IDC Energy Insights - Enterprise Risk Management


Published on

Operational risk management is a rising priority for companies in asset-intensive industry segments. Disparate and disconnected efforts in safety, environmental compliance, and asset utilization at the individual facility are converging to provide better enterprise-wide control and management accountability. Companies that make substantial efforts today will not only improve risk mitigation but create an enduring competitive advantage.

Published in: Business, Economy & Finance
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

IDC Energy Insights - Enterprise Risk Management

  1. 1. Enterprise Risk Management: Keeping People, Assets, and the Environment Safe WHITE PAPER Sponsored by: SAP B ob Par k er J i l l F e bl o wi t z K im ber l y K n ic k le No v em ber 2 0 08 INDUSTRY INSIGHTS OPINION Operational risk management is a rising priority for companies in asset-intensive industry segments. Disparate and disconnected efforts F.508.988.7881 in safety, environmental compliance, and asset utilization at the individual facility are converging to provide better enterprisewide control and management accountability. Companies that make substantial efforts today will not only improve risk mitigation but create an enduring competitive advantage. P.508.935.4400 Current operating realities expose companies to intensified regulatory oversight and public scrutiny. Also, losses from preventable adverse events continue to occur, with some industry segments exceeding $100 million per year. As the challenges of operational risk intensify, Global Headquarters: 5 Speen Street Framingham, MA 01701 USA companies are increasingly seeking novel approaches to address the necessary behavioral changes, process transformations, and technology integration. Specific recommendations found in this report include: ● Evaluate the business case at a high level. ● Determine organization operational readiness. ● Determine organizational risk management maturity and identify gaps. ● Form a program office to manage overall investment. ● Make asset visibility a priority. ● Share best practices across the organization. These activities form the basis for elevating operational risk management as a business priority. Done effectively, the effort can not only lower the costs of regulatory compliance and adverse events but also increase the return on capital employed. November 2008, Industry Insights #II215401
  2. 2. SITUATION OVERVIEW Operating Realities Drive Focus on Compliance and Operational Risk No industries are more regulated than those in the asset-intensive category. In addition to complying with the same financial and trade regulations as other businesses, companies in this industry operate in perilous work environments including dangerous materials with potentially harsh environmental impact. While the industry segments generally take responsible practices seriously, government intervention is an operating reality. As a result, risks and operational impact are measured in the billions of dollars for firms in these segments, including fines, penalties, lawsuits, loss of life, loss of assets, damage to the environment, and damage to reputation. Despite corporate responsibility and oversight, losses from preventable causes continue to occur and, unfortunately, grab headlines. Losses in the refining industry exceeded $60 million and topped $80 million in the chemical industry; gas plants broke the $100 million mark last year. Adding the costs of adverse events to the cost of compliance yields a compelling business case for investments to reduce overall costs. The need to create structure around sustainability goals that reduce operational risk adds an element of pressure for improving visibility of assets, processes, and employee safety. In fact, in the past year or so, focus on corporate responsibility has reached a new high. There are a number of events and developments that have contributed to this focus. For process industries, the Texas City refinery accident was a wake-up call for worker safety and, to a lesser degree, the environment. The movement toward greater operational efficiency has fueled growth and interest in sustainability, including reductions in carbon emissions and greater visibility to energy usage. From the plant floor to the board room, there is increased attention to accountability and how policy or process failures and lack of corporate transparency may lead to greater operational risk for the process industry. The findings in the Texas City case provide an example of what may be wrong in many companies and what should be done to address the issues. Operational Risk — The Challenge Intensifies For many years, companies have been focused on financial risk, but few companies have really focused on operational risk. Operational risk is defined as a loss resulting from inadequate or failed internal processes, people, or systems that does not relate to strategic, market, or credit activities. These could be unexpected plant outages, safety events, damage to the environment, and so forth. Risk to the enterprise Page 2 #II215401 ©2008 Industry Insights, an IDC Company
  3. 3. through challenges in operations can have a significant impact on the bottom line. In 2008, IBM released its Risk Management Study on Safety and Reliability. The study, based on in-depth interviews with over 100 executives in the chemical and petroleum industry, including chief operating officers, chief financial officers, and executives in health, safety, and the environment, as well as plant managers, found a correlation between a focus on risk and market performance. According to the study, chemical and petroleum companies that outperformed on risk had a greater return on net assets (9.3% versus 7.9%) as well as a higher compound annual growth rate (18.7% versus 16%). Yet companies do not think they are prepared to handle operational risk. Over half of the companies surveyed have encountered high-risk events since 2005 — the year of the Texas City Refinery explosion. Of these, less than one-third considered themselves prepared. The study found that health, safety, and the environment objectives were of greatest importance to the industry, yet