who should you trust? - institute of public …...who should you trust? who should you trust? ben...

9
Who should you trust? Who Should You Trust? Ben Arnold, BHP Billiton & Alistair Purt, PwC Introductions Ben has over 15 years’ risk and governance experience in the Resources Industry. Ben is the Superintendent of Standards, Risk and Change for BHP Billiton. He has held management and supervisory positions at KBR (Global EPC contractor) and the Office of Auditor General. Qualifications Fellow of the Governance Institute (FGIA) Certified Internal Auditor (CIA) Chartered Accountant (CA) Certified Risk Management Assurance (CRMA) Certified Fraud Examiner (CFE) Bachelor of Commerce (BComm) Alistair has over 16 years’ risk and internal audit experience in the Oil & Gas Industry. Alistair is a Director of Risk Assurance at PwC. He has held management and supervisory positions at BG Group (FTSE 20 Upstream Oil and Gas), KBR (Global EPC contractor) and Centrica (FTSE 100 Utilities). Qualifications Associated Chartered Accountant (ACA) Fellow of The ICAEW BA / MA Oxford University

Upload: others

Post on 03-Apr-2020

10 views

Category:

Documents


0 download

TRANSCRIPT

Who should you trust?

Who Should You Trust?

Ben Arnold, BHP Billiton

&

Alistair Purt, PwC

Introductions

Ben has over 15 years’ risk and governance experience in the Resources Industry.

Ben is the Superintendent of Standards, Risk and Change for BHP Billiton. He has held management and supervisory positions at KBR (Global EPC contractor) and the Office of Auditor General.

Qualifications• Fellow of the Governance Institute (FGIA)• Certified Internal Auditor (CIA)• Chartered Accountant (CA)• Certified Risk Management Assurance (CRMA)• Certified Fraud Examiner (CFE) • Bachelor of Commerce (BComm)

Alistair has over 16 years’ risk and internal audit experience in the Oil & Gas Industry.

Alistair is a Director of Risk Assurance at PwC. He has held management and supervisory positions at BG Group (FTSE 20 Upstream Oil and Gas), KBR (Global EPC contractor) and Centrica (FTSE 100 Utilities).

Qualifications• Associated Chartered Accountant (ACA)• Fellow of The ICAEW• BA / MA Oxford University

Trust…?

Trust is an integral element of all business relationships.

Like it or not, third parties hold the key to your reputation and success.

So who do you need to trust and why?

Contractors

Suppliers

AgentsOutsource

DistributorsAlliances

JV partners

TransparencyConfidence

Margin & cashflowReputation

Performance

Warning Signs

The news is littered with examples of broken promises: contaminated food chains, poor labour hire practices, oil spills, the illegal dumping of toxic waste, human rights violations and over billing.

Every broken promise represents a fractured relationship and the possibility of a trust irreparably damaged. It’s at such moments that competitors can press their advantage.

Performance

Information

• Safety incidents / events• High TRIF (recordable injuries)• Significant audit findings

• Missed KPIs• Disrupted service• Poor Third Party governance

• High people turnover• Poor culture / tone at the top• Reduced capacity & capability

• Data leaks• Bad press• Regulatory breach

TSKJ Case Study

Background

• TSKJ was a joint venture formed by the U.S.’s M.W. Kellogg Co. (later became KBR), France’s Technip, Japan’s JGC, and Italy’s Snamprogetti.

• The joint venture company won four contracts worth more than US$6 billion between 1995 and 2004 to design and build liquefied natural gas facilities on Bonny Island, Nigeria. None of the participants had a majority stake in the joint venture.

• TSKJ reportedly used agents to bribe Nigerian government officials.

• The DOJ and U.S. Securities and Exchange Commission (SEC) declared that each joint venture partner had culpable knowledge because senior executives from each company, including some who were serving on the TSKJ steering committee, participated in meetings in which the bribery was discussed.

Implications / Consequences

• Together, the four multinational corporations and the Japanese trading company paid a combined US$1.7 billion in civil and criminal sanctions for the decade-long bribery scheme. These include:

o Snamprogetti and its parent company ENI = US$365 million

o Technip = $338 million

o Consortium leader KBR and its former parent Halliburton paid US$579 million.

