CRM Presentation in MSG Forum
Download
Report
Transcript CRM Presentation in MSG Forum
Introducing Enterprise Risk
Management (ERM) - The KOC
Experience
November 2012
Khaled Al-Awadhi
Risk Management Team
Kuwait Oil Company
1
Index
► Introduction
•Why we are doing it?
•Doing the same thing
•Behavioral aspects in ERM
► Risk - key definitions
► Implementation journey
•Risk policy
• Enterprise Risk Management (ERM) Manual
• ERM Pilot
• ERM Rollout
► Way forward
www.kockw.com
2
Introduction
Why we are doing it?
► Global demand for improved visible governance
► Examples of risks facing large companies ( both major
and complete collapse ….
–Rawdatain Gas Well incident (KOC)
– Bank failures
www.kockw.com
3
Continue…..
• KOC adopted it because of KPC directives and because of
its benefits
• Benefits:
– Demonstrate improved governance to all stake holders
– No surprises / Improved preparedness
– Risk reduction/treatment
– Improved confidence in decision making
– reduce risk to company objectives
www.kockw.com
4
Continue…..
Doing the same thing
► Can you do the same thing again and again and expect
the same result?
► Are you really doing the same thing?
– The scenario changes!
– The person doing it changes!!
– The objectives change!!!
– Unknown unknown !!!!
www.kockw.com
5
Continue…..
Behavioral aspects of ERM
► Can personality types affect risk perception?
► Can past experience affect risk perception?
► Can laws affect risk perception?
► What else?
www.kockw.com
6
KOC’s Risk Exposure
KPC
Global Oil Market
KOC
Exposure Barriers
Sister Companies
www.kockw.com
7
Global/ Domestic
Products Market
7
Macro to Micro (and back again)
Leaders
Leaders need firm information on
which to base decision making
and objective setting. Risk
profiling does this.
Risk Profile
Consequence
Consequence
What
What are
are the
the worst
worst case
case credible
credible
scenarios
scenarios for
for each
each category
category of
of
consequence
consequence (target)?
(target)?
Workforce
Probability
Probability
How
How likely
likely is
is itit to
to occur
occur // reoccur?
reoccur?
How
How effective
effective are
are the
the controls
controls we
we
have
have in
in place?
place?
Work force needs strategic
information to make right detailed
operational planning.
Strategic
www.kockw.com
Tactical
8
Activity
Continue…..
Risk - key definitions
www.kockw.com
9
Continue…..
Risk – framework (AS/NZ 4360: 2004)
Standard
Establish the Context
Analyse Risks
Likelihood
Likelihood
Monitor & Review
Communicate & Consult
Identify Risks
Consequences
Consequences
Level
of Risk
Level
of Risk
Evaluate Risks
yes
Accept Risks?
no
Treat Risks
www.kockw.com
10
Implementation Journey
1.
2.
3.
4.
5.
KOC Risk Policy
ERM Procedure
ERM Pilot
ERM Rollout
Way forward
www.kockw.com
11
Implementation Journey …
KOC Risk Policy
www.kockw.com
12
Implementation Journey …
KOC Risk Policy
• Consistent with international best practice
• Recognizes that risk is inherent in our
business
• Risk Management is fundamental to
achieving our objectives
• Visibility will help to monitor actions
• Improve decision making
www.kockw.com
13
Stakeholders
Operational
Functions
Enterprise Risk Management System
ERM Framework
ERM Policy
Organisation &
Capability
ERM Process
Acceptance & Appetite
Communication
Risk Register
Assurance
www.kockw.com
14
Operational
Functions
Organisation &
Capability
RM Process
Acceptance & Appetite
IDENTIFY
ANALYSE
EVALUATE
Determine
areas of
exposure
Consequences
of events and
probability of
reoccurrence
Magnitude of
the risk
Assess the Risk Exposures
TERMINATE
TOLERATE
TREAT
TRANSFER
Avoid or
eliminate the
exposure
Acceptable
level of risk
Applying risk
control
activities
Sharing the
exposure with
other parties
Communication
Define Risk Management Plans
Risk Register
Assurance
www.kockw.com
Implement Plans
15
Monitor & Review
RM Policy
Communicate & Consult
Stakeholders
Corporate Risk Management System
Establish Context
Implementation Journey …
Risk Matrix
Impact
Likelihood
1 - Frequent
2 - Likely
3 - Possible
4 - Unlikely
5 - Rare
6 - Very Rare
Consequence
1 - Incidental
2 - Minor
3 - Moderate
4 - Major
5 - Severe
Medium
High
High
Very High
Very High
Medium
High
High
Very High
Very High
Medium
Medium
High
High
Very High
Low
Medium
High
High
High*
Low
Low
Medium
Medium
High*
Low
Low
Medium
Medium
High
Probability
Probability
RISK CONSEQUENCE
Cost of Event
Profit Reduction
Health and Safety
Natural Environment
Social or Cultural Heritage
Community, Government, Reputation, Media
Legal
www.kockw.com
What
What are
are the
the worst
worst case
casecredible
credible
scenarios
scenarios for
for each
each category
category of
of
consequence
(target)?
