© sbm offshore 2015. all rights reserved. ... 1-6.pdf12/8/2016 © sbm offshore 2015. all rights...

12/8/2016

© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com

© SBM Offshore 2015. All rights reserved. www.sbmoffshore.com 212/8/2016

SBM Risk Management is involved at various level in the assurance process:

Each Tender above 100 M is supported by a Risk Analysis and a Probabilistic analysis

(@Risk) to estimate Contingencies.

Monthly Risk Review for each Project

Quarterly Risk Review for each Unit/Vessel

Quarterly Risk Review for each Product Line, Regional Center and Group Function

Quarterly Risk Management Report to the SB, MB and ExCom

Risk Management in SBM


And in decision-making process:

A well defined and communicated

Risk Appetite Statement

Country & Client Risk Analysis

Product Risk Analysis

Risk Management in SBM

But… how about other Assurance disciplines?

Are we working in silos?

Are we double-dipping?


Integrated Risk AssuranceThe way forward…

Internal Audit

SustainabilityRegulatory Compliance

Process Safety

Enterprise Risk Management encompasses:

Aligning Strategy and Risk Appetite

Enhancing risk response decisions

Reducing operational surprises and losses

Identifying and managing multiple and cross-enterprise risks

Seizing opportunities

Improving deployment of capital(COSO – Enterprise Risk Management, September, 2004)


3 Lines of Defence and the RAC

Risk

Incident

1st LoD

Operational Management

2nd LoD

Risk ManagementEthics & Compliance

Asset IntegrityTechnical AssuranceQuality Assurance

HSSEIT Security

Internal Control

3rd LoD

Internal Audit External LoD

Classification SocietiesFinancial Auditors

RAC(Risk Assurance Committee)

https://www.google.it/url?sa=i&rct=j&q=&esrc=s&source=images&cd=&cad=rja&uact=8&ved=0ahUKEwjmveSWorbLAhXDVxoKHTp0ALsQjRwIBw&url=https://psnet.ahrq.gov/primers/primer/21/systems-approach&bvm=bv.116573086,d.d2s&psig=AFQjCNG2OuIg_slEvMvHopeCVb-IipMYPw&ust=1457704362221278


Risk Assurance Committee (RAC)Towards Integrated assurance and control

Auditcommittee

Technical and Commercial committee

Appointment and Remuneration committee

CEO CGCO

Supervisory Board

Inte

rna

l

co

ntr

ol

Aligned mandate and scope

Integrated risk & control activities and reporting

Common methods, vocabulary and practices

Common and shared information and technology

SBM-FPSO SBM-Houston SBM OperationsSBM-

Kuala Lumpur

CFO

SBM-Europe SBM-Rio

1st line of defense

2nd line of defense

3rd line of defense

Inte

rnal A

ssu

ran

ce

CS

R

Management Board

Stakeholders expectations and regulatory requirements

Risk & Compliance

HSS

E

RAC

Disciplines

Internal

COO

Group Execution Functions


The New FrameworkEnterprise Risk Management in SBM

TREATMENTS/CONTROLS

- Processes (GEMS)

- Codes & Standards

- Competencies

- Behaviours

COORDINATED AUDITS

LESSONS LEARNT

- New risks to be added to the RAM

- Inadequate treatment / control measures

- Not properly applied treatments / controls measures

INHERENT RISKS

Risk Assurance Map

INCIDENT MANAGEMENT


Risk Assurance Map

It’s a living document:• Which are the potential risks?• Which are the treatment and control measures?• Which functions, within the Company, should provide

assurance?• Are there any gaps/duplication?• Are we overlapping in auditing and monitoring?• What do we learn from our audits?• What do we learn from our mistakes?


Risk Assurance MapRisks and mitigation measures vs LoD

Extract from SBM Risk Assurance Map, Rev.17


The New Framework

TREATMENTS/CONTROLS

- Processes (GEMS)

- Codes & Standards

- Competencies

- Behaviours

COORDINATED AUDITS

LESSONS LEARNT




INHERENT RISKS

Risk Assurance Map

INCIDENT MANAGEMENT


A new “Audit Protocol” has been released to govern how the different discipline

audits should be planned, executed and followed up on.

