Risk Management Individual Assignment – Binh LE 1

Risk Management Individual Assignment

Oil and Gas industry

Professor Dr. NOCERA Giacomo

LE Binh

Full-time MBA program

March 2022
Risk Management Individual Assignment – Binh LE 2

Contents
Industry risk assessment ............................................................................................................................... 3
1. Business interruption (incl. supply chain disruption) ....................................................................... 3
2. Natural catastrophes (e.g. storm, flood, earthquake, wildfire, weather events) ............................. 3
3. Fire, explosion ................................................................................................................................... 4
4. Climate change (e.g. physical, operational, financial and reputational risks as a result of global
warming) ................................................................................................................................................... 4
5. Cyber incidents (e.g. cyber-crime, IT failure/ outage, data breaches, fines and penalties) ............. 4
6. Pandemic outbreak ........................................................................................................................... 5
7. Legislation and regulation change .................................................................................................... 6
8. Market risk ........................................................................................................................................ 6
9. Risk Classification .............................................................................................................................. 7
Corporate Risk management policies ........................................................................................................... 7
1. Saudi Aramco .................................................................................................................................... 7
2. ExxonMobil ....................................................................................................................................... 9
3. Petrolimex ....................................................................................................................................... 11
Individual Discussion ................................................................................................................................... 13
1. Risk management approaches analysis .......................................................................................... 13
2. Risk management discussion .......................................................................................................... 14
3. Future possible developments of risk management ...................................................................... 14
Reference .................................................................................................................................................... 15
Risk Management Individual Assignment – Binh LE 3

Industry risk assessment

The economic ramifications of the massive investments in the international oil and gas industry
necessitate risk management. Operational risks (business interruption, fire, and explosion); market risks
(changes in the oil price, interest rates, and exchange rates); environmental risks (climate change, natural
disasters); political risk (changes in government, regulatory regime, and contractual arrangements); and
cyber-attack are the most common risks to the industry.

1. Business interruption (incl. supply chain disruption)

It's unsurprising that business interruption (BI) and supply chain disruption remain among the top
business risks in a year marked by global disruption from the pandemic, hurricanes, cyber-attacks, and
the blockade of the Suez Canal. For businesses all across the world, BI is a perpetual cause of worry.
Meanwhile, the pandemic has exposed the extent of present supply chain vulnerabilities, as well as the
number of events that could converge to trigger chaos.

The energy industry's complexity makes estimating the level of business disruption and financial
loss from a loss event difficult. Other sites may experience losses as a result of dependency, or they may
be able to help the impacted location lessen its losses. While one area may be completely reliant on a
single logistics or utility asset, another may have numerous degrees of redundancy. Following a crude unit
fire, one location may be unable to operate at all, while another may be able to use a vacuum unit or bring
in intermediates. It is vital for businesses to thoroughly comprehend and quantify their risk of business
interruption, as well as to collaborate with skilled consultants to mitigate and manage such risks.

In this increasingly competitive environment, industry companies are seeking for new ways to
save money. Integration and consolidation are becoming increasingly important in the oil and gas industry
for driving optimization and increasing business profitability. These efforts will provide a new level of
troublesome contingent business interruption (CBI) exposures as redundancy is reduced and operators
become less robust to respond to and manage unplanned losses. Unless more thought is given to how an
incident will effect more interconnected, interdependent, and efficient supply chains, business
interruption (BI) losses are expected to climb over the next decade.

2. Natural catastrophes (e.g. storm, flood, earthquake, wildfire, weather events)

Natural disasters are something that everyone must consider from time to time. While it is
unlikely that it will ever happen to you or your firm, it does occur, and it is becoming more common as
the Earth's weather patterns change. Managers in the oil and gas business must consider the possibility
of natural disasters occurring more frequently. Due to the positioning of oil and gas wells in severe places
such as the sea, the coast, the desert, and so on, this is a must. All of these places have their own weather
patterns. Furthermore, earthquakes, tornadoes, hurricanes, and large tidal waves must all be taken into
account. If the proper safeguards are not in place, all of these hazards will cause considerable harm. Aside
from natural disasters, there are also catastrophes that occur within oil and gas equipment, which can
result in a large disaster that has the potential to cause further environmental harm. The Deepwater
Horizon oil leak, for example, occurred on the BP-operated Macondo Prospect in the Gulf of Mexico on
April 20, 2010. It was the world's largest unintentional maritime oil leak. The total oil discharged into the
water was estimated by the US government to be 4.9 million barrels.(US EPA, 2013)
Risk Management Individual Assignment – Binh LE 4

