Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hvordan håndtere ERM i en stor organisasjon - Foredrag fra Statoil


Published on

Presentasjon fra Strategisk Frokost - Helhetlig Risikostyring - Foredrag av Eyvind Aven, Senior Advisor Corporate Risk fra Statoil i forbindelse med et Corporater event.

Published in: Leadership & Management
  • Be the first to comment

  • Be the first to like this

Hvordan håndtere ERM i en stor organisasjon - Foredrag fra Statoil

  1. 1. Hvordan håndtere ERM i en stor organisasjon Strategisk Frokost aug 2017 Eyvind Aven, Statoil
  2. 2. • Many ways of defining risks, e.g. ISO31000: − “effect of uncertainty on objectives” • Combining ISO31000, enterprise risk managemenet practices and latest academic development, Statoil has chosen: − “deviation from a reference value with associated uncertainties” • PSA similar: − “the consequences of the activities, with associated uncertainty” Risk definitions 2
  3. 3. Measuring Risk • Risk is measured in: • Impact (in mUSD or in accordance to a predefined impact scale) • Probability (understood as a knowledge-based probability) and • Uncertainty factors • Risk factors are causes or sources that influence the risk 3 The uncertainty factor is judged as high if: • The assumptions made represent strong simplifications • Data are not available, or are unreliable • There is lack of agreement/consensus among experts • The phenomena involved are not well understood
  4. 4. Seen consequences “The tree” Above the surface (obvious) The underlying Causes “The Root” Below the surface (not obvious) Risk vs Risk factor Risk factors Risk 3-6 months delay in start up of gas production on the new field X (NPV effect of postponed production) Lack of qualified engineers • Is it a RISK ? • So what ? • What is the consequence of this? Possible actions to adjust risk
  5. 5. Risk definition Risk is a deviation from a specified reference value and the associated uncertainties Reference value Downside Upside Deviation: Value of 3 bbls minus Value of 2 bbls Deviation: Value of 1 bbl minus Value of 2 bbls Reference value UpsideDownside
  6. 6. Statoil’s Risk categories Explanation of the effect categories Acreage grab and new resources from BD or Exploration Maturing of resources, business cases and technology Execution of projects Production and refining of products Sales of products, trading and financing Access Maturing Operation Market Project execution Main focus on value creation Integrity Main focus to avoid incidents Injury to people and/or Harm to environment (including security) Breach of corruption law (including corruption-related fraud) Breach of competition law Breach of sanctions Breach of anti-money laundering law SSU Access SSU Integrity Maturing Project execution Operation Market Ensure that the risk adjusting action creates value Reduce probability (ALARP) Reduce probability in a cost & benefit perspective
  7. 7. 7 Performance mgmt vs risk mgmt ?
  8. 8. 8 What Gets Measured Gets Done, But If We Measure the Wrong things The Wrong Things Will be Done And The Wrong things May be Done Very Well Relevance for Risk Management approach ? Performance mgmt vs risk mgmt ? 8 -
  9. 9. Types of Risk Management Impact Explicitly expressed through value or incident scale Compensation and/or recognition Enterprise Risk Management (ERM) Task Risk Management (TRM) for the Enterprise for an Individual (Manager or employee) Type of deviation Personal Risk Management (PRM) Expressed through indirect impact dimensions EnterpriseIndividual Focus Type of risk • Risk for whom? • Not all Risk management activities are ERM • The Asset Owner perspective (principal objectives) • Prioritize at portfolio level • The project manager focus: • delivering according to project objectives (cost, time and quality). • The project manager assesses his personal Scorecard which will influence his prioritizations • From Risk Analysis: Aven, Eyvind and Aven, Terje: September 20159 -
  10. 10. TRM vs ERM in practise: Illustrative example Project Potential delay in months Probability of delay NPV effect of delayed start up X 3-6 30% 20 mill USD Y 2-3 30% 150 mill USD TRM ERM TRM ERM TRM: Same risk level. How are we going to prioritize? ERM: Y is a larger risk Strong prioritization signal
  11. 11. Processes IT systems Status Management model today IT solution has reached end-of-life, to be replaced Challenges • Transparency due to different systems • Silo approach • Suboptimal decisions • Lack of coordination of actions - no common database • Lack of holistic management • Audit MiS as we know it Ambition to Action Several IT solutions existsManage Risk (RM100) STIR PIMS ++ 8 august 201711 Classification: Internal © Statoil ASA
  12. 12. Integrated Solution New Management model from 2018 Strengths • Support a holistic management – Integrated Ambition to Action and ERM • Common action database • Increased transparency through common interfaces RM100 Performance framework Next generation MiS 8 august 201712 Classification: Internal © Statoil ASA
  13. 13. C&L Long horizon short horizon Vision Strategy Strategic objectives Action (decisions) Risks based on activities Time perspective Indicators MiS (Ambition to Action & Risk) Goal induced Risk induced Daily management Statoil’s MiS and Time perspective Purpose Value Chain Various tools
  14. 14. Performance framework in Statoil Book CREATE LASTING VALUE Business Integrity New MiS Link between Performance Framework and new MiS “We then identify and address both upside and downside risks coming from our activities, always with a commercial mindset.” “The Ambition to Action process starts with making our strategy more concrete through strategic objectives. These describe what success looks like on a medium-term time- horizon, using an engaging and straightforward language.” “Where relevant we measure progress against strategic objectives with Key Performance Indicators (KPIs). Targets are inspired by high performers both inside and outside of Statoil. These have business driven time horizons, which will vary depending on urgency, lead times and complexity. Where possible we use relative KPIs where we compare own performance to others, and when relevant we also use shared KPIs with common targets..” “Actions are established to achieve strategic objectives or to manage risk, or both. These have clear deadlines and accountabilities.” Selection showed in “Overview”
  15. 15. Main purpose New MiS tool Role Project owner / Asset owners • Holistic view • Perform ERM • SSU & Business Integrity risks • Monetary risks: NPV after tax Economic Share • Complete ERM risk register including: • SSU and Business Integrity • Monetary risks • Risk Radar if relevant Delivery entities • Perform ERM • SSU & Business Integrity risks • Manage task risks (TRM) • Manage risk of own deliveries • Contribute to PO/AO with relevant risk information • Feedback from PO/AO on which tasks to prioritize • ERM register related to SSU and Business Integrity • Communicate relevant risk information to asset owner via Share function: • Elements in Risk register • Risk Radar Corporate staffs Risk management approach in New MiS
  16. 16. I. Risk issues that may influence risks in the future Risk Map vs Risk issue Radar Risk Map: Risks which could be revealed during the next 12 months III. Important risk factors related to risks on the risk map/register II. Sudden Risk issues that may influence risk now, but not reflected in risk register 16