1. 47
November 2016
www.InfralinePlus.com
ExpertSpeak
Majority of the oil & gas enterprises
implement ERM (Enterprise Risk
Management) as a compliance
requirement. It means they will
develop risk registers and governance
framework but lacks a robust day
to day monitoring and integrated
reporting and alerts framework.
The ultimate objective of any ERM
framework is to mitigate risk before
it happens, avoid black swans and
identify some of the uncontrollable
risks, monitor them on day to day basis
and implement ERM as a decision
support system. The root cause
analysis reports of some the recent
disasters in oil industry also point
towards this by stating that risk control
failure is one of the primary reasons.
Risk Management has to be integrated
in day to day business activities of a
company. Its ultimate objective is to
maximize shareholder’s value.
Based on some secondary research it
can be said that
-- Over 80% use industry trends and
peer analysis to identify risks
-- Over 80% values importance of
internal audit reports
-- Over 70% think key risk indices
and performance indicators are
same
-- Over 80% believes there is a lack of
integration is the key issue
-- Nearly 40% have some unstructured
risk taxonomy in place
-- Over 90% did not have any enter-
prise risk monitoring dashboards
Board and CEO give utmost
importance to the following factors:
-- Measure performance against the
key risk indicators
-- Periodic mea-
surement for
appropri-
ateness
-- Deviation
from a
risk per-
formance
plan
-- Periodical
review of risk
governance policy,
controls, and mitigations
-- Evaluate changes in internal or
external environment
-- Monitor risk progress report an
variance following the policies
-- Periodic review of risk control
framework robustness
-- Use structured scientific and ana-
lytical tools
As a result, following step-based
approach needs to be considered in
order to facilitate transition from an
elementary risk control framework to a
more robust one.
1. Build the Risk Taxonomy
2. Develop inter-relationships between
various risk drivers across different
risk domains like strategic, opera-
tional, financial and legal
3. Develop key risk indices and
control measures
4. Transform it into a decision
support system using analytical
engines
Risk Taxonomy is an important
stepping stone in the entire risk
framework. It is not possible to
build a high rise building on a weak
foundation and same is true for a risk
management program. A risk taxonomy
outlines are risk categories, their
drivers, key performance areas and
risk indices across entire organization.
Post taxonomy creation, it is important
identify inter-relationships across risk
sub-categories and drivers. There is no
point in having a thousand risk indices
when all of them are related to each
other. All risk drivers which are related
to each other should be part of same
risk indices. At a board level it is not
advisable to have more than ten risk
indices at the maximum.
Even tree methodologies were
used to develop relationships between
Oil & gas companies need to
develop a risk analytics engine
Neeraj Gupta, Director, iEnergy Innovations Pvt. Ltd., feels that
oil and gas is a high-risk industry and hence requires timely risk
mitigation to avert crisis. As a solution, he recommends that oil and
gas companies should adopt a step-by-step approach to build a
decision support enabled risk framework.
Neeraj Gupta, Director, iEnergy Innovations
Pvt. Ltd.Oil
& gas com-
panies should
adopt a step-by-step
approach to build a
decision support
enabled risk
framework
2. 48
ExpertSpeak
November 2016
www.InfralinePlus.com
triggers events of a particular risk,
assigning a likelihood percentage
based on number of similar events in
the past (Fig 2.0). Even tree helped
in prioritization of key risk indices as
once you complete your analysis, one
can easily find out the top five or ten
indices that have relatively more chance
of occurring and not necessarily based
on past events but also on the existing
processes as well.
It is recommended that oil &
gas companies adopt a step-by-step
approach to build a decision support
enabled risk framework.
-- Develop a comprehensive tax-
onomy across four areas of risk i.e.
strategic, operational, financial and
compliance and map it across all the
business units of an organization. It
is the foundation of the entire risk
framework.
-- Explore inter-connectivity between
various risk drivers identified
in taxonomy to create a risk
It is recommended that
oil & gas companies
adopt a step-by-
step approach to
build a decision
support enabled risk
framework. There is
a need to develop
a comprehensive
taxonomy across
four areas of risk
i.e. strategic,
operational, financial
and compliance and
map it across all the
business units of an
organization. It is the
foundation of the entire
risk framework
Fig 1, Identifying risk Inter-relationships (Boleslaw et.al 2015)
Fig 2, Developing Risk event tree
Diagram (Fig 2.1) shows how key risk indices were prioritized and converted into
a decision support system.
Fig 1, Identifying risk Inter-relationships (Boleslaw et.al 2015)
3. 49
November 2016
www.InfralinePlus.com
to assign weightages by looking
at historical data or susceptibility
of a business unit based on annual
probabilistic analysis performed.
-- Develop synergies with other
existing data systems (ERP,
SCADA etc.) to have one version
of truth. These systems or other
historical data can be used to build
analytical engines.
-- Perform regular monitor of
key risk indices. Frequency
of monitoring may vary. E.g.,
for high risk field operations,
all compliance data should be
monitored on daily (or even
hourly, if required). And a
probabilistic consequence analysis
should be performed. For other
strategic decisions like bidding
decisions, cost and schedule
simulations can be used whenever
required and a probabilistic
estimate may be obtained using
previous risk drivers or new
compliance requirements.
connectivity map. It helps in
identifying the common risk drivers
affecting multiple risks to avoid
duplication of monitoring efforts
across multiple business units.
-- Use existing key performance
indices to derive key risk indices.
Event tree should be used in order For suggestions email at feedback@infraline.com
Companies need to perform regular monitor
of key risk indices. Frequency of monitoring
may vary. E.g., for high risk field operations, all
compliance data should be monitored on daily
(or even hourly, if required). And a probabilistic
consequence analysis should be performed. For
other strategic decisions like bidding decisions,
cost and schedule simulations can be used
whenever required
Fig 2.1, Decision Model for Risk Control Framework