risk reporting and management
TRANSCRIPT
Agenda
• Risk in a business context
• Why is risk reporting important?
• Risk Management Process
3 May 2023 PAGE 2
Risk – From a business perspective
3 May 2023 PAGE 3
• Google’s early days: A startup taking on established, deep pocketed players
• Difficulty to source local content
• Algeria implemented an additional tax on oil production
A B
C
A Balanced View – Risk vs Rewards
• A business case needs to look at more than the strategic fit, profitability (NPV) etc.
• It needs to carefully consider and report key risks associated with the proposed investment.
3 May 2023 PAGE 6
Why is Risk reporting important?
• Decision makers may not be aware of all the project details
Furthermore:• Decision makers can take a portfolio view of risks
– Exposure to particular risk across different projects can be viewed together
• They can look at mitigation plans
3 May 2023 PAGE 7
Risk Management is a 3 step process
1.Risk identification – what are the risks?
2.Risk assessment – To understand their likelihood
and potential impact
• Qualitative and quantitative
3.Risk response – how can we reduce the risk
likelihood and impact?
3 May 2023 PAGE 8
Risk IdentificationPEST Framework
• Political - war, crisis, political instability, legislation local and international, contractual provisions, arbitration and jurisdiction provision, tax implications
• Economic and Financial Risks general economic climate, financial markets, funding, interest, inflation, oil and commodity prices.
• Social and Environmental Risk-pollution, laws/regulation, unions, oil spill
• Technical Risks - production/reserves, i.e. a risk analysis must show the consequences of expectation and low estimates.
3 May 2023 PAGE 10
Risk IdentificationAdditional Risks
• Business Continuity- Document retention, succession.
• Management and Organizational and HR Risks- human resources, personal injury/death of personnel, communication systems/infrastructure, data integrity and processing, corporate structure, accounting systems, right strategies, growth, change readiness, subcultures.
• Commercial and Operational Risks - Change of Competitive structure, risk related to non-performance of contractual obligations by suppliers, buyers, debtors or creditors, lack of project control, cost overruns and delays,
• Communication, IT Processes - safeguarding the A.P. Møller -Maersk name and image, standardization.
3 May 2023 PAGE 11
Risk Identification - Only important risks
Laundry list of all possible risks is not an answer!
• Do not list all conceivable risks in the world – it does not help anyone!
• Internal: Ask experienced colleagues/team members/steering committee
• External: Interviews, data providers, Economist Intelligence Unit
Focus only on key risks.
3 May 2023 PAGE 12
Risk assessment – Quantitative
• Scenarios:• Sensitivity modelling:• Monte Carlo simulation:
3 May 2023 PAGE 14
Risk Assessment - Qualitative
Catastrophic (5)
Major (4)
Moderate (3)
Minor (2)
Insignificant (1)
Rar
e (1
) U
nlik
ely
(2)
Poss
ible
(3)
Prob
able
(4)
Alm
ost C
erta
in (5
)
Impact
Risk Levels
Very high
High
Medium
Low Lik
elih
ood
The position of the risk levels in the heat map is to be finally determined by senior management.
3 May 2023 PAGE 15
Impact
Low
Medium
High
Low
Medium
High
Like
lihoo
d
Political risk
Tax exposure
Delay/ Cost overrun
Personnel for operation
FSO accident with another vessel or platform
Well Performance during
operation
MOG’s risk assessment model
Level Descriptor Relative impact on objectives
Explanation
1 Insignificant <1% Day to day mishaps. Low short term and no long term impact. Unlikely to damage objectives. (E.g. infrequent schedule delays).
2 Minor 1-5% Low short and low long term impact. Only negligible damage to objectives. (E.g. loss of area key client or repetitive document / service failures).
3 Moderate 6-25% High short term and low long term impact. Noticeably affect to objectives. (E.g. loss of global key client or short term production loss).
4 Major 26-80% Major single event with high short term impact and some long term consequences. Harm or impediment to objectives. (E.g. breach of platform security, oil spill, or lack of expertise).
5 Catastrophic 81-100% Event which could wipe out our continued business in a particular segment. Destruction of objectives.
Level Descriptor Likelihood of occurrence within (e.g.) one year
Explanation
1 Rare < 2% The risk may occur in exceptional circumstances.
2 Unlikely 2-10% The risk is uncommon to occur, but may do so under certain conditions.
3 Possible 11-25% The risk may occur.
4 Probable 26-70% The risk is likely to occur once.
5 Almost Certain >70% The risk is very likely to occur once or more frequently.
3 May 2023 PAGE 16
Risk response
How do we mitigate risk impact?
• Avoidance: Exit activity• Reduction: Action to reduce likelihood or impact• Sharing: Reducing impact by transferring risk – normally at a
cost (insurance, hedging, partnership, outsourcing)
• Acceptance: If risk is within our risk appetite, we live with it.
Any examples?
3 May 2023 PAGE 17