3. Fire, explosion
When it comes to employee health and safety, the oil and gas business is one of the most
dangerous. Oil and gas well drilling, maintenance, refining, and production-related processes all have
inherent flash fire dangers. A flash fire requires oxygen, an igniting source, and a fuel supply, such as a
hydrocarbon or combustible environment. It finely split particles at a concentration higher than the
chemical's lower explosive limit. Flash flames can cause severe burns and even death — fire and
explosions are responsible for 16% of fatalities in the oil fields. For example, it is believed that one of the
top causes of mortality and disability among India's working population is dangerous working conditions.
These deaths are unnecessary and avoidable. In India, it is estimated that the oil and gas industry employ
over 500,000 people. Working in a hazardous environment may be dangerous. Physical risks such as fire,
changing temperatures, flying sparks, electrical, moving items, or sharp edges are all possible hazards for
workers. They also have health difficulties as a result of being exposed to radiant heat, loud noise, toxic
dusts, chemicals, or viruses. These dangers cause a wide range of injuries and illnesses, from minor
headaches to serious burns and respiratory ailments. Even while the oil and gas sectors have worked hard
to lower the risk of flash fires, they have not been able to completely eradicate the incidence of flash fires
and thus the burn injuries and fatalities.

4. Climate change (e.g. physical, operational, financial and reputational risks as a result
of global warming)
Up until mid-century, the oil and gas assets most vulnerable to the physical effects of climatic
extremes. Onshore oil and gas activities are vulnerable to the whole spectrum of climate change physical
consequences, including sea level rise, storms, heat waves, flooding, and other extreme weather events,
according to the data. On the other hand, offshore activities in the Gulf of Mexico are exposed to tropical
storms and high wave heights.

“In total, 10.5% of global commercially recoverable reserves are found in areas rated as extreme
risk in the Climate Change Exposure Indices, while 29.5% were high risk. This amounts to around 617
billion barrels equivalent. “ (Nichols & Clisby, n.d.-a)

Not only does the Middle East and North Africa have the world's greatest reserves, but it also has
the highest share of reserves under danger. Companies having deposits in areas that are extremely
vulnerable to climate change's physical effects may face more disruptive occurrences, potentially greater
extraction costs, and the need to invest in mitigation measures. To allow for the passage of tropical storms,
production may have to be paused and a facility secured, or coastal infrastructure may need to be
upgraded to account for storm surges and sea level rise. Pipelines may be exposed to more harsh weather
occurrences than they were built for, increasing the risk of accidents and spillages in environmentally
sensitive areas.

5. Cyber incidents (e.g. cyber-crime, IT failure/ outage, data breaches, fines and
penalties)
Cyber-attacks are not uncommon in the energy sector. In the more frantic digitally linked energy
world, global energy industry executives – particularly those in the oil, gas, and utility sectors – are
confronting a series of cyber-attacks on vital infrastructure that demand an immediate answer.

From the NotPetya cyber-attack on a Ukrainian utility in 2017 that shut down much of the
country's power infrastructure to the attack on the Colonial Pipeline in 2021, the energy sector's senior
Risk Management Individual Assignment – Binh LE 5

executives and board members are now responsible for navigating major obstacles. These executives
must manage cyber risk in a sector that is undergoing a digital transformation and is increasingly being
attacked by cyber thieves for geopolitical and financial gain. While governments around the world develop
new policies, norms and consequences for future cyber-attacks, oil and gas executives and board
members cannot wait on government to come to a geopolitical détente, issue new regulations or aid in
efforts to secure critical energy systems.(Cybersecurity-Oil-Gas.Pdf, n.d.)