A common classification and rating for Audit Findings ensure the correct actions

prioritization.

The Protocol has been adopted by all assurance functions

Common Audit Protocol

Integrated Audit:

multidisciplinary audit to

increase value, minimize

business disruption and

maximize cost saving

Extract from SBM GEMS Document Management System


RAC:

• Corporate perspective and overall governance, reporting to MB

• Risk & Assurance mapping & review.

• High level coordination of audit plans and integration opportunities

GROUP EXECUTION FUNCTIONS:

• Operational governance & assurance

• Owner of Management System assurance processes and compliance with applicable

Standards

• Coordination - and integration where possible - between disciplines

DISCIPLINE (Operational Assurance):

• Discipline Assurance

• Clarification of minimum audit requirements (e.g. frequency) as per applicable standards

• Definition of additional, discipline-specific, risk-based audit requirements

• Definition and implementation of Management System audits for their respective scope

(e.g. ISO 14001/OHSAS 18001/etc).

Audit Governance and Planning3 levels


COORDINATED APPROACH (leading to Integration where applicable):

• Discipline Audit Plans evolving into a Coordinated Audit Plan

• Systematic/risk-based approach

• Identification and follow-up of opportunities to integrate specific audits

• Monitoring on behalf of RAC

INTEGRATED APPROACH to specific/complex risk areas:

• Identification of risk areas allowing or requiring integration amongst assurance

disciplines.

• 4 risk areas identified/selected for 2017:

1. Major Hazards/Incident (RAC/GEF/HSSE)

2. JVs (RAC/Compliance/IA)

3. Geopolitical and other strategic country risks (RAC/Risk/Strategy)

4. HR - workforce & talent management (RAC/IA/HR)

Audit Coordination & Integration


Coordinated Assurance PlanQ3 / Q4 2016

• 1st Draft of Coordinated Assurance Plan complete consolidating all planned audits / activities across all disciplines• Audits grouped as per Risk Breakdown Structure (Corporate Assurance Plan) and across WIN – EXECUTE – OPERATE (Product Assurance Plan)• Has increased transparency and facilitated the identification of duplicate efforts


The New Framework

TREATMENTS/CONTROLS

- Processes (GEMS)

- Codes & Standards

- Competencies

- Behaviours

COORDINATED AUDITS

LESSONS LEARNT




INHERENT RISKS

Risk Assurance Map

INCIDENT MANAGEMENT


The Risk Assurance MapIncident Management and Lessons Learnt



Review of specific parts

November 2016

December 2016

January 2017

February 2017


Back-up slides


Attendees asked themselves which were the main expectations before start of

the meeting:

- Implement comprehensive risk-based Assurance Plan jointly owned by

assurance functions

- Identify mechanisms and sources of assurance for coordination, synergy, info

sharing and action monitoring

- Align in roles and responsibilities for identification of Top Risks and ownership

of response measures

- Avoid duplication and overlapping

- Learning from mistakes

- Flexibility in accepting “other disciplines” carrying out audits (ref. integrated

audit)

What does Success look like?


- Increase the process maturity (e.g. GEMS) of the mechanism to

carry out integrated audits

- How IA can help with maturity approach?

- How to integrate audits with Lessons Learnt process?

- Consolidation of info available from Clients and Third Parties (e.g.

Insurance, Certification Bodies, etc)

- Consolidation of info from IPR

- Clear definition of findings and classification

- Competency and training on process and audit content

- Increase maturity on Integrated Audit execution (4 main areas

identified for 2017):1. Major Hazards/Incident (GEF/HSSE)

2. JVs (Corporate/Compliance/IA)

3. Geopolitical and other strategic Country risks (Corporate/Risk/Strategy)

4. HR - workforce & talent management (Corporate/IA/HR)

And also…


The Risk Assurance Map


© sbm offshore 2015. all rights reserved. ... 1-6.pdf12/8/2016 © sbm offshore 2015. all rights...

Documents