Risk Management in British Petroleum - Essay Example

of Organization and Risk Management Approach British Petroleum is the third largest energy company in the world having presence in many countries of the world. Headquartered in London, British Petroleum is engaged in the oil and gas exploration and marketing business. It is also a vertically integrated organization engaged in the exploration, production, refining, distribution and marketing of the oil and gas products. Such diversity of the operations therefore requires careful and prudent risk management approach to ensure that the operations of the firm do not create a significant risk for the firm. It is however, critical to understand that BP has been in the news in the past due to different disasters thus exposing its risk management practices in place. The deepwater drilling oil spill in the Gulf of Mexico is just one of the examples of how the operations of BP can actually create significant risks for the firm and damage its reputation in the global market place. (Maung, 2010). Company manages its overall risk management infrastructure in terms of the UK Corporate Governance Code and its own internal policies. The overall effectiveness of the risk management policies, procedures and internal control systems are evaluated by the Board of the firms and outlines broader policy guidelines in terms of managing the overall risk within the organization. BP has also put in place which monitors and identifies different risks and communicates their observations and recommendations to the Board of Directors which ultimately formulate and design strategies for overall risk management process within the organization. Communication of potential risk issues should therefore be open enough to make them reach at appropriate level. ( Olson,& Wu,2010) Current Risk Management Process The overall policy for managing and overseeing the risk management process within BP is the ultimate responsibility of the Board of Directors of the firm1. BoD has been assigned this responsibility in the wake of introduction of Corporate Governance in UK and the June 2008 Combined Code. Board however, assigned this responsibility to the individual Group Chief Executive to identify and manage the risks at the individual departmental and organization wide level. The overall supervisory responsibility however, remains with the Board of Directors to ensure that proper risk management infrastructure is in place. This is in consistence with the principal that the BoD should have a supervisory role in risk management process.( Hillson, 2003), BoD performs the regular reviews of the risks and recognises the same in the annual plan of the British Petroleum as a Group. Board also has the mandate to review and analyse as to whether the Group Chief Executive has been effective in implementing the risks identified and explored by the Board and whether the overall risk management process at the organization wide level is managed effectively. It is also important to note that the Board has the direct responsibility of overseeing the geopolitical and reputational risks. These two risks are directly managed and identified by the Board and BoD through its own operational mechanism oversees this risk. Board however, achieve this objective by delegating the same to different Risk Committees which forward their recommendations and observations to the Board and it is then decided by the Board as to what risks to be further perused and evaluated and which risks should be left unattended. This should however, be based upon the assumption that the BoD has the right kind of representation of all the stakeholders so that risk management as a process is implemented from the perspective of all the stakeholders.( Hopkins, 2010). As discussed above that the overall responsibility by the Board is delegated to the Group Chief Executives who have further delegated the same to the individual business units. It is however, critical to note that Board has also created different committees which directly oversee the process of risk management within the organization through Group Chief Executive. The Group Chief Executive is also supported by sub-committees comprised of the senior managers of the firm. These sub-committees actually monitor and identify the risk at the individual business level. There are five different sub-committees with the responsibility of overseeing different aspects of the risk. These committees include group operations committee, group people committee, group financial risk committee, resource commitment meeting and group disclosure committee. These five sub-committees therefore oversee different aspects of risk management as well as internal controls. Group operations committee is responsible for ensuring that the future risks arising from the operations of the firm are identified, analysed and monitored effectively. Sub-Committee on the financial risk management oversees the risks arising from investments made by the firm as well as the existing financial dealings of the firm. Other sub-committees also explore related aspects of risk management and report to the Group Chief Executive. Individual businesses not only identify and measure the risks but also report the same to the highest level of management within the organization. Group Chief Executive invariably submits these reports to the different committees which after their own deliberation forward the same to the Board of Directors. The above risk management infrastructure suggests that BP has in place a very well crafted risk management