Instead, CEOs and board members must rely on their decades of experience integrating energy
assets with operational technology (OT) and exploiting information technology (IT) networks to mitigate
cyber risk in their hyperconnected operating settings. Oil and gas businesses have been attempting to
increase productivity for decades by connecting physical energy assets to OT control systems and IT
networks. Energy companies are still looking for big data, artificial intelligence (AI), and automation
technologies to help them save costs, enhance efficiency, and decrease emissions. Industry leaders have
pioneered essential management concepts and risk-based ways to secure the technology and processes
that serve as the foundation for their hyperconnected industrial Internet of Things (IoT) business model
throughout this process. To prepare for the new normal of more frequent and sophisticated cyber-attacks
on energy and critical infrastructure, energy sector CEOs and corporate board members must take the
best practices and key lessons learned from a decade of both successfully addressing and learning from
the failures of addressing cyber risk.

6. Pandemic outbreak
The pricing war between Saudi Arabia and Russia prompted crude oil prices to fall as COVID-19
triggered record drops in demand. OPEC opened its faucets during the peak of the epidemic in Asia,
flooding the globe with cheap oil. As a result of the combination of lower demand and greater OPEC
output, crude oil prices skyrocketed. Many firms are also juggling high inventory levels, with storage
terminals exceeding capacity, incoming cargoes being postponed, and floating storage and pipelines being
utilized to compensate for onshore inventory limitations. As a result, prices will be stifled for some time,
making the rate of recovery difficult to forecast.

There are three long-term effects for this business that we may anticipate.

- To maximize their operations, oil and gas businesses must go beyond budget constraints.
The COVID-19 crisis has demonstrated that operators must be robust in the face of uncertainty in all areas
of their business, not just their finances. This will need oil and gas companies optimizing their operations
in such a manner that they can continue to make profits even when supply and demand fluctuate.
- Within the next several months, a wave of consolidation is unavoidable. Asset portfolios
will be examined and rationalized at this period, with some assets simply vanishing and others becoming
appealing purchase prospects. The leading factors will be regionalization, standardization, and hyper-
specialization.
- Businesses will have to adapt, and many will use a revenue diversification strategy.
Relying primarily on oil and gas earnings may not be feasible, given the uncertainties surrounding future
demand and price levels. As a result, these businesses will need to start embracing alternative energy
sources.
Risk Management Individual Assignment – Binh LE 6

7. Legislation and regulation change

Political approval and decision-making, the applicable legal framework, the international oil price,
the capital-intensive nature of the industry, the geographic scope of operations, the risky nature of
exploration and production operations, technological development, environmental considerations,
intellectual property and patent protection, and the diverse nature of the industry are some of the
common aspects that apply to the oil and gas industry as a whole. These factors would certainly raise the
legal risks faced by international oil and gas businesses.

Furthermore, the oil sector is a particularly dangerous industry since it works in a difficult
international and national regulatory environment, where corporate governance and risk management
have become top objectives. Investors increasingly demand a high level of corporate governance from
companies including strict financial reporting and greater transparency. The reduction of global
corruption has also become a key priority of the international development community and the adoption
of the Extractive Industries Transparency Initiative (EITI) is of relevance to the oil industry.

While the above problems may be common to these oil-producing areas, the companies operating
in each of these countries may have to deal with some or all these daily. The legal risk to companies could
therefore depend on the areas where they operate. Therefore, companies operating in these areas should
do their homework and identify the types of legal risks specific to their business, adopt suitable
mechanisms to mitigate and, where possible, prevent the legal risks before they cause serious and even
at times devastating, economic damage.

Most of the above legal risks could also be exacerbated, or indeed be managed through the type
of relationship that the company adopts with the government (regulator and national oil companies),
industry (other companies) and individuals (employees and interest groups).

8. Market risk
Most other oil firms utilize energy derivative instruments to manage their exposure to price
swings in crude oil, refined products, natural gas, electricity, and coal as part of their trading activity. They
also utilize freight rate derivative contracts to manage their exposure to freight rate changes in their
shipping operations. Companies use different products like as futures, forwards, swaps, and options in
structured or over-the-counter markets to hedge against this risk.