consequence (target)?
18
How
How likely
likely is
is itit to
to occur
occur // reoccur?
reoccur?
How
How effective
effective are
are the
the controls
controls we
we
have
have in
in place?
place?
Risk Hierarchy
Top-level Risks
Inability to export
Corporate
Loss of Key Manifold
Corrosion of Export Manifolds
Backlog in internal
manifold inspections
www.kockw.com
Directorate
Group
Team
19
Risk register allows “drill down”
from corporate level risks to
detailed exposures
Risk Profile
Areas of Risk
Operational
60
50
Critical
Human Resources
40
Intolerable
30
Health, Safety & Environmental
Broadly
Tolerable
Acceptable
20
10
Governance, Reputation &
Compliance
www.kockw.com
0
1st Qtr
20
2nd Qtr
3rd Qtr
4th Qtr
Planning & Gas Directorate
Corporate
Risk Profile
Financial
Administration
Directorate
South & East Kuwait
Directorate
West Kuwait Directorate
E&PD Directorate
North Kuwait Directorate
General Management
Technical Services
Directorate
The risk hierarchy allows senior
managers to understand the
current level of exposure and
the trend over time. From this
they can set improvement
objectives for the following
period.
Areas of Exposure & Control
Implementation Journey …
ERM Pilot
• Workshops held in two Groups
• Risks Identified
• Risks Analyzed
• Actions Identified
• Responsibility assigned
• Risk Register prepared
www.kockw.com
21
Implementation Journey …
ERM Roll out
• Implementation of ERM in all groups in KOC.
• Risk Review workshop for LC
• KOC Risk Register
• Training of
• Risk Management for Managers
• General Awareness
• Super Users
• RM Team capability building
• Because of the unique case of Ahmadi Hospital, building the Risk Register
was done alone not with the company roll out.
www.kockw.com
22
ERM Way forward
Embed ERM in KOC
Continuous updated vision of Risks facing KOC is available
to leadership to support risk aware decision making.
»Compile and analyze risk profile
»LC Risk review
»Communicate risk profile to stakeholders
Support KPC Enterprise Risk Management Project.
Modeling of key risks
Proactive support to Auditors as partners, to find opportunities for
improvement
We are now linking the internal audit report with Risk
Register. This year we will include London Office Risks to
the Risk Register.
www.kockw.com
23
ERM Profile in KOC
600
526
Basis :
Annual
Update
Basis : Work
Shops
500
KPM : Risk Index
(Treated) is linked
to SMAIP
Basis :
Annual
Update
507
440
Risk
35
400
30
Action
Identified
300
Action
Completed
228
205
25
25
24
20
15
Basis :
Survey &
Audits
12
100
69
52
0
29
187
200
0
Trend in KOC Risk Index
5
4
0
10
4
2
0
Before ERM
www.kockw.com
After ERM 200910
2010-11
2011-12
0
09-10 10-11 11-12
24
KOC Risk
Index
(Very
High Risks
)
Treated
Risk Index
www.kockw.com
25