© sbm offshore 2015. all rights reserved. ... 1-6.pdf12/8/2016 © sbm offshore 2015. all rights...
TRANSCRIPT
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 212/8/2016
SBM Risk Management is involved at various level in the assurance process:
Each Tender above 100 M is supported by a Risk Analysis and a Probabilistic analysis
(@Risk) to estimate Contingencies.
Monthly Risk Review for each Project
Quarterly Risk Review for each Unit/Vessel
Quarterly Risk Review for each Product Line, Regional Center and Group Function
Quarterly Risk Management Report to the SB, MB and ExCom
Risk Management in SBM
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 312/8/2016
And in decision-making process:
A well defined and communicated
Risk Appetite Statement
Country & Client Risk Analysis
Product Risk Analysis
Risk Management in SBM
But… how about other Assurance disciplines?
Are we working in silos?
Are we double-dipping?
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 412/8/2016
Integrated Risk AssuranceThe way forward…
Internal Audit
SustainabilityRegulatory Compliance
Process Safety
Enterprise Risk Management encompasses:
Aligning Strategy and Risk Appetite
Enhancing risk response decisions
Reducing operational surprises and losses
Identifying and managing multiple and cross-enterprise risks
Seizing opportunities
Improving deployment of capital(COSO – Enterprise Risk Management, September, 2004)
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 512/8/2016
3 Lines of Defence and the RAC
Risk
Incident
1st LoD
Operational Management
2nd LoD
Risk ManagementEthics & Compliance
Asset IntegrityTechnical AssuranceQuality Assurance
HSSEIT Security
Internal Control
3rd LoD
Internal Audit External LoD
Classification SocietiesFinancial Auditors
RAC(Risk Assurance Committee)
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 612/8/2016
Risk Assurance Committee (RAC)Towards Integrated assurance and control
Auditcommittee
Technical and Commercial committee
Appointment and Remuneration committee
CEO CGCO
Supervisory Board
Inte
rna
l
co
ntr
ol
Aligned mandate and scope
Integrated risk & control activities and reporting
Common methods, vocabulary and practices
Common and shared information and technology
SBM-FPSO SBM-Houston SBM OperationsSBM-
Kuala Lumpur
CFO
SBM-Europe SBM-Rio
1st line of defense
2nd line of defense
3rd line of defense
Inte
rnal A
ssu
ran
ce
CS
R
Management Board
Stakeholders expectations and regulatory requirements
Risk & Compliance
HSS
E
RAC
Disciplines
Internal
COO
Group Execution Functions
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 712/8/2016
The New FrameworkEnterprise Risk Management in SBM
TREATMENTS/CONTROLS
- Processes (GEMS)
- Codes & Standards
- Competencies
- Behaviours
COORDINATED AUDITS
LESSONS LEARNT
- New risks to be added to the RAM
- Inadequate treatment / control measures
- Not properly applied treatments / controls measures
INHERENT RISKS
Risk Assurance Map
INCIDENT MANAGEMENT
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 812/8/2016
Risk Assurance Map
It’s a living document:• Which are the potential risks?• Which are the treatment and control measures?• Which functions, within the Company, should provide
assurance?• Are there any gaps/duplication?• Are we overlapping in auditing and monitoring?• What do we learn from our audits?• What do we learn from our mistakes?
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 912/8/2016
Risk Assurance MapRisks and mitigation measures vs LoD
Extract from SBM Risk Assurance Map, Rev.17
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1012/8/2016
The New Framework
TREATMENTS/CONTROLS
- Processes (GEMS)
- Codes & Standards
- Competencies
- Behaviours
COORDINATED AUDITS
LESSONS LEARNT
- New risks to be added to the RAM
- Inadequate treatment / control measures
- Not properly applied treatments / controls measures
INHERENT RISKS
Risk Assurance Map
INCIDENT MANAGEMENT
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1112/8/2016
A new “Audit Protocol” has been released to govern how the different discipline
audits should be planned, executed and followed up on.
A common classification and rating for Audit Findings ensure the correct actions
prioritization.