A value-at-risk approach is used to assess a company's market risk exposure, or the risk of a loss
in fair value, on its crude oil, refined products, and freight rates trading operations. This method is based
on a historical model and determines the market risk posed by potential future changes in market values
over a 24-hour period. The range of probable changes in fair values is calculated using a snapshot of end-
of-day exposures and a collection of historical price movements for all instruments and maturities in
global trading activity over the previous 400 working days. Using proper models, options are
systematically re-evaluated.
Risk Management Individual Assignment – Binh LE 7

9. Risk Classification
Core risk Non-core risk
Speculative risk Pure Risk
Property Risk Liability Risk
Market risk Business interruption risk
Legislation risk Fire and Explosion
Catastrophe’s risk Catastrophe’s risk
Climate change Climate change
Pandemic outbreak
Cyber incidents

Corporate Risk management policies

1. Saudi Aramco
Saudi Aramco is the world's largest oil producer. Officially known as Saudi Arabian Oil Company,
the company is primarily state-owned and is based in Dhahran, Saudi Arabia. It is the world's most
profitable company, eclipsing even tech giants such as Apple (AAPL) and Alphabet's Google (GOOGL).
Based on it website: “We’re a leading producer of the energy and chemicals that drive global commerce
and enhance the daily lives of people around the globe by continuing delivering an uninterrupted supply
of energy to the world.” – Aramco website

Risk Assessment
1. Health and Safety Policy: Commitments must be connected to injury and illness prevention,
continuous improvement in safety management performance, and compliance with any legislation and
other requirements that relate to safety dangers. It should also serve as a foundation for establishing and
assessing safety goals.
2. Hazard Identification, Risk Assessment, and Risk Control: Aramco will take a risk management
approach to identifying hazards, assessing the level of risk associated with each hazard, and putting in
place effective controls to ensure that risk is either eliminated or reduced to an acceptable level for the
company.
3. Objectives, Targets, and Plans: Aramco must ensure that Objectives, Targets, and Plans are
recorded at all relevant levels and functions within the company to guarantee that the health and safety
policy's objectives are met, and that the safety management system is continually improved.
4. Resources, Roles, Responsibility, Accountability, and Authority: Aramco must provide enough
resources, including human, financial, and technological resources, to guarantee that the safety
management system is correctly implemented. All workers must understand their position in the safety
system and the level of commitment demanded of them.
5. Competence, Training, and Awareness: To maintain safe and dependable operations, Aramco
must ensure that all of its personnel are competent to do the responsibilities given to them. A clear
method for identifying training needs must be recorded, and a training plan must be kept up to date for
all planned and completed training. Each training course's objectives must be documented, attendance
records kept, and course assessments conducted to ensure that the training was effective. The method
for handling safety-related training must be evaluated and revised on a regular basis.
6. Communication, Participation, and Consultation: Aramco will share safety-related information
through internal and external channels. Management, workers, contractors, visitors, customers, suppliers,
external agencies, other stakeholders, and the general public will all benefit from these channels, which
Risk Management Individual Assignment – Binh LE 8

will enable successful communication procedures with all relevant parties in a timely way. Employees
must be consulted and actively participate in the safety system's implementation.
7. Operational Controls: Aramco must ensure that all the operational controls (i.e., procedures)
required are clearly identified in this section.
8. Documents Control: Aramco must guarantee that records are kept showing that the safety system
is in place and that the company is managing its safety risks.
9. Emergency Preparedness and Response: Aramco must prepare an emergency reaction plan to
guarantee that possible emergency scenarios are recognized through the risk assessment process, and
that each kind of emergency has a sufficient response plan. The emergency response strategy must be
tested on a regular basis.
10. Monitoring and Measuring: Aramco must keep a master list of all monitoring and measurement
tasks that must be completed in order to comply with the safety policy, risk assessment process, and
management system. The list will be reviewed on a regular basis to ensure that all needed actions are
completed in a systematic and timely manner.
11. Incident Report and Investigation: All events and close misses are immediately reported,
investigated, and the underlying safety flaws and other variables that may be causing or contributing to
the occurrence of incidents and near misses are determined to prevent a recurrence. Following the
occurrence of all accidents and near misses, the risk assessment procedure must be reassessed.
12. Nonconformity, Corrective Action, and Preventive Action: Aramco must guarantee that safety
nonconformances are swiftly recognized and that corrective and preventive steps are taken to repair the
problem and prevent it from happening again.
13. Internal Audit: Aramco conducts frequent internal audits to ensure that their safety management
system is in good working order. The findings of these audits must be shared with management and
evaluated as part of the management review process.
14. Management Review: Aramco conducts a management review at least once a year to evaluate
the system's continued applicability and effectiveness. The review will cover all aspects, and any necessary
modifications will be implemented as soon as possible to guarantee that the system continues to develop.
15. Continual Improvement: The only way for Aramco to attain greatness in their SSMS is to keep
improving. The SSMS must be able to show continuous progress in all aspects of the system.

