Professional Documents
Culture Documents
LE Binh
March 2022
Risk Management Individual Assignment – Binh LE 2
Contents
Industry risk assessment ............................................................................................................................... 3
1. Business interruption (incl. supply chain disruption) ....................................................................... 3
2. Natural catastrophes (e.g. storm, flood, earthquake, wildfire, weather events) ............................. 3
3. Fire, explosion ................................................................................................................................... 4
4. Climate change (e.g. physical, operational, financial and reputational risks as a result of global
warming) ................................................................................................................................................... 4
5. Cyber incidents (e.g. cyber-crime, IT failure/ outage, data breaches, fines and penalties) ............. 4
6. Pandemic outbreak ........................................................................................................................... 5
7. Legislation and regulation change .................................................................................................... 6
8. Market risk ........................................................................................................................................ 6
9. Risk Classification .............................................................................................................................. 7
Corporate Risk management policies ........................................................................................................... 7
1. Saudi Aramco .................................................................................................................................... 7
2. ExxonMobil ....................................................................................................................................... 9
3. Petrolimex ....................................................................................................................................... 11
Individual Discussion ................................................................................................................................... 13
1. Risk management approaches analysis .......................................................................................... 13
2. Risk management discussion .......................................................................................................... 14
3. Future possible developments of risk management ...................................................................... 14
Reference .................................................................................................................................................... 15
Risk Management Individual Assignment – Binh LE 3
The energy industry's complexity makes estimating the level of business disruption and financial
loss from a loss event difficult. Other sites may experience losses as a result of dependency, or they may
be able to help the impacted location lessen its losses. While one area may be completely reliant on a
single logistics or utility asset, another may have numerous degrees of redundancy. Following a crude unit
fire, one location may be unable to operate at all, while another may be able to use a vacuum unit or bring
in intermediates. It is vital for businesses to thoroughly comprehend and quantify their risk of business
interruption, as well as to collaborate with skilled consultants to mitigate and manage such risks.
In this increasingly competitive environment, industry companies are seeking for new ways to
save money. Integration and consolidation are becoming increasingly important in the oil and gas industry
for driving optimization and increasing business profitability. These efforts will provide a new level of
troublesome contingent business interruption (CBI) exposures as redundancy is reduced and operators
become less robust to respond to and manage unplanned losses. Unless more thought is given to how an
incident will effect more interconnected, interdependent, and efficient supply chains, business
interruption (BI) losses are expected to climb over the next decade.
3. Fire, explosion
When it comes to employee health and safety, the oil and gas business is one of the most
dangerous. Oil and gas well drilling, maintenance, refining, and production-related processes all have
inherent flash fire dangers. A flash fire requires oxygen, an igniting source, and a fuel supply, such as a
hydrocarbon or combustible environment. It finely split particles at a concentration higher than the
chemical's lower explosive limit. Flash flames can cause severe burns and even death — fire and
explosions are responsible for 16% of fatalities in the oil fields. For example, it is believed that one of the
top causes of mortality and disability among India's working population is dangerous working conditions.
These deaths are unnecessary and avoidable. In India, it is estimated that the oil and gas industry employ
over 500,000 people. Working in a hazardous environment may be dangerous. Physical risks such as fire,
changing temperatures, flying sparks, electrical, moving items, or sharp edges are all possible hazards for
workers. They also have health difficulties as a result of being exposed to radiant heat, loud noise, toxic
dusts, chemicals, or viruses. These dangers cause a wide range of injuries and illnesses, from minor
headaches to serious burns and respiratory ailments. Even while the oil and gas sectors have worked hard
to lower the risk of flash fires, they have not been able to completely eradicate the incidence of flash fires
and thus the burn injuries and fatalities.
4. Climate change (e.g. physical, operational, financial and reputational risks as a result
of global warming)
Up until mid-century, the oil and gas assets most vulnerable to the physical effects of climatic
extremes. Onshore oil and gas activities are vulnerable to the whole spectrum of climate change physical
consequences, including sea level rise, storms, heat waves, flooding, and other extreme weather events,
according to the data. On the other hand, offshore activities in the Gulf of Mexico are exposed to tropical
storms and high wave heights.
