Tag Archive for: managing risk

With the ill-fated British Petroleum (BP) oil rig continuing to release vast amounts of crude into the Gulf of Mexico, it has now come to light that the United States government, focused on taking over vast portions of the American economy, was negligent in performing its rightful oversight role. A recent report by The New York Times indicated the U.S. Department of the Interior’s Minerals Management Service (MMS) “gave permission to BP and dozens of other oil companies to drill in the Gulf of Mexico without first getting required permits from another agency that assesses threats to endangered species – and despite strong warnings from that agency about the impact the drilling was likely to have on the gulf.” ¹ And while MMS is charged with enforcing safety regulations and collecting drilling lease and royalty fees, a 2008 probe by U.S. Interior Department Inspector General Earl Devaney “found MMS employees had sex with and accepted gifts from industry contacts while failing to collect almost $200 million due from energy companies.” ²

Let’s face it; government regulators are not the only the only ones who get too cozy with those they provide oversight for. Accounting firm Arthur Andersen was found guilty of obstruction of justice for their role in helping conceal financial report mischaracterizations by its client, Enron.³ Similarly, the nuclear industry created oversight organization, the Institute of Nuclear Power Operations (INPO), has either failed to identify audited plant performance issues and effectively communicate them or evaluated utilities inadequately acted on INPO’s findings; necessitating ‘last line of defense’ action by the U.S. Nuclear Regulatory Commission as was the case at Arizona Public Service’s Palo Verde Nuclear Generating Station.⁴ In INPO’s case, its Board of Directors – those who set INPO’s executive salaries and the Institute’s budget – is comprised of nuclear utility Chief Executive Officers, the leaders of the organizations INPO is to independently assess.⁵ Note that APS’s CEO was INPO’s Chairman of the Board in 2005 during the onset of his plant’s recent performance decline.^{5, 6}

Company leaders should not rely solely on government, consultant, and industry organizations to identify their risks; they and their workforce must actively assess their own performance to find those conditions, methods, and cultures that expose their organization to adverse outcomes. Several years ago, the Alaska Oil and Gas Conservation Commission found that Nabors Drilling, a subcontractor to BP, falsified blowout preventer test results on one of its Alaska oil rigs. One individual interviewed during the investigation alleged BP officials were aware of the practice but did nothing to prevent it.⁷ Given a blowout preventer failed to operate properly during the ongoing Gulf oil spill event – resulting in a significant release of crude oil to the environment – it is certain that BP and its vendors and contractors will be investigated for their operations, maintenance, and testing practices; this time with the whole world watching.

StrategyDriven Recommended Practices

These events represent a failure to recognize and/or appropriately response to risks. Some of these cases represent a conflict of interest: sexual favors, gift giving, and direct compensation and bonus awards; others an inadequate significance assignment or an ineffective response to findings. They also highlight the existence of unnecessary uncertainty associated with ineffective risk management systems. Because every organization faces risks, how then can unnecessary uncertainty be recognized such that risks are minimized, mitigated, transferred, and/or avoided? What of the unnecessary risk presented by the operations of those companies monitored by those regulators and auditors having a history of performance lapses or others that are structured and/or rewarded in a way that might breed a conflict of interest?

Assessment Practices – Recognizing Risks

1. Don’t rely on a single auditor or audit organization. Relying on only one mechanism to identify issues leaves the conflict of interest risk unaddressed. Without redundant oversight groups, bias or ineptness on the part of the singular assessor will leave the organization fully exposed in that area. Not every aspect of performance warrants redundant assessment. Only those areas presenting high or catastrophic risk to the organization should be considered for this added expense.
2. Create a culture that values constructive criticism as a vital part of organizational learning and growth. If executives, managers, and employees truly embrace constructive feedback as an opportunity to learn and improve, then the organization itself will identify many of its shortfalls. However, some shortcomings may be outside of the workforce’s collective experience and so actions 1 and 4 still apply.
3. Protect internal assessors from abusive feedback and retribution (if needed). Organizations not having a learning culture often blame the messenger for identified performance shortfalls. In these cases, it is important to senior leaders to provide cover for assessors until such a culture has been developed.
4. Engage truly independent assessors in the performance evaluation process. Independent assessors as highlighted in both StrategyDriven Strategic Analysis Best Practice 4 – Independent Assessors and StrategyDriven Podcast Episode 15 – Independent Assessors provide a unique, less biased perspective on the organization’s performance and are therefore more likely to identify value adding opportunities. This occurs because the independent assessors are not unduly influenced by the organization’s history and shared culture, they have less fear of retribution and adverse career impact, and if well selected possess knowledge and experience in areas outside that of the organization’s workforce.
5. Use quantifiable information to the extent possible during assessments. Basing assessment findings on quantifiably observable facts helps eliminate subjectivity and opinion from the evaluation’s findings; making it more acceptable to the assessed organization.
6. Assess performance against best practice and/or ideal performance; defining performance standards ahead of the assessment. Establishing and communicating the standards by which the organization’s performance will be assessed makes the results more quantifiable and therefore more accepted as well as providing a progress measure for improvement initiatives.
7. Actively monitor the publicly available regulatory and audit reports of other companies. Treat the risks posed by other organizations no differently than you would those of direct marketplace competitors. Monitor these businesses’ activities for signs of undesired activities or results.
8. Identify and measure marketplace factors that indicate if the performance of other organizations represents a potentially adverse risk to your company. Not all adverse impacts will be realized through direct interaction with this high risk companies. Some impacts may be transferred via suppliers/vendors and customers. Therefore, it is important to understand and monitor the overall marketplace environment.
9. Engage with the leaders of these organizations in public and private forums to identify and, as necessary, mitigate risks. If another, non-competitor organization presents a real risk to your company’s operations, communicate that risk to that organization’s leaders and work with them to minimize that risk. A good offense, with the spirit of goodwill and partnership, is sometimes the best defense.

