Upload
vuonghanh
View
233
Download
1
Embed Size (px)
Citation preview
Risk Intelligence in the Energy & Resources IndustryEnterprise Risk Management Benchmark Survey
Deloitte Enterprise Risk Services
Table of contents
Foreword 5Executivesummary 6Aboutthissurvey 8 Objectiveofthesurvey 8 Approach 8 Respondentsinformation 9Detailedsurveyfindings 11 CurrentstateofERM 11 ImplementingERMandorganizationalapproaches 15 Governance 15 Process 21 People 25 Technology 26TopEnergy&ResourcesRisks 29Conclusion 32 BuildingtheRiskIntelligentEnergy&ResourcesEnterprise 32 Awayforward 33Contactus 34 Authors 34 Contacts 34
4 Risk Intelligence in the Energy & Resources IndustryForeword5
Inachangingworldwhereenergyandresourcescarcityandclimatechangehavebecomekeythemes,Energy&Resourcescompaniesfaceamyriadofnewemergingrisks.Resourcescarcity,politicalinstability,infrastructureobsolescence,potentiallyadverseweatherevents,greenhousegasemissions,andrisksrelatedtodisruptivetechnologiessuchasdistributedelectricitygenerationoroilextractionfromoilsandsarejustafewoftheperilsfacedbyEnergy&Resourcescompanies.
TherecentfinancialandeconomiccrisishadalsoanimpactontheEnergy&Resourcesindustry.Manycompaniesintheindustryexperiencedturbulenttimes,withstillmanychallengesaheadforthenearfuture.
Whilesometraditionalriskmanagementapproachesmayhaveservedtheindustrywellinthepast,thescope,complexity,andinterdependenciesofemergingrisksareforcingmanyEnergy&Resourcescompaniestoadoptcomprehensiveandintegratedapproaches.
DeloittehasrecentlylaunchedanEnergy&ResourcesEnterpriseRiskManagementBenchmarkSurveyfortheEurope,MiddleEastandAfrica(EMEA)region.ThegoalofthesurveywastocaptureandreportfeedbackonthecurrentstateofEnterpriseRiskManagement(ERM)implementationforacross-sectionoforganizationswithintheEnergy&Resourcesindustry.ThisreportpresentsacompilationoftheresponsesanddevelopsprofilesoftheleadingandprevailingERMpracticesintheEnergy&Resourcesindustry.
Organizationswereinvitedtoparticipateinthesurveythroughdirectcommunicationasrepresentativesofselectedsub-industries.Organizationsparticipatedbymeansofacompletingthesurveyquestionnairecomplementedwithface-to-faceinterviews.
Therewere49responsesfromEurope,theMiddleEast,andAfricarepresentingorganizationsactivewithintheElectricPower&Utility,Oil&Gas,Water,andMetallurgy&Miningindustries.
Foreword
6 Risk Intelligence in the Energy & Resources IndustryExecutiveSummary7
ERMtrainingisstilllimitedtoriskspecialistsandpeopledirectlyinvolvedintheRiskManagementactivitiesFeworganizationsprovideERMtrainingtoallemployees.BestpracticesorganizationsintegrateERMtrainingintheircorporatetrainingprograms,goingfrombasicriskmanagementprinciples(what’sariskandwhatdoesitmeanfordailyoperations)tomorein-depthtrainingforseniormanagement.
ERM done right: the Risk Intelligent Enterprise™
Themanagementofriskisinherenttothesurvivalofmankind.Whenearlymanbuiltafireatnighttowardoffpredatoryanimalswhileheslept,hewasmanagingrisk.Allofusmanageriskonadailybasis,oftenwithoutbeingawarewearedoingit.
RiskmanagementisnotnewbutERM,anapproachtomanagingrisk,isrelativelyrecent.RiskIntelligentEnterprises™manageriskfortworeasons:toprotectwhattheyhaveandtogrowthevalueofwhattheyhave.ThepremiseofERMisthatitattemptstopresentanoverallandintegratedviewoftheriskstowhichanenterpriseisexposed.Ideally,withthisinformation,theenterpriseisthenabletomakebetterinformeddecisionsabouthowitcanprotectwhatithasandhowitcan,inanintelligentmanner,addvaluetowhatithas.Inotherwords,theorganizationcanbesmarterabouttherisksitneedstotake.Itcanbe“RiskIntelligent.”
ERMisanenablerofriskintelligence;itstruevaluemaylieinitsabilitytoenablethesystematicidentificationofpossiblecausesoffailure—failuretoprotectexistingassetsandfailuretoachievefuturegrowth,i.e.,failuretomanagebothunrewardedandrewardedrisk.Unrewardedrisksaretypicallyassociatedwithlackofintegrityinfinancialreporting,noncompliancewithlawsandregulations,andoperationalfailures;thereisnopremiumtobeobtainedfortakingthesetypesofrisks.Rewardedrisksarethosethattypicallyhavetodowithstrategyanditsexecution.
TheextenttowhichanorganizationusesriskinformationfromitsERMframeworktoinfluencedecisionmakinginbothareas(unrewardedandrewardedrisk)isadirectreflectionofthematurityofitsERMprogramandofitsriskintelligence.
Ofcourse,thepathtothisloftydesignationislongandsometimesarduous.Everyorganizationthatchartsitsprogresswillfinditselfinadifferentlocationonthemap,dependingontheuniquebusinesschallengesitfacesandthecompetenciesandcapabilitiesitpossesses.ButeveryorganizationthatattainsthestatusofaRiskIntelligentEnterprisewillfindthattheysharesimilarcharacteristics,includingthefollowing:•riskmanagementpracticesthatencompasstheentirebusiness,creatingconnectionsbetweentheso-called“silos”
thatoftenarisewithinlarge,mature,and/ordiversecorporations;•riskmanagementstrategiesthataddressthefullspectrumofrisks,includingindustry-specific,compliance,competi-
tive,environmental,security,privacy,businesscontinuity,strategic,reporting,andoperationalrisks;•riskmanagementapproachesthatdonotsolelyconsidersingleevents,butalsotakeintoaccountriskscenarios
andtheinteractionofmultiplerisks;•riskmanagementpracticesthatareinfusedintothecorporateculture,sothatstrategyanddecision-makingevolve
outofarisk-informedprocess,insteadofhavingriskconsiderationsimposedafterthefact(ifatall);and•riskmanagementphilosophythatfocusesnotsolelyonriskavoidance,butalsoonrisk-takingasameanstovaluecreation
Source:DeloitteRiskIntelligenceSeries
TechnologycanhelpleveragingtheERMprocess,thoughmanyorganizationsstillstrugglewithitTechnologycanfacilitatetheERMprocess(riskidentification,documentation,aggregation,assessments,quantitativetechniques,riskmonitoring&reportingetc.)thoughalargenumberoforganizationsindicatetheyarenotyetonthatlevel.DespiteaproliferationofvendorscompetingintheERMmarketplace,nosinglepackagesolutionhasemergedtoprovidethenecessaryfunctionalitytosupporttheentireERMcapability.
