Since Value Creation is the basic guiding principle for ERM in Statoil, the company views risks in a value chain perspective. In the corporate directives it is written that the company's approach is to "Upstreaaluaownehage risk reMarke the value c Statoil's value chain hain to support achieveraent of our corporate abjectives oil Market Risks atu risk Naphtha Currency and interests that matt er Accidents Catastrophes Health & Safety risks Project risk Production risk Reservoirrisk Country risks Risks Statoil's value chain consists ofsstages 1. Upstream: exploration and development of oil and gas reserveS 2. Downstream: refinement of hydrocarbons into various petroleum products 3. Markets: selling of crude oil, gas, and refined products into different markets The most important risks: 1. Market risks 2. Operational risks The value of the value chain perspective: 1. It serves as a clear signal to everybody involved (all stakeholders) that value creation is the metric being pursued through ERM, and it is the impact on Statoil's performance that ultimately counts. Statoil's thinking on this issue is that if ERM is limited to managing risks related to goal achievement in various business units, the result will be "Satisficing" rather than value maximizing. 2The fact that the large number of risks identified in the risk map can make it challenging to understand what is really going on. By sorting the risks into a value chain, one can more easily see the bigger picture and, through the lens of the company's business model, see how the different risk categories hang together. 2001: The Company's shares were listed. During the listing process, there were investors looking for arguments as to why they should invest in Statoil. Recognizing that investors were entitled to information about what exposures they were getting when they invested in Statoil shares (the most important of which was the exposure to oil and gas prices), the company formulated the i the risk o Keeping people and the environment safe are the first priority and supersede any other objective o Beyond those basic objectives, risks are to be managed in a way that maximizes the value of the company Risk philosophy: risk encompasses not only downside risk but also upside potential o Existing off-the-shelf ERM frameworks were considered too oriented toward regulatory compliance and risk avoidance o Statoil philosophy instead recognizes that risk taking is unavoidable, even necessary, to create value for shareholders o What matters is that the risks are well enough understood and found acceptable, given their downside risk and upside potentials. Risk map o Captures both upside potential and downside risk for any given risk factor o X-axis: probability of occurrence o Y-axis: impact figure, measured as the pretax impadt on earnings (US millions) The impact is measured relative to the forecasted value of earnings All reported risks will be considered twice in the map i. Its potential contribution to upside potential (to be entered above the line) ii. Its contribution to downside risk (to benentered below the line) These two points are a summary, or synthesis, of the entire range of potential outcomes for the risk factor in question. Example: Risk A has a 5% probability that the outcome will be somewhat better than expected, yet there is a 10% probability of a fairly significant loss relative to the forecast (USS 200 million). Hence, the downside risk is larger than the upside potential. o isk robabilit Background Business: multinational energy (petroleum, wind) company publicly traded Headquarter: Stavanger, Norway Size: ranked by Forbes Magazine (2013) as the world's eleventh largest oil and gas company and the twenty-sixth largest company, regardless of industry, by profit in the world. The company has about 20,200 employees. The current company was formed by the 2007 merger of Statoil with the oil Senior Specialist Risk Management: Petter Kapstad Brief history of ERM program at Statoi: 1996: CEO Harald Norvik appointed Petter Kapstad as Risk Management Specialist to systemztize th management of risk in the finance department, which previously had been carried out in a fragmented and uncoordinated way. Petter measured and managed the risks at finance department as a portfolio of risks with central oversight. Harald then realized that the same principles could be applied to the whole company. Again, Petter was trusted with the task of leading the company in this direction 1999: the company formed Risk Committee. Nature: this is a cross-disciplinary advisory body on risk. Function/goal: The idea was to obtain a forum to which people could put proposals and general risk issues for Chaired by CFO The main task: to advise the executive managers on risk issues, and is not part of the formal decision process. Consists of a broad range of professionals with different backgrounds, such as the head of strategy, the heads of main trading units, the chief controllers of different business units, the head of internal control, and the head of the risk department who is responsible for the agenda and calling for meetings 2000: the risk department was formally set up, headed by Petter Kapstad, and started work on developing a common methodology on risk, as well as continuing the work on developing the company's consolidated risk model that had been initiated in 1998 2005: The first enterprise-wide risk mapping process was rolled out ERM Foundations Statoil's vision on ERM Not simply implementing one of the existing blueprints for ERM The framework has to make sense to Statoil Centered on two basic goals: 1). To create value and 2) to avoid accidents Keeping people and the environment safe are the first priority and supersede any other objective Beyond those basic objectives, risks are to be managed in