Increasing risk oversight is a priority of boards and management since the global financial crisis, but many are unprepared to do this according to a recent report from the Canadian Institute of Chartered Accountants (CICA). A Framework for Board Oversight of Enterprise Risk presents a nine-step roadmap to help directors identify, understand and address enterprise risk and recognize potential compounding effects when risks collide. The roadmap is sound and also can be a valuable resource for risk management professionals.
The CICA report states “a common concern among boards of directors is the lack of a comprehensive framework and toolsets to assist boards to structure an effective, robust risk oversight process.” Key activities in the CICA framework include: identifying risks; analyzing, validating and prioritizing them; determining risk tolerance and risk appetite; managing risk through various response strategies; and ongoing monitoring. These are similar to recommendations included in ISO’s risk management standard (31000) and their business continuity management system standard (22301). Read More
The importance of water cannot be over estimated. It is of course essential to life. Many businesses have known for some time that it is essential to their products and production process. From an ISO 14001 perspective, companies often list water as a significant aspect. From a business continuity perspective, many companies have identified water (or lack of) as a significant BC threat.
Since my post on July 19, I have been writing short pieces about the new ISO Business Continuity Management System (BCMS), called ISO 22301:2012 and thought about this new management system standard while reading a report from ABC News on work that beverage companies are doing to conserve water. These efforts include building alliances with NGOs such as the Nature Conservancy and the World Wildlife Fund, and proactively protecting watersheds. Read More
Communication is grist that makes the management system wheels turn. This section within management system standards (MSS) have historically addressed, to varying degrees, the internal and external mechanisms used to communicate information and knowledge about the management system, the content it address, and specifics about hazards and risks. It is a MS’s information conduit, much like blood vessels in humans. Actors in the communication scheme include senior management, employees, vendors, contractors, regulators, and neighbors, to name a few. Read More
Black Swan events, holistic business continuity, Emerging Risk Audits, and non-financial risk management are terms swirling in C-Suites, on Boards, and in the business, risk management and auditing literature. Also swirling around are discussions about sustainability, corporate social responsibility, organizational resilience, as well as organizational health.
The confluence of these signals suggest an emerging business model that incorporates a 360 Perspective. Central to this perspective is a systems view and an integration orientation. Read More
In a presentation yesterday, the U.S. Chemical Safety Board (CSB) released preliminary findings from its investigation of the Deepwater Horizon drilling rig, well blowout on April 20, 2010. Several investigation reports have been issued, including ones from BP and The Bureau of Ocean Energy Management, Regulation and Enforcement (BOEMRE)/U.S. Coast Guard Joint Investigation Team. I have discussed some of the findings in previous posts and will address some of these issues in future posts.
In the presentation, the CSB said “BP focused too much on the little details of personal worker safety instead of the big systemic hazards that led to the 2010 Gulf of Mexico oil spill and wasn’t as strict on overall safety when drilling rigs involved other companies that they hired.” Safety board managing director Daniel Horowitz told the AP that “BP applied lesser process safety standards” to rigs contracted out than it does to its own facilities. “In reality, both [drilling contractor] Transocean and BP dropped the ball on major accident hazards in this case.” The CSB went on to state that BP “did not conduct an effective comprehensive hazard evaluation of the major accident risks for the activities of the Deepwater Horizon rig or for the Macondo well” because the oil company’s large risk evaluation program “looked only at BP assets, not drilling rigs that it contracted” to other firms for operation. Read More
Since events such as 9/11, Katrina, the SARS (severe acute respiratory syndrome) pandemic of 2002/3, the 2011 Tohaku earthquake in Japan, and others, the field of Business Continuity Management (BCM) has become more formal and taken on greater visibility in overall organizational risk management.
Some of this evolution is seen in the recently published ISO Business Continuity Management System (BCMS) standard, ISO 22301:2012. The ISO Technical Committee (TC) that developed 22301:2012 is ISO/TC 223. This TC’s overall subject area is “Societal Security.” ISO indicates that TC 223 is working on an ISO 22301 companion guidance document that will be called ISO 22313
ISO Focus+ reports that work on ISO 22301 originated in 2006 during a workshop on Emergency Preparedness and that an interim guidance document (ISO/PAS 22399:2007) was prepared that addressed business continuity (BC) and incident preparedness. Read More
A recent survey of leading European companies, conducted by the Ashridge Business School and University of St. Gallen and reported in the MIT Sloan Management Review (Spring 2012), suggests that links between corporate functions and the CEO could be stronger.
Some of the reported consequences of these weak links include: mixed performance, more bureaucracy, a sense of C-Suite interference, lack of cooperation from operating managers, and a focus on transactional issues as opposed to value-added ones.
The value of building a “culture of assurance” was one of the key reflections shared by BP’s Vice President of HSSE Steve Flynn at the IOSH conference in Manchester, England, March 6–7, 2012.
Flynn examined the role of systems, engineering, and people in contributing to the incident, discussed key points relating to the “change journey” at BP, and shared some reflections/lessons learned that EHS professionals could take away from the event’s investigations.
The Deepwater Horizon explosion and oil spill investigations impart many lessons regarding how to improve EHS management. At the IOSH Conference in Manchester, England, March 6–7, 2012, Steve Flynn, the vice president of health, safety, security, and environment (HSSE) at BP, discussed some of the lessons learned.
During the Q&A session following his presentation, Flynn was asked what “reflections” he had that could help the audience avoid catastrophic accidents. He responded with six items: Read More
At the IOSH Conference in Manchester, England this week, risk- and evidence-based management was a prime topic. During a presentation of particular interest, Steve Flynn, the vice president of health, safety, security, and environment (HSSE) for BP, reported on numerous continual improvement actions that BP has taken since the Deepwater Horizon explosion and oil spill in April 2010.
One of the key lessons learned, Flynn reported, was the need for and value of an integrated risk management approach, embedded throughout the value chain. He spoke of this in terms of a balance between people and systems, pointing to the importance of not only focusing on systems, such as a formal EHS management system, but also on the overall culture and perceptions of employees, including management. His comments reflect BP’s organizational learning, based on the Grangemouth, Forties Alpha, and Texas City accidents, as well as the Deepwater Horizon spill. Read More