CAPÍTULO 1: INTRODUCCIÓN
2 CAPÍTULO : MARCO TEÓRICO
2.2 ASPECTOS GENERALES DEL AIRE
SBM Offshore has developed Governance Risk and Compliance systems based on the COSO II Enterprise Risk Management model and ISO 31000.
The Company recognises that efficient and effective risk management of all its business and support activities is a prioritised strategic objective. It is achieved by ensuring that responsibility and accountability are managed at the correct level by business managers charged to develop, document and demonstrate effective business processes and controls whilst also effectively implementing risk management within their areas of remit. The Company’s Management reviews and approves these processes and controls to ensure their effectiveness. The Company endeavours to improve its risk management processes on a continuous basis.
3.6.2 Developments in 2011
The Company appointed a new Group Risk Officer to manage Risk Management processes during 2011. His primary responsibility is to sustain efforts to define and implement appropriate Risk and Opportunity policies across the Company. He also ensures that risk processes and tools are both understood and used;; and that teams share the cultural attitude towards risks promoted by the management.
The Group Risk officer has already established closer links between the Risk Management Department and SBM PC in order to establish more effective risk management processes for Production Operations. This move will render the ways in which risk is managed across the fleet more transparent at Group level.
3.6.3 SBM Model for Governance, Risk and Compliance
This diagram is based on the COSO (www.coso.org) Enterprise Risk Management model. It provides a visual summary of the scope of Enterprise Risk Management in SBM Offshore.
The front face of the ‘risk cube’ lists activities undertaken across SBM Offshore to improve corporate governance;;
the top face summarises categories under which the Company has listed its commitments to its stakeholders. The right face lists the Company’s organisational levels, known as ‘Business Operating Areas’.
Each of the activities and commitments are discussed below, taking the Business Operating Areas into consideration.
3.6.4 Internal environment
The continued growth of the Company requires management to support the development of an integrated control environment. It has paid particular attention to the internal environment by raising the profile and importance of Risk Management, process control effectiveness and compliance. The Company is currently refining its definitions of roles, responsibility and accountability. Employees are already assessed in terms of their compliance with the Company’s procedures and from 2012 onwards, their effectiveness in managing Risks and Opportunities will also be measured.
3.6.5 Objectives
To ensure that the Company’s objectives are widely understood and provide reasonable assurance that they will be met, they are cascaded to employees on an individual basis. Employees’ performance is measured against set objectives and specific action is taken to correct deficiencies or failures to meet them, as appropriate. For
example, both strategic and contributory objectives have been formulated and shared with each Business Area.
3.6.6 Risk Management
The Risk Management principles that SBM Offshore follows are defined in the policy extract below:
•
Risk and Opportunity appetite and tolerance levels are defined by the Board of Management and cascaded to all the entities within the Company•
all individuals within the Company are fully responsible for the management of Risks and Opportunities within their respective areas of responsibility•
at Projects, Departments, Business Areas and Corporate levels, Risks and Opportunities shall be tracked and managed at the appropriate, respective authority level•
all Company levels, shall pro-actively, transparently and objectively undertake systematic identification, assessment, treatment and reporting of Risks and Opportunities•
Risk and Opportunity outcomes are monitored regularly to ensure effectiveness of the processes•
Lessons learned related to Risk and Opportunity management are collected and shared across the SBM Offshore Group, contributing to knowledge, performance and profitabilityAt all levels, risk is managed using a standard process: risk identification, risk assessment and risk treatment actions. Both risks and opportunities are assessed using the same methodology.
With support from an independent Risk Officer, projects are required to conduct regular internal risk workshops from the proposal phase through to project completion. These workshops focus on critical and atypical aspects of projects.
Additional efforts are made to ensure that all associated risks and opportunities are highlighted and taken into consideration during the proposal phase of every project. A dedicated risk delegate examines all proposals to ensure a consistent approach to risk management, whilst at project start-up and project close-out the Risk register is formally handed over from one team to another to ensure continuity and re-validation of risk processes.
A comparable risk process to deal with fleet operations is also being implemented.
Throughout 2011, the Project Controls department continued work on various initiatives to improve project execution. Examples of these initiatives, which are becoming routine, are the Independent Project Review (IPR) -
including a review of Risk Management processes - and the stage gate system used to assess project readiness status at key stages, including engineering, construction and sail-away. The risk management team also
investigates the potential of new tools to undertake quantitative probability-based analysis of schedules and costs.
At all times, Risk Management is supported by Legal, Quality Assurance, Health, Safety, Security & Environment (HSSE) and Internal Audit departments or by any other specialist function as required.
The Company made several improvements to its online risk management application during 2011, notably to the action tracking and reporting tools. During 2012, further improvements will be made to the way risks are quantified and to allow the creation of customised reports. The application has been benchmarked against existing software to ensure it is fit for purpose.
3.6.7 Controls
To ensure good corporate governance, the Company defines key processes and controls, which are continuously assessed by the Internal Audit team to ensure their effectiveness. Risk-based verification of controls, first used in Financial Reporting, is being introduced across all departments. A recent test of IT controls carried out by an external party confirmed a high level of protection and continuous improvement over recent years.
3.6.8 Information systems
A review of the Company’s information systems was launched last year and is still on going. Initial findings are that business activities are adequately supported and no major risk areas have been identified. With help from an external consultancy, project teams have been created to optimise various reporting systems and improve the way they are integrated. These projects will continue next year in order to identify process weaknesses and formulate a roadmap for improvements in future
3.6.9 Internal assurance
The Internal Audit department is responsible for ensuring that all relevant activities conform to required audit standards and compliance with the Group Management System. Internal Audit operates independently, reporting to the Board of Management and the Audit Committee of the Supervisory Board. Its role is not only to carry out compliance tests but to assess the effectiveness of processes and controls.
In order to monitor compliance activities effectively, the internal assurance process is designed to consolidate all corporate and divisional audits by drawing on information from the Internal Audit and Quality Assurance
disciplines as well as HSSE audits, Project & Group Risk Registers and discussions with GMS process owners, including Group Discipline Managers and Technical Authorities.
3.6.10 Risk profile
The risks inherent in SBM Offshore’s core business activities did not change substantially during 2011, although a number of such risks were highlighted during the year. These include:
•
The costs of completing facilities offshore, particularly in countries of operation where regulatory standards are the most stringent such as Norway and Canada. In the case of the Norwegian Yme platform, the fact that the platform is to be operated by the client has only amplified these difficulties•
The potential costs of environmental pollution following events in the Gulf of Mexico, which have resulted in a tendency for SBM Offshore’s clients to try to allocate more liabilities to the CompanyThe nature of the risk categories confronting the Company and the way in which these are managed are explained below.