SubstantialefforthasbeendirectedtowarddevelopingenhancedapproachestoriskmanagementintheEnergy&Resourcesindustry,particularlyinthepastdecade.HalfoftheorganizationspolledreporthavingafullyoperationalERMprogram,whereasthemajorityoftheotherhalfindicateshavinganERMprogramindevelopmentformorethan1year.
Amongstthesecompanies,somekeythemesaboutERMemergedinthesurvey:
ERMprogramsareachievingenterprisewidecoverageandrisk-informeddecisionmakingisdevelopingERMscopeshaveexpandedinrecentyears,progressingtowardsarealenterprise-widemanagementpractice.Riskinformationisincreasinglyincorporatedintothecriticaldecisionmakingprocesses.Leadingorganizationsaremakingthecriticallinkbetweenriskandperformancemanagementthroughtheemergingdisciplineofrisk-adjustedperformancemeasurement(RAPM).
ERMframeworks,methodologies,andtoolsarebecomingmorematureandadvancedriskmanagementpracticesaredevelopingAlmosthalfoforganizationsreporthavinganERMpracticethathasprogressedbeyonditsearlystages.ThefundamentalsoftheERMprogram,i.e.theframework,methodology,andtoolshavebeenestablishedandserveasthebasisforthedevelopmentofmoreadvancedriskmanagementpractices.Amongstthoseare:•TheintegrationofERMwithothermanagement
practices(performancemanagement,processmanagement,compliancemanagement,qualitymanagement,etc.);
•TheuseofKeyRiskIndicators(KRIs)andothertoolstomonitorrisksonacontinuousbasis;
•Theapplicationofquantitativetechniquesforevaluationofrisk,riskmeasurement,andriskprediction;and
•Theuseofnetwork-andpattern-recognitiontechniquestoanalyzeriskand,moreaccurately,tomodelfailurepredictions,tomodelinterdependenciesbetweenrisksandtounderstandconcentrationsofriskexposures.
ThefocusisshiftingfromtheunrewardedriskstotherewardedrisksTherespondentsinthissurvey,forthemostpart,indicatethattheirorganizationsareusingtheinformationfromtheirERMprogramstodealwithunrewardedrisks.Thesetypicallyincluderiskstofinancialreporting,compliance,andoperations,suchasbusinesscontinuity,operationalperformance,inventory,treasury,insurance,etc.Thisisthetraditionaldomainofriskmanagementbecauseitfocusesontheprotectionofexistingassets.
Moreriskmatureorganizationsarestartingtofocusmoreonunrewardedrisks.Thoserisksarerelatedtostrategyanditsexecution.Thesetypicallyincludethedevelopmentofnewproducts,entryintonewmarkets,andacquisitions.Themanagementoftheserisksholdsthepotentialforgainandrewardiftheyareintelligentlymanaged,buttheycanhaveseriouslynegativeeffectsiftheyarenot.OncethereisastableandprovenERMmethodologyinplaceandERMstartstofocusmoreonriskrelatedtostrategy,ERMrisesontheagendaoftheCEOasitmovesclosertotheinterestofoperatingmanagement.
ERMprocessesareimplementedbutorganizationsstillfacechallengeswithrespecttoeffectivemonitoringandreportingOrganizationsreportbeingmatureonriskidentification,riskassessmentandriskprioritization,anddesignandimplementationofmitigatingactions.Manyorganizations,however,stillstrugglewithmonitoringandreportingrisks.Alackofappropriatetoolingisoneofthereasons.Otherreasonsarethelackofsuitablemethodologyforaggregatingrisks,thelackofabilitytomeasureandintegrateriskexposuresfromboththetop-down(organizationallevel)andthebottom-up(operationallevel),andthelackofkeyriskindicatorstomonitorrisksinacost-efficientway.
Executive summary
8 Risk Intelligence in the Energy & Resources IndustryAboutthissurvey9
About this survey
Objective of the surveyTheobjectiveofthisEnterpriseRiskManagementBenchmarkSurveyistoprovideabroadperspectiveonthestateofriskmanagementacrosstheEnergy&ResourcesIndustry.TheassessmenthasbeenstructuredaroundthefourERMcapabilities:governance,process,people,andtechnology.
Thissurveyisbasedonself-assessments.Self-assessment,bydefinition,entailsanunknowndegreeofsubjectivityandDeloittedidnotattempttovalidatetheresponses.Inaddition,thereisnostatisticalsignificancetotheresponses—theyaremerelytheopinionsheldatthetimebythosewhoresponded.Itisalsoimportanttoemphasizethatprevailingpracticeisnotnecessarily“leadingpractice.”
ApproachThebenchmarksurvey,fromwhichthefindingsaretakenforthebasisofthisreport,wasconductedonlineandviapaperintheperiodbetweenJune2009andFebruary2010,complementedwithone-on-oneinterviewswiththepartyresponsibleforriskmanagementintherespondingorganizations,Byfar,thefunctionsmostrepresentedbyrespondentsareCFOs,CEOs,ChiefRiskOfficers,andInternalAuditDirector/Managers.Thepreliminaryresultsofthebenchmarksurveyhavebeendiscussedatthe“RiskIntelligenceintheEnergy&ResourcesIndustrySeminar”organizedinMarch2010inBrussels(Belgium)withahighrepresentationofthesurveyrespondents.Therelevantdiscussionsandcommentsfromtheseminarhavebeenintegratedintheresultsthatarepresentedhereafter.
Respondents informationGeographicalcoverageRespondentsweremostlyEuropeanwithsomeanswerscomingfromAfricaandtheMiddle-East.
IndustrybreakdownAwidevarietyofdifferentsub-industries/segmentsfromtheEnergy&Resourcesindustryarerepresented,withtheheaviestconcentrationinPower&Utilities.