a way that maximizes the value of the o o formulated the idea of core risks, understood as the risk exposures that an investor would expect, and even desire, to have from buying Statoil shares. The core risks are owned by the CEO of the company and are coordinated centrally in the organization. The ERM project increase the transparency and predictability of the risk exposures obtained by investing in Statoil shares. Tasks of ERM at Statoil: 1. Risk mapping process i. Identifying, mitigating, and reporting risks i. At Statoil business units are required to update their risk maps on quarterly basis. i. During quarterly review meetings, two factors ensure the quality of the outputs of the ERM process a. The units are expected to provide discussions and for their assumptions, and explain what their policy on each main risk is. ii. The risk department, in turn, writes a brief in response to the business units' risk maps, which is sent to v. Statoil's board of directors is also briefed on the risk profile on a quarterly basis, and they receive a condensed version of the risk 2. Role of adviser to the business area i. The risk department is not only a supervisor of the risk mapping process. It also provides support to business areas and helps spread best practices. It has the expertise and resources to assist business units in multiple ways from advice on how to manage a particular credit risk to suggesting a methodology for quantifying a certain market risk. ii. Example: Statoil's risk department has, in collaboration with consultancy firm HIS Global Insight, developed a deep expertise in the area of country risks, which is of particular importance to a company active in many of the world's most risky countries. This effort has resulted in a large internal knowledge base on country risk, as well as a standardized methodology for evaluating country risk as part of new investment proposals. The business areas are able to draw on these resources, and work with the risk department to reach the appropriate policies for each country and new investment. 3. Optimizing total risk: avoiding risk management decisions that are suboptimal for the company as a whole: i. Optimization of total risk has been unyieldingly pursued by the ERM team, with several tangible benefits for the ii. The value metric that underpins ERM in Statoil implies that it is the perspective of the company as a whole that should rule in practical situations where different individuals and business units may have differing views on how to proceed. v. External factors and. internal factors are treated differently. Energy prices and exchange rates could greatly impact the company. .t, its EBIT, which could create incentives for the business units to manage th risks. In Statoil, however, the performance measures used (KPI, balanced scorecards, etc. that the company uses to evaluate its business units) have been designed to exclude the impact of these external factors. This means that the company achieves central management of these risks but largely avoids the discontent that could result from business units having to live with large risk vi. Keep the big picture in mind and team up everyone. Many units are very focused on meeting their own targets and consequently do not see beyond the border of their unit. ERM team has sought to make it part of anyone's job description to think in terms of Statoil's net vii. Risk Committee should remain a specialist forum, and that one should stay away from attempts to integrate it with to management. Ultimately the Risk Committee needs to remain an advisory body, not an executive one, though it needs to carry enough status to be seen as the real arbiter on risk-related issues in the company vili. Examples of optimizing total risks: Foreign exchange (FX) risk management a. Consider a situation where one business unit is selling into a market where the product is quoted in U.S. dollars, and another unit is sourcing material d in the same currency. Whereas each unit have an incentive to manage its own exposure, what counts for the company as a these exposures. Lacking a central policy, risk could be over managed to the extent that managers of business units use FX derivatives to cover exposures that would cancel out from the perspective of the company. Apart from the burden some accounting that derivatives cause, there are also significant direct costs from such over management of risk. Statoil calculates that if two business areas simultaneously cover a USD 10 million exposure, it would incur transaction costs of around NOK 180,000(assuming a USD/NOK exchange rate of 6 and a bid-ask spread of 30 basis points). Since ERM was implemented, Statoil has withdrawn the ability of business units to set their own policy with regard to FX derivative usage. Besides avoiding the transaction costs just mentioned, a centralized FX derivative policy entails a number of other advantages, such as business units focusing on their core activities and an increased ability to coordinate the derivative policy with other corporate policies. whole is the net of 4. Risk Aggregation: the company needs to take a more analytical and quantitative approach to risk management, such as building models and simulations that combine the company's many different risks into a probability distribution. Questions: 1. What difference does the value chain perspective make? 2. How the ERM at Statoil counteracts any tendency of managers to think along the lines that "this risk certainly exists, but it surely will not happen during my time in office, so I will just do nothing"? 3. Why people from Statoil, or any organization, may resist the implementation of ERM? 4. Is Risk Committee an advisory body or a management body at Statoil? 