respondents to the study indicated a gap in performance (see Figure 1). There were similar gaps in meeting objectives for measuring and monitoring business performance and supporting managing and mitigating enterprise risk. More importantly, the most serious gaps are in the infrastructure needed to support compliance; risk; and health, safety, and the environment. FIGURE 1 Chemical and Petroleum Executive Ranking on Areas of Importance Versus Ability to Execute 3 4 5 3,82 3,15 ' Driving integration of information Gaps in ability to across the enterprise provide the 4,07 infrastructure for risk, Continuous process improvement/ 3,41 performance, and HSE business improvement Gap Supporting/managing/mitigating 3,39 3,94 enterprise risk Gaps in ability to manage risk, Measuring/monitoring business 4,23 3,77 performance, and HSE performance to desired levels Health, safety, environmental (HSE) — 4,64 4,09 operations Performance Importance 1 is “ineffective” and 5 is “very effective” Source: IBM Institute for Business Value Risk Management Survey, 2008 ©2008 Industry Insights, an IDC Company #II215401 Page 3
  4. 4. The Baker Report: A Model for Reducing Operational Risk The Texas City Refinery explosion in 2005 has put increased attention on process safety, especially for asset-intensive process industries. The Baker Report, published in January 2007, provides a model for how to look at operational risk and ways an organization can set up the right people, process, and technology to mitigate risk. The report focused on process safety, but the recommended approach can be generalized as a way to address operational risk. The Baker Report cited lack of emphasis on what was termed "process safety" as a major cause of the accident. By process safety, the report highlighted, "Personal or occupational safety hazards give rise to incidents that primarily affect one individual worker for each occurrence. Process safety hazards can give rise to major accidents involving the release of potentially dangerous materials, the release of energy (such as fires and explosions), or both." The report called for a corporate culture of process safety (leadership, openness to employee reporting, resources, decision making, process safety management systems (process risk assessment, internal standards, good engineering processes, process safety knowledge and competence) and performance evaluation, corrective action, and corporate oversight. The Baker Report lays out a fairly comprehensive view of what is considered essential for maintaining environment, health, and safety (EH&S) and preventing catastrophes. These requirements can easily be applied to other regulatory requirements in the plant setting as well. Table 1 provides a summary of their assessment. Page 4 #II215401 ©2008 Industry Insights, an IDC Company
  5. 5. TABLE 1 Essential Elements According to the Baker Report, 2007 General Category Essential Elements Best Practice Corporate safety culture Process safety leadership Establish a culture of safety at the highest level of the corporation. Employee empowerment Establish open lines of communication with access to information. Resources and positioning of Assign a designated high-ranking leader for process process safety capabilities safety and focus initiatives of existing safety staff. Incorporation of process safety into Clearly define process safety expectations for plant management decisions managers. Process safety culture across all Establish a common, unifying culture across all plants plants within the company. Process safety Process risk assessment and Perform an adequate and rigorous analysis of process Management systems analysis safety risks. Compliance with internal process Ensure timely compliances with standards across all safety standards plants, especially around specific equipment. Implementation of good external Provide access to information about best practices. engineering processes. Process safety knowledge and Define the level of process safety competency required competence a each staff level; ensure employees and contractors have access to process safety knowledge and training. Corporate process safety Establish corporate expectations, and translate these effectiveness into measurable criteria to manage process risk and define the role of quantitative and qualitative risk management criteria. Performance evaluation, Measuring process safety Measure both injury rates and process safety risk; corrective action and performance understand what implications process indicators have corporate oversight for process safety risk. Incident or near miss evaluations Institute effective root cause analysis of near miss or incidents, ensuring that near miss or incidents are not underreported. Process safety audits Go beyond audit reporting for compliance purposes to management of process safety; establish capabilities for comparing plant to best plant practices. Timely correction of identified Ensure follow-through to completion of corrective process safety deficiencies action recommendations. Corporate oversight Drill down into specific plant information from corporate roll-up; assess the performance against process safety management goals. Source: Energy Insights, Baker Report, 2007 ©2008 Industry Insights, an IDC Company #II215401 Page 5
  6. 6. Almost all of the essential elements of the Baker Report are tied to visibility and effective business processes. Even though the Baker Report focuses on process safety, the principals extend to many other areas of operational risk, including safety hazards, health and hygiene effects, emissions, hazardous materials, and lack of employee certification and training, to name a few. These could result in major catastrophes like Texas City or minor or slow degradation of the asset. Here's how it plays out: ● Corporate safety culture: ○ Lack of information sharing creates a "no news is good news" divisive culture. ○ Lack of access to information blocks lines of communications between leadership and employees around operational risks. ○ No clearly defined and visible expectations of performance on a number of fronts — operations, compliance, financial, environmental, personal safety, asset safety, hygiene — results in incidents or accidents. ● Systems: ○ Ineffective knowledge transfer across operating facilities and among different functions leads to incomplete knowledge. ○ Lack of education and certification processes for employees mean safety rules are followed only during inspections. ○ Compliance events could be missed due to lack of tracking and alerting capabilities. ○ Late, incomplete, or inaccurate data prevents the recognition of potentially significant events. ○ No whole plant perspective causes potentially dangerous gaps in keeping the entire facility safe and in compliance. ○ No role-based access to competency requirements, knowledge, and requirements means that employees and contractors cannot perform to expectations. ○ Lack of visibility to the management of change process can mean that training does not stick. ● Performance evaluation, corrective action, and corporate oversight: ○ No ability to access baseline and performance data leads to ineffective performance evaluation. ○ Lack of visibility into plant operations decreases accountability up the corporate chain of command. Page 6 #II215401 ©2008 Industry Insights, an IDC Company
  7. 7. ○ Lack of visibility inhibits the ability to take corrective action in advance of an adverse event. ○ No "big picture" perspective causes potentially dangerous gaps in keeping the entire enterprise compliant, safe, aware, and accountable. ○ Lack of access to best practices available within the enterprise means lost opportunity for mitigating risk. ○ Continuous improvement is inhibited by lack of data and analytical tools for root cause analysis. Asset-Intensive Industry Steps Up to the Challenge A quick review of the activities of asset-intensive industries illustrates that these companies are starting to establish programs and standards around process safety: ● BP. BP was the object of the Baker Report. According to an article in the Oil and Gas Journal, BP is taking over 1,000 action items, including mechanical renovations, safety inspections throughout the refinery, and the removal of more than 200 temporary buildings and structures. ● Chevron. Chevron has initiated a Production Process Standardization or PPS to standardize production processes throughout the global enterprise. The company has a particular focus of preventing the unwanted release of hazardous chemicals and gases. ● ConocoPhillips. In 2006, ConocoPhillips began a process to reexamine process safety indicators on both the company level and the facility level. The 2007 annual report notes the efforts of a specialized team that is auditing refining process safety to identify improvement opportunities and share best practices. ● Dow Corning. In 2005, Dow Corning identified its five-year environment, health, and safety performance improvement goals. The company's 2007 Safe Work is Our Job initiative focuses on personal safety and the key elements that define good safety practices. Over the past several years, the company increased its focus on process safety and the importance on incident reduction, with a focus on identifying and eliminating unsafe practices and procedures. The results are already visible with a 39% decrease in its Property Incident Rate (recordable property incidents such as spills, releases, fires, and explosions) from 2003 to 2007. Dow Corning also attributes the combined personal and process safety improvements with direct impact on its performance measures. ©2008 Industry Insights, an IDC Company #II215401 Page 7
  8. 8. ● Eastman Chemical. Eastman Chemical, like other companies in the chemical industry, participates in the industry's Responsible Care initiative to improve its health, safety, environmental, and security (HSES) performance. Eastman's process controls include systems that precisely control manufacturing processes within specific operating parameters. Monitoring systems use highly sensitive detectors to identify impending problems and give operators early warning to facilitate quick and effective responses. ● Shell. Shell introduced an initiative called "Goal Zero" that aims to achieve zero fatalities, accidents, and significant incidents. As part of this initiative, the company is looking at historical data from "near misses" to improve process and safety procedures. Arriving at a Comprehensive Approach to Operational Risk Information plays a key role in reducing operational risk at the mine, manufacturing plant, refinery, pipeline, or oil well. Operators, maintenance personnel, plant performance engineers, environmental personnel, and plant managers need access to information to help them monitor, measure, and manage asset safety and performance. Personnel need to have access to the data necessary to do their jobs and the tools to analyze that data. But it is not just individual access to the same information. Workers need to be able to collaborate using a consistent set of data. Information shared among similar plants can be used to establish best practices, improve process safety and, more importantly, improve plant performance. Plus information must be able to flow based on workflow or approval process to ensure that, at a very basic level, a compliance task has been completed. Information technology plays a critical role in managing asset safety and compliance. Ways that Industry Insights believes information technology can play a role in greater process safety include: ● Visibility to performance against goals. Information technology can provide role-based access to performance goals and measurement of progress against goals to employees at all levels. From a management perspective, visibility into leading and lagging indicators can help a company guide its next actions. A corporate rollup that is based on verifiable information is the ultimate goal; drill-down capabilities for performance assessment are the ideal. While having corporate executives looking over one's shoulder may not be immediately appealing, ultimately, providing this level of visibility broadens accountability. For example, if managers at the highest level of the organization are aware of potentially catastrophic situations involving assets, they can marshal the resources to remedy the situation. An integrated enterprise system can provide this capability. Page 8 #II215401 ©2008 Industry Insights, an IDC Company