Exhibit 1: Deloitte ERM capability model TM
Process
Governance
Risk IntelligenceTo Create &
Preserve Value
Sustain & ContinuouslyImprove
Developand DeployStrategies
IdentifyRisks
Assess andMeasure RisksRespond
to Risks
Design& Test Controls
Monitor,Assure &Escalate
Peo
ple
Techn
olo
gy
Region %
Europe 90%
Middle-East 6%
Africa 4%
Sub-industry %
Power&Utilities 70%
•Generation&Supply(Electricity/Gas) 61%
•SystemOperators(Electricity/Gas) 39%
Water 13%
Oil&Gas 9%
Metallurgy&Mining 8%
1. Tribal & Heroic
Exhibit 2: Deloitte Risk Intelligence Maturity model TM
Ad-Hoc/chaotic
Depends primarily onindividuals
Heroics capabilities andverbal wisdom
2. Specialist silos
Reaction to adverseevents by specialists
Descrete roles established for small set of risks
Typically finance, insurance, compliance
3. Top-down
Tone set at the top
Policies, procedures,risk authorities definedand communicated
Business function
Primarily qualitative
Reactive
4. Systematic
Integrated response toadverse events
Performance-linked metrics
Rapid escalation
Cultural transformation
Underway
Bottom-up
Pro-active
5. Risk Intelligent
Built into decesion-making
Conformance withenterprise risk management processes is incentivized
Intelligent risk-taking
Sustainance
‘Risk management iseveryone’s job’
Exhibit 3: Geographical coverage
ParticipatingcountriesInEurope
10 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings11
OperatingrevenueParticipantsinthesurveyrepresentmostlysmallandmedium-sizedorganizationswithaturnoversmallerthan€500million(50%)andaheadcountoflessthan5000fulltimeemployees(69%).
Current state of ERMRiskmanagementactivitiesareperformedinalmostallorganizationsThesurveyrevealsthatavastmajorityoftherespondents(95%)performriskmanagementactivities.Therespondentswhostatedtheydonotperformriskmanagementactivities(4%)aresmallerorganizations(<110FTE’s).Thoserespondentsindicatedhavingconsideredtheimplementationofariskmanagementprocessandsomeplantheimplementationinatimehorizonoftwoyears.Untilnow,thoserespondentsdidnotperformriskmanagementactivitieseitherbecauseriskmanagementwasnothighontheagendaoftheirgovernancebodies(BoardofDirectors,AuditCommittee,orManagementCommittee)orbecausetheydidnotseethebenefitsofanERMprocess.Insmallorganizations,governancebodiesandseniormanagementtypicallyhaveagoodoverviewonwhathappenswithinthecompany.Thiscreatesthefeelingofhavingthecompany‘undercontrol’andweakenstheperceivedneedforimplementingriskmanagementactivities.Besidesthehighercomplexityanddifficultyofhavingaclearoverviewofrisksinlargerorganizations,regulationstendtorequirereportingonriskmanagementintheannualstatements.
HalfoftherespondentshaveafullyoperationalERMprogramERMhasbecomeanindustrywidepractice.Almosthalfoftheparticipants(48%)reporttohaveafullyoperationalERMprogram.ForERMprogramsindevelopment,76%oftherespondentsindicatebeingindevelopmentformorethan1year.Onaverage,organizationsneed3to7yearstobringERMtoanoperationallevel.Thistimeframelargelydependsonthesizeofthecompanyandthenumberofgeographicallocations.TheoperationalstatusoftheERMprogramdoesnotdependonthesizeoftheorganizationintermsofrevenuesornumberofemployees.Inaddition,thereissomeratinginfluencebuilding.Ahigherproportionoforganizationswhichmentionedhavingaratingalsohaveafullyoperationalriskorganization.Thiscanbeexplainedbytheratingagenciestakingriskmanagementmoreandmoreintoconsiderationwhengivingexternalratings.
Exhibit 5: Operating revenues (mEUR)
0%
10%
20%
30%
40%
50%
60%
>10.0005.000-10.0001.000-5.000500-1.0000-500
24%
12%
50%
5%
9%
Exhibit 6: Full time employees
0%
5%
10%
15%
20%
25%
30% 28%
13%
28%
19%
13%
>10.0005.000-10.0001.000-5.000500-1.0000-500
Exhibit 7: Does your company perform risk management activities?
96%
4%
Yes
No
52%
48%
Exhibit 8: What is the operational status of your ERM program?
In development
Fully operational
Exhibit 4: Survey received per sub-industry
70%
9%
8%
13%
Power & Utilities
Water
Oil & Gas
Metallurgy & Mining
39%
61%
Generation & Supply (Electricity/Gas)
Systems Operators (Electricity/Gas)
Detailed survey findings
12 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings13
OperationalperformanceandregulatorycomplianceappeartobethekeydriversofERM,strategyisanemergingdriverofERMprogramsRespondentsstatetheirorganization’sERMeffortsarebeingdrivenforthemostpartbytheneedtoimprovetheoperationalperformanceandtheneedtocomplywithregulations.Operationalperformanceistypicallyembeddedineachbusinessdepartmentinamoreorlessformalizedwaythroughalonghistoryofsiloriskmanagement.Mostofthedepartmentmanagershaveanoverviewoftheirriskswhetheritwasbuiltinadocumentedprocessorinamoreunofficialway.
Regulatorycompliancehasbeenthemaindriverforacertainnumberofyearsduetoincreasinglycomplexmultijurisdictionalcompliancerequirements.EuropeanCorporateGovernanceregulationshaveincorporatedriskmanagementforadecade,someforevenlonger(theUKsince1992,theNetherlandssince1997,Germanysince2000,Francesince2002,andBelgiumsince2004).TheEuropeanCGregulationsalsodefineabroaderscopeforERMthatincludesthemanagementofrisksforstrategic,operational,financial,andcomplianceobjectives.Typically,operationalperformanceandregulatorycompliancearethemaindriversofERMprogramsinorganizationswhoseERMprogramsareattheearlystagesofmaturityandwhohavenotyetrecognizedtheroleERMcanplayinvaluecreation.Thisfindingmayalsoreflectthebiasofthesurveyrespondentswhotypicallyrepresentfunctionsthataremorecloselyalignedwithregulationandcompliancethanwith
businessfunctions.Thoseprogramsfocusmoreonassetprotection(unrewardedrisks).StrategyisanemergingdriverofERMprograms.Fortherespondentsmentioningstrategyastheirmaindriver,operationalperformancewilloftenbeconsideredasbeingbusinessasusual.AsERMprogramsmature,thoseprogramsmayfocusmoreonvaluecreation(rewardedrisks)
BoardsaretheprimarydriversofERMbutseniormanagementtendencytopullERMthroughtheirorganizationisgrowingThekeygroupsdrivingERMwithinorganizationsaretheBoardofDirectors,theManagementCommittee,andtheAuditCommittee.TheBoard,includingtheAuditCommittee,jointlyaccountsforatleast47%ofthechampionswhopushforERMwithinanorganization.For25%oftherespondents,theManagementCommitteeisaligningERMtomorestrategicriskmanagementactivitiesandmoreoperationalperformance.Thisisconsistentwiththeobservationthatstrategyandgrowtharebecomingincreasinglyimportantdevelopmentelementsintheriskmanagementprogram.ThiscanalsoexplaintheappearanceofstrategyasanemergingdriverofERM.AsBoardsofDirectorsusuallyfocusmoreonasset
protectionandManagementCommitteesfocusmoreonfuturegrowth,theremaybeapossibledisconnectionbetweenprogramgoals(assetprotection)andexpectations(valuecreation).WhereregulationandcomplianceappeartobetheprimarydriversofERM,ManagementCommitteesarenotthekeyprogramdriver.WhentheriskmanagementsystemisdrivenbytheBoardoritscommittees,itmaybeperceivedbytheManagementCommitteeasyetanotherformofcompliance,somethingthat“must”bedoneandwhichisnotdrivenbybusinessneeds.ManagementCommitteesmaybemoreinterestedinimprovingoperationalperformanceandvaluecreationthanintheprotectionofexistingassets.Inthosecases,ERMwillbemostlypushedthroughorganizationsinsteadofpulledbythebusinessdepartments.