An analysis of the risk management solutions

As the biggest company in the industry working in numerous regions and area with diversity and
complex political, business, natural and environment factors, Aramco creates a complex and
comprehensive system to identify and response to raising risks in an effective way. The focus of this
approach is still its internal operation-related activities such as competence training, operation control,
reporting and internal audit to assure a proper implementation of their risk control in their operation sites.
Moreover, the company also pays attention on the changing environment of external factors such as
market risk, legislation as well as extreme natural catastrophes by allocate resources to prepare for
emergency preparation as well as communication and consulting activities to eliminate the external risk
when working in different location with extreme political, business, geopolitical factors. Additionally, the
company also maintain a simple management structure due to its fully state-ownership status. However,
this approach will also request a huge logistic background to supply human capital and financial resources
to maintain an effective working and communicating flow to accelerate the decision-making process in
the fast-changing environments.
Risk Management Individual Assignment – Binh LE 9

Organization charge of risk management function

Aramco Risk management structure

2. ExxonMobil
ExxonMobil, one of the world's major publicly listed energy and chemical companies, develops
and deploys next-generation technologies to help fulfill the world's expanding need for energy and high-
quality chemical products in a safe and responsible manner. It has an impact on almost every element of
modern life. ExxonMobil has developed from a regional kerosene seller to a sophisticated energy and
chemical pioneer, as well as one of the world's largest publicly listed firms, over the course of more than
a century. We run facilities or market goods in virtually every country in the globe, explore for oil and
natural gas on six continents, and are an industry leader in almost every facet of the energy and chemical
manufacturing industries and research as well as develop next-generation technologies to help meet the
dual challenge of fueling global economies while addressing the risks of climate change.(Who We Are, n.d.)

Risk Assessment System

ExxonMobil uses the term OIMS (Operations Integrity Management System) to refer to any areas
of its operations that may have an influence on people and process safety, security, health, or
environmental performance.

ExxonMobil is expected to use the OIMS Framework across the board, with a focus on design,
construction, and operations. Management is in charge of ensuring that management systems meet the
Framework's requirements. The scope, priority, and pace of management system deployment should all
be in line with the business's risks.

There are 11 elements in the OIMS Framework. Each Element has a guiding concept as well as a
set of expectations. The OIMS Framework also contains the features of OI (Operations Integrity)
Management Systems, as well as the methods for assessing and deploying them.

1. Management commitment, leadership, and accountability; management develops policies, offers

perspective, sets expectations, and allocates resources to ensure effective operations. Assurance of
Risk Management Individual Assignment – Binh LE 10

Operations Integrity necessitates visible executive leadership and dedication, as well as responsibility at
all levels.
2. Risk assessment and management: By providing critical information for decision-making,
comprehensive risk assessments may help to decrease safety, health, environmental, and security risks,
as well as mitigate the effects of occurrences.
3. Facility design and construction: Using solid standards, procedures, and management systems for
facility design, building, and starting operations can improve inherent safety and security while reducing
risk to health and the environment.
4. Information/documentation: To assess and manage risk, accurate information about the
configuration and capabilities of processes and facilities, the qualities of goods and materials handled,
possible Operations Integrity hazards, and regulatory requirements is required.
5. Personnel and training: The ability to control operations is dependent on people. The right
screening, careful selection, and placement of staff, continuing evaluation and adequate training of
employees, and the implementation of appropriate Operations Integrity processes are all required to
achieve Operations Integrity.
6. operations and maintenance: It is critical that facilities are operated within set limitations and in
accordance with rules. Effective processes, organized inspection and maintenance programs, dependable
Operations Integrity essential equipment, and qualified staff who follow these procedures and practices
consistently are all required.
7. Management of change: Operations Integrity risks emerging from changes in operations,
procedures, site standards, buildings, or organizations must be analyzed and managed to ensure that they
stay at an acceptable level.
8. Third-party services: Work done on the company's behalf by third parties has an influence on the
company's operations and reputation. It is critical that they carry out their duties in a way that is consistent
with ExxonMobil's policies and business objectives.
9. Investigation and analysis of the incident: To achieve Operations Integrity, effective incident
investigation, reporting, and follow-up are required. They allow us to learn from reported occurrences
and apply what we've learned to take remedial action and prevent recurrence.
10. Community awareness and emergency preparedness: It is critical to effectively manage
stakeholder relationships to increase the trust and confidence of the communities in which we operate.
Emergency planning and preparation are critical to ensuring that, in the case of a disaster, all required
steps are done to safeguard the public, the environment, and corporate workers and assets.
11. Assessment and improvement of Operations Integrity: It is critical to examine the degree to which
expectations are satisfied to enhance Operations Integrity and preserve accountability.

