Enterprise Risk Management
Hess applies a comprehensive, standardized approach to identifying and managing risks of all types across our operations. Our enterprise risk management (ERM) program, which includes consideration of environmental, health, safety and social responsibility (EHS & SR) risks, provides a framework that enables Hess’ Board of Directors and executive leadership to work together to strengthen the consistency of risk consideration in making business decisions. Our Board of Directors has ultimate oversight over the ERM process and is charged with understanding the key risks affecting the company’s business and how those risks can be managed. Annually, our Chief Risk Officer (CRO) provides the Board’s Audit Committee with a comprehensive review of Hess’ enterprise-level risks, the status of the ERM program and risk management strategies utilized under our corporate risk policy. The status of EHS & SR risks and mitigations are also discussed in detail at the Board’s EHS Committee meetings. Periodically, our Chief Financial Officer (CFO) and CRO provide an update to the Board on enterprise-level risks, including the relative risks of assets and projects within the portfolio. The CFO and CRO oversee day-to-day implementation of the ERM process, including developing and verifying compliance with relevant policies and standards.
Hess’ ERM process is used to develop a holistic risk profile for each asset and major capital project, drawing input from subject matter experts, performance data, incident investigations, lessons learned and recent audits. In these risk assessments, we identify risks and assess their likelihood and potential impact to people, the environment, our reputation and our business.
Our Risk Management Standard, which applies to all assets and major capital projects, helps to align and integrate risk management across the company. Key elements of the standard include the following:
- Consistent risk management expectations, including risk plans, standardized risk identification and prioritization tools, ERM assessments, functional risk assessments, identification of key external stakeholders and an engagement process and timeline, integrated risk registers, and risk monitoring
- A hierarchy of risk assessments, integrated across technical and functional areas, that outlines the level of management review applied to different tiers of risk and drives consistent risk prioritization of mitigation actions on an integrated basis
- A standardized risk monitoring process with accountabilities and an operating rhythm to help ensure appropriate monitoring, alignment and escalation of risks and mitigations
As part of our ERM process, all assets are required to have a risk assessment in place that is refreshed at least annually. In addition, major capital projects and new development opportunities that go through the value assurance process (described below) must have risk assessments completed prior to each value assurance stage gate. Risk registers and reports that are generated through these processes are reviewed and updated periodically as part of asset and major project operating rhythm meetings.
We also require that functional-level risk assessments be included in each asset’s or project’s risk plan. Examples include identifying and validating concept selection or confirming the technical basis of design for a facility.
Climate risks are considered throughout both enterprise and functional risk assessments from the perspective of potential financial, physical, reputational and regulatory impacts. Further discussion of Hess’ approach to managing climate risks can be found in the Climate Change and Energy section of this website.