BenefitsofERMThetopfiveexperiencedbenefitsarealllaudablebenefits.Thesebenefitsasidentifiedbythesurveyrespondentsare:createarisk-awareculture,enablefocusontherisksthatmattermostthroughintegratedmanagementreporting,identifyandmanagecross-enterpriserisks,reducevulnerabilitytoadverseeventsandenhanceriskresponsedecisions.Althoughinterestinintegratingriskmanagementinthedecisionmakingprocessisgrowing;mostoftherespondentsarestillindevelopment.
Interestingtoobserveisthattheexperiencedbenefitsareevolvinginthesamewayastheimplementationoftheprocess.ThefirststepintheprocessissettinguptheERMframeworkandtrainingpeopletocreatearisk-awarecultureandprioritizeriskstofocusontheonesthatmattermost.ThesecondstepofanERMprocessistomanagetheidentifiedrisksandreducethevulnerabilitytoadverseevents.Finally,thelaststepistomonitorriskresponsesandincorporateriskinformationintothedecisionmakingprocess.Furtherbenefitsmaystillberealizedgiventhat50%ofthosewhorespondedtothissurveyrepresentorganizationsthathaveanERMprograminplaceforlessthan5years.
CurrentERMprogramsaretypicallyfocusedonhavingtherightbalancebetweengrowth,risk,andreturnbuttendslowlytowardsmorestrategicriskmanagementThetopfivebenefitsexpectedtoberealizedinthefutureseemtorelatemoretothemanagementoffuturegrowthandpotentiallyrewardedrisk.Thishasadirectcorrelationwithriskmaturity:organizationsbeginbyfocusingonprotectingassets(unrewardedrisks)andthenlateruseERMinformationasthebasisforstrategicdecisionsandtheirexecution(rewardedrisks).
Operationalperformance
0% 5% 10% 15% 20% 25% 30% 35%
33%
30%
16%
12%
5%
5%
Exhibit 9: First ERM driver mentionned
Other
Public image
Businesscontinuity
Strategicreasons
Regulatorycompliance
Exhibit 10: Who is driving the ERM interest?
15%
28%
25%
23%
9%
Internal Audit
Board of Directors
Management Committee
Audit Committee
Other
33%Create a risk-aware
culture
Exhibit 11: Top 5 experienced benefits of ERM
0% 5% 10% 15% 20% 25%
Identify and managecross-enterprise risks
Reduce vulnerabilityto adverse events
Enhance riskresponse decisions
Enable focus on the risksthat matter most
through integratedmanagement reporting
23%
22%
21%
21%
13%
Link growth,risk and return
24%
22%
21%
18%
13%
2%
Exhibit 12: Top 5 expected benefits of ERM
0% 5% 10% 15% 20% 25%
Align risk appetiteand strategy
Provide integratedresponses to multiple risks
Minimize operationalsurprises and losses
Seize opportunties
Other
14 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings15
Previousstudiesdemonstratedthatriskmanagementwasmostlyfocusedonriskstoexistingassetsandweremissingtheconnectiontofuturegrowth.Theconservativesideofriskmanagementisstillhighlypresentbutmostrespondentsindicatethattheirexpectedbenefitisonthelinkbetweengrowth,risk,andreturn.
Seizingopportunitiesthroughriskmanagementisnotmentionedbymostoftherespondentsasoneoftheexpectedbenefitsofriskmanagement.Unfortunately,suchanapproachmeansformostrespondentsthatriskmanagementdoesnotincluderisksoropportunitiesthathavetodomorewithstrategyanditsexecutionsuchasthedevelopmentofnewproducts,entryintonewmarkets,oracquisitions.Toooften,organizationslimittheirriskmanagementtotheunrewardedriskssuchasthosewholimitpotentiallosses,insteadofalsotakingintoaccounttherewardedrisks,thosewhoholdthepotentialforgainandrewardiftheyareintelligentlymanaged.Calculatedrisktakingisessentialforcompetitiveadvantageandgrowth.Therealchallengeistodevelopriskintelligence;thisentailsbecomingsmarteraboutandbettermanagingtherisksthatneedtobetakenandthosethatneedtobeavoided.
CurrentERMprogramsbroadentheirscopetomorestrategicrisksIncomparisonwithpreviousstudies,thescopeofERMisexpandingtoincludeevaluatingapraticethatisenterprise-wide.Thisisreflectedbythediversityofrisksthatareinscopeoftheriskmanagementprogram.Thesurveydemonstratedthat:•1%oftherespondentshaveafullscopeERMprogram
including16riskareas.•52%haveincludedmorethan10riskareas.•85%haveincludedmorethan5riskareas.Consistentwiththefocusonassetprotection,almostallcurrentERMprogramsincludeexternalfactors(85%),finance(85%),andcompliance(84%)riskareasintheirERMscope.Thisreflectsthehistoricalfocusoncomplianceandfinancialrisks.However,aspreviouslyobserved,respondentstendtofocusincreasinglyonthestrategicsideas73%oftherespondentsindicatedthatstrategyisincludedinthescopeoftheirERMprograms.
TheintegrationofriskmanagementinthedecisionmakingprocessisgrowingbutisstillindevelopmentformostrespondentsMostrespondentsintegrateorplantosystematicallyintegrateriskmanagementinalltheirdecisionmaking
processes.Inthecurrentstate,organizationshavemostlyfullyincorporatedtheirriskmanagementinthedecision-makingprocessoftheprocessesrelatedtocommoditytrading(58%);andInsurance(48%).However,thesurveydoesindicateagrowingtrendtowardsmoresystematicintegrationinothercriticaldecisionmakingprocessessuchasFinance(43%)andInternalAudit(42%).Theseprocessesrelatetothetraditionalareasofriskmanagementwhoseprimaryfocusisontheprotectionofexistingassetsratherthanonfuturegrowth.Oftenthelowscoreforintegrationofriskmanagementintothedecisionprocessisduetoalackofformalizationofriskmanagementintheseareas.Forinstance,manyITorganizationshaveintegratedariskdimensioninthedecisionmakingprocessofICTprojects,thoughoftennotformalizedorinconnectionwithbroaderriskmanagementprograms.