Additional Resources

StrategyDriven best practices (and warning flags) regarding the practices associated with the identification of organizational risks can be found in our Strategic Analysis and Self Assessment Program topic areas.

Final Thoughts…

Enterprise risk management (ERM) is a critical component of an organization’s strategy to mitigate, transfer, and avoid the adverse impacts of undesired events. The recommendations provided within this editorial focus on the assessment activities associated with ERM and represent all those activities that are in our view the several critical actions organizations should take to identify potential adverse events that naturally occur as a part of doing business. It has been our experience that the cost of incident prevention far outweighs the cost of incident recovery. While it is sometimes difficult to justify the expense for preventative action, one only has to look at the cost in life and property of recent industrial accidents to know this cost is truly worthwhile.

Lastly, we identified four organizations – the U.S. Department of the Interior’s Mineral Management Service, Arthur Andersen, the Institute of Nuclear Power Operations, and British Petroleum – as having had performance shortfalls documented in the public domain. In fairness to the dedicated individuals employed by these organizations, many companies and the public have benefited from their well-intentioned oversight efforts. StrategyDriven believes that reforms, both within these organizations and those they serve, are needed to further reduce the likelihood that future catastrophic failure injures the public, employees, shareholders, other stakeholders (vendors, suppliers, and consumers), and the environment.

Final Request…

The strength in our community grows with the additional insights brought by our expanding member base. Please consider rating us and sharing your perspectives regarding the StrategyDriven Editorial Perspective podcast on iTunes by clicking here. Sharing your thoughts improves our ranking and helps us attract new listeners which, in turn, helps us grow our community.

Thank you again for listening to the StrategyDriven Editorial Perspective podcast!

Sources

1. “U.S. Said to Allow Drilling Without Needed Permits,” Ian Urbina, The New York Times, May 13, 2010 (http://www.nytimes.com/2010/05/14/us/14agency.html)
2. “Oil-Spill Agency Fetches $13 Billion Amid ‘Cozy Ties,” Jim Efstathiou Jr., Bloomberg-Businessweek, May 16, 2010 (http://www.businessweek.com/news/2010-05-11/oil-spill-agency-fetches-13-billion-amid-cozy-ties-update4-.html)
3. “Called to Account,” Cathy Booth Thomas, Time, June 18, 2002 (http://www.time.com/time/business/article/0,8599,263006,00.html)
4. “Palo Verde Performance Improvement Plans,” David Lochbaum, Union of Concerned Scientists, January 11, 2008(http://www.ucsusa.org/assets/documents/nuclear_power/20080111-pv-ucs-r4-inpo-role.pdf)
5. “INPO Overview,” Clair Goddard, Institute o Nuclear Power Operations, March 2005 (http://www.serc1.org/documents/Joint%20Standing%20Committees/2005/SERC%20Joint%20Committee%20Meeting%20%283-10-05%29%20Myrtle%20Beach/10a.%20Clair%20Goddard%20-%20Keynote%20Speaker%20from%20INPO.pdf)
6. “Annual Assessment Letter – Palo Verde Nuclear Generating Station (NRC Inspection Report 05000528/2006001; 05000529/2006001; 05000530/2006001),” US Nuclear Regulatory Commission, March 2, 2006 (http://www.nrc.gov/NRR/OVERSIGHT/ASSESS/LETTERS/palo_2005q4.pdf)
7. “Whistleblower Claims That BP Was Aware Of Cheating On Blowout Preventer Tests,” Marcus Baram, The Huffington Post, May 13, 2010 (http://www.huffingtonpost.com/2010/05/12/bp-whistleblower-claimed_n_573839.html)

Podcast: Play in new window | Download (Duration: 12:28 — 17.2MB)

Subscribe: RSS