“In total, 10.5% of global commercially recoverable reserves are found in areas rated as extreme
risk in the Climate Change Exposure Indices, while 29.5% were high risk. This amounts to around 617
billion barrels equivalent. “ (Nichols & Clisby, n.d.-a)
Not only does the Middle East and North Africa have the world's greatest reserves, but it also has
the highest share of reserves under danger. Companies having deposits in areas that are extremely
vulnerable to climate change's physical effects may face more disruptive occurrences, potentially greater
extraction costs, and the need to invest in mitigation measures. To allow for the passage of tropical storms,
production may have to be paused and a facility secured, or coastal infrastructure may need to be
upgraded to account for storm surges and sea level rise. Pipelines may be exposed to more harsh weather
occurrences than they were built for, increasing the risk of accidents and spillages in environmentally
sensitive areas.
5. Cyber incidents (e.g. cyber-crime, IT failure/ outage, data breaches, fines and
penalties)
Cyber-attacks are not uncommon in the energy sector. In the more frantic digitally linked energy
world, global energy industry executives – particularly those in the oil, gas, and utility sectors – are
confronting a series of cyber-attacks on vital infrastructure that demand an immediate answer.
From the NotPetya cyber-attack on a Ukrainian utility in 2017 that shut down much of the
country's power infrastructure to the attack on the Colonial Pipeline in 2021, the energy sector's senior
Risk Management Individual Assignment – Binh LE 5
executives and board members are now responsible for navigating major obstacles. These executives
must manage cyber risk in a sector that is undergoing a digital transformation and is increasingly being
attacked by cyber thieves for geopolitical and financial gain. While governments around the world develop
new policies, norms and consequences for future cyber-attacks, oil and gas executives and board
members cannot wait on government to come to a geopolitical détente, issue new regulations or aid in
efforts to secure critical energy systems.(Cybersecurity-Oil-Gas.Pdf, n.d.)
Instead, CEOs and board members must rely on their decades of experience integrating energy
assets with operational technology (OT) and exploiting information technology (IT) networks to mitigate
cyber risk in their hyperconnected operating settings. Oil and gas businesses have been attempting to
increase productivity for decades by connecting physical energy assets to OT control systems and IT
networks. Energy companies are still looking for big data, artificial intelligence (AI), and automation
technologies to help them save costs, enhance efficiency, and decrease emissions. Industry leaders have
pioneered essential management concepts and risk-based ways to secure the technology and processes
that serve as the foundation for their hyperconnected industrial Internet of Things (IoT) business model
throughout this process. To prepare for the new normal of more frequent and sophisticated cyber-attacks
on energy and critical infrastructure, energy sector CEOs and corporate board members must take the
best practices and key lessons learned from a decade of both successfully addressing and learning from
the failures of addressing cyber risk.
6. Pandemic outbreak
The pricing war between Saudi Arabia and Russia prompted crude oil prices to fall as COVID-19
triggered record drops in demand. OPEC opened its faucets during the peak of the epidemic in Asia,
flooding the globe with cheap oil. As a result of the combination of lower demand and greater OPEC
output, crude oil prices skyrocketed. Many firms are also juggling high inventory levels, with storage
terminals exceeding capacity, incoming cargoes being postponed, and floating storage and pipelines being
utilized to compensate for onshore inventory limitations. As a result, prices will be stifled for some time,
making the rate of recovery difficult to forecast.
There are three long-term effects for this business that we may anticipate.
- To maximize their operations, oil and gas businesses must go beyond budget constraints.
The COVID-19 crisis has demonstrated that operators must be robust in the face of uncertainty in all areas
of their business, not just their finances. This will need oil and gas companies optimizing their operations
in such a manner that they can continue to make profits even when supply and demand fluctuate.
- Within the next several months, a wave of consolidation is unavoidable. Asset portfolios
will be examined and rationalized at this period, with some assets simply vanishing and others becoming
appealing purchase prospects. The leading factors will be regionalization, standardization, and hyper-
specialization.
- Businesses will have to adapt, and many will use a revenue diversification strategy.