IntegratingriskmanagementindecisionmakingofallprocessesmayincreasetheunderstandingofthebenefitsofanERMprogramatManagementCommitteelevel.Inorderforoperationalmanagementtoseethevalue,theyneedtoseetheirissuesarebeingaddressedinabeneficialway.Toooftenoperationalmanagement
perceivesriskmanagementasanadministrativeburdenanddoesnotrealizethatactiveriskmanagementisrequiredforfurthergrowth.Respondentshaverealizedthischallengeandplantolinkriskwithperformanceinthefuture.
Implementing ERM and organizational approaches
GovernanceMostorganizationshaveaformalriskmanagementorganizationMostrespondents(77%)haveaformalriskmanagementorganization.Dependingontheorganization,theriskmanagementfunctioniseitheraseparatefunctionoritisintegratedwithotherfunctions.
TheprimaryreasonwhyorganizationshavenotyetestablishedaformalriskmanagementorganizationisthelackofavailableresourcesTheorganizationswithoutaformalriskmanagementorganizationarethesmallestorganizations.50%oftheseorganizationsstatedtheircompaniesdonothaveresourcesavailable(people,budget)toconductriskmanagementinaformalriskorganization.
85%
85%
84%
73%
73%
70%
67%
67%
62%
62%
58%
58%
58%
56%
49%
7%
External factors
Finance
Compliance
Strategy
Corporate assets
Information technology
Legal
Reporting
Human resources
Corporate governance
Sales, Marketing &Communication
Planning
Corporate responsibility
Product development
Ethics
Other
Exhibit 13: Scope of ERM program
0% 20% 40% 60% 80% 100%
Commodity Trading/Sourcing
Insurance
Internal Audit
Finance department
EHS
Asset Management
Legal
Ethics & Compliance
Strategic planning
Exhibit 14: Risk consideration in decisionmaking
ICT
Fully incorporated
Partially incorporated
Planto incorporate within next 12 months
No plans to incorporate
0% 20% 40% 60% 80% 100%
Exhibit 15: Does your company have a formal risk management organization for your risk management activities?
77%
23%
Yes
No
Exhibit 16: What are the primary reasons your company does not have formal ERM activities?
50%
33%
17%
No resources available (people, budget)
No benefits exist for my company
Other
16 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings17
Another33%indicatetheydonotseethebenefitsofaformallystructuredriskmanagementfunction.Bothresponsesaredirectlylinkedtotherelativelysmallsizeoftheorganizationsinvolved.Intheremainingresponses(17%),respondentsindicatedtheydidnotseethebenefitsofaformalriskmanagementoverseeingthewholeorganization.
MostorganizationshavestructuredtheirriskmanagementinahybridformatAvastmajorityofrespondents(82%)havestructuredtheirriskmanagementorganizationinahybridformat.Ahybridriskmanagementorganizationcombinestheadvantagesofcentralizedanddecentralizedstructuresandenablesadequateandtimelyresponsestonewemergingrisks.Inahybridstructure,thedifferentbusinessfunctionsperformtheirownriskmanagementactivities(e.g.identificationandanalysisofrisks,implementationofcontrolmeasures,etc.),supportedandcoordinatedbyacentralriskmanagementdepartment.Thetasksofthiscentralteamaretypically:•establishingcommonERMmethodology&tools;•integratingdifferentERMpractices;•consolidatingandintegratingcompany-widerisks;•monitoringandreportingoncompany-wideERM
dashboard;and•disseminatingbestERMpracticesandknowledge.Ingeneral,nooperationalriskresponsibilitiesareassignedtothiscentralriskmanagementfunction.Theownershipofrisklieswiththebusinessfunctions.Inthisset-up,Boardswilltakeonanoversightfunctionandinternalauditwillprovideindependentassessmentandmonitoringservices.Thehybridstructurefacilitatestheintegrationofdifferentapproachesthatcanexistwithregardtostrategicandoperationalrisks.Strategicriskswillusuallyneedacentralizedapproachduetotheirwideimpactwhereoperationalriskswillusuallybetackledonamoredecentralizedway.
ThenumberofFTEinvolvedinriskmanagementactivitieslargelydependsonthesizeoftheorganizationThesurveyrevealsarelationbetweenorganization’stotalresourcesandthenumberofresourcesinvolvedatcentrallevelinriskmanagement.Smallorganizations(<1000FTE)usuallyhaveeithernocentralriskdepartment(15%)oracentralriskdepartmentconstitutedof1to5FTE(24%).Medium-sizedorganizationsmostlystafftheirriskdepartmentwith1to5FTE(24%)andoftenwith5to20FTE(9%).Forlargeorganizations(>10.000FTE),nocleartrendisobserved.
GeographicallyextendedorganizationsneedlargerdecentralizedriskmanagementteamsOrganizationshavebeenstructuringtheirriskmanagementdependingontheirexistingstructureandgeographicfootprint.Thebroadertheregionwheretheorganizationisactive,themoreriskspecialistswillbeneededinthedifferentlocationstoenablerapidresponsetopossiblenewemergingrisks.
CFO’sandCEO’shaveprimaryresponsibilityforERMTheresponsibilityoftheERMprogramhasbeenassignedinprioritytotheCF0(36%)andtheCEO(27%).Thismayexplainwhyriskintegrationishighwithinthefinanceprocessaswellasthegrowingtrendtowardintegrationofriskmanagementinthestrategicprocess.Insomecases(15%),theresponsibilityoftheERMprogramhasbeenassignedtoaspecificallydesignatedChiefRiskOfficer.“Others”(20%)includeothermembersoftheManagementCommittee.Incomparisonwithpreviousanalyses,riskmanagementhasincreasinglybecometheresponsibilitytheCEO.Withriskmanagementbecomingmoreintegratedinthestrategyprocessofthecompany,ERMisrisinghigherontheagendaoftheCEO.ThisimpliesthatRiskmanagementisnotthemanagementofspecificrisksbysomespecialistsanymorebutanintegratedapproachsteeredbyseniormanagement.
MostorganizationshaveariskcommitteewithintheirorganizationAmajorityoftherespondents(59%)hasestablishedariskcommitteewithintheirorganization.
Exhibit 17: How is your risk management organization structured?