• Nonfinancial impacts in this case included reputational damage and criminal charges against current and past joint venture parent employees.

• In addition, KBR’s FCPA violations impacted successor liability after Halliburton acquired KBR in 1998. These were based on book and record violations and Halliburton’s lack of post-acquisition vigilance. On the financial side, the FCPA and U.K. Bribery Act investigations also affected share price & capitalization.

Deepwater Horizon Case Study

Background

• The Deepwater Horizon oil spill in the Gulf of Mexico began on 20April 2010 when a failure of the cement barrier in the productioncasing led to a blowout.

• The subsequent investigation by the US Government’s Bureau ofOcean Energy Management (BOEMRE) and the US Coastguardfound that “loss of life at the Macondo site on April 20, 2010, and thesubsequent pollution of the Gulf of Mexico through the summer of2010 were the result of poor risk management, last‐minute changesto plans, failure to observe and respond to critical indicators,inadequate well control response, and insufficient emergencyresponse training.”

• It also found that, in some cases, BP’s contractors, who are jointlyand severally liable for non-compliance, had violated a number offederal regulations.

Implications / Consequences

• As a consequence of the Deepwater Horizon blowout, 11 lives were lost.

• At least 6 BP employees have been charged with criminal offences relating to the incident.

• As of February 2013, criminal and civil settlements and payments to a trust fund had cost the company$42.2 bn1. The cost to Transocean (BP’s main contractor) is expected to be in the region of US$ 1.5 bn2.

1. “Report Regarding the Causes of the April 20 2010 Macondo Well Blowout”, The Bureau of Ocean Energy Management Regulation and Enforcement (BOEMRE). 2. “Transocean to Pay $1.4 Billion to Settle Oil Spill Claims”, Bloomberg 4 January 2013.

Horse Meat Scandal Case Study

Background

• The 2013 horse meat scandal was a scandal in Europe; foods advertised as containing beef were found to contain undeclared or improperly declared horse meat – as much as 100% of the meat content in some cases.

• A smaller number of products also contained other undeclared meats, such as pork.

• The issue came to light on 15 January 2013, when it was reported that horse DNA had been discovered in frozen beefburgers sold in several Irish and British supermarkets.

Implications / Consequences

• Tesco’s reputation was hit particularly badly -$500m share price drop.

• There were complex supply chains in place – one involved 8 separate vendors and traders across 5 European countries.

• The supermarkets lacked visibility across the supply chain and did not have suitable controls to verify the end product.

• A UK House of Commons Report found “The evidence suggests a complex network of companies trading in and mislabelling beef or beef products which is fraudulent and illegal”.

1. PlanDetermine which third parties you need and how these should be structured to derive maximum benefit to your organisation.

2. ExecuteEnd to end management of third parties to ensure you are collaboratively working towards the achievement of shared objectives.

4. ImproveIdentification and action of issues identified, both

for individual third parties and for your overarching

management framework.

3. MonitorThe reporting and

assurance mechanisms used to monitor the

success of third party arrangements.

Trust Framework

Plan

Leading Practices

Clear vision and strategy for service delivery requirements

Design a consistent third party governance structure

Development of risk stratification model

Thorough due diligence procedures (including cultural alignment)

Risk based standard contract template structure

With a vast range of ‘partnership’ structures and operations across a number of

industries, your implementation of an effective governance process can be challenging.

Effective risk management within your trust relationships will depend on the nature of

the relationship including level of influence, ownership / management control and your

partners’ appetite for control monitoring and risk management.

Questions for Consideration

• Do you need to engage a third party or does your organisation already have capabilities to perform the service in-house?

• Have you performed appropriate due diligence prior to third party engagement?

• Have you prioritised and ranked your trust relationships according to risk?

• Have you selected the right third party relationship (e.g. alliance, joint venture, contract)?

• Will the third party effectively represent your organisation and align with your culture?

Execute

Leading Practices

Risk based execution model

Technology and work-flow support

Training of key personnel (including anti-trust requirements)

Defined process for contract changes and dispute resolution

Performance is based on KPIs that link to agreed objectives

Following the planning phase, it is vital to enable end to end management of third

parties. This will help ensure you are collaboratively working towards the achievement

of shared objectives.