Relying primarily on oil and gas earnings may not be feasible, given the uncertainties surrounding future
demand and price levels. As a result, these businesses will need to start embracing alternative energy
sources.
Risk Management Individual Assignment – Binh LE 6
Furthermore, the oil sector is a particularly dangerous industry since it works in a difficult
international and national regulatory environment, where corporate governance and risk management
have become top objectives. Investors increasingly demand a high level of corporate governance from
companies including strict financial reporting and greater transparency. The reduction of global
corruption has also become a key priority of the international development community and the adoption
of the Extractive Industries Transparency Initiative (EITI) is of relevance to the oil industry.
While the above problems may be common to these oil-producing areas, the companies operating
in each of these countries may have to deal with some or all these daily. The legal risk to companies could
therefore depend on the areas where they operate. Therefore, companies operating in these areas should
do their homework and identify the types of legal risks specific to their business, adopt suitable
mechanisms to mitigate and, where possible, prevent the legal risks before they cause serious and even
at times devastating, economic damage.
Most of the above legal risks could also be exacerbated, or indeed be managed through the type
of relationship that the company adopts with the government (regulator and national oil companies),
industry (other companies) and individuals (employees and interest groups).
8. Market risk
Most other oil firms utilize energy derivative instruments to manage their exposure to price
swings in crude oil, refined products, natural gas, electricity, and coal as part of their trading activity. They
also utilize freight rate derivative contracts to manage their exposure to freight rate changes in their
shipping operations. Companies use different products like as futures, forwards, swaps, and options in
structured or over-the-counter markets to hedge against this risk.
A value-at-risk approach is used to assess a company's market risk exposure, or the risk of a loss
in fair value, on its crude oil, refined products, and freight rates trading operations. This method is based
on a historical model and determines the market risk posed by potential future changes in market values
over a 24-hour period. The range of probable changes in fair values is calculated using a snapshot of end-
of-day exposures and a collection of historical price movements for all instruments and maturities in
global trading activity over the previous 400 working days. Using proper models, options are
systematically re-evaluated.
Risk Management Individual Assignment – Binh LE 7
9. Risk Classification
Core risk Non-core risk
Speculative risk Pure Risk
Property Risk Liability Risk
Market risk Business interruption risk
Legislation risk Fire and Explosion
Catastrophe’s risk Catastrophe’s risk
Climate change Climate change
Pandemic outbreak
Cyber incidents
Risk Assessment
1. Health and Safety Policy: Commitments must be connected to injury and illness prevention,
continuous improvement in safety management performance, and compliance with any legislation and
other requirements that relate to safety dangers. It should also serve as a foundation for establishing and
assessing safety goals.
2. Hazard Identification, Risk Assessment, and Risk Control: Aramco will take a risk management
approach to identifying hazards, assessing the level of risk associated with each hazard, and putting in
place effective controls to ensure that risk is either eliminated or reduced to an acceptable level for the
company.
3. Objectives, Targets, and Plans: Aramco must ensure that Objectives, Targets, and Plans are
recorded at all relevant levels and functions within the company to guarantee that the health and safety
policy's objectives are met, and that the safety management system is continually improved.
4. Resources, Roles, Responsibility, Accountability, and Authority: Aramco must provide enough
resources, including human, financial, and technological resources, to guarantee that the safety
management system is correctly implemented. All workers must understand their position in the safety
system and the level of commitment demanded of them.
5. Competence, Training, and Awareness: To maintain safe and dependable operations, Aramco
must ensure that all of its personnel are competent to do the responsibilities given to them. A clear
method for identifying training needs must be recorded, and a training plan must be kept up to date for
all planned and completed training. Each training course's objectives must be documented, attendance
records kept, and course assessments conducted to ensure that the training was effective. The method
for handling safety-related training must be evaluated and revised on a regular basis.
6. Communication, Participation, and Consultation: Aramco will share safety-related information
through internal and external channels. Management, workers, contractors, visitors, customers, suppliers,
external agencies, other stakeholders, and the general public will all benefit from these channels, which
Risk Management Individual Assignment – Binh LE 8
will enable successful communication procedures with all relevant parties in a timely way. Employees
must be consulted and actively participate in the safety system's implementation.
7. Operational Controls: Aramco must ensure that all the operational controls (i.e., procedures)
required are clearly identified in this section.
8. Documents Control: Aramco must guarantee that records are kept showing that the safety system
is in place and that the company is managing its safety risks.
9. Emergency Preparedness and Response: Aramco must prepare an emergency reaction plan to
guarantee that possible emergency scenarios are recognized through the risk assessment process, and
that each kind of emergency has a sufficient response plan. The emergency response strategy must be
tested on a regular basis.
10. Monitoring and Measuring: Aramco must keep a master list of all monitoring and measurement
tasks that must be completed in order to comply with the safety policy, risk assessment process, and
management system. The list will be reviewed on a regular basis to ensure that all needed actions are
completed in a systematic and timely manner.
11. Incident Report and Investigation: All events and close misses are immediately reported,
investigated, and the underlying safety flaws and other variables that may be causing or contributing to
the occurrence of incidents and near misses are determined to prevent a recurrence. Following the
occurrence of all accidents and near misses, the risk assessment procedure must be reassessed.
12. Nonconformity, Corrective Action, and Preventive Action: Aramco must guarantee that safety
nonconformances are swiftly recognized and that corrective and preventive steps are taken to repair the
problem and prevent it from happening again.
13. Internal Audit: Aramco conducts frequent internal audits to ensure that their safety management
system is in good working order. The findings of these audits must be shared with management and
evaluated as part of the management review process.
14. Management Review: Aramco conducts a management review at least once a year to evaluate
the system's continued applicability and effectiveness. The review will cover all aspects, and any necessary
modifications will be implemented as soon as possible to guarantee that the system continues to develop.
15. Continual Improvement: The only way for Aramco to attain greatness in their SSMS is to keep
improving. The SSMS must be able to show continuous progress in all aspects of the system.
2. ExxonMobil
ExxonMobil, one of the world's major publicly listed energy and chemical companies, develops
and deploys next-generation technologies to help fulfill the world's expanding need for energy and high-
quality chemical products in a safe and responsible manner. It has an impact on almost every element of
modern life. ExxonMobil has developed from a regional kerosene seller to a sophisticated energy and
chemical pioneer, as well as one of the world's largest publicly listed firms, over the course of more than
a century. We run facilities or market goods in virtually every country in the globe, explore for oil and
natural gas on six continents, and are an industry leader in almost every facet of the energy and chemical
manufacturing industries and research as well as develop next-generation technologies to help meet the
dual challenge of fueling global economies while addressing the risks of climate change.(Who We Are, n.d.)
ExxonMobil is expected to use the OIMS Framework across the board, with a focus on design,
construction, and operations. Management is in charge of ensuring that management systems meet the
Framework's requirements. The scope, priority, and pace of management system deployment should all
be in line with the business's risks.
There are 11 elements in the OIMS Framework. Each Element has a guiding concept as well as a
set of expectations. The OIMS Framework also contains the features of OI (Operations Integrity)
Management Systems, as well as the methods for assessing and deploying them.
Operations Integrity necessitates visible executive leadership and dedication, as well as responsibility at
all levels.
2. Risk assessment and management: By providing critical information for decision-making,
comprehensive risk assessments may help to decrease safety, health, environmental, and security risks,
as well as mitigate the effects of occurrences.
3. Facility design and construction: Using solid standards, procedures, and management systems for
facility design, building, and starting operations can improve inherent safety and security while reducing
risk to health and the environment.
4. Information/documentation: To assess and manage risk, accurate information about the
configuration and capabilities of processes and facilities, the qualities of goods and materials handled,
possible Operations Integrity hazards, and regulatory requirements is required.
5. Personnel and training: The ability to control operations is dependent on people. The right
screening, careful selection, and placement of staff, continuing evaluation and adequate training of
employees, and the implementation of appropriate Operations Integrity processes are all required to
achieve Operations Integrity.
6. operations and maintenance: It is critical that facilities are operated within set limitations and in
accordance with rules. Effective processes, organized inspection and maintenance programs, dependable
Operations Integrity essential equipment, and qualified staff who follow these procedures and practices
consistently are all required.
7. Management of change: Operations Integrity risks emerging from changes in operations,
procedures, site standards, buildings, or organizations must be analyzed and managed to ensure that they
stay at an acceptable level.
8. Third-party services: Work done on the company's behalf by third parties has an influence on the
company's operations and reputation. It is critical that they carry out their duties in a way that is consistent
with ExxonMobil's policies and business objectives.
9. Investigation and analysis of the incident: To achieve Operations Integrity, effective incident
investigation, reporting, and follow-up are required. They allow us to learn from reported occurrences
and apply what we've learned to take remedial action and prevent recurrence.
10. Community awareness and emergency preparedness: It is critical to effectively manage
stakeholder relationships to increase the trust and confidence of the communities in which we operate.
Emergency planning and preparation are critical to ensuring that, in the case of a disaster, all required
steps are done to safeguard the public, the environment, and corporate workers and assets.
11. Assessment and improvement of Operations Integrity: It is critical to examine the degree to which
expectations are satisfied to enhance Operations Integrity and preserve accountability.
catastrophes or geopolitical tensions around the world. This management system is completed,
comprehensive and effective to provide an appropriate assessment and quick response the change of
working environment for a multinational company operating in a many different regions around the world
in term of environmental, political, and business aspects. However, a diversified decision-making process
could extend the time to connect the dots among different departments to have the full picture for the
final decisions. Therefore, ExxonMobil should focus on maintaining an effective communication channel
and flow to assure the final decision could be accomplished and implemented in a good time manner.
Moreover, the human resources and competence to maintain different department could be huge
challenges for ExxonMobil to overcome to deliver assure the whole process and management efficiency.
3. Petrolimex
The current Vietnam National Petroleum Group (Petrolimex) was established from the
equitization and restructure of Vietnam National Petroleum Corporation. Petrolimex’s main operations
are exporting, importing and trading petroleum, refining petrochemicals, investing in other enterprises to
conduct business that Petrolimex is doing, and other business as prescribed by law
2. Environment Control: Establish a strong risk management framework and control environment
with Risk Management Department playing the supervisory role. Risk Management Department is a part
of Petrolimex’s governance structure established by BOM. Its main functions include advising, consulting,
and supporting BOM to direct and manage fields such as: Risk Management Strategies: researching,
building and evaluating results of strategy implementation and proposing changes in the Group’s
strategies; Organization, management, review, assessment of the Group’s risk management activities in
accordance with legal provisions; Investor relations.
3. Information announcement and Transparency: Strengthen activities of information
announcement in accordance with regulations of listed companies
4. Rights of shareholders: Set up a framework to ensure the rights of shareholders via code of
conducts and maintain a strong commitment to follow the framework to optimize the benefit for its share
holders
5. Relations with stakeholders: Strengthen effective participation of stakeholders with a flexible
approach to different stakeholders such as: internal and external partners, laws, governments and state
regulatory agencies, community, customers and shareholder, investors.
Individual Discussion
1. Risk management approaches analysis
Oil and gas are ones of the riskiest industries in today business world. The operation starts with a
heavy investment and strict procedure to smooth whole supply chain regardless the geographic locations,
Risk Management Individual Assignment – Binh LE 14
natural and geopolitical environment of the operation site. Moreover, the risk in working conditions in
today work could also come from climate changes, natural extreme catastrophes events or cyber-attacks
when more technology is applied to enhance the working efficiency as well as reduce the manual labor in
harsh environments. Plus, the difference in term of company size and market also affects the company
risk management approach to optimize the cost as well as provide an effective and prompt reaction.
Therefore, all oil and gas companies appreciate their internal operation risk and allocate a majority of
their resources and efforts to continual improve the internal working risk management to eliminate the
loss of fire and explosion or business interruption as well as enhance their survival ability to overcome
and quickly recover from a cyber-attack. Also, global players who operate in different natural locations,
political and business context focus on manage the change and emergency reaction for natural
catastrophes and legislation changes due to international political tension. On the other hand, local
companies tend to be monopoly in their countries and have some impacts on their national economy.
Therefore, they could make use of the national support and simplify their risk management process for
external factors and concentrate on improving operation flow.
For example, Aramco and ExxonMobil are top players who operate globally apply a
comprehensive approach to regularly assess, review, and react to many different factors to come up with
a global picture before taking any decision. In the meantime, Petrolimex, a monopoly national company,
tends to utilize the national support in term of insights information, reaction forces and simplify their risk
management systems to reduce the cost and focus on supply chain management as well as cooperate
with key players for extend its operation.
Reference
Allianz-Risk-Barometer-2022-Appendix.pdf. (n.d.). Retrieved March 15, 2022, from
https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-
Barometer-2022-Appendix.pdf
https://www.agcs.allianz.com/content/dam/onemarketing/agcs/agcs/reports/Allianz-Risk-
Barometer-2022.pdf
Bhutada, G. (2021a, October 25). Ranked: The Largest Oil and Gas Companies in the World. Visual
Capitalist. https://www.visualcapitalist.com/ranked-the-largest-oil-and-gas-companies-in-the-
world/
Bhutada, G. (2021b, October 25). Ranked: The Largest Oil and Gas Companies in the World. Visual
Capitalist. https://www.visualcapitalist.com/ranked-the-largest-oil-and-gas-companies-in-the-
world/
Cho, R., & University, E. I. at C. (n.d.). How the pandemic is harming the oil and gas industry. Retrieved
content/uploads/2017/08/Cybersecurity-Oil-Gas.pdf
Lenkova, O. V. (n.d.). Risk management of oil and gas company in terms of strategic transformations. 12.
Nichols, W., & Clisby, R. (n.d.-a). 40% of Oil and Gas Reserves Threatened by Climate Change. Verisk
of-oil-and-gas-reserves-threatened-by-climate-change/
Nichols, W., & Clisby, R. (n.d.-b). 40% of Oil and Gas Reserves Threatened by Climate Change. Verisk
of-oil-and-gas-reserves-threatened-by-climate-change/
Risk Management Individual Assignment – Binh LE 16
Operations integrity management system. (n.d.). ExxonMobil. Retrieved March 19, 2022, from
https://corporate.exxonmobil.com:443/Operations/Energy-technologies/Risk-management-
and-safety/Operations-Integrity-Management-System
Read @Kearney: How has COVID-19 impacted the oil and gas industry, and what does this mean for the
https://www.kearney.com/web/answers/article/?/a/how-has-covid-19-impacted-oil-and-gas-
industry-and-what-does-this-mean-for-the-future
https://www.aramco.com/en/sustainability/responsible-business
Rethinking Business Interruption Risks in an Optimized Oil and Gas Industry. (2018). 12.
Risk management and safety. (n.d.). ExxonMobil. Retrieved March 15, 2022, from
https://corporate.exxonmobil.com:443/Operations/Energy-technologies/Risk-management-
and-safety
Risk Management in the Oil and Gas Industry. (n.d.). Main. Retrieved March 15, 2022, from
https://energy.mit.edu/news/risk-management-in-the-oil-and-gas-industry/
Saudi Aramco facing $50 million cyber extortion over leaked data. (2021, July 22). CNBC.
https://www.cnbc.com/2021/07/22/saudi-aramco-facing-50m-cyber-extortion-over-leaked-
data.html
https://www.aramco.com/-/media/downloads/working-with-us/saudi-aramco-suppliers-safety-
management-system-ssms.pdf?la=en&hash=9620BCE26DE8648B32F58E09D5A9A41D363CD63E
Souza, R. (2014). Cyber Risks in the Oil & Gas Industry. 10.
Risk Management Individual Assignment – Binh LE 17
https://www.petrolimex.com.vn/sdr.html
The Future of the Oil and Gas Industry, Through a Cyber Risk Lens. (n.d.). Deloitte. Retrieved March 16,
future-of-the-oil-and-gas-industry-through-a-cyber-risk-lens.html
US EPA, O. (2013, September 12). Deepwater Horizon – BP Gulf of Mexico Oil Spill [Overviews and
Factsheets]. https://www.epa.gov/enforcement/deepwater-horizon-bp-gulf-mexico-oil-spill
https://corporate.exxonmobil.com:443/About-us/Who-we-are