An analysis of the risk management solutions

ExxonMobil creates a comprehensive risk management system to properly assess, effectively
manage and promptly react to all main risks in the industry as well as continuously improve its system to
adapt the change of the business landscape. The decentralization management approach provides a
flexibility to proactively reduce the risk and protect the business in a long run. As the major risks are still
operation-related like business interruption or fire and explosion, ExxonMobil allocate many of their
resources to closely manage its own operation flow including facility design and construction, training
program, operation, and maintenance as well as incident investigation and analysis. On the other hand,
the company also pays attention on new raising matters such as cyber-attack, climate change, and
legislation via its information, management of change as well as emergency preparedness for
Risk Management Individual Assignment – Binh LE 11

catastrophes or geopolitical tensions around the world. This management system is completed,
comprehensive and effective to provide an appropriate assessment and quick response the change of
working environment for a multinational company operating in a many different regions around the world
in term of environmental, political, and business aspects. However, a diversified decision-making process
could extend the time to connect the dots among different departments to have the full picture for the
final decisions. Therefore, ExxonMobil should focus on maintaining an effective communication channel
and flow to assure the final decision could be accomplished and implemented in a good time manner.
Moreover, the human resources and competence to maintain different department could be huge
challenges for ExxonMobil to overcome to deliver assure the whole process and management efficiency.

Organization charge of risk management function

Operations Integrity Management System in ExxonMobil

3. Petrolimex
The current Vietnam National Petroleum Group (Petrolimex) was established from the
equitization and restructure of Vietnam National Petroleum Corporation. Petrolimex’s main operations
are exporting, importing and trading petroleum, refining petrochemicals, investing in other enterprises to
conduct business that Petrolimex is doing, and other business as prescribed by law

Risk Assessment System

1. Board of Management (BOM): Strategic orientations set up by BOM and presented in the report
is submitted to General Meeting of Shareholders to collect opinions. BOM organizes implementation of
Resolutions adopted by General Meeting of Shareholders. Management Department directs specific
actions via activities at the Parent Company and member units. At each unit, strategic orientations,
development goals are disseminated to all employees at year-end meetings, meetings to implement
business tasks, meetings with laborers, training courses.
Risk Management Individual Assignment – Binh LE 12

2. Environment Control: Establish a strong risk management framework and control environment
with Risk Management Department playing the supervisory role. Risk Management Department is a part
of Petrolimex’s governance structure established by BOM. Its main functions include advising, consulting,
and supporting BOM to direct and manage fields such as: Risk Management Strategies: researching,
building and evaluating results of strategy implementation and proposing changes in the Group’s
strategies; Organization, management, review, assessment of the Group’s risk management activities in
accordance with legal provisions; Investor relations.
3. Information announcement and Transparency: Strengthen activities of information
announcement in accordance with regulations of listed companies
4. Rights of shareholders: Set up a framework to ensure the rights of shareholders via code of
conducts and maintain a strong commitment to follow the framework to optimize the benefit for its share
holders
5. Relations with stakeholders: Strengthen effective participation of stakeholders with a flexible
approach to different stakeholders such as: internal and external partners, laws, governments and state
regulatory agencies, community, customers and shareholder, investors.