82%
3%
15%
Hybrid
Centralized
Decentralized
< 1.000
1.000 - 10.000
> 10.000
Exhibit 18: Number of FTE’s centrally involved in comparison with the total number of FTE’s
0%
5%
10%
15%
20%
25%
30%
>205-201-50
15%
7%
4%
24% 24%
4% 4% 4%2% 2%
9%
Total number of FTE’s
Exhibit 19: ERM Responsibility
36%
27%
15%
20%
2%
CFO
CEO
CRO
Other
Internal audit
Exhibit 20: Existence of risk committee
59%
41%
Yes
No
Exhibit 21: Composition of Risk Committee
39%
29%
26%
6%
Board members
Audit Committee members
Management members
Other
18 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings19
Theestablishedriskcommitteesaremostlyacombinationofboardmembers(39%),auditcommitteemembers(29%),andmanagementmembers(26%).Intheothercases(6%),specificbusinessexpertsareattendingtheriskcommittees.Usually,theriskcommitteemembersareappointedbytheBoardtoassistinoverseeingtheenterpriserisks.Thisexplainstheseniorityofthecompositionoftheriskcommitteeasitsmembersneedtobeabletotaketheadequatedecisions.Someorganizationsappointmorethanonecommitteetohaveadequateoversightdependingontheoperationallevelornatureoftherisks.Riskcommitteescanexistongrouplevelandonlocallevel.Dependingonthenatureoftherisks,differentbusinessexpertswillbeinvited;e.g.foraninvestmentriskcommittee,amarketandcreditriskcommitteewillbeformed.ItisinterestingtoobservethatorganizationsdonotwaitfortheirERMprogramtobefullyoperationalbeforeestablishingaRiskCommittee.
RiskmanagementisoftenaseparateandindependentfunctionThesurveyrevealsthatinanimportantnumberof
organizations(29%),riskmanagementisaseparatefunction.Fortheotherrespondents,riskmanagersalsoperformthefollowingfunctions:Insurance(17%);Internalaudit(12%);Compliance(10%);FraudManagement(3%);andOther(29%).“Other”includescombinationsofpreviouslymentionedfunctionsandotherfunctionslikecontrolling,qualitymanagement,andcreditriskmanagement.Inastart-upphase,riskmanagementisoftencombinedwithotherfunctions.Asmaturityofriskmanagementevolves,organizationsadaptandriskmanagementfollowsitsownwayinthestructureoftheorganization.
RiskmanagementisinternallyperformedMostriskmanagementactivitiesareinternallyperformed.However,someorganizationshaveusedassistancetoimplementtheframeworkwhereotherorganizationsexternalizedveryspecificpartsoftheriskmanagementtoincreasecredibilityorbuildonexperience.
TheCROreportstocommitteesandmanagementOnaverage,theChiefRiskOfficerreportstomorethantwogroupofdirectingmembers.Mostrespondents(67%)statedtheCROreportedat
leastyearlytotheBoardofDirectors.Eventhoughothergovernancegroupsareinformedofriskmanagementresults,ultimatelytheBoardofDirectorsisaccountableforriskmanagement.ReportingtotheBoardispartlylinkedtotheoperationalstatusoftheERMprogram.OftherespondentsthathaveafullyoperationalERMprogram,avastmajorityreporttotheBoardofDirectors(76%).Amongtherespondentswhoseriskprogramisindevelopment,onlyasmallmajorityreporttotheBoardofDirectors(57%).
Respondentsassessthemselvesasmorematureonthegovernancethanontheprocess,peopleortechnologycapabilitycomponentsImplementinganERMprogramstartswithgovernance.ThefirsttaskistodefineanddocumenttheERMpolicyaswellasdefinetherolesandresponsibilitiesofriskmanagement.TherespondentswiththemostmatureERMprograms(50%)haveestablishedacleardefinitionanddocumentationoftherolesandresponsibilitiestomanagerisksaswellasatopdownandbottomupapproachtowardsriskmanagement.MoreimmatureERMprogramsalsostriveforadequatepowerandindependencetoexecutetheirtasksanddutiesandtobuildcredibility.Alargepartofrespondentsindicateconsideringnotonlyconsideringthedownsideofrisksbutalsothepotentialupsideofriskstoacertainextent.Organizationsrealizethatriskmanagementisneedednotonlytoprotectexistingrisks(unrewardedrisks)butalsotoincreasegrowthbyassessingpotentialopportunities(rewardedrisks).Theintegrationofriskmanagementwithothermanagementpractices(e.g.performancemanagement,processmanagement,qualitymanagement,compliance,etc.)isstillindevelopmentinmostorganizations.Comparisonofthegovernancematuritylevelwithothercapabilitycomponentsleadstotheobservationthatgovernanceisthemostmaturecomponent.
Exhibit 22: Other performed functions by the risk manager
29%
12%
3%10%
29%
17%
No other functions are performed
Internal Audit
Fraud Management
Compliance
Insurance
Other
Exhibit 23: Does your company outsource some risk management activities?
20%
80%
Yes
No
Board ofDirectors
0% 10% 20% 30% 40% 50% 60% 70%
67%
53%
53%
51%
49%
24%
Exhibit 24: Chief Risk Officer reports to:
CEO
ManagementCommittee
AuditCommittee
CFO
Others
Exhibit 25: Governance Maturity per Quartile
Adequate resources are used
Balanced top-down & bottom-up approach is used
Defined risk appetite
Defined roles & responsibilities
Written ERM policy
Integrated ERM framework/methodology
ERM considers the down & upside of risk
ERM integrated with otherpractices/methodologies
ERM integrated in goal setting and management
dicision making
ERM has adequate power
Q4
Q3
Q2
Q1
Risk intelligent
Systematic
Top-Down
Specialist Silos
Tribal & Heroic
20 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings21
ProcessRiskmanagementprocessandproceduresareclearlydefinedinalargemajorityoforganizationsThesurveyrevealsthatavastmajorityoftherespondentshaveaclearlydefinedriskmanagementprocess(85%)andriskmanagementprocedures
(70%)inplace.Thedocumentationofprocessesandprocedureshelpstoensureaconsistententerprise-wideriskmanagement.
Mostorganizationswaittoformallydocumenttheirriskmanagementprocessesuntiltheseprocesseshavebecomemoreorlessstable.OncetheERMprogramisfullyoperationalalmostallorganizationshaveacleardefinedriskmanagementprocessandprocedures(respectively94%,88%).Thesmallerproportionofdocumentationofriskmanagementprocedurescanalsobeduetotheperceptionthatprocedureshavefewbenefitscomparedtotheadministrativeburdenofwritingthem.Moreover,thedocumentationofproceduresisrelatedtotheoperationalstatusoftheERMprogram.
