiveness of the mitigation actions, a forecast of the risk reduction profile can then be made.