Enterprise Risk Management
Hess applies a comprehensive, standardized approach to identifying and managing risks of all types across our operations. Our enterprise risk management (ERM) program, which includes consideration of EHS & SR risks, provides a framework that enables Hess’ Board of Directors and executive leadership to work together to strengthen the consistency of risk consideration in making business decisions. Our Board of Directors has ultimate oversight over the ERM process and is charged with understanding the key risks affecting the company’s business and how those risks can be managed. Our Chief Financial Officer (CFO) reports to the Board regularly on the status of risk management controls within the company. Periodically, our Chief Risk Officer (CRO) provides the Board’s Audit Committee with a comprehensive review of Hess’ enterprise-level risks, the status of the ERM program and risk management strategies utilized under our corporate risk policy. The CFO and CRO oversee day-to-day implementation of the ERM process including developing and verifying compliance with relevant policies and standards.
Hess’ ERM process is used to develop a holistic risk profile for each asset and major capital project, drawing input from subject matter experts, performance data, incident investigations, lessons learned and recent internal audits. In these risk assessments, we identify risks and assess their likelihood and potential impact to people, the environment, our reputation and our business.
Our Risk Management Standard, which applies to all assets and major capital projects, helps to align and integrate risk management across our operations and functional areas. The standard establishes a risk framework, accountabilities and expectations across the organization to provide a consistent and integrated risk management process across our assets, projects and business functions. Key elements of the standard include the following:
- Consistent risk management expectations for each asset and major capital project, including risk plans, standardized risk identification and prioritization tools, ERM assessments, functional risk assessments, identification of key external stakeholders and an engagement process and timeline, integrated risk registers, and risk monitoring to help ensure alignment in our risk management process
- A hierarchy of risk assessments, integrated across technical and functional areas, that outlines the level of management review applied to different tiers of risk and drives consistent risk prioritization of mitigation actions on an integrated basis
- A standardized risk monitoring process with accountabilities and an operating rhythm to help ensure appropriate monitoring, alignment and escalation of risks and mitigations
As part of our ERM process, all assets are required to have a risk assessment in place that is refreshed on an annual basis. In addition, major capital projects and new opportunities that go through the value assurance process (described below) must have risk assessments completed prior to each value assurance stage gate. Risk registers and reports that are generated through these processes are reviewed and updated periodically as part of the asset and major project operating rhythm meetings.
We also require that functional-level risk assessments be included in each asset’s or project’s risk plan. Examples include identifying and validating concept selection or confirming the technical basis of design for a facility.
Climate risks are considered throughout both enterprise and functional risk assessments from the perspective of potential financial, physical, reputational and regulatory impacts. Further discussion on Hess’ approach to managing climate risks can be found in the Climate Change and Energy section of our 2018 Sustainability Report.