RisksaremostlyassessedonaquarterlybasisAlargenumberoftherespondentsassesstheirrisksonaquarterlybasis(24%).Otherusualassessmentfrequenciesare:semi-annual(20%);annual(20%);andadhoc(17%).11%oftherespondentsmentionedamonthlyriskassessmentfrequencyand4%adailyriskassessment.OrganizationswithafullyoperationalERMprogrammostlyassesstheirrisksonaquarterlybasis(47%)whereas24%performariskassessmentonamorefrequentbasisand30%lessfrequently.OrganizationswhoseERMprogramisstillindevelopmentmostlyassesstheirrisksonanadhocbasis(28%),semi-annually(24%)orannually(21%).Still,28%reportmorefrequentassessments.Respondentsstatethatincaseofurgency,theirriskmanagementorganizationforeseesescalationsprocedureswhichenabletheorganizationtoinitiateriskmitigationactiononanadhocbasis.Thisallowstheorganizationtointegrateincidentsintotheriskmanagementsystemandtorespondappropriatelyandonatimelybasistotheseevents.Thefrequencyofassessmentcanvarydependingonthenatureoftherisks.Foroperationalrisks,frequencyofassessmentwilltypicallybehigherthanforstrategicrisks.
Companiesprimarilyrelyonqualitativeself-assessmentsMostrespondents(87%)usemorethanonetechniquetoassesstheirrisks.Ingeneraltherespondentscurrentlyuseabout2to5techniques(60%).Onethirdoftherespondentsplantoimplementfrom1to3additional
How to read the maturity assessments
RespondentshaveassessedthemselvesbasedontheDeloittematuritymodel
Thefigureaboveillustratesthefivematuritystepsfromtheleastmaturestage(TribalandHeroic)atthelefttothemostmaturestage(RiskIntelligent)attheright.Thesamematuritylevelsarerepresentedinthediagramsrepresentingtheresultsofthematurityassessments,goingfromtheleastmaturestageinthecentretothemostmaturestageintheouter.Thequestionsaskedarerepresentedonthevariousaxesofthefigure.Ateachextremity,mentionwasmadeofasummarizedversionofthequestion.
Eachwhitedottedlinerepresentsaquartileofrespondents.Q4(quartile4)correspondstothe25thpercentoflowestmaturityresponses,Q3tothe25thpercentofsecondlowestmaturityresponses,Q2correspondstothe25thpercentofsecondhighestmaturityresponses,andQ1correspondstothe25thpercentofhighestmaturityresponse.
Toillustratethis,inexhibit“GovernanceMaturityperQuartile”,the25percenttopperformers(Q1)assessedthemselvesRiskIntelligentwithrespectto“IntegratedERMframework/methodology”.Withrespectto“WrittenERMpolicy”,thetop50percent(Q1andQ2)indicatedhavingthehighestmaturity.
1. Tribal & Heroic
Exhibit 2: Deloitte Risk Intelligence Maturity model TM
Ad-Hoc/chaotic
Depends primarily onindividuals
Heroics capabilities andverbal wisdom
2. Specialist silos
Reaction to adverseevents by specialists
Descrete roles established for small set of risks
Typically finance, insurance, compliance
3. Top-down
Tone set at the top
Policies, procedures,risk authorities definedand communicated
Business function
Primarily qualitative
Reactive
4. Systematic
Integrated response toadverse events
Performance-linked metrics
Rapid escalation
Cultural transformation
Underway
Bottom-up
Pro-active
5. Risk Intelligent
Built into decesion-making
Conformance withenterprise risk management processes is incentivized
Intelligent risk-taking
Sustainance
‘Risk management iseveryone’s job’
Exhibit 26: A clearly defined risk management process is in place
85%
15%
Yes
No
Exhibit 27: Clearly defined risk management procedures are in place
70%
30%
Yes
No
22 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings23
assessmentmethodsinthe12months(26%)andhalfoftherespondentsplantoimplement1to6ofthecitedmethodsinthelongerrun(51%).Attheonsetofriskmanagement,organizationsprimarilyrelyonqualitativeself-assessments.Asmaturitygrows,organizationstendtoinvestinquantitativetechniquestocomplementqualitativeassessments.Avastmajorityoftherespondents(82%)currentlyusequalitativeself-assessmentstoperformriskmanagement.Self-assessmentsrequirelittledevelopmentastheriskinformationinputisusuallyprovidedbybusinessexperts,whoassesstherisksbasedontheirexperiences.Therefore,organizationsusuallystartbyimplementingtheself-assessmenttechniquebeforeevolvingtomoresophisticatedtechniques.Fromthosewhoimplementedonlyonetechnique(4%),allassesstheirrisksviaself-assessments.Othercommontechniquesareprobabilisticanalyses(68%),scenarioanalyses(63%),andeconomicmetrics(55%).Probabilisticanalysesareusedtoestimateuncertaintyinthevaluesofinputparametersbyusingstatisticaldistributions.Twointerpretationsofriskscenarioanalysiscurrentlyexist:thesensitivity/
probabilisticanalysis(e.g.Lognormal/WeibulldistributionswithMonteCarlosimulations)whichismostcommonlyusedandwelldeveloped;andthemodelingofinteractionsandinterdependenciesbetweendifferentrisks,whichislesscommonlyusedandnotyetwelldeveloped.Economicmetricsincludevalueatrisk,earningsatrisk,cashflowatrisk,allofwhichprovidefinancialevaluationofrisksituations.Fromthesepopularmethods,thescenarioanalysisisthemethodthatmostorganizationsplantoincorporateinthenext12months(7%)orinthelongerterm(19%).Notsocommonlyusedyetistheindustrybenchmark.Insomeorganizations,thebenchmarkisperformedbetweenorganizationsofthesamesizeinsteadofinthesameindustry.9%oftherespondentsplantoincorporatethistechniqueinthenext12monthsand21%atlongerterm.KRI’sareaswellforeseentobeimplementedintheshort(5%)orlongterm(26%).
TwothirdsoftherespondentscurrentlyusequantitativeriskanalysismethodsAmajorityofrespondentsalreadyusequantitativeriskanalyses(66%).
QuantitativeriskanalysesareusedmostlyinFinanceandTax,CommodityTradingandSourcing,andAssetManagementThesetechniquesaremostfrequentlyusedinareassuchasFinanceandTax(56%),CommodityTradingandSourcing(51%),andAssetManagement(40%).Apparently,‘measurable’businessareassuchasFinanceandCommodityTradingaretheprimarydriverfordevelopingquantitativeriskanalysistechniques.Notsurprisingly,alongerhistoryofriskmanagementexistsinthesebusinessareas.Onceimplementedintheseareas,thequantitativetechniquesareoftenappliedtootherbusinessdomains.Accordingtotherespondents,themostimportantchallengewithrespecttotheimplementationofquantitativeanalysesisatthestartofimplementation:identifyingandapplyingeffectivequantitativeriskmeasuringtechniques.Thesecondchallengeistheimplementationofsupportingtoolsforthequantitativetechniques.Theselectionofappropriatetoolingremainsanimportantchallengeforthoseattheverybeginningofthedevelopmentofquantitativetechniquesasmuch
asforthosewhoalreadyperformquantitativeriskmanagementtechniquesindifferentbusinessareas.Respondentsalsomentionedotherchallengeswithrespecttoquantitativeriskanalysis,includingtheidentificationofrequireddataandtheeffectivenessofdatacapturing.
