Global Operational Risk Management Survey Report

Lack of Internal Alignment and Commitment of Resources to Manage Risk Threaten Corporate Business Performance

Global Survey of Executives Exposes Critical Areas of Concern for CEOs and Their Management Teams

Impact of Operational Risk on Business Performance

But to what extent are companies incorporating risk into their planning? While some of the top risks preoccupying CEOs today include terrorism, trade, climate change or regulatory policies, to name a few, these are not risks directly within their control to influence top and bottom line growth. Instead, better understanding operational risks across their company's entire value chain can enable CEOs to create and extract new value from emerging opportunities.

These operational risks come in a variety of shapes and sizes, including workplace health and safety, environment, quality control, process safety, supply chain disruptions, maintenance and reliability challenges, production fluctuations, and integrity and asset management. Their impact on business goals is vital introspection for executives, especially when considering future investments or cuts to current budgets.

For example, many large, catastrophic accidents increase after significant declines in oil prices. According to Marsh Research, the top 100 losses in 2015 were more than US$33 billion with an average loss above $130 million. Though these catastrophic events occurred for different reasons, they fit the pattern of how the decline in oil prices can impact business decisions relating to risk.

With this in mind, dss⁺ conducted a global survey of executives across a range of high-hazard industries to determine their perceptions of how risk is identified and managed within their companies, and to what extent it is incorporated into corporate objectives and goals. The survey findings indicate many executives appear to be clamoring for better ways to integrate improve safety performance and risk value protection into their business performance.

Executives’ Views of Operational Risk Management

Findings from the dss⁺ survey reveal that executives acknowledge the operational risk management processes within their companies are not sufficient.

Two findings are particularly alarming:

1. Executives recognize they are not devoting enough resources and capabilities to effectively manage risks within their companies, which threatens their continued right to operate.
2. Executives acknowledge there is a significant organizational disconnect and misalignment among leadership and employees with respect to risk management, which greatly contributes to the likelihood of a catastrophic event.

Ineffective Risk Management

According to the survey, there is a vast gap between what executives consider to be important components of successful risk management, and how effectively their companies are implementing those essential components.

Three specific findings stand out. While 90 percent of executives believe leadership commitment is important to effectively manage risk, only 38 percent consider it to be a strong component of their risk management system today. Likewise, 88 percent feel workforce engagement is important to risk management, yet only 35 percent currently consider it a strong component in their organizations. Also, while 80 percent of executives understand that organizational culture is important to effective risk management, just 21 percent feel it is a strong component in their company’s risk management system.

It is no wonder that three of every four executives (75 percent) felt operational risks in their companies were inadequately managed. More than one-third felt they did not have an adequate understanding of operational risks within their organizations, that there are critical gaps in their existing operational risk management processes, and that there is a lack of capability in their company to execute established operational risk processes.

These findings are especially alarming for companies, because the potential implications, from down time, worker injury and possible fines to loss of life and right to operate, are significant.

Organizational Misalignment to Manage Risk

In addition to acknowledging insufficient risk management within their companies, executives also realize there are significant organizational disconnects among all personnel that have a negative impact on effective risk management, according to the survey.

Generally speaking, 44 percent of executives identified leader-workforce misalignment as the biggest challenge in risk management within their organization, a concern that is made all the more clear when various roles within the company are examined. Eight of every 10 executives (80 percent) feel that senior executives are aligned in their understanding of the top operational risks within their organization, but only 45 percent feel that front-line operators have such level of alignment.

These are significant findings and a cause for alarm. The perception among surveyed executives that front- line workers are not as aligned as senior leaders in their understanding of top risks is a general indication that there is an engagement gap between leaders and front- line personnel within the organization.

If senior executives and front-line staff have different perceptions of risk, it means that the CEO is not adequately propagating his risk vision and message down to all staff. But this is a two-way street. Not only does the CEO need to be clear about his/her risk vision, but front-line staff also need to be able to communicate the operational risks that they see to their management and leadership, otherwise executives will not have an adequate understanding of risks that exist on the shop floor and on the process line. Front- line personnel understand operational risks better than others throughout the organization as they have to deal with these risks in their daily work activities. Companies should harvest the knowledge of front- line personnel to better identify risk and feed the consolidated results to leaders.

