Enterprise Risk Management
Hess applies a comprehensive, standardized approach to identifying and managing risks of all types across our operations. Our enterprise risk management (ERM) process is used to develop a holistic risk profile for each asset and major capital project, drawing input from subject matter experts, performance data, incident investigations, lessons learned and recent internal audits. In these risk assessments, we identify risks and assess their likelihood and potential impact to people, the environment, our reputation and our business.
Our Risk Management Standard — finalized in early 2017 — applies to all assets and major capital projects and has improved the alignment and integration of risk management across our operations and functional areas. The standard establishes a risk framework, accountabilities and expectations across the organization to provide a consistent and integrated risk management process. Key elements of the standard include the following:
Minimum risk management expectations for each asset and major capital project, including risk plans, ERM assessments, functional risk assessments, integrated risk registers and risk monitoring to help ensure consistent adoption and alignment in risk tools
A hierarchy of risk assessments, integrated across technical and functional areas, that outlines the level of management review applied to different tiers of risk and drives consistent risk prioritization of mitigation actions on an integrated basis
A risk monitoring process with accountabilities and an operating rhythm to help ensure appropriate monitoring, alignment and escalation of risk from the asset, project or function to and from senior management
As part of our ERM process, risk assessments are conducted for all assets and major capital projects annually and for all projects and new opportunities that go through the value assurance process (described below). Risk registers and reports that are generated through these processes are reviewed and updated throughout the year as part of each asset’s and major project’s operating rhythm.
We also require that functional-level risk assessments be included in each asset’s or project’s risk plan, as determined by each function. Examples include identifying and validating concept selection or confirming the technical basis of design for a facility.
In 2017 we concluded a detailed review of integrity risk at our producing assets, as part of our ongoing asset integrity management process. This comprehensive effort, which focused on identifying and mitigating process safety and loss of containment risks, is described further in the Safety and Health section of our 2017 Sustainability Report.