industrial firms must embed risk based thinking into their operations
TRANSCRIPT
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
1
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Risk-based thinking is not a new concept for firms. The consideration of business risks has
always formed a core component of executive team discussions and the approach and
framework for understanding and analyzing these risks has changed little over many years,
reflecting a relatively stable operational landscape. In recent years however, rapid and
profound shifts in the operational landscape of firms, particularly those operating in the
industrial sector, has seen the breakdown of these frameworks. Firms are now more global
than ever with larger and more complex supply chains. Firms need to manage an ever
expanding list of legislative requirements and the explosion in social media means their
activities are scrutinized more closely than ever before. This combination of factors demands
firms overhaul their operational risk management (ORM) strategies and make them relevant for
today’s unique and evolving business challenges.
While firms increasingly accept the need to transform their ORM strategies, many are struggling
with how to design a strategy which is appropriate for today’s more complex operational
landscape. In tackling this issue, firms are seeking answers to a core set of questions. What
does ORM mean to my business? Where are the issues with my firm’s approach to ORM? What
is the business value in enhancing the ORM strategy and approach at my firm? What is the
relationship between ORM and Operational Excellence (OE)?
To answer these questions, DuPont Sustainable Solutions (DSS) commissioned independent
analyst firm Verdantix to undertake an independent research study involving interviews with 75
senior leaders. A total of 66 interviews were conducted with firms from the following eight
industries: Chemicals/Fertilizer/Petrochemicals, Food & Beverage Manufacturing, Healthcare,
Mining & Metals, Oil & Gas Downstream, Oil & Gas Upstream, Transport, Utilities. A further
nine interviews were conducted with affiliated trade associations. The senior leaders from the
66 industrial firms were almost all in risk or operational roles (59 interviews) with the remaining
seven interviews conducted with individuals in environment, health and safety (EH&S) and
project management roles. The interviewees were located across the following ten countries:
Australia, Canada, France, Germany, UK, USA, China, India, Saudi Arabia and the United Arab
Emirates. All firms (excluding the trade associations) have annual revenues in excess of $1
billion.
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
2
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Firms Demand Comprehensive Upgrades to Established ORM Programs
Effective risk management has never been more critical for large businesses. Today, these
businesses are forced to wrestle with increasingly complex supply chains, a growing roster of
legislative requirements and unprecedented social-media fueled scrutiny of their operations.
With risk management growing in significance, to what extent do firms have suitable
operational risk management (ORM) programs in place?
ORM programs are widely deployed. Across the 66 interviews with industrial sector
firms, 91% stated that ORM had been adopted in some way across their organization
(see figure 1). Only 3% of firms had no ORM program in place.
Figure 1, n=66
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
3
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
ORM programs vary by sector. At the highest possible level, ORM programs are
concerned with assessing, prioritizing, mitigating and monitoring risks across the entire
operational footprint of an organization. While this overarching definition carries broad
agreement, applying this to different sectors creates divergence in terms of the focus of
the programs.
“I think the definition of operational risk management varies. Mining & Metals, Oil &Gas and heavy manufacturing are deeply focused on employee and public safety” (Finance Industry Association) “I always look at ORM in terms of license to operate. You need to make sure you are complying with all regulations and rules related to environment, energy, emissions, safety and health. You need to ensure the product is at the right quality, is safe to use, can be transported safely and securely and that through all this, your business remains competitive” (Steel Association)
Firms favor health and safety metrics for assessing operational risk. Interviewees were
asked to provide examples of metrics they used to assess operational risk. While there
was significant variation in the responses received, health and safety related metrics
emerged strongly including injury rate, incident rate and lost time with injuries
“Assessment of work-related Injuries is how we assess performance.” (Transport)
Firms target widespread improvements to ORM programs. The interviewees from the
industrial firms were asked how important it is for their firm to improve performance
across five major areas of ORM over the next 12 months (see figure 2). Across each area,
at least 75% of firms said it was important or very important to improve performance
over the next year. “Risk control processes and governance” was the area that recorded
the highest number of responses in the very important category (45%) and “Setting risk
targets” was the area with the highest number of very important and important
responses (86%).
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
4
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Figure 2, n=66
Safety, Compliance, and Reputation Drive Investment in ORM
Large industrial firms have established a shared understanding of ORM and most have some
sort of ORM program in place. What are the drivers behind this widespread adoption? In which
parts of the business is ORM most important? This research reveals some distinctive trends:
Safety is the most critical driver for ORM. When asked to rate the importance of eight
separate drivers for investing in ORM, 85% of firms rated safety as “very important” –
higher than any other driver (see figure 3). This trend emerges again when interviewees
are asked to identify the operational areas in which ORM is most important. In this
question, employee safety emerges as the most important area with 82% of interviews
rating this as “very important” (see figure 4).
