saipem risk management approach...saipem board of directors 3a 1 2c 2a division managers in...
TRANSCRIPT
lunedì 3 dicembre 201826 October 2018
THE RISK MANAGEMENT APPROACH IN SAIPEM
226 October 2018
TABLE OF CONTENTS
1 Enterprise Risk Management
2 Industrial Risk Management
326 October 2018
ENTERPRISERISK MANAGEMENT
INDUSTRIAL RISK MONITORING AND REPORTING
RISK MANAGEMENTAND BUSINESS INTEGRITY
CEO
Enterprise Risk
Management
Industrial Risk Management
ENTERPRISE RISK MANAGEMENT
TOP-DOWN approach
FOCUS on Strategic, External, Operational Group Risks
PROJECT RISK MANAGEMENT BOTTOM-UP approach
FOCUS on Project Risks
RISK MANAGEMENT
ENTERPRISE
Risk assessment aimed at identifying, evaluating, and managing the risk at Group level(Corporate and 5 Divisions)
Monitoring of top risks identified in the assessment phase and measurement oftreatment actions undertaken
Risk assessment finalised to identify, evaluate and manage the Top Risks of mainsubsidiaries
INDUSTRIAL
Risk Assessment on projects, either in commercial or execution phase, guaranteeing acorrect assessment of risks/opportunities and contributing to the identification ofactions for their optimal management
Development and updating of Risk and Opportunity Breakdown Structure and GoldenRules and Silver Guidelines
Enhancing the Knowledge Capitalisation on project risks
RMBI
DRILLING OFFSHORE RISK MANAGEMENT
E&C ONSHORERISK MANAGEMENT
DRILLING ONSHORE RISK MANAGEMENT
E&C OFFSHORE RISK MANAGEMENT
XSIGHTRISK MANAGEMENT
RISK MANAGEMENTOrganisation and focus areas
426 October 2018
ENTERPRISE RISK MANAGEMENTTable of Contents
1
2 Risk Assessment
3 Top Risk Monitoring
4 Subsidiary Risk Assessments
Saipem Enterprise Risk Management Model
526 October 2018
SAIPEM ENTERPRISE RISK MANAGEMENT MODELProcess
The Enterprise Risk Management process is characterised by a ‘top-down’ and ‘risk-based’ approach. According to the process, the risks areidentified, assessed, and analysed by the management in relation to their ability to affect the achievement of management and strategicobjectives and, therefore, to influence corporate value
Subsidiary Risk Assessments performed on 21 subsidiaries via workshops with the local Top Management teams Subsidiary Risk Assessments are approved
twice a year by each Subsidiary’s Board of Directors
At Division level: Analysis of Division’s top risks Identification of risk treatment plan Proposal of strategic initiatives to mitigate
risks
The Board of Directors approves Saipem’s Strategic Plan
Identification of scope and depth of the Risk Assessment activities Identification and evaluation of the main
events and factors that could affect the organisation and the achievement of its strategic objectives Definition of a Risk map for Each Division Top Risk map approved twice a year by the
Saipem Board of Directors
3a
1
2c
2a
Division Managers in proposing their new strategies to the Saipem Board of Directors highlight the risks such new strategies are mitigating
3b
Enterprise Risk
Management
Monitoring: the top risks the implementation of risk treatment plan the emerging risks
2b
33
11
22
Saipem Strategic Plan
Risk Assessment
&Monitoring
New Strategy definition
626 October 2018
Scope and activities at Group levelENTERPRISE RISK ASSESSMENT
BoDBoD
Audit & Risk Committee
Audit & Risk Committee
Board of Statutory Auditors
Board of Statutory Auditors
CEOCEO
Advisory CommitteeAdvisory Committee
Heads of Division. CFO, Corporate DirectorsHeads of Division. CFO, Corporate Directors
Key ManagersKey Managers
Risk AssessmentMeetings ReportingScope Definition
Group Risk Assessment
Phas
es
Identification, assessment and management of risks, their causes, consequences, and treatment activities
Analysis and consolidation of Top Risks
Analysis of Top Risks
Analysis and approval of Top Risks and Risk Management Strategy
ScopeDefinition
Internalenvironment
analyses
External environment
analyses
Analysis of Strategic Plan and
Technology Development
Plan
Risk Clustering
Approval of risks by Head of Division, CFO and Corporate Directors
2018 Goal Model
