Six Questions to Assess Your Risk Readiness

(This blog, written for Interliance Consulting, previously appeared on the PennEnergy.com web site.)

Pacific Gas & Electric recently was indicted by a grand jury in San Francisco on 12 alleged violations of the federal Pipeline Safety Act. At issue: poor record keeping and faulty management practices linked to the 2010 San Bruno natural gas disaster that killed eight persons and destroyed 38 homes.

According to some estimates, the utility could face a fine from the California Public Utilities Commission of as high as $2.25 billion.

The action stems from allegations the giant utility knowingly and willfully violated federal standards, failed to keep complete safety records and did not foresee threats to its network of large distribution companies.

Safety, of course, is one of several “can’t fail” functions that can determine an energy company’s survival and success. As such, these critical functions – which include financial, operations, legal/regulatory and reputation – are the issues that keep industry Chief Executive Officers awake at night.

Understandably. That’s because too many companies give these functions short shrift. Instead of making them top priorities, they use a “check-the-box” approach that does not include any clear risk metrics (such as a risk indicator) and only provides for minimal follow-up to check effectiveness or communication.

It isn’t surprising, therefore, that regulators say the lack of an effective integrated management system often is the downfall of many companies.

For most companies, an initial assessment of how they are doing can be completed by answering the six following questions:

  • Has top management clearly identified “can’t fail” functions and utilized objective metrics and targets to determine company performance?
  • Is risk identification and management widely recognized as a key aspect of company planning and execution?
  • Are business processes and process ownership clearly defined in the organization?
  • Do the company have well-documented processes and procedures embedded within a management system that mitigates operating and business risks throughout our organization?
  • Has continuous improvement and knowledge management been designed into the system?
  • Are system reviews, audits, and health checks a regular part of the business practices?

Companies that answer “yes” to all six questions – and have modern integrated management systems in place – make up a minority of about 15 percent. Those that answer “yes” to most questions comprise about a third, and probably need an system assessment and upgrade.

Unfortunately, the majority of companies fall into the final category, where the answers to the questions were “no” or “maybe.”

It’s these companies where top management’s commitment needs to be re-assessed and where modern integrated management systems likely need to be implemented.