“Employee safety and health is our major operational risk” (Oil & Gas, Upstream)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
5
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Figure 3, n=66
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
6
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Figure 4, n=66
Compliance continues to drive spending on ORM. Compliance has traditionally been
seen as the most prominent driver in risk management and ORM. This research still
shows it as a key driver (with 74% of interviewees rating it as “very important”) but
secondary to safety. Compliance-focused ORM can vary in maturity level, spanning from
Excel based audits to the integration of comprehensive regulatory databases.
“We need to keep on top of changes to environmental regulations as it impacts every
part of our business, from manufacturing through to distribution. We have realized that
we may have to spend more on complying with regulations than planned” (Food &
Beverage)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
7
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Firms invest in ORM to steer clear of reputational issues. Reputation is the third
highest rated driver for investment into ORM with nearly 90% of respondents describing
it as ‘important’ or ‘very important’. It is also worth noting that reputation is often a
highly significant secondary driver of ORM. Some interviewees stated that safety and
compliance risks have to be effectively managed in order to protect business reputation.
“Firms in high hazard industries are very aware that if a serious event occurs the
ultimate price could be the future of the firm. Firms have been known to disappear as a
result of serious incidents” (Chemicals Industry Association)
Avoiding unplanned shutdowns is an important ORM driver for 96% of firms.
Unplanned shutdowns can be highly damaging to the cash flow positions of
organizations. They typically carry with them a level of urgency which forces
management attention to be diverted from executing on broader strategic plans. While
a greater number of respondents classified ‘maintain license to operate’ as a very
important driver, unplanned shutdowns are considered significant due to the near
unanimous view that it was either an important or very important driver.
“The fact is that if you do proper maintenance of your assets, you will not have
operational problems, unplanned shutdowns, or unplanned costs.”
(Food and Beverage Manufacturing)
ORM drives improved Operational Excellence performance. While not included as a
specific option within figure 3, a number of the interviewees commented on how ORM
was being used as a tool to drive better performance in their operational excellence
(OE) programs. The trade association interviews revealed that rather than treating ORM
as a “check the box” exercise, leading firms are looking at the long- term benefits of
ORM by focusing not only on significant operational risks, but also changing customer
requirements and even opportunities to develop new offerings.
“Operational risk management is the critical review of operations that feed into your
operational excellence program. (Mining & Metals Industry Association)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
8
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Firms Face Headwinds in Deploying Effective ORM Programs
There are a number of powerful factors driving investment in ORM including safety, compliance
and reputational concern. Most firms have responded to these drivers by developing an ORM
strategy but this alone is not sufficient for an effective ORM program. In order to be successful,
it is imperative the ORM strategy focuses on the relevant areas of the business. With a suitable
strategy in place, funding then needs to be made available to convert the strategy into an
ongoing program. This research reveals a number of prominent hurdles (see figure 5) firms
face in securing sufficient funding for ORM programs:
Senior executives fail to distinguish ORM from financial risk management. This study
asked interviewees to rate the significance of five different barriers to investing in ORM.
Lack of understanding of ORM among senior executives emerged as the barrier most
frequently rated as “very significant” (35% of respondents). Further insights from the
interviews indicate that for some senior executives, moving away from their traditional
financial risk mindset is a major challenge.
“Investors who are not industry players create challenges in implementing effective
operational risk management strategies. They want to maximize the return on their
investment and see investment in safety, environment and communities as denting their
returns” (Finance Industry Association)
ORM is not recognized as a discrete program which requires dedicated funding. Where
risk management practices are considered to be fully embedded within a firm’s
operations, it can be challenging to secure funding for a dedicated ORM program. For
26% of the firms interviewed, managing risk as part of current day-to-day operations is
identified as a very significant barrier to investing in ORM.
“ORM should not be seen as a corporate initiative - it should be embedded in day to day
business.” (Mining & Metals)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
9
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
ORM programs lose out to other internal investment initiatives. Investing in risk
management can be seen as similar to investing in insurance, where the return on
investment is not a useful measure of the value of the investment. This means the
business case for ORM needs to be defined differently than other internal initiatives
competing for funding. As a result, it can be difficult to secure funding for ORM
programs. In this study, 35% of respondents told us that the lack of a proper business
case is a ‘very significant’ or ‘significant’ barrier to ORM investment and another 65%
said the lack of available budget was a significant or very significant barrier.
Unfortunately, the true value of an effective ORM program often only becomes
apparent when the impacts of a deficient ORM program are exposed.
“It is quite hard for people to see the return on an investment. If you have a BP Gulf of
Mexico event, everyone can see the cost of having failed to deploy an effective ORM
strategy”. (Finance Industry Association)
Figure 5, n=66
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
10
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Seven Steps for Developing a Successful ORM Strategy
Major shifts in the operational landscape of large global industrial firms have exposed them to a
much deeper and more complex network of risks. Driven largely by concerns around safety,
compliance and reputational integrity, firms are looking to overhaul long-standing ORM
strategies to make them relevant for today’s operating environment. Beyond the core objective
of mitigating business risks, leading firms are using ORM to help drive OE programs and
increase the resiliency of the business.