5. Should all advisory body remain independent from management? Since Value Creation is the basic guiding principle for ERM in Statoil, the company views risks in a value chain perspective. In the corporate directives it is written that the company's approach is to "Upstreaaluaownehage risk reMarke the value c Statoil's value chain hain to support achieveraent of our corporate abjectives oil Market Risks atu risk Naphtha Currency and interests that matt er Accidents Catastrophes Health & Safety risks Project risk Production risk Reservoirrisk Country risks Risks Statoil's value chain consists ofsstages 1. Upstream: exploration and development of oil and gas reserveS 2. Downstream: refinement of hydrocarbons into various petroleum products 3. Markets: selling of crude oil, gas, and refined products into different markets The most important risks: 1. Market risks 2. Operational risks The value of the value chain perspective: 1. It serves as a clear signal to everybody involved (all stakeholders) that value creation is the metric being pursued through ERM, and it is the impact on Statoil's performance that ultimately counts. Statoil's thinking on this issue is that if ERM is limited to managing risks related to goal achievement in various business units, the result will be "Satisficing" rather than value maximizing. 2The fact that the large number of risks identified in the risk map can make it challenging to understand what is really going on. By sorting the risks into a value chain, one can more easily see the bigger picture and, through the lens of the company's business model, see how the different risk categories hang together. 2001: The Company's shares were listed. During the listing process, there were investors looking for arguments as to why they should invest in Statoil. Recognizing that investors were entitled to information about what exposures they were getting when they invested in Statoil shares (the most important of which was the exposure to oil and gas prices), the company formulated the i the risk o Keeping people and the environment safe are the first priority and supersede any other objective o Beyond those basic objectives, risks are to be managed in a way that maximizes the value of the company Risk philosophy: risk encompasses not only downside risk but also upside potential o Existing off-the-shelf ERM frameworks were considered too oriented toward regulatory compliance and risk avoidance o Statoil philosophy instead recognizes that risk taking is unavoidable, even necessary, to create value for shareholders o What matters is that the risks are well enough understood and found acceptable, given their downside risk and upside potentials. Risk map o Captures both upside potential and downside risk for any given risk factor o X-axis: probability of occurrence o Y-axis: impact figure, measured as the pretax impadt on earnings (US millions) The impact is measured relative to the forecasted value of earnings All reported risks will be considered twice in the map i. Its potential contribution to upside potential (to be entered above the line) ii. Its contribution to downside risk (to benentered below the line) These two points are a summary, or synthesis, of the entire range of potential outcomes for the risk factor in question. Example: Risk A has a 5% probability that the outcome will be somewhat better than expected, yet there is a 10% probability of a fairly significant loss relative to the forecast (USS 200 million). Hence, the downside risk is larger than the upside potential. o isk robabilit Background Business: multinational energy (petroleum, wind) company publicly traded Headquarter: Stavanger, Norway Size: ranked by Forbes Magazine (2013) as the world's eleventh largest oil and gas company and the twenty-sixth largest company, regardless of industry, by profit in the world. The company has about 20,200 employees. The current company was formed by the 2007 merger of Statoil with the oil Senior Specialist Risk Management: Petter Kapstad Brief history of ERM program at Statoi: 1996: CEO Harald Norvik appointed Petter Kapstad as Risk Management Specialist to systemztize th management of risk in the finance department, which previously had been carried out in a fragmented and uncoordinated way. Petter measured and managed the risks at finance department as a portfolio of risks with central oversight. Harald then realized that the same principles could be applied to the whole company. Again, Petter was trusted with the task of leading the company in this direction 1999: the company formed Risk Committee. Nature: this is a cross-disciplinary advisory body on risk. Function/goal: The idea was to obtain a forum to which people could put proposals and general risk issues for Chaired by CFO The main task: to advise the executive managers on risk issues, and is not part of the formal decision process. Consists of a broad range of professionals with different backgrounds, such as the head of strategy, the heads of main trading units, the chief controllers of different business units, the head of internal control, and the head of the risk department who is responsible for the agenda and calling for meetings 2000: the risk department was formally set up, headed by Petter Kapstad, and started work on developing a common methodology on risk, as well as continuing the work on developing the company's consolidated risk model that had been initiated in 1998 2005: The first enterprise-wide risk mapping process was rolled out ERM Foundations Statoil's vision on ERM Not simply implementing one of the existing blueprints for ERM The framework has to make sense to Statoil Centered on two basic goals: 1). To create value and 2) to avoid accidents Keeping people and the environment safe are the first priority and supersede any other objective Beyond those basic objectives, risks are to be managed