Questions for Consideration

• Are performance metrics established and monitored?

• Do you have strategies and technology to obtain the necessary data for control information and monitoring needs?

• Do you have clear stakeholder and role definition for all aspects of the contract lifecycle?

• Do all relevant personnel have the correct knowledge, skills and experience?

• Will the provision of information between partners align with anti-trust requirements?

Monitor

Leading practices

Risk-based assurance model

Scope covers end to end third party risks (e.g. subcontractors)

Analytically driven contract compliance program

KPI based dashboard reporting (including red flags)

Successful implementation of a third party governance framework is reliant on being

able to monitor compliance and implement timely corrective actions where identified.

The most effective monitoring strategies utilise a range of assurance mechanisms within

the business and are based on the third party risks identified through the risk

management process.

Questions for Consideration

• How will risks associated with subcontractors be managed?

• Have red flags been identified and are these continually monitored?

• Does the third party have effective assurance mechanisms in place?

• What level of assurance is required and can third party assurance reports be utilised?

• Will assurance be provided by the first, second or third line of defence?

Measuring Third Party Performance

Measuring performance is an integral part of an overall third party management

programme. A well-defined third party scorecard process will help maximise

performance and drive increased savings.

Scorecards are used alongside qualitative internal performance ratings to provide

constructive feedback to third parties during scheduled reviews.

Benefits

Gives improved visibility to the performance of third parties

Allows implementation of best practice performance strategies

Drives improvement of third party performance

Builds more informed sourcing decisions

Measurement Criteria

Quality of information

Level of innovation

Financial benefit

Safety

Performance

Cultural alignment

Improve

Leading Practices

Issues are identified and resolved on a timely basis

Performance management throughout the contract lifecycle

The system of governance is subject to improvement

Joint culture of continual improvement embedded

Effective third party relationships are based on mutual respect and trust. In order to

achieve this areas for improvement must be identified, communicated and resolved in

order that problems do not escalate.

Organisations should understand the performance of third parties on a portfolio basis so

that the entire system of governance and control can be monitored and improved over

time.

Questions for Consideration

• Are contract managers sufficiently trained to identify and resolve problems?

• Are portfolio-based metrics in place and monitored?

• Are actions identified and tracked for appropriate closure?

• How often are overarching processes and controls reviewed for effectiveness?

• Is the third party relationship successful?

KPI Dashboards

Organisations are beginning to use technology and data as an enabler to monitor and

improve the performance of third parties (both individual and portfolio based).

Implementation depends on having consistent and reliable processes in place to ensure

good quality of data in addition to targeted, risk-based KPIs.

Example KPIs linked to critical success factors

• Regulatory breaches caused by supplier

• Time taken to recover from service disruption

• Number of safety incidents

• Compliance to schedule or plan

• Adherence to budget

• Employee turnover ratio

• Third party financial position

• Number of third parties meeting contract targets

• Number of contract target breaches

• Number of service reviews held with third parties

• SLA targets met / missed

Sustainable Success

• Establish strong leadership and sponsorship

• Early involvement by third parties where appropriate

• Develop innovative agreements that include 2-sided incentive plans including cost reduction incentives / commitments

• Identify continuous improvement opportunities

• Align benefit realisation to strategic objectives

• Collaborate on product / service design

• Engage in joint process improvement

• Systems integration and effective application of technology

• Shared KPIs focused on outcomes

PwC

Closing

Trust partnerships can cause significant exposure and adverse consequences to the

owner’s objectives. Implementing effective process will maximize the opportunity to

achieve both partner and owner strategic objectives.

Risk Management and Internal Audit should be active in Trust Partnership governance,

from thought leadership and support during governance strategy development through

to controls monitoring, execution of third party audits and follow-up.

The development of the right audit and risk process will include thought and definition

around the correct risk and exposures and the implementation of risk performance

criteria and monitoring.

Ongoing continuous monitoring through the process, supported by risk and audit will be

vital in ensuring that owners have an appropriate level of oversight and ultimately

comfort over trust partner operations.