An analysis of the risk management solutions

As a national monopoly company working in a stable environment, Petrolimex simplify its risk
assessment to under one department (Risk Management department) with will work directly to BOM and
under supervision of general director. The company top managers could have a huge contribution to
Vietnamese national energy policy as well as market insight to anticipate the market risk as well as prepare
for response plan in a short period of time. Plus, most of operational activities is deployed in its traditional
region inside of Vietnam territory with cooperation with global key players in the industries which gives
the company a huge advantage to set up and implement an effective framework as well as cooperate with
other Vietnamese national forces for emergency and natural catastrophes events. In the other hand, this
framework eliminates the opportunity to assess and effectively operate new potential markets for their
international expansion. The monopoly status also increases the politics tension and unhealthy
competition as well as unethical behaviors that could destroy the company image and competence in a
long term.
Risk Management Individual Assignment – Binh LE 13

Organization chart of risk management function

Petrolimex Risk management structure (Sustainable Development Report, n.d.)

Petrolimex Risk management structure (Sustainable Development Report, n.d.)

Individual Discussion
1. Risk management approaches analysis
Oil and gas are ones of the riskiest industries in today business world. The operation starts with a
heavy investment and strict procedure to smooth whole supply chain regardless the geographic locations,
Risk Management Individual Assignment – Binh LE 14

natural and geopolitical environment of the operation site. Moreover, the risk in working conditions in
today work could also come from climate changes, natural extreme catastrophes events or cyber-attacks
when more technology is applied to enhance the working efficiency as well as reduce the manual labor in
harsh environments. Plus, the difference in term of company size and market also affects the company
risk management approach to optimize the cost as well as provide an effective and prompt reaction.
Therefore, all oil and gas companies appreciate their internal operation risk and allocate a majority of
their resources and efforts to continual improve the internal working risk management to eliminate the
loss of fire and explosion or business interruption as well as enhance their survival ability to overcome
and quickly recover from a cyber-attack. Also, global players who operate in different natural locations,
political and business context focus on manage the change and emergency reaction for natural
catastrophes and legislation changes due to international political tension. On the other hand, local
companies tend to be monopoly in their countries and have some impacts on their national economy.
Therefore, they could make use of the national support and simplify their risk management process for
external factors and concentrate on improving operation flow.

For example, Aramco and ExxonMobil are top players who operate globally apply a
comprehensive approach to regularly assess, review, and react to many different factors to come up with
a global picture before taking any decision. In the meantime, Petrolimex, a monopoly national company,
tends to utilize the national support in term of insights information, reaction forces and simplify their risk
management systems to reduce the cost and focus on supply chain management as well as cooperate
with key players for extend its operation.

2. Risk management discussion

The comprehensive approach is practically proven to be more beneficial for company to assess
the whole picture and provide much prompter reaction than rely on information from external parties.
Investing in oil and gas operation often last for several decades, therefore, this approach will bring
enormous insight, better scenario analysis for companies to protect and improve their operation and
supply chain as well as enhance their negotiation power for future project. However, the background
logistics to support appropriate human capital, resources, competence and training program or financial
support for those activities could be a huge issue for any company to maintain such system in a global
context and natural harsh environment. Also, the decentralization of risk assessment may create a risk of
politic tension insight the company, so an appropriate investment in company working culture should be
allocated to build up and maintain a healthy working environment and encourage cooperation.

3. Future possible developments of risk management

Oil and gas industry is one of pivot drivers for economy growth for decades with its huge impact
on global market. The world economy will depend on traditional fossil fuel for next couple decades.
However, the current rising concerns of climate issues, public awareness as well as international
geopolitical tensions could accelerate the shift from traditional energy to renewable energy soon.
Therefore, companies in this industry could start to review and assess other approaches for future market
as well as maintain their competitive advantages to new competitors.
Risk Management Individual Assignment – Binh LE 15

Reference
Allianz-Risk-Barometer-2022-Appendix.pdf. (n.d.). Retrieved March 15, 2022, from

https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-

Barometer-2022-Appendix.pdf

Allianz-Risk-Barometer-2022.pdf. (n.d.). Retrieved March 15, 2022, from

https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-

Barometer-2022.pdf

Bhutada, G. (2021a, October 25). Ranked: The Largest Oil and Gas Companies in the World. Visual

Capitalist. https://www.visualcapitalist.com/ranked-the-largest-oil-and-gas-companies-in-the-

world/

Bhutada, G. (2021b, October 25). Ranked: The Largest Oil and Gas Companies in the World. Visual