This two-way engagement will ensure consistent understanding of top risks across the company and promote an alignment in understanding operational risks. This alignment will enable the effective prioritization of resources for risk reduction.

Unless companies devote sufficient resources to the critical components of successful risk management and better align the organization to a culture committed to risk reduction across the entire value chain, operational risks will continue to negatively impact their overall business performance.

Bridging the Gap: Effectively Managing Risk to Create Value

Companies can better manage their operational risks and improve their business performance by adopting an integrated approach that links together business performance, understanding of risk and organizational culture.

Business Performance

Business performance can be greatly improved if risk management processes are appropriately aligned to business performance objectives. It is critical that companies understand, at a deeper level, the operational risks they face in order to meet business objectives. Using data more effectively can help executives better identify and manage risk. Data will help them to focus on key operational risks that have the greatest impact and not waste time and resources on background noise.

To do this, it is critical that operational risk management processes are institutionalized horizontally across the company, which means breaking information-sharing silos between departments and business units. And the same operational risk management processes must be communicated vertically, from senior executives to front-line staff, to ensure that risk information is shared freely up and down the management chain.

Understand Risks

Understanding risks helps better manage business performance, but it is important that companies focus on obtaining the correct data to determine what their unique operational risks actually are. Boards must be careful not to fall into relying upon easily measurable data instead of getting real insight into their operations so that they can make the best decisions. The first step is not only to look at safety risks, but also at critical operational risks that impact operational performance.

It is interesting to look at the most discussed and least discussed topics at Board meetings. Of course, financial, safety, health, and environment statistics, and regulatory compliance are de rigueur. But it is quite interesting that process safety is one of the least discussed topics. Other topics that are infrequently discussed are maintenance and reliability trends, asset integrity and even supply chain disruptions. This is a worrisome theme in that Boards are segregating statistical tracking of HSE events and regulatory compliance from process and operational/ production deviations.

It is important that the Board understands, manages and owns its top operational risks in the same way that it manages and owns its financial risks, regardless of regulatory requirements and performance. Good performance does not necessarily mean zero risks. Understanding risks helps the Board proactively identify performance trends that could lead to operations disruptions, instead of being reactive to events and incidents. Without a good understanding of operational risks, the Board falls victim to the “illusion of performance” where performance indicators may show positive trends, but risks remain hidden, waiting to strike anytime, surprising everyone in the future.

Creating a robust operational risk management process should not replicate or create new management systems, but should take key data from existing processes and data streams and combine them into a forward-looking view of risks. These leading indicators will help educate all levels of management of the operational risks with the most impact and align teams to better manage them. A robust operational risk management process will evaluate risk across the entire company – horizontally and vertically.

Organizational Culture

Because organizational culture is the glue that connects disparate parts of the company and its functions, it must be part of the solution. Developing a risk mindset will help employees anticipate and proactively manage risk to prevent adverse consequences on a day-to-day basis. The importance of truly showing leadership commitment cannot be overemphasized. Too many times, CEOs and other senior executives talk about culture, but they don’t "walk the talk" and demonstrate the importance of safety through their actions.

Executives must not only be held accountable to meet business performance goals, but also in identifying, evaluating, prioritizing, and managing operational risks in the company. It is important to more strongly link organizational culture into daily operations and make it part of the cultural fabric of the company. Improving individual and team capabilities in operational risk management will help enable and institutionalize this cultural change.

GLOBAL RISK SURVEY RESPONDENT DEMOGRAPHICS

• Leading high-hazard industry businesses were invited to participate in the survey.
• Representative responses across high-hazard industries including: oil & gas, chemical/ petrochemical, utilities, metals and mining, manufacturing, building and construction, and transportation.
• Results were compiled through internet submittals.
• Over 80 respondents globally.
• Over 60% of the respondents are at Business Unit Executive Director to the CEO level.
• Respondents represented companies with approximately USD $300 billion in annual revenue, with more than half having over $1B in sales and a quarter over $10B in annual revenue. Over 60% of the companies have global operations.