which not only complies with the statutory requirements but also ensure that the firm has put in place an effective system to oversee risk. Further, the involvement of the board of directors as well as senior management in overseeing different aspects of the risk suggests that the top level management of the firm is fully aware of the strategic importance of managing the risk at the organization wide level. The overall involvement of the senior management makes it critical for the individual business units to manage the risk in proper manner since the overall responsibilities lies with them. (Pelzer, 2009). Risk Management Problems Recent history of BP suggests that it is plagued by controversies due to its operations in different parts of the world. The deepwater drilling facilities of BP in Gulf of Mexico were halted due to the leak which not only cost millions of dollars to BP but also created significant reputation damage for BP. Its share prices plunged and the overall investor confidence remained low owing to the oil spill. It is also important to note that BP has also remained under the sharp scrutiny of US government wherein it has summoned the senior management of BP to appear before the Congress committee to clarify the role of BP and how lack of effective risk management actually resulted into the oil spill at the Gulf of Mexico. It is also important to note that BP has constantly been dubbed as the company with the worst human rights record because of its role in different of its operations and their direct impact on communities. Besides damaging the environment, BP has been involved in the human rights violations and environmental damage.( Monbiot, 2006). Illegal dumping of the toxic material as well as polluting the environment is also some of the serious risk issues which BP has faced in the past. One of the US subsidiaries of BP was charged with the illegal dumping of the toxic material resulting into serious reputation damage for the firm. During 2006-2007, BP also released millions crude oil in Alaska’s North Slope due to corrosion in the oil pipelines running from the facilities. (Tran,2006).This event also significantly highlighted the overall vulnerability of the operations of the firm and the overall risk associated with operational activities of the firm. During 2010, there were two significant events which led to the further damage to the firm’s strategic reputation and exposed its overall risk management infrastructure in place. During the first half of 2010, BP admitted to release toxic chemicals into the environment of Texas city due to the malfunctioning of some of its equipments. In April 2010, BP was also engaged in one of the worst oil spills in recent history when its equipments malfunctioned and resulted into the oil spill into Gulf of Mexico. (Sikich, 2010). Part B This part of the paper will present the overall risk management plan for British Petroleum and explore four important areas of risk identification, analysis, mitigation and monitoring as well as control. This risk management plan will serve as a controlling plan for BP and will outline broader strategic objectives of the firm while at the same time ensuring that the risk is managed at every level within the organization with clearly defined roles and responsibilities. This risk document will be presented as a policy setting document for the different business units as well as for the whole organization. Since the ultimate responsibility is with the Board of Directors which is subsequently delegated to the Group Chief Executive, this policy document therefore will be focused upon outlining the role and responsibility of Group Chief Executive in setting up the overall infrastructure of risk management within organization. Risk Identification Risk is often associated with the uncertainty that the actual outcome of any event or project will not be as planned. (Tchankova, 2002). Risk therefore signifies the deviation from the planned outcomes and therefore can create significant losses for any firm. The proper management of the risk therefore requires that a firm must be able to clearly identify different risks to be faced by the firm. (Emblemsvag, 2010) As discussed above that Board of Directors of BP has the overall responsibility of managing the risk at the organization wide level therefore Group Chief Executive has been given the responsibility of the overall risk management on behalf of the Board of Directors. However, identification of the risk is not just limited to the Group Chief Executive as anyone with any responsibility is required to identify risks. It is critical to understand that through the different departments of the business, the identification of risk will play a key role in managing the overall risk within the organization. In order to achieve, this, Group Chief Executive is responsible for creating an environment of awareness wherein each department and their respective heads should be aware of the current and potential risks. This awareness should also be passed on to the lower level of the employees in order to ensure that key level of risk awareness remains at all levels of management. Specifically employees working at the different exploration facilities shall be fully aware of the risk issues and how to identify them. As such it is also the responsibility of the Group Chief Executive to develop and maintain effective channels for communication so that input from the lowest level of the organization can also be sourced. Risk identification process will be based upon the identification