  9. 9. ● An "as is" and "in context" view of the asset. In many cases, there are specific procedures for handling each asset. The "as is" condition may include the most recent inspections for mechanical integrity, most recent tests, or sensor data on equipment condition (temperature, vibration, etc.). It could also include important indicators such as mean time between failures or throughput of the asset. The "in context" views the asset as part of the process — criticality to the process, order in the process, and so forth. ● Development of best practice approaches. Asset-intensive industries can take a look at historic operations, especially "near misses," to outline potential weakness and use these to tighten process control and/or work processes. This requires extract, transport, and load (ETL) capabilities; data historians; and advanced analytics applied to the data to perform root cause or other types of analysis to determine what could have gone wrong and recommend new work practices or revised processes. Line-of- business dashboards linked to common KPI metrics could be used to drive behavior change and performance. ● Visibility to best work practices. Having new work processes is one thing, communicating them to the appropriate staff is quite another. eLearning is certainly one way to disseminate information. Other approaches involve alerting employees to new work practices linked to the asset via asset management applications that are used on a day-to-day basis. The optimal approach is to have near real-time data available on a mobile device to a worker in the plant so that worker can observe the same trend data being viewed in the control room and compare asset history and visuals to help determine whether there is only an instrumentation fault, or whether there is a potential problem. ● Workflow to guarantee adherence. Having appropriate approval processes in place is one of the recommendations of the Baker report. Automating workflow will ensure that proper review is done before a work project can be authorized. In addition, archiving work flow will make it easier to establish audit ability that the task was accomplished within the appropriate guidelines. ● Management of change. Management-of-change (MOC) programs are a major challenge for plants in terms of time, resources, and risks of fines, lawsuits, or shutdowns if initiatives fail. Automation of the content and processes for MOC helps companies reduce the administrative burden, minimize risk, and reduce costs. ● Alerting capabilities. Good practices begin with good design of a plant or mining operation. However, most high-performing assets in the world are brownfield, which is why it is important to operate plants within design limits. Safety information systems (SIS), ©2008 Industry Insights, an IDC Company #II215401 Page 9
  10. 10. paired with process control systems, already monitor the process and identify alarm conditions. However, there is a need for additional information and analysis to manage the large quantity of alarms to detect which pose the greatest risk of catastrophic results. Of course, functionality related to keeping people safe, keeping the environment safe, and keeping assets safe is essential. This functionality is contained in software applications or application modules that support a variety of areas, such as: ● Personal safety. Work permitting, lock out/tag out ● Environmental safety. Compliance tracking, emissions levels, permit exceedances notifications ● Asset safety. Asset presafety startup review (PSSR), detailed job plans, condition-based maintenance analytics Operational Intelligence — Technology to Get There What drives a company to high performance also reduces operational risk. There is a whole host of technology that can and is being used to support keeping people, the environment, and assets safe. What's interesting is that the same focus on people, process, and technology that drives a company to high performance can also be used to support a company's efforts to reduce operational risk. It's a matter of taking a comprehensive view of asset management through operational intelligence. Operational intelligence — applying analytics to operations to improve asset performance — provides a way to support day-to-day event- based decision making as well as support for continuous process improvement. The term business intelligence has been commonly applied to identify analytics that allow data from disparate systems and of varying time horizons (time series, transactional, etc.) to be analyzed to improve overall performance. In truth, the most widely applied analytics involve analysis of financial indicators or budgeting and planning, not operational data. Operational intelligence takes operations data, combined with financial data, to help a company make the best decisions about how to operate or maintain an asset in the context of the business. Figure 2 displays the technology stack that supports asset performance, asset safety, and compliance. Page 10 #II215401 ©2008 Industry Insights, an IDC Company
  11. 11. FIGURE 2 Technology for Asset Performance, Safety and Compliance CXO VP Development VP Supply VP Environ VP Risk Operations & Planning Chain Affairs Performance Engineering Presentation Layer Trader Plant Analytics Manager Integration Layer Scheduler Plant Maintenance Supply Chain Enterprise Enterprise Resource Environment Portfolio Management Asset Health & Planning Management Management( Safety Plant Operator Procurement Common Historian Interface EH&S Staff Inventory Distributed Condition Emissions Production External Controls Sensors Monitors/ Meter Data (DCS)/PLC CEM Services Environ- mental Engineer Health & Safety Plant Performance Environment Source: Energy Insights, 2008 Applications and other information technology that support operational intelligence — and as an upshot, asset performance and asset safety and compliance — include the following: ● Enterprise resource planning (ERP). ERP systems bring a critical element to the technology mix — an industry standard process platform. By using industry-accepted practices from the vendor, companies can focus on investments that improve the data integrity going into the platform and the decisions made on the information coming out. ● Environment, health, and safety. EH&S applications track compliance with a host of regulations concerning environment, health, and safety. The applications allow compliance activities and tasks to be managed as well as generate reports to meet the requirements of a variety of regulatory authorities or voluntary organizations that track corporate social responsibility or sustainability. ● Enterprise asset management (EAM). EAM applications have historically been used to manage maintenance work on the asset as well as to store asset repair history. Some applications also manage ©2008 Industry Insights, an IDC Company #II215401 Page 11