The Protocol has been adopted by all assurance functions
Common Audit Protocol
Integrated Audit:
multidisciplinary audit to
increase value, minimize
business disruption and
maximize cost saving
Extract from SBM GEMS Document Management System
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1212/8/2016
RAC:
• Corporate perspective and overall governance, reporting to MB
• Risk & Assurance mapping & review.
• High level coordination of audit plans and integration opportunities
GROUP EXECUTION FUNCTIONS:
• Operational governance & assurance
• Owner of Management System assurance processes and compliance with applicable
Standards
• Coordination - and integration where possible - between disciplines
DISCIPLINE (Operational Assurance):
• Discipline Assurance
• Clarification of minimum audit requirements (e.g. frequency) as per applicable standards
• Definition of additional, discipline-specific, risk-based audit requirements
• Definition and implementation of Management System audits for their respective scope
(e.g. ISO 14001/OHSAS 18001/etc).
Audit Governance and Planning3 levels
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1312/8/2016
COORDINATED APPROACH (leading to Integration where applicable):
• Discipline Audit Plans evolving into a Coordinated Audit Plan
• Systematic/risk-based approach
• Identification and follow-up of opportunities to integrate specific audits
• Monitoring on behalf of RAC
INTEGRATED APPROACH to specific/complex risk areas:
• Identification of risk areas allowing or requiring integration amongst assurance
disciplines.
• 4 risk areas identified/selected for 2017:
1. Major Hazards/Incident (RAC/GEF/HSSE)
2. JVs (RAC/Compliance/IA)
3. Geopolitical and other strategic country risks (RAC/Risk/Strategy)
4. HR - workforce & talent management (RAC/IA/HR)
Audit Coordination & Integration
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1412/8/2016
Coordinated Assurance PlanQ3 / Q4 2016
• 1st Draft of Coordinated Assurance Plan complete consolidating all planned audits / activities across all disciplines• Audits grouped as per Risk Breakdown Structure (Corporate Assurance Plan) and across WIN – EXECUTE – OPERATE (Product Assurance Plan)• Has increased transparency and facilitated the identification of duplicate efforts
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1512/8/2016
The New Framework
TREATMENTS/CONTROLS
- Processes (GEMS)
- Codes & Standards
- Competencies
- Behaviours
COORDINATED AUDITS
LESSONS LEARNT
- New risks to be added to the RAM
- Inadequate treatment / control measures
- Not properly applied treatments / controls measures
INHERENT RISKS
Risk Assurance Map
INCIDENT MANAGEMENT
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1612/8/2016
The Risk Assurance MapIncident Management and Lessons Learnt
Extract from SBM Risk Assurance Map, Rev.17
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 1712/8/2016
Review of specific parts
November 2016
December 2016
January 2017
February 2017
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 2012/8/2016
Attendees asked themselves which were the main expectations before start of
the meeting:
- Implement comprehensive risk-based Assurance Plan jointly owned by
assurance functions
- Identify mechanisms and sources of assurance for coordination, synergy, info
sharing and action monitoring
- Align in roles and responsibilities for identification of Top Risks and ownership
of response measures
- Avoid duplication and overlapping
- Learning from mistakes
- Flexibility in accepting “other disciplines” carrying out audits (ref. integrated
audit)
What does Success look like?
© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 2112/8/2016
- Increase the process maturity (e.g. GEMS) of the mechanism to
carry out integrated audits
- How IA can help with maturity approach?
- How to integrate audits with Lessons Learnt process?
- Consolidation of info available from Clients and Third Parties (e.g.
Insurance, Certification Bodies, etc)
- Consolidation of info from IPR
- Clear definition of findings and classification
- Competency and training on process and audit content
- Increase maturity on Integrated Audit execution (4 main areas
identified for 2017):1. Major Hazards/Incident (GEF/HSSE)
2. JVs (Corporate/Compliance/IA)
3. Geopolitical and other strategic Country risks (Corporate/Risk/Strategy)
4. HR - workforce & talent management (Corporate/IA/HR)
And also…