of which risks could be more critical and subsequent documentation of the same. (Fraser,&Henry,2007), It is the responsibility of each member of the organization to highlight the potential risks and properly communicate the same. A proper risk register will be maintained wherein the Group Chief Executive will actually register the different risks identified by the various business and operational units of the organization. It is the individual responsibility of different departmental heads to assist the sub-committees entrusted with the management of risk to assist them in proper identification of risks. Risk Analysis Forward looking risk analysis and assessment is always based upon estimating the probabilities of any likely event and assigning the same to the logical outcomes of the risk events. (Galloway, & Funston, 2000). In order to assign different responsibilities as well as to identify the expected outcome, it is important to determine the cash values or monetary values of intended outcomes. During the risk analysis phases, quantification of the actual monetary values therefore holds the key to critically quantify the risks and assess their impact on the financial position of the firm. (Duckert, 2010). It is the responsibility of the Group Chief Executive to develop risk matrices and grids which can help the individual business units to assess the overall impact of a risk on the individual business units. These risk matrices may be based upon the risk categorization as well as the assignment of probabilities. This process shall also allow the business units and different sub-committees to actually visualize the cause and effect cycle of an event in order to understand as to what causes could actually result into a certain event. Risk analysis process should actually be broken down into two key critical components of first identifying the probabilities and assessing the impact. For this purpose, Group Chief Executive and different business units can assign a probability from 0 to 1 wherein 1 signifies that event will occur with 100% certainty whereas 0 outlines that the event will not take effect. The score in-between signifies the relative risk probabilities which can be assigned to different outcomes. ( Lam, 2003). It is the responsibility of Group Chief Executive to identify and assess the overall costs which BP could face as a result of occurrence of any particular risk event. Assessment of cost should also be taken into consideration while making annual accounts so that adequate provisions could be made in order to ensure that the organization has sufficient buffer to suffer any unwanted and sudden losses. All relevant costs should be documented and properly reported to the Board of Directors in order to provide an overview of the potential losses which BP as a firm could face due to any of the risks arising in future. It is also important to assess the impact of the risk on the schedule and quality of the operations and business units’ procedures. Delays in schedules owing to the occurrence of any risk event can significantly increase the costs for the firm and therefore should be properly documented and deliberated in order to ensure that all the stakeholders are properly informed about the potential impacts of different risk events on various aspects of doing business. Categorization of risk should be based upon identifying at least three different risk categories and each risk, after its identification and analysis should be categorized according to these categories. Risks in higher categories should be further explored on priority basis in order to ensure that proper attention is given to important risks besides ensuring that resources are identified and accumulated to deal with any such risks. Risk Mitigation Planning The overall purpose of risk mitigation planning should be to ensure that the firm has put in place important risk mitigants in place in order to reduce the probabilities of any potential likelihood as well as putting in place an effective contingency plan. (Fraser & Simkins, 2010). In order to ensure that the unexpected losses are minimum due to occurrence of any risk event, it is important to take the early steps and ensure that organization’s overall operations remain smooth during the occurrence of any risk event. It is also important to note that while identifying and implementing effective risk mitigation in place, evaluation of the cost and benefits of each mitigate shall also be considered. Risk mitigation may be costly and therefore may not allow a firm to fully implement best practices in order to reduce the losses after the occurrence of any event. It is important to understand that risk mitigation plan should be documented in the risk register and the Group Chief Executive and other stakeholders must periodically review the register in order to evaluate the effectiveness of the current risk mitigation plan. This review should be the responsibility of the Group Chief Executive of BP and this review should also be communicated to the Board of Directors for their deliberation. This should be done in order to ensure that organizational resources and costs are effectively deployed to create an effective risk mitigation infrastructure in place to avoid loss Implementation of an effective contingency plan will help the firm to identify in advance as to what resources may be utilized in order to minimize the impact of any event on the organization. (Monahan, 2008). It is the responsibility of the Group Chief Executive to prepare individual contingency plan for