Self-assessments
Probabilistic analysis
Scenario analysis
Economic metrics
Industry benchmark
KRI
Stress-test
Failiure mode and effect analysis
Exhibit 28: Risk assessments methods
Third party assessments
Currently in use
Plan to incorporate in next 12 month
Plan to use
No plans to incorporate
0% 20% 40% 60% 80% 100%
Exhibit 29: Does your company use quantitative risk analysis methods?
66%
34%
Yes
No
Finance and Tax
Commodity Trading/Sourcing
Asset Management
EHS
ICT
Exhibit 30: In which domains are quantitive risk analyses used?
Other
Yes
No
0% 20% 40% 60% 80% 100%
33%
23%
20%
17%
7%
0% 5% 10% 15% 20% 25% 30% 35%
Exhibit 31: Main challenges of implementing quantitative risk analysis
Identifying and applyingeffective quantitative risk
measuring techniques
Implementing supportingtools for quantitative risk
measuring techniques
Effectiveness of datacapturing
Identifying the requireddata for your quantitative
risk analysis
Timeliness and accuracyof data entry
24 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings25
OrganizationscapturequantitativedatathroughincidentmonitoringsystemsandpaperformatInregardtothetechniqueusedtocapturequantitativedata,respondentsnotedincidentmonitoringsystems(69%)andpaperformat(66%)arethemostfrequentlyusedtools.60%oftherespondentsindicateusing2to3techniquestocapturequantitativedata.However,unliketheriskassessmentstechniques,newmethodsforquantitativeriskanalysesarelesslikelytobeimplemented.Currently,mostofthesetechniquesaredevelopedtocapturehistoricdata(e.g.incidents).Emergingtechniquesincludeconditionmonitoringsystems(usedby45%oftherespondents)whichfacilitatepredictionoffutureincidents(e.g.withinthedomainofassetmanagement).
Organizationshaveaclearprocessfortheidentification,evaluation,andmitigationofriskbutlackmaturityonmonitoringaspectsGenerally,respondentsassessedthemselvesratherhighlyonprocessmaturity.Identification,evaluation,anddocumentationofriskshavebecomematureriskmanagementactivities.Thelowestprocessmaturitylevelswereassignedtomonitoringandreportingaspectsoftheriskmanagementprocess.ImplementationofKRIsdoesnotseemasyettobeacommonlyusedriskmonitoringpractice.
PeopleFeworganizationstrainallemployeesinEnterpriseRiskManagementAlthoughtrainingisrecognizedasanimportantcontributortothecreationofarisk-awareculture,asignificantpartofrespondents(31%)donothaveastructuredtrainingplaninplace.Approximately69%oftherespondentsstatethattheirorganizationsdohaveastructuredtrainingplan.Ofthose,thegreatestnumber(42%)focustheireffortsontheemployeesthataredirectlyinvolvedinriskmanagementactivities.20%ofrespondentsstatetheirorganizationstrainonlythosespecialistswhoperformspecificriskmanagementfunctions.FeworganizationsextendedERMtrainingtoallemployees(7%).TrainingisstronglyrelatedtotheoperationalstatusoftheERMprogram.Respondentswhostatedtheirorganizationdidnothaveastructuredtrainingplan(100%)areinthedevelopmentstageoftheirERMprogram.Similarly,mostrespondentswhostatedtheirorganizationtrainsonlyspecialists(78%)arealsoindevelopmentstageoftheirERMprogram.OrganizationsthatassessthemselvesasbeingbetterpreparedinriskmanagementinvolvemoreemployeesinanERMtrainingprogramandviceversa.Ofthoserespondentsstatingthattheirorganizationstrainallemployeesorallemployeesinvolvedinriskmanagement,amajorityassessestheirERMmaturity
abovetheaverage.AmongtheorganizationsthatonlytrainriskspecialistsorthathavenostructuredtrainingplanareonlyalimitednumberoforganizationswhoassessedtheirERMmaturityasabovetheaverage.
OrganizationshaveastrongfocusonERMskillsandknowledgeRespondentsassessedthepeople-relatedaspectsofERMfrommediumtohighmaturity.
Paper format
Statistic samplingtechniques
Mandatory fields(incident loggings)
Hand held devices(incident loggings)
Automated loggingsystems
Condition monitoringsystems
Exhibit 32: Which quantitative data capturing methods are used?
Incident monitoringsystems
Currently in use
Plan to incorporate in next 12 month
Plan to use
No plans to incorporate
0% 20% 40% 60% 80% 100%
Exhibit 33: Process Maturity per Quartile
Periodical reporting is in place
Risk mitigation plans are designed
Risks are evaluated and prioritized
Identified risks are documented
All important risks are identified
ERM process is audited
Efficiency & effectivenessis monitored
Risk limits are monitored
KRIs are in place
Q3
Q2
Q1
Q4
Risk intelligent
Systematic
Top-Down
Specialist Silos
Tribal & Heroic
Report risks/control activities
Monitor risks/control activities
Doc risks/control activities
Assess risks/control activities
Document processflows/narratives
Other
Integratedperformancemanagement
0% 10% 20% 30%40% 50% 60% 70% 80%
75%
75%
61%
68%
39%
29%
25%
Exhibit 38: Which activities are performed using the risk management tool?
Exhibit 35: People Maturity per Quartile
Risk job descriptions exist
Communication is in place
People understand their responsibilities
People have skills & knowledge
ERM is integratedin training
Company knowsERM best practices
Risk culture is promoted
Q3
Q2
Q1
Q4
Risk intelligent
Systematic
Top-Down
Specialist Silos
Tribal & Heroic
26 Risk Intelligence in the Energy & Resources IndustryDetailedsurveyfindings27
‘Hard’aspectsofpeoplematurityareassessedpositively,whereasthe‘soft’aspectsofpeoplematuritytendtobelesspositive.ThehighscoresofERMknowledgeandbestpracticesindicateahighdegreeofspecialization.Theserespondentsfeelcomfortablewiththeunderstandingofrolesenresponsibilitiesandriskjobdescriptions.Respondentsestimatethatthe‘soft’aspectsofpeoplematurity,suchascