who should you trust? - institute of public …...who should you trust? who should you trust? ben...
TRANSCRIPT
Who should you trust?
Who Should You Trust?
Ben Arnold, BHP Billiton
&
Alistair Purt, PwC
Introductions
Ben has over 15 years’ risk and governance experience in the Resources Industry.
Ben is the Superintendent of Standards, Risk and Change for BHP Billiton. He has held management and supervisory positions at KBR (Global EPC contractor) and the Office of Auditor General.
Qualifications• Fellow of the Governance Institute (FGIA)• Certified Internal Auditor (CIA)• Chartered Accountant (CA)• Certified Risk Management Assurance (CRMA)• Certified Fraud Examiner (CFE) • Bachelor of Commerce (BComm)
Alistair has over 16 years’ risk and internal audit experience in the Oil & Gas Industry.
Alistair is a Director of Risk Assurance at PwC. He has held management and supervisory positions at BG Group (FTSE 20 Upstream Oil and Gas), KBR (Global EPC contractor) and Centrica (FTSE 100 Utilities).
Qualifications• Associated Chartered Accountant (ACA)• Fellow of The ICAEW• BA / MA Oxford University
Trust…?
Trust is an integral element of all business relationships.
Like it or not, third parties hold the key to your reputation and success.
So who do you need to trust and why?
Contractors
Suppliers
AgentsOutsource
DistributorsAlliances
JV partners
TransparencyConfidence
Margin & cashflowReputation
Performance
Warning Signs
The news is littered with examples of broken promises: contaminated food chains, poor labour hire practices, oil spills, the illegal dumping of toxic waste, human rights violations and over billing.
Every broken promise represents a fractured relationship and the possibility of a trust irreparably damaged. It’s at such moments that competitors can press their advantage.
Performance
Information
• Safety incidents / events• High TRIF (recordable injuries)• Significant audit findings
• Missed KPIs• Disrupted service• Poor Third Party governance
• High people turnover• Poor culture / tone at the top• Reduced capacity & capability
• Data leaks• Bad press• Regulatory breach
TSKJ Case Study
Background
• TSKJ was a joint venture formed by the U.S.’s M.W. Kellogg Co. (later became KBR), France’s Technip, Japan’s JGC, and Italy’s Snamprogetti.
• The joint venture company won four contracts worth more than US$6 billion between 1995 and 2004 to design and build liquefied natural gas facilities on Bonny Island, Nigeria. None of the participants had a majority stake in the joint venture.
• TSKJ reportedly used agents to bribe Nigerian government officials.
• The DOJ and U.S. Securities and Exchange Commission (SEC) declared that each joint venture partner had culpable knowledge because senior executives from each company, including some who were serving on the TSKJ steering committee, participated in meetings in which the bribery was discussed.
Implications / Consequences
• Together, the four multinational corporations and the Japanese trading company paid a combined US$1.7 billion in civil and criminal sanctions for the decade-long bribery scheme. These include:
o Snamprogetti and its parent company ENI = US$365 million
o Technip = $338 million
o Consortium leader KBR and its former parent Halliburton paid US$579 million.
• Nonfinancial impacts in this case included reputational damage and criminal charges against current and past joint venture parent employees.
• In addition, KBR’s FCPA violations impacted successor liability after Halliburton acquired KBR in 1998. These were based on book and record violations and Halliburton’s lack of post-acquisition vigilance. On the financial side, the FCPA and U.K. Bribery Act investigations also affected share price & capitalization.
Deepwater Horizon Case Study
Background
• The Deepwater Horizon oil spill in the Gulf of Mexico began on 20April 2010 when a failure of the cement barrier in the productioncasing led to a blowout.
• The subsequent investigation by the US Government’s Bureau ofOcean Energy Management (BOEMRE) and the US Coastguardfound that “loss of life at the Macondo site on April 20, 2010, and thesubsequent pollution of the Gulf of Mexico through the summer of2010 were the result of poor risk management, last‐minute changesto plans, failure to observe and respond to critical indicators,inadequate well control response, and insufficient emergencyresponse training.”
• It also found that, in some cases, BP’s contractors, who are jointlyand severally liable for non-compliance, had violated a number offederal regulations.
Implications / Consequences
• As a consequence of the Deepwater Horizon blowout, 11 lives were lost.
• At least 6 BP employees have been charged with criminal offences relating to the incident.
• As of February 2013, criminal and civil settlements and payments to a trust fund had cost the company$42.2 bn1. The cost to Transocean (BP’s main contractor) is expected to be in the region of US$ 1.5 bn2.
1. “Report Regarding the Causes of the April 20 2010 Macondo Well Blowout”, The Bureau of Ocean Energy Management Regulation and Enforcement (BOEMRE). 2. “Transocean to Pay $1.4 Billion to Settle Oil Spill Claims”, Bloomberg 4 January 2013.
Horse Meat Scandal Case Study
Background
• The 2013 horse meat scandal was a scandal in Europe; foods advertised as containing beef were found to contain undeclared or improperly declared horse meat – as much as 100% of the meat content in some cases.
• A smaller number of products also contained other undeclared meats, such as pork.
• The issue came to light on 15 January 2013, when it was reported that horse DNA had been discovered in frozen beefburgers sold in several Irish and British supermarkets.
Implications / Consequences
• Tesco’s reputation was hit particularly badly -$500m share price drop.
• There were complex supply chains in place – one involved 8 separate vendors and traders across 5 European countries.
• The supermarkets lacked visibility across the supply chain and did not have suitable controls to verify the end product.
• A UK House of Commons Report found “The evidence suggests a complex network of companies trading in and mislabelling beef or beef products which is fraudulent and illegal”.
1. PlanDetermine which third parties you need and how these should be structured to derive maximum benefit to your organisation.
2. ExecuteEnd to end management of third parties to ensure you are collaboratively working towards the achievement of shared objectives.
4. ImproveIdentification and action of issues identified, both
for individual third parties and for your overarching
management framework.
3. MonitorThe reporting and
assurance mechanisms used to monitor the
success of third party arrangements.
Trust Framework
Plan
Leading Practices
Clear vision and strategy for service delivery requirements
Design a consistent third party governance structure
Development of risk stratification model
Thorough due diligence procedures (including cultural alignment)
Risk based standard contract template structure
With a vast range of ‘partnership’ structures and operations across a number of
industries, your implementation of an effective governance process can be challenging.
Effective risk management within your trust relationships will depend on the nature of
the relationship including level of influence, ownership / management control and your
partners’ appetite for control monitoring and risk management.
Questions for Consideration
• Do you need to engage a third party or does your organisation already have capabilities to perform the service in-house?
• Have you performed appropriate due diligence prior to third party engagement?
• Have you prioritised and ranked your trust relationships according to risk?
• Have you selected the right third party relationship (e.g. alliance, joint venture, contract)?
• Will the third party effectively represent your organisation and align with your culture?
Execute
Leading Practices
Risk based execution model
Technology and work-flow support
Training of key personnel (including anti-trust requirements)
Defined process for contract changes and dispute resolution
Performance is based on KPIs that link to agreed objectives
Following the planning phase, it is vital to enable end to end management of third
parties. This will help ensure you are collaboratively working towards the achievement
of shared objectives.
Questions for Consideration
• Are performance metrics established and monitored?
• Do you have strategies and technology to obtain the necessary data for control information and monitoring needs?
• Do you have clear stakeholder and role definition for all aspects of the contract lifecycle?
• Do all relevant personnel have the correct knowledge, skills and experience?
• Will the provision of information between partners align with anti-trust requirements?
Monitor
Leading practices
Risk-based assurance model
Scope covers end to end third party risks (e.g. subcontractors)
Analytically driven contract compliance program
KPI based dashboard reporting (including red flags)
Successful implementation of a third party governance framework is reliant on being
able to monitor compliance and implement timely corrective actions where identified.
The most effective monitoring strategies utilise a range of assurance mechanisms within
the business and are based on the third party risks identified through the risk
management process.
Questions for Consideration
• How will risks associated with subcontractors be managed?
• Have red flags been identified and are these continually monitored?
• Does the third party have effective assurance mechanisms in place?
• What level of assurance is required and can third party assurance reports be utilised?
• Will assurance be provided by the first, second or third line of defence?
Measuring Third Party Performance
Measuring performance is an integral part of an overall third party management
programme. A well-defined third party scorecard process will help maximise
performance and drive increased savings.
Scorecards are used alongside qualitative internal performance ratings to provide
constructive feedback to third parties during scheduled reviews.
Benefits
Gives improved visibility to the performance of third parties
Allows implementation of best practice performance strategies
Drives improvement of third party performance
Builds more informed sourcing decisions
Measurement Criteria
Quality of information
Level of innovation
Financial benefit
Safety
Performance
Cultural alignment
Improve
Leading Practices
Issues are identified and resolved on a timely basis
Performance management throughout the contract lifecycle
The system of governance is subject to improvement
Joint culture of continual improvement embedded
Effective third party relationships are based on mutual respect and trust. In order to
achieve this areas for improvement must be identified, communicated and resolved in
order that problems do not escalate.
Organisations should understand the performance of third parties on a portfolio basis so
that the entire system of governance and control can be monitored and improved over
time.
Questions for Consideration
• Are contract managers sufficiently trained to identify and resolve problems?
• Are portfolio-based metrics in place and monitored?
• Are actions identified and tracked for appropriate closure?
• How often are overarching processes and controls reviewed for effectiveness?
• Is the third party relationship successful?
KPI Dashboards
Organisations are beginning to use technology and data as an enabler to monitor and
improve the performance of third parties (both individual and portfolio based).
Implementation depends on having consistent and reliable processes in place to ensure
good quality of data in addition to targeted, risk-based KPIs.
Example KPIs linked to critical success factors
• Regulatory breaches caused by supplier
• Time taken to recover from service disruption
• Number of safety incidents
• Compliance to schedule or plan
• Adherence to budget
• Employee turnover ratio
• Third party financial position
• Number of third parties meeting contract targets
• Number of contract target breaches
• Number of service reviews held with third parties
• SLA targets met / missed
Sustainable Success
• Establish strong leadership and sponsorship
• Early involvement by third parties where appropriate
• Develop innovative agreements that include 2-sided incentive plans including cost reduction incentives / commitments
• Identify continuous improvement opportunities
• Align benefit realisation to strategic objectives
• Collaborate on product / service design
• Engage in joint process improvement
• Systems integration and effective application of technology
• Shared KPIs focused on outcomes
PwC
Closing
Trust partnerships can cause significant exposure and adverse consequences to the
owner’s objectives. Implementing effective process will maximize the opportunity to
achieve both partner and owner strategic objectives.
Risk Management and Internal Audit should be active in Trust Partnership governance,
from thought leadership and support during governance strategy development through
to controls monitoring, execution of third party audits and follow-up.
The development of the right audit and risk process will include thought and definition
around the correct risk and exposures and the implementation of risk performance
criteria and monitoring.
Ongoing continuous monitoring through the process, supported by risk and audit will be
vital in ensuring that owners have an appropriate level of oversight and ultimately
comfort over trust partner operations.