  12. 12. work clearance and the lockout/tagout of equipment. In recent years, EAM and data from process control systems delivered via historian has been coupled with advanced maintenance analytics such as condition-based maintenance, predictive maintenance, reliability centered maintenance have been assembled to strengthen plant reliability or increase plan availability and can be applied to process safety. ● Business analytics and reporting. Analytical applications, rather than tools, are an essential element of operational decision making for plant engineers, environmental coordinators, safety coordinators, performance engineers, and plant operators. The most relevant analytics are used for root cause analysis, optimizing maintenance of the asset based on a number of considerations, including safety, asset condition, asset age, asset history of operations, etc. Just as important are analytics that allow risk managers to gauge operational risk at the corporate level through techniques such as simulation. Managers can also optimize their approach, weighing all risk elements — nonperformance, emissions, and so forth — based on the likelihood of occurrence and magnitude of the risk to arrive at the optimal action. ● Data historians. These tools facilitate the delivery of time series data about the plant from sources such as distributed control systems (DCS), programmable logic controls (PLCs), production meters, fuel meters, and sensing devices. ● Mobile devices. Technologies covered include mobile devices (e.g., laptops, cellular phones), wireless networks, sensors, and RFID and the mobile workforce applications that facilitate work in the plant. ● Integration. Most plants have large investments in legacy applications, and the ability to provide easy integration between applications is a necessity. An integration framework provides this capability. ● Presentation. Data is delivered up, typically through portals, along with tools for analysis. Alternatively, the user is presented with a dashboard that provides current performance against key performance indicators or a scorecard. Role-based access is the preferred approach and must be coupled with adequate security restrictions. The key to effectively use all this technology is to take an integrated approach. If the capabilities are deployed in isolation, overall control at the individual plant and across the network of plants will be ineffective. Vendors that can provide all or most of the technology should be given preference. Page 12 #II215401 ©2008 Industry Insights, an IDC Company
  13. 13. FUTURE OUTLOOK Building a Comprehensive Operational Risk Management Program Adverse events result from a failure in process at the plant and a failure in policy in the boardroom. Companies must simultaneously reengineer processes and decisions to transform long-standing, ineffective approaches for manufacturing to go beyond responding to events or managing operational risk in a comprehensive way. This approach involves creating transparency for stakeholders as well as keeping people, assets, and the environment safe. Keeping Stakeholders Informed If companies are going to assure that operational risk is managed, they must create a culture of transparency where key information about the status of employee safety, asset performance, and environmental compliance is available to critical stakeholders. This transparency extends across the globally integrated manufacturer — from the plant floor to regional to corporate management. And the transparency must extend to external constituents that have a vested interest in assisting in risk mitigation. This broad visibility allows the enterprise to manage risk, not just in response to events but in a proactive fashion to prevent adverse events before they happen. Transparency addresses a number of issues. Today, accidents and incidents draw near-term attention with corresponding short-term solutions. When enough incidents warrant an internal or independent external effort, it represents a huge effort and is akin to sifting through the wreckage rather than creating responsibility and accountability. Left unattended, these incidents invariably increase in magnitude until a major catastrophe puts the firm under intense scrutiny and at significant risk. Of course, establishing transparency assumes consistent measures across the company, and that is not the case today. Establishing KPIs and operating metrics is a prerequisite for keeping stakeholders informed. The capabilities that underpin operational risk management transparency go well beyond reporting. The measures, processes, and personnel accountability must be geared to creating a closed approach, one that incorporates business policy in the form of operating standards into key processes. These key processes should, along with the associated information and performance metrics, be consolidated into an industry-standard process platform so firms create the visibility to operating conditions and make better proactive and corrective action decisions more quickly. Transparency, however, is no good unless it is being used by competent, responsive management; this may be the most important factor for success. ©2008 Industry Insights, an IDC Company #II215401 Page 13
  14. 14. The benefits of transparency are compelling. Visibility to conditions allows for the anticipation of potential adverse events and improves prevention. The amount of time spent responding to unexpected events can be significantly decreased, saving time and improving productivity. Keeping stakeholders informed assures that both internal and external standards are met, which, in turn, lowers the cost of compliance. The shared best practices required for transparency engender confidence in operations at all levels of the company and substantially mitigate risk. They also cross external boundaries, reaching partners that understand and comply with the focus on operational risk management policies. This ensures alignment with corporate goals and objectives, providing the means to achieve success, if visibility is maintained. Keeping the Environment Safe Companies have objectives for operating in accordance with environmental laws and corporate policy. In addition to avoiding regulatory sanctions and financial penalties, keeping the environment safe avoids damage to the corporate image and frequently comes with lower costs via more efficient energy usage. Best practice dictates that the aforementioned transparency includes applicable environmental laws and information on emissions and resource usage. There are no more regulated industries than those that make up the asset-intensive segments. The regulations are multilayered and unnecessarily vary across nations, across regions within nations, and even within municipalities. This complexity of compliance raises costs and can leave companies vulnerable to punitive penalties even for the most responsible, well intentioned companies that simply don't have visibility to potential violations. Companies will look to developing several key capabilities in their efforts to keep the environment safe. A corporatewide database that integrates the ever-changing regulatory standards with corporate mandates is essential. The solutions built to interact with this database include portfolio, operational, and business performance intelligence integrated with corporate business processes. This approach provides an early warning for potential violations and enables operational visibility ensuring compliance. These solutions provide a foundation for sustainability, enabling audits, consistent processes, and a real-time status of global operations. Additionally, as emissions trading becomes more widespread, companies with this foundation are better prepared to participate effectively. Keeping the environment safe lowers the cost of compliance, but the benefits go well beyond that, including reducing the risk of adverse events. Overall business performance is enhanced by selling emissions credits, lowering costs through greater process efficiency, and reducing the amount of energy required in manufacturing. Total Page 14 #II215401 ©2008 Industry Insights, an IDC Company
  15. 15. compliance achievement not only keeps your company out of court and out of the press but can have a positive impact on your return on capital employed. Keeping the People Safe Asset-intensive industries that put their employees in harm's way have always taken responsibility for safety seriously. However, this effort too often became an exercise in managing documentation and responding to adverse events. The objective is to make sure those documented policies and procedures are integrated in such a way that safety is managed proactively. Best practice suggests that a closed loop monitoring system can deliver this goal. The aforementioned integration is the major issue facing companies today. The lack of a comprehensive view of standard processes and practices prevents compliance and hinders the ability to protect employees. And the problem lies largely at the detail levels, including issues such as whether employees had the right training and medical baseline established, thorough follow-through on corrective measures, and tracking exposure levels. These details are known in isolation but must be made transparent in context to affect full control. Getting the integration done requires several key capabilities. The effort must start with a view of employee safety that transcends organizational boundaries that exist between human resources, asset management, industrial health/safety personnel, and external authorities. Once a culture of collaboration is established across the company, key processes can be improved and better managed, including: ● Health and safety management. Includes employee certification/training management, incident/exposure tracking, accident management, hazardous processes, emissions, and developing enterprise safety measures (KPIs) to determine annual performance ● Medical management. Establishing appropriate medical baselines for employees; recording, monitoring, and tracking of information to review at year-end to improve health benefits and reduce network care costs for the enterprise ● Material handling. Establishes access to and automation of standard operating procedures (SOPs), including safe handling requirements, normal operating procedures, transfers of information (like MSDS), notifications, emergency instructions, and any PSSR/MOC/compliance instructions (if required) ● Operational dangers. Special instructions or training required for using electrical equipment, or managing radiation emitting devices, including special procedures like lockout/tagout, work permitting, and hazardous material handling ©2008 Industry Insights, an IDC Company #II215401 Page 15
  16. 16. Assuring the health and safety of employees is the foremost benefit of course, but several other advantages can be achieved. Streamlined, integrated processes save time and hard costs. Better capture of legally required information, more complete documentation, and more accurate application of surveillance protocols will also be realized. Keeping the Assets Safe Ensuring safe operations isn't just about prevention, it's about performance as well. Including operational risk as a cornerstone of your maintenance planning has been proven to not only better protect people and the environment but increase reliability and streamline asset management processes. A large proportion of adverse events can be traced to improper operation and/or maintenance of production assets. Also, maintenance personnel are subjected to as dangerous working conditions as anyone within the company. Issues extend to unnecessary costs in reworking previously completed maintenance for safety issues (instead of getting it right the first time) and integrating safe maintenance procedures into the overall documentation repository. Essential capabilities revolve around integrating asset management processes into other vital systems such as ERP and EH&S. Doing so ensures that approaches to maintenance and asset safety are an integral part of end–to-end operational risk management, including capabilities for reliability-centric maintenance and the use of mobile devices for complete, accurate, and timely information sharing. Again, prevention shouldn't get in the way of performance. An industry-standard process platform for asset management with the attendant visibility into activity at the machine, plant, and corporatewide level will allow companies to not only control operational risk but optimize operational effectiveness. There are benefits in each of these operational risk management activities (see Table 2). A comprehensive approach assures that these benefits are captured simultaneously but requires an assessment of existing capabilities and an understanding of the necessary steps toward implementation. Page 16 #II215401 ©2008 Industry Insights, an IDC Company
  17. 17. TABLE 2 Expected Results of a Comprehensive Operational Risk Management Program Focus Benefits Keeping stakeholders informed • Proactive risk management with visibility and early warning signals • Stronger connection between company reputation and operational and environmental policies • Global workflows to produce better, higher-quality information for customers, including improved material/safety data sheets Keeping the environment safe • More forward planning to eliminate regulatory infractions and financial penalties • Lower costs and more efficient use of resources such as water and energy to lower greenhouse gas emissions • Better material handling including processes related to safety, dangerous goods tracking, and security Keeping the people safe • Reduction in serious incidents through prevention management, best practice sharing, and improved visibility • More productive, safer workforce with less downtime through accident avoidance • Certified, companywide processes for safety training and medical management Keeping the assets safe • Audit transparency and best practice sharing across operations and facilities • Cost-effective maintenance and reliability programs • Better ROA through integration of assets operations and compliance Source: Industry Insights, 2008 Levels of Maturity in Reducing Operational Risk There is a path toward improving performance. At each step of the way, a company will need to focus on moving up the ladder in sync to arrive at the next level. Figure 3 displays the levels of maturity for reducing operational risk. ©2008 Industry Insights, an IDC Company #II215401 Page 17
  18. 18. FIGURE 3 An Operational Risk Maturity Model Operational Risk Objective Stakeholders Environment People Safe Assets Safe Informed Safe Maturity Level Operational Enterprise Optimized Collaboration Market Risk Visibility to Enterprise Capabilities Centered Management Environment Asset-Linked Criticality Managed Dashboards & Optimized Knowledge Based Enterprise Portals Operations Base Maintenance Single Plant Reliability Work Order Certification Automated Standard Centered Detail Tracking Compliance Process Maintenance Manual Controlled Casual Word of Mouth Repair on Compliance Chaos Communication Work Practices Failure Tracking Source: Industry Insights, 2008 To capture the benefits of a comprehensive operational risk management program, companies must make progress to mature approaches to stakeholder transparency underpinned by increasingly sophisticated capabilities in keeping people, assets, and the environment safe. The operational risk maturity model (refer back to Figure 3) should be used to assess current capabilities, bring the various dimensions into a common state, and articulate the steps that need to be taken. This exercise will form the basis for organizing an enterprise risk management program office to manage the projects that will change behavior, transform processes, and deliver results. RECOMMENDATIONS Moving toward best-in-class performance in operational risk management requires a programmatic, deliberate approach that combines the necessary people, process, and technology elements to achieve success. People — Organizing for Network Optimization The multinational business model is losing effectiveness, and companies are moving to more of a globally integrated approach that establishes common management approaches across regions and facilities. Organizing for high-performing assets will follow this trend. Instead of isolated facilities and siloed functional responsibilities, Page 18 #II215401 ©2008 Industry Insights, an IDC Company
  19. 19. companies will want to identify expertise, standardize approaches, and share knowledge. Companies must realize, however, that there is a tremendous challenge in changing behavior deeply rooted in the old models. The key is to recognize that both executive management policy making and plant-level process execution must change synchronously and toward the same overall goal. This will equate to operational risk management responsibility organized networkwide with the ability to monitor a wired set of assets and take corrective action when necessary. Think of the new organization as a mission control or network operating center approach rather than a proximity (people at the facility) approach although the centralization may be virtual rather than a single physical location. Similarly, metrics and accountability will span the network of assets. Process — Using Common, Accepted Approaches Another part of being a globally integrated company will be the establishment of common processes across the company. Companies shouldn't spend their time on defining the process, but on making them perform consistently. Using a well established standard industry process definition will be the starting point. The execution processes will be standard, but a set of processes — the decision processes — are ripe for reengineering. Everything from deciding on new asset investment to tuning the performance of specific machine should be reviewed. The reengineering of