Enterprise Risk Management
Hess applies a comprehensive, standardized approach to identifying and managing risks of all types across our operations, such as those related to process safety, climate change and cybersecurity. Our enterprise risk management (ERM) program, which includes consideration of EHS & SR risks, delivers a framework that enables Hess’ Board of Directors and executive leadership to work together to strengthen the consistency of risk consideration in making business decisions. Our Board of Directors has ultimate oversight over the ERM process and is charged with understanding the key risks affecting the company’s business and how those risks can be managed. Annually, our Chief Risk Officer (CRO) provides the Board’s Audit Committee with a comprehensive review of Hess’ enterprise-level risks, the status of the ERM program and risk management strategies utilized under our Risk Management Standard. The status of EHS & SR risks and mitigations are also discussed at the Board’s EHS Committee meetings, as appropriate. Periodically, our Chief Financial Officer and CRO provide an update to the Board on enterprise level risks, including the relative risks of assets and projects within the portfolio. Corporate Risk oversees day-to-day implementation of the ERM process, including developing and verifying compliance with relevant policies and standards.
Hess’ ERM framework is used to develop a holistic risk profile for each asset and major capital project, drawing input from subject matter experts, performance data, incident investigations, lessons learned and recent audits. In these risk assessments, we identify risks and assess their likelihood and potential impact to people, the environment, our reputation and our business.
Our Risk Management Standard, which applies to all assets and major capital projects, helps to align and integrate risk management across the company. The standard establishes a risk framework, accountabilities and expectations across the organization to provide a consistent and integrated risk management process across our assets, projects and business functions.
Key elements of the standard include the following:
- Consistent risk management expectations, including risk plans, standardized risk identification and prioritization tools, ERM assessments, functional risk assessments, identification of key external stakeholders and an engagement process and timeline, integrated risk registers and risk monitoring
- A hierarchy of risk assessments, integrated across technical and functional areas, that outlines the level of management review applied to different tiers of risk and drives consistent risk prioritization of mitigation actions on an integrated basis
- A standardized risk monitoring process with accountabilities and an operating rhythm to help ensure appropriate monitoring, alignment and escalation of risks and mitigations
As part of our ERM process, all assets are required to have a risk assessment and risk plan in place that are refreshed at least annually. In addition, major capital projects and new development opportunities that go through the value assurance process (described below) must have risk assessments completed prior to each value assurance stage gate. Risk registers and reports that are generated through these processes are reviewed and updated periodically as part of asset and major project operating rhythm meetings.
We also require that functional level risk assessments be included in each asset’s or project’s risk plan. Examples include identifying and validating concept selection or confirming the technical basis of design for a facility.
Climate risks are considered throughout both enterprise and functional risk assessments from the perspective of potential financial, physical, reputational and regulatory impacts. Further discussion of our approach to managing climate risks can be found in the Climate Change and Energy section of this website.