in a way that maximizes the value of the o o formulated the idea of core risks, understood as the risk exposures that an investor would expect, and even desire, to have from buying Statoil shares. The core risks are owned by the CEO of the company and are coordinated centrally in the organization. The ERM project increase the transparency and predictability of the risk exposures obtained by investing in Statoil shares. Tasks of ERM at Statoil: 1. Risk mapping process i. Identifying, mitigating, and reporting risks i. At Statoil business units are required to update their risk maps on quarterly basis. i. During quarterly review meetings, two factors ensure the quality of the outputs of the ERM process a. The units are expected to provide discussions and for their assumptions, and explain what their policy on each main risk is. ii. The risk department, in turn, writes a brief in response to the business units' risk maps, which is sent to v. Statoil's board of directors is also briefed on the risk profile on a quarterly basis, and they receive a condensed version of the risk 2. Role of adviser to the business area i. The risk department is not only a supervisor of the risk mapping process. It also provides support to business areas and helps spread best practices. It has the expertise and resources to assist business units in multiple ways from advice on how to manage a particular credit risk to suggesting a methodology for quantifying a certain market risk. ii. Example: Statoil's risk department has, in collaboration with consultancy firm HIS Global Insight, developed a deep expertise in the area of country risks, which is of particular importance to a company active in many of the world's most risky countries. This effort has resulted in a large internal knowledge base on country risk, as well as a standardized methodology for evaluating country risk as part of new investment proposals. The business areas are able to draw on these resources, and work with the risk department to reach the appropriate policies for each country and new investment. 3. Optimizing total risk: avoiding risk management decisions that are suboptimal for the company as a whole: i. Optimization of total risk has been unyieldingly pursued by the ERM team, with several tangible benefits for the ii. The value metric that underpins ERM in Statoil implies that it is the perspective of the company as a whole that should rule in practical situations where different individuals and business units may have differing views on how to proceed. v. External factors and. internal factors are treated differently. Energy prices and exchange rates could greatly impact the company. .t, its EBIT, which could create incentives for the business units to manage th risks. In Statoil, however, the performance measures used (KPI, balanced scorecards, etc. that the company uses to evaluate its business units) have been designed to exclude the impact of these external factors. This means that the company achieves central management of these risks but largely avoids the discontent that could result from business units having to live with large risk vi. Keep the big picture in mind and team up everyone. Many units are very focused on meeting their own targets and consequently do not see beyond the border of their unit. ERM team has sought to make it part of anyone's job description to think in terms of Statoil's net vii. Risk Committee should remain a specialist forum, and that one should stay away from attempts to integrate it with to management. Ultimately the Risk Committee needs to remain an advisory body, not an executive one, though it needs to carry enough status to be seen as the real arbiter on risk-related issues in the company vili. Examples of optimizing total risks: Foreign exchange (FX) risk management a. Consider a situation where one business unit is selling into a market where the product is quoted in U.S. dollars, and another unit is sourcing material d in the same currency. Whereas each unit have an incentive to manage its own exposure, what counts for the company as a these exposures. Lacking a central policy, risk could be over managed to the extent that managers of business units use FX derivatives to cover exposures that would cancel out from the perspective of the company. Apart from the burden some accounting that derivatives cause, there are also significant direct costs from such over management of risk. Statoil calculates that if two business areas simultaneously cover a USD 10 million exposure, it would incur transaction costs of around NOK 180,000(assuming a USD/NOK exchange rate of 6 and a bid-ask spread of 30 basis points). Since ERM was implemented, Statoil has withdrawn the ability of business units to set their own policy with regard to FX derivative usage. Besides avoiding the transaction costs just mentioned, a centralized FX derivative policy entails a number of other advantages, such as business units focusing on their core activities and an increased ability to coordinate the derivative policy with other corporate policies. whole is the net of 4. Risk Aggregation: the company needs to take a more analytical and quantitative approach to risk management, such as building models and simulations that combine the company's many different risks into a probability distribution. Questions: 1. What difference does the value chain perspective make? 2. How the ERM at Statoil counteracts any tendency of managers to think along the lines that "this risk certainly exists, but it surely will not happen during my time in office, so I will just do nothing"? 3. Why people from Statoil, or any organization, may resist the implementation of ERM? 4. Is Risk Committee an advisory body or a management body at Statoil? 5. Should all advisory body remain independent from management