decision processes must keep the full context of asset management maturity in mind and make sure strategic decisions are linked to tactical decisions and those decisions to operational determinations. Technology — Acquire Data, Standardize Processes, Speed Decisions Technology can play a substantial role in moving a company up the maturity model. The people and process changes must be fully understood and on their way to the appropriate changes before technology investment is started. Manufacturing Insights sees four key areas of investment in technology to support the efforts: ● M2M technology. The use of sensors, actuators, identification, and location technologies create an asset network that can provide the necessary data for monitoring assets without human intervention. This investment provides individual asset visibility. ● Process platform. An enterprise asset management application provides industry-accepted processes, enabling companies to focus on making the operational processes more consistent. This investment provides location-level asset visibility. ©2008 Industry Insights, an IDC Company #II215401 Page 19
  20. 20. ● Operational intelligence. The ability to look across all of a company's assets to assess performance on a retrospective (what happened), perspective (what is happening), and predictive (what will happen) basis will come from investment in data warehousing, analytics, and business intelligence. This investment provides networkwide asset visibility. ● Integration. The value investing in the three technology areas above is magnified if they are well integrated to each other. This not only makes reporting more consistent but removes the latency that comes with manual integration. A good starting place when investing in asset visibility is at the process platform level. This investment will facilitate the necessary changes in people and process as well as create the centerpiece of the technology investment. Modern integration capabilities will be critical so that M2M-based data can feed the processes and, in turn, the processes can feed the decision environment built from the operational intelligence investments. Actions to Consider We offer specific guidance for companies that would like to get started on an asset visibility initiative. In more detail: ● Executive sponsorship and governance. Grass roots implementations and plant-only focused initiatives improve business process efficiency, however, cannot drive overall corporate impact. Successful projects implemented by market leaders were sponsored by executive leadership — ensuring visibility to program progress, performance improvements, and reducing organizational barriers as they were identified. ● Evaluate the business case at a high level. Assess your company's ROA performance relative to industry peers. What are the implications of greater risk control and lower costs from the existing portfolio of investments? From this point, a firm can determine the levels of investment in new asset management capability that can be justified. ● Determine organization operational readiness. Is the organization, from top to bottom, ready to embrace the change, commitment and focus necessary to implement a safety and compliance approach? Application solutions, technology, and business and operational processes need to be examined to determine the changes that need to be made to ensure success. Best practice examples from industry should be used to present a clear path forward. Page 20 #II215401 ©2008 Industry Insights, an IDC Company
  21. 21. ● Determine organizational risk management maturity and identify gaps. This exercise will assist in understanding the specific capabilities that must be delivered to improve performance. Pay close attention to deficiencies in performance monitoring — it is likely that reporting is late, incomplete, and inaccurate. ● Develop an 18-month to 3-year plan and prioritize the business and operational processes. This selection may change over time, but it will serve as a baseline road map that can be changed as needs evolve and direction becomes more focused. ● Form a program office to manage overall investment. With an understanding of the overall goals and existing gaps, progress will come from not only a single project but a series of related investments that will individually produce benefits but collectively move the company toward world-class performance. ● Make asset visibility a priority. Creating transparency to operating conditions should be an early investment as it can be leveraged by all of the subsequent transformative activity. Technology tools should include the four key areas discussed in this report but should pivot on a process platform that is proven in enterprise asset management and can be easily extended to connect to individual assets and enterprisewide operational intelligence. ● Share best practices across the organization. Many best practice examples for improving operations exist across the corporation, and they need to be leveraged and shared to make the transition to common business processes easier and faster. This also contributes to culture change and creating "one team" globally to focus on achieving operational goals while ensuring compliance and reducing risks. These activities form the basis for elevating operational risk management as a business priority. Done effectively, the effort can not only lower the costs of regulatory compliance and adverse events but also increase the return on capital employed. ©2008 Industry Insights, an IDC Company #II215401 Page 21
  22. 22. Copyright Notice This IDC research document was published as part of an IDC continuous intelligence service, providing written research, analyst interactions, telebriefings, and conferences. Visit to learn more about IDC subscription and consulting services. To view a list of IDC offices worldwide, visit Please contact the IDC Hotline at 800.343.4952, ext. 7988 (or +1.508.988.7988) or for information on applying the price of this document toward the purchase of an IDC service or for information on additional copies or Web rights. Copyright 2008 IDC. Reproduction is forbidden unless authorized. All rights reserved. Page 22 #II215401 ©2008 Industry Insights, an IDC Company