Capitalist. https://www.visualcapitalist.com/ranked-the-largest-oil-and-gas-companies-in-the-

world/

Cho, R., & University, E. I. at C. (n.d.). How the pandemic is harming the oil and gas industry. Retrieved

March 16, 2022, from https://phys.org/news/2020-09-pandemic-oil-gas-industry.html

Cybersecurity-Oil-Gas.pdf. (n.d.). Retrieved March 17, 2022, from https://www.parsons.com/wp-

content/uploads/2017/08/Cybersecurity-Oil-Gas.pdf

Lenkova, O. V. (n.d.). Risk management of oil and gas company in terms of strategic transformations. 12.

Nichols, W., & Clisby, R. (n.d.-a). 40% of Oil and Gas Reserves Threatened by Climate Change. Verisk

Maplecroft. Retrieved March 16, 2022, from https://www.maplecroft.com/insights/analysis/40-

of-oil-and-gas-reserves-threatened-by-climate-change/

Nichols, W., & Clisby, R. (n.d.-b). 40% of Oil and Gas Reserves Threatened by Climate Change. Verisk

Maplecroft. Retrieved March 19, 2022, from https://www.maplecroft.com/insights/analysis/40-

of-oil-and-gas-reserves-threatened-by-climate-change/
Risk Management Individual Assignment – Binh LE 16

Operations integrity management system. (n.d.). ExxonMobil. Retrieved March 19, 2022, from

https://corporate.exxonmobil.com:443/Operations/Energy-technologies/Risk-management-

and-safety/Operations-Integrity-Management-System

Overview. (n.d.-a). Retrieved March 19, 2022, from https://www.aramco.com/en/who-we-are/overview

Read @Kearney: How has COVID-19 impacted the oil and gas industry, and what does this mean for the

future? (n.d.). Retrieved March 16, 2022, from

https://www.kearney.com/web/answers/article/?/a/how-has-covid-19-impacted-oil-and-gas-

industry-and-what-does-this-mean-for-the-future

Responsible business. (n.d.). Retrieved March 19, 2022, from

https://www.aramco.com/en/sustainability/responsible-business

Rethinking Business Interruption Risks in an Optimized Oil and Gas Industry. (2018). 12.

Risk management and safety. (n.d.). ExxonMobil. Retrieved March 15, 2022, from

https://corporate.exxonmobil.com:443/Operations/Energy-technologies/Risk-management-

and-safety

Risk Management in the Oil and Gas Industry. (n.d.). Main. Retrieved March 15, 2022, from

https://energy.mit.edu/news/risk-management-in-the-oil-and-gas-industry/

Saudi Aramco facing $50 million cyber extortion over leaked data. (2021, July 22). CNBC.

https://www.cnbc.com/2021/07/22/saudi-aramco-facing-50m-cyber-extortion-over-leaked-

data.html

Saudi-aramco-suppliers-safety-management-system-ssms.pdf. (n.d.). Retrieved March 15, 2022, from

https://www.aramco.com/-/media/downloads/working-with-us/saudi-aramco-suppliers-safety-

management-system-ssms.pdf?la=en&hash=9620BCE26DE8648B32F58E09D5A9A41D363CD63E

Souza, R. (2014). Cyber Risks in the Oil & Gas Industry. 10.
Risk Management Individual Assignment – Binh LE 17

Sustainable Development Report. (n.d.). Retrieved March 19, 2022, from

https://www.petrolimex.com.vn/sdr.html

The Future of the Oil and Gas Industry, Through a Cyber Risk Lens. (n.d.). Deloitte. Retrieved March 16,

2022, from https://www2.deloitte.com/global/en/blog/responsible-business-blog/2021/the-

future-of-the-oil-and-gas-industry-through-a-cyber-risk-lens.html

US EPA, O. (2013, September 12). Deepwater Horizon – BP Gulf of Mexico Oil Spill [Overviews and

Factsheets]. https://www.epa.gov/enforcement/deepwater-horizon-bp-gulf-mexico-oil-spill

Who we are. (n.d.). ExxonMobil. Retrieved March 19, 2022, from

https://corporate.exxonmobil.com:443/About-us/Who-we-are