726 October 2018
• The risk event(1), defined as any potential event that may adversely affect the achievement of strategic objectives and managementobjectives, is identified by mapping relevant causes, consequences, and treatment activities
• Risks are assessed in terms of likelihood and impact and their combination generates the level of risk (or scoring)(2)
• Risks are classified in 3 tiers on the basis of the scoring and position on the Likelihood-Impact Matrix
• Assessments on likelihood and impact are performed at inherent level (not considering the treatment actions already in place), atresidual ‘AS IS’ level (considering the treatment actions in place) and, only for Top Risks, at residual ‘TO BE’ level (considering thetreatment actions proposed by management)
ENTERPRISE RISK ASSESSMENTRisk Assessment methodology (1/2)
(1) Risk’s nature can be: strategic, operative and external(2) Likelihood and impact are assessed on a scale of 1 to 5; risk scoring is determined on the basis of the result of the multiplication between likelihood and impact (scale
from 1 to 25): Risks in the squares ‘Rare – Extreme’ (1X5), ‘Unlikely – Extreme (2x5)’ and ‘Rare – Very Relevant (1x4)’ are included in the most relevant tier through a multiplicative factor respectively of 2.4 , 1.4 and 1.75
LIKELIHOOD
(1) Rare (2) Unlikely (3) Moderate (4) Likely (5) More than likely
IMPA
CT
Negligible (1)
Significant (2)
Relevant (3)
Very Relevant (4)
Extreme (5)
Likelihood x Impact Matrix The orange areas of the matrixidentify the more relevant areas,renamed respectively areas of tier 1and tier 2
Positioning of the inherent risk into the matrix(the example shows a risk evaluated at inherent level as likelihood ‘5 - more than likely’ and impact ‘4 - very relevant’: risk scoring: 20)
Positioning of the residual ‘AS IS’ risk into the matrix (the example shows a risk evaluated at residual ‘AS IS’ level as likelihood ‘3. moderate’ and impact ‘3. relevant’: risk scoring: 9)
Tier 1
Tier 2
Tier 3
Positioning of the residual ‘TO BE’ risk into the matrix (the example shows a risk evaluated at residual ‘TO BE’ level as likelihood ‘2 – unlikely’ and impact ‘1 – negligible’: risk scoring: 2)
826 October 2018
• Each Key Manager / Risk Owner assesses the risk event identified in terms of likelihood and impact (using at least one of the drivers)
• Each impact driver is discussed and shared with the relevant Saipem functions before Annual Risk Assessment
Image and Reputation
1. Impact on clients / partners2. Impact on financial stakeholders 3. Public opinion and mass media concern4. Impact on web and social networks
Descriptive / qualitative
1. Management commitment 2. Review of strategies
Security
Environment 1. Polluting effects
Health & Safety1. Effects on health 2. Injuries and fatalities
Economic - EBITDA 1.EBITDA decrease(tailored for the Group and Divisions)
Impact drivers
Likelihooddrivers
Event occurrence in the last 3 years
Event occurrence in the next 3 years
Event occurrence frequency
Social Impacts
1. Local employment, economy, and development2. Human and labour rights, culture and identity of
a local community3. Political-institutional framework and local
community structure4. Occupation of land5. Access to critical infrastructures and essential
services
Likelihood x Impact Matrix (1)
1. Impact on employees inside and outside sites2. Impact on assets and sites
(1) Rare (2) Unlikely (3) Moderate (4) Likely (5) More than likely
Negligible (1)
Significant (2)
Relevant (3)
Very Relevant (4)
Extreme (5)
Financial - Cash Flow 1.Cash flow decrease(tailored for the Group and Divisions)
ENTERPRISE RISK ASSESSMENTRisk Assessment methodology (2/2)
(1) Likelihood and impact are assessed on a scale from 1 to 5. Risk scoring is determined on the basis of the result of the multiplication between likelihood and impact (scale from 1 to 25). Risks in the square 'Rare – Extreme' (1X5), 'Unlikely – Extreme’ (2x5) and 'Rare – Very Relevant’ (1x4) are included in the most relevant tier trough a multiplicative factor respectively of 2.4 , 1.4 and 1.75.
926 October 2018
TOP RISKS MONITORINGScope and activities
MONITORING CYCLE PLAYERS
Enterprise Risk Management team advises on indicators and analyses the results of indicators
Detection Owners ensure timely data to update the indicators
Risk Owners review and analyze the monitoring results
OUTPUT
Top Risks Monitoring Report issued on a
quarterly basis for the Top
Management, Committees and Board of
Directors
2. Identification of Key Risk
Indicators and Key Control Indicators
3. Data Collection:
Indicators and progress of
treatment actions
1. Identification of Top Risks, as
arisen during Risk Assessment at Corporate and Division level
4. Risk Owner’s approval and
quarterly issue of Top Risks Monitoring
Report
1
4
2
3Enterprise
Risk Management
teamRisk
Owners
DetectionOwners
1026 October 2018
Positive NegativeNeutral
Trend RatingThe rating is assessed according to the thresholds identifiedwith risk owner or other considerations (such as budget)
The combination of trend and rating generates the indicator status, which is associated to a scoring
For each risk all indicators are weighted according to their relevance and this generates the arrow’s position (i.e. status) in the risk status tachymeter
The trend is assessed on the basis of former survey
Status
TOP RISKS MONITORINGMethodology
Risk monitoring status tachymeter
Actual risk monitoring status
Former riskmonitoring status
Improving WorseningStable
1126 October 2018
Scope and activitiesSUBSIDIARIES RISK ASSESSMENT
The strategically relevant subsidiaries in the 2018/19 EnterpriseRisk Management scope are 21, which have been identified onthe basis of quantitative parameters (i.e. revenues, purchases,fixed assets, debts and workforce) or qualitative parameters(i.e. on the basis of indications from the management)
SCOPE MAIN ACTIVITIES
1226 October 2018
INDUSTRIAL RISK MANAGEMENTTable of Contents
1 Overview
2 Risk Appetite Framework (RAF)
3 Bid Complexity Index (BCI)
4 Golden rules and silver guidelines (GR&SG)
5 Project Risk Management (PRM)
6 Corporate monitoring and Reporting
7 Why is it so important?
1326 October 2018
Bid Complexity Index (BCI)Scoring Model based on Evaluation Criteria and thresholds that trigger processes/actions
Golden Rules and Silver Guidelines (GR&SG)
Set of rules collecting and summarizing the multi-year experience of Saipem as an international Oil & Gas contractor in order to manage and address contractual issues.
Risk Appetite Framework (RAF)The amount of risk, on a broad level, Saipem is willing to accept in pursuit of value.
Project Risk Management (PRM)Management of Project risk, defined as "an uncertain event or condition that, if occurring, may have a positive or negative effect on a project’s objectives”.
In Saipem IRM is based on four pillars
IRM Pillars
INDUSTRIAL RISK MANAGEMENTAn overview
1426 October 2018
Risk Appetite
Risk Tolerance
Risk Capacity
Risk Appetite:The amount of risk, on abroad level, an entity iswilling to accept in pursuitof value.
Risk Tolerance:The amount of risk, on abroad level, an entity isunwilling to exceed.
Risk Capacity:Maximum level of risk anentity is able to address.Market Environment
Off-strategy risks¹ On-strategy risks²1 Off-strategy risks are risks the Board and Management have no appetite to assume2 On-strategy risks are risks the Board and Management are willing to accept
Investments Board Approval required
ContractualDiscipline
Golden Rules framework and deviation authority
FinanceAs detailed in Golden Rules (Company Payments and Client Credit
Worthiness)
Contract Duration Maximum Contract Duration
Expected Marginality
Yearly target marginality set for each BU
Portfolio Balanced portfolio in terms of Country and Client
It acts on:
RISK APPETITE FRAMEWORK (RAF)
1526 October 2018
A + B + C + D + E = 220!! Complex Project!
It acts on:
COMMERCIAL PHASE
EXECUTION PHASE
BCI ≥ X1 PEER TO PEER MEETING (1)
BEFORE THE FORMAL SUBMISSION OF THE
PROPOSAL
BCI ≥ X3 CHECK & BALANCE (2)
QUARTERLY, BEFORE RISK REGISTER TRANSMITTAL TO PROJECT CONTROL
BCI ≥ X2 BID EVALUATION COMMITTEE
PROJECT MANAGER(Supported by the RISK MANAGER)
AWARD
PROPOSAL MANAGER(«Bid Manager»)
(1) Peer-to-peer meeting aimed at consolidating the risk register and related project risk profile; attended by representatives of Commercial and Execution departments
(2) Check and Balance meeting aimed at controlling the implementation of Industrial Risk Management Activities and validation of the Risk Register
BID COMPLEXITY INDEX (BCI)
1626 October 2018
Best Practices transferred into essential rules whose waiver could jeopardize Saipem’s interests and
goals.
Specific Procedure to be followed in order to derogate.
RULE CODE GENERAL AREA
SPECIFIC ISSUE GUIDELINE NOTES / SUGGESTED WORDING DEVIATION BY
ON C G 07 04 Execution Risks
Site Avoid responsibility fordelays and extra costsdue to archaeologicalfindings / artificialphysical obstructions.
“If during the execution of the Workthe Contractor shall encounterarchaeological findings / artificialphysical obstructions differing fromthose set forth in the Contract, theContractor shall forthwith givewritten notice thereof to theCompany and the Company shall issuea Variation Order to properly takeinto account the relevant impact incost and/or schedule caused to theContractor by reason of such differingconditions”.
UNWAIVABLE
CEO (Bid EvalutationCommittee)BCI ≥ X1
DIVISION MANAGER
PRODUCT LINE MANAGER
PROPOSAL MANAGER
GOLDEN RULES
SILVER GUIDELINES
MANDATORY
STRONG RECCOMENDATION
…the more useful, the more the commercial process is decentralized
For Commercial phase and partnership, Saipem has identified:Golden Rules with exceptions formally authorized by the Top Management.
It acts on:• COMMERCIAL PHASE• PARTNERSHIP ON
PROJECTS
GOLDEN RULES & SILVER GUIDELINES (GR&SG)
1726 October 2018
The continuous process of identifying, analysing and
responding to project risks.
RISK MANAGEMENT
MANAGEMENT OF RISKS, NO elimination of risks, as this would eliminate the reward
Project risk is an uncertain event or condition that, if occurring, may have a positive or negative effect on one or more project objectives such as scope, schedule, cost, and
quality.
RISK: Uncertainty that Matters
(PMI, PMBOK 5th Edition)
RISKS ≠ ISSUES
It acts on:
Commercial phase• Definition of a complete and transparent risk register including all risks identified during
commercial phase, both for commercial and execution phase.• Evaluation of each risk,• Launch of the Monte Carlo Simulation in order to identify a minimum level of contingencies
to be taken into consideration in the final price before the offer submission.
Cumulated Probability
Expected Cost due to Occurred Risks
0%
20%
40%
60%
80%
100%
0 50 100 150 200 250 300
Pxx
YYMln€
P100
Cumulated Probability of theoverall Project R&O
Execution phase
• Updating the risk register with new risks identified during the execution of the project.• Comparing the level of contingencies with the Monte Carlo curve in order to identify the
Risk Coverage and the Value at risk of the project.
PROJECT RISK MANAGEMENT (PRM)
1826 October 2018
Controlling the Process Monitoring the Risk Profile
Providing Management Tools
Other analyses
Controlling the processthrough high level indicators:
Are we covering ourbacklog?
Is the information up-to-date, Complete and/orreliable?
Are we following theapplicable procedures?
Monitoring the risk profile interms of:
Is the portfolio balanced? How is the risk profile
moving? Do we have enough
contingencies?
RISK COVERAGE (RC): Risk Coverage (RC) is the confidence level that Contingencies will be enough to cover the impacts of all the risks occurring on the Project/Portfolio, or, in other words, the probabilityfor the Project/Portfolio to meet the current Margin forecast.RISK EXPOSURE (RE): Risk Exposure (RE) is equal to 1-RC and represents the probability for the Project/Portfolio not to meet the Current Gross Margin ForecastValue At Risk (VAR): Value at Risk (VAR) is theresidual (i.e. not covered by Contingencies) risks impact that the Project/Portfolio could face within a confidence level of xx%.
What are the types of riskmostly impacting theProject/Business Unit?
Are they incidental orsystemic?
Who has the levers tohelp my project?
Are there any biases affecting our evaluations?
CORPORATE MONITORING AND REPORTING
1926 October 2018
• Projects are presented with their economic and financial elements (revenues, costs, contingencies, k, cash flow)
• To complete the PICTURE, risks and opportunities are needed to define:• the GROSS MARGIN CONFIDENCE LEVEL which
represents the probability to meet the margin forecast
• The VALUE at RISK
To COMPLETE the Project Framework• The market scenario is increasingly challenging (few projects to
focus on, with competition that is now up to Saipem’s standards)• Projects are remunerated for the underlying risk profile• Risk management, both in the commercial and in the execution
phase, is of FUNDAMENTAL importance in the market in which Saipem operates• to take the projects at best - Commercial phase• to protect the margin during the whole Execution Phase
To Help DERISK the BUSINESS MODEL
+ Revenues- costs- contingencies= margin
risk
s
oppo
rtun
itie
s
WHY IS IT SO IMPORTANT?