Despite the strong set of drivers, ORM programs can be starved of funding. Misunderstanding
of ORM by senior executives, lack of recognition of ORM as a discrete program, and
competition with other initiatives all create investment challenges for ORM programs.
Seven steps should be taken to develop and activate a successful ORM strategy:
1. Secure approval/consensus and leadership at the corporate level. An ORM program
will only be truly effective if it is championed at the very top of the organization. Senior
leaders in the corporate function need to be accountable for risk management and drive
this approach down across the organization. Many firms have already been successful in
taking this step with 79% of interviewed firms stating that risk ownership and
accountability for risk management is assigned centrally at the corporate level (see
figure 6).
“It is essentially a top down delivery program. Our board has set up direct input from
the functional teams who carry out country controls. We have quarterly meetings where
we discuss updates from employees on how we can achieve operational success.”
(Utilities)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
11
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Figure 6, n=66
2. Introduce risk accountability across the organization. Without buy-in at the corporate
level, firms are unlikely to be effective in rolling out an enterprise wide ORM program.
At the same time, this senior level support is only one ingredient for success. Employees
across every level of the organization need to be trained to incorporate risk-based
thinking into their day-to-day jobs. They need to be accountable for the risks within
their immediate area of control. The results from this study show that 38% of shop-floor
employees are not held accountable for risks management (see figure 6)
“Enhanced risk prevention / control at every level ensures operational excellence.
Continuous examination and inspection of risks is also part of this.” (Transport)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
12
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
3. Agree to timely risks assessments. Ensuring operational risk assessments are completed
on a timely basis is a key component in any ORM strategy. These risk assessments help
ensure firms stay on top of new compliance requirements and prevent risk management
from slipping off the agenda. The required frequency of the audit will be determined by
the precise characteristics of each firm and its operational footprint. Among the
interviewees for this study, 92% of firms were conducting risk assessments on at least
an annual basis (see figure 7).
“Self-assessments and routine audits by third party verification firms are in place to
control risks.” (Oil & Gas Downstream)
Figure 7, n=66
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
13
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
4. Quantify and prioritize risks. An effective ORM program is able to quantify and
prioritize the identified risks, enabling mitigation efforts to be targeted in the most
effective way. Managing an optimized ORM program requires that risks are quantified in
terms of probability and severity, as well as the calculation of costs and benefits of
mitigating a risk versus allowing the risk to remain as is. It is this multi-faceted
calculation which helps determine the mitigation action (if any) that needs to be taken.
“Based on the risk metrics, we improve the risk management system. We have 5x5
metrics which comes to 25, which we then use to evaluate day to day operations. If a risk
score goes above 12, then it will be considered as moderate or high risk. We will apply
the highest priority based on the metrics calculated.” (Food & Beverage)
5. Establish appropriate metrics and KPI’s to monitor and assess performance.
Establishing the correct risk monitoring metrics and KPIs is one of the most important
steps in the ORM program. By establishing metrics, firms can ensure that the
appropriate effort and resources are expended based on the risk profile of the business.
A number of firms are already aware of the criticality of this step and therefore
supplement the development of their own metrics with advice and guidance from other
sources (see figure 8).
“For every improvement we make, we tend to establish a set of KPIs to make a
measurement of the success of the improvement. Generally, one of those KPIs will be
related to risk management. (Mining & Metals)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
14
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Figure 8, n=66
6. Implement consistent, well-documented and cost effective controls. Once the priority
risks are quantified and identified and the monitoring metrics and KPIs established, it is
necessary to implement control measures to actively mitigate these risks. From the
firms interviewed, 98% felt they already had at least adequate controls already in place
(see figure 9). In contrast, only 27% described these controls as cost-effective,
suggesting an opportunity to find better options for managing and controlling the
identified risks.
“Having standardized processes and procedures in place for risk mitigation is an
essential attribute of a successful risk management strategy.” (Food & Beverage)
INDU
Copyright © 2015 E.I. du Pont de Nemours and Company. All rights reserved. The DuPont Oval Logo, DuPont™, and The miracles of science™ are registered trademarks or trademarks of
DuPont or its affiliates.
15
INDUSTRIAL FIRMS MUST EMBED RISK BASED
THINKING INTO THEIR OPERATIONS
Figure 9, n=66
7. Reinforce the importance of risk management through regular communications.
Establishing a regular timetable of communication on ORM performance is an effective
way of maintaining engagement on the subject. Tailor communications to specific levels
and functions of the organizations to address different priorities and focus areas. Linking
the impact of ORM to broader programs, such as operational excellence, will boost
engagement by making the benefits of ORM more tangible.
“We have monthly reports & information on operational risk management that is sent to
everybody stating what is being done & what went wrong and what went right.”
(Transport)