each risks and sub-committees should provide their input and opinion regarding the overall effectiveness of the contingency plans at the individual level. Contingency plans should be periodically reviewed in order to ensure that BP has the right kind of resources in place in order to deal with any untoward risk situation. It is also the responsibility of the Group Chief Executive to develop and implement the effective training programs to allow employees to have thorough awareness of the contingency plans and what actions could be taken if a particular risk event occurs. Risk Monitoring and Control Since, the overall responsibility of risk management rests with the Board of Directors of BP, it is therefore important that the Board should take active measures in order to critically monitor the risk and put in place effective control mechanism in order to ensure that risk is monitored on iterative basis. Board of Directors should periodically review the risk register of the firm and contingency plans in place. Further, the regular review shall also involve all stakeholders in terms of fixing the responsibilities in the event of any lapses in monitoring and controlling the risk. It is critical for the purpose of ensuring that effective control is managed during all the stages. Tracking and reporting should also be based upon a constant evaluation of the trigger events and their assessment. (Chapman, 2006). Evaluation of trigger events should be done at the individual department level and each business and operational unit shall be entrusted with the responsibilities of tracking such events and report them to the appropriate stakeholders. The overall responsibility for the day to day management of risk and its control therefore remains the responsibility of the individual departments in place. The control and tracking of the geopolitical as well as reputational risk however, remains within the purview of the Board of Directors. Board can either devise its own mechanism to identify and evaluate such risks or use the existing infrastructure of the firm to do the same. It is however, critical that the management of the risk at different organizational level should re-enforce each other in order to ensure that a holistic view about the risk management is considered. It is critical to note that risk management should be a continuous activity wherein different business units should continue to look for new sources of risks and how they may have an impact on the organization. (Demidenko & McNutt,2010). It is critical that involvement at each level of the management is ensured so that each stakeholder within the organization become involved in the management of the risk. Board shall continue to keep its supervisory oversight and changes shall also be made in accordance with the new regulatory changes taking place within the external environment of the firm. (Richardson, 2010) References 1. Chapman, R (2006). Simple Tools and Techniques for Enterprise Risk Management. Illustrated. ed. New York: Wiley. 2. Demidenko, E & McNutt, P. (2010). The ethics of enterprise risk management as a key component of corporate governance. International Journal of Social Economics, 37(10), pp.802 – 815 3. Duckert, G (2010). Practical Enterprise Risk Management: A Business Process Approach. Illustrated. ed. New York: John Wiley and Sons 4. Emblemsvag, J (2010) .The augmented subjective risk management process, Management Decision, 48 (2), pp.248 – 259 5. Fraser, I & Henry, W (2007), Embedding risk management: structures and approaches, Managerial Auditing Journal, 22(4), pp.392 – 409 6. Fraser, J & Simkins, B (2010). Enterprise Risk Management: Today's Leading Research and Best Practices for Tomorrow's Executives. 1st. ed. New York: Wiley. 7. Galloway, D, Funston, R (2000). The challenges of enterprise risk management. Balance Sheet. 8(6), pp.22 - 25. 8. Hillson, D (2003), Using a Risk Breakdown Structure in project management, Journal of Facilities Management, 2(1), pp.85 – 97 9. Hillson, D, & Murray-Webster, R (2007). Understanding and managing risk attitude. 2 Illustrated. ed. New York: Gower Publishing, Ltd. 10. Hopkins, P (2010). Fundamentals of Risk Management: Understanding, Evaluating and Implementing Effective Risk Management. 1st. ed. New York: Kogan Page. 11. Lam, J (2003). Enterprise Risk Management: From Incentives to Controls. 1st. ed. New York: Wiley. 12. Maung, Z (2010). UK company risk management left to chance [online]. [Accessed 15th May 2011]. Available from: . 13. Monahan, G (2008). Enterprise risk management:: a methodology for achieving strategic objectives. Illustrated. ed. New York: John Wiley and Sons. 14. Monbiot, G (2006). Behind the spin, the oil giants are more dangerous than ever [online]. [Accessed 15th May 2011]. Available from: . 15. Olson, D & Wu, D (2010). A review of enterprise risk management in supply chain, Kybernetes, 39 ( 5), pp.694 – 706 16. Pelzer, P (2009). The displaced world of risk: risk management as alienated risk (perception?), Society and Business Review, 4 (1), pp.26 – 36 17. Richardson, J (2010) , The certainty of uncertainty: risk management revisited, foresight, 12 (4), pp.47 – 64 18. Sikich, G (2010). Enterprise risk management lessons from the BP Deepwater Horizon catastrophe [online]. [Accessed 15th May 2011]. Available from: . 19. Tchankova, L (2002). Risk identification – basic stage in risk management, Environmental Management and Health, 13 (3), pp.290 – 297 20. Tran, M (2006). BP shuts leaking Alaskan wells [online]. [Accessed 15th May 2011]. Available from: . Read More