In my last post, I called out the mining and oil industries, two of the most risk prone resource extraction industries, for lapses in risk management protocols. In the past week, Congressional testimony over the BP spill has begun, the finger pointing has started- and yet the spill continues largely unabated (see BP calls blowout disaster ‘inconceivable,’ ‘unprecedented,’ and ‘unforeseeable’ http://bit.ly/b6YEHo ). Rep. Henry Waxman was quoted as saying “This catastrophe appears to have been caused by a calamitous series of equipment and operational failures”. It appears on initial investigation that BP, Halliburton and Transocean (the drilling contractor) could have proactively checked battery conditions, verified well plugging, weld integrity and electrical wiring, all believed to be contributors to the failure (see “On doomed rig, lapses sparked catastrophe – Reuters http://bit.ly/cjkdTM).
However let me applaud all those who have worked tirelessly to plug the leak. Correctly, much of the discussion this past week has now shifted to how risk containment and control and proper contingency planning could have been better planned and executed. So far, there have been many questions asked but few concrete answers- just deflection (http://www.theenergycollective.com/TheEnergyCollective/64685)
OK, enough table-setting, let’s get to it, shall we?
Step 1: The first step in the risk management process is identifying the key, significant routine or non-routine risks a that a business might face. These risks can occur during operations, maintenance or post operations circumstances
Step 2: The next step in the risk management process is to analyze or assess which of the routine or non-routines risks might have the greatest negative impact on the company, its employees and the environment. In prioritizing the risks, companies need to determine which of those risk factors identified (be they human health, environment or financial) the company has control over and which ones it does not can create the greatest immediate and long term impact.
Step 3: After assessing and prioritizing each risk, each risk must be evaluated against specific company criteria, health, safety and environment and industry protocols. To complete this step, specific reference criteria needs to be established that characterizes and scores risks on the basis of scale and severity, probability and frequency of duration, feasibility of mitigation , stakeholder issues and costs. By specifically evaluating possible repercussions of each risk on the company or business objectives based on “reasonably foreseeable” incident scenarios, the company will be better prepared to deal with the outcomes.
Step 4: The fourth step in the risk management process is creating a risk containment, control and long term contingency plan for each potential risk scenario. Based on each risk and its effect on the company’s goals, the risk manager must determine what can be done to treat each risk and plan for each incident . Creating a contingency and treatment plan will require deciding which risks can be avoided and which ones can only be lessened or mitigated with administrative or engineered controls.
Step 5. Simply, implement the risk management and contingency process. Make sure that employees are trained. Ensure that both internal and external communication processes and in place. Test the emergency and incident response systems that have been implemented. Make corrections and continually update the scenario planning.
Step 6: The final and perhaps most vital part of the risk management process is monitoring and oversight. By keeping the eye on the ball, companies could have likely avoided the coal and oil disasters that occurred last month. By continually monitoring, reviewing decisions made and correcting issues that could contribute to catastrophic failures, companies can avoid or mitigate losses to life, property and the environment. This is likely where the Massey and BP failures occurred.
In summary, a continuous risk management process helps organizations understand, manage, and communicate risk and avoid potential catastrophic conditions that can lead to loss of life, property and the environment. Risk Management helps organizations:
- Identify critical and non-critical risks
- Document each risk in-depth
- Log all risks and notify management of their severity
- Take action to reduce the likelihood of risks occurring
- Reduce the impact on business, life, and the environment
It all sounds so simple, right? It will be interesting to see what emerges as the investigations into the recent oil and coal disasters continue to unfold. What will be more fascinating will be the lessons learned and if businesses truly embrace risk management planning and implementation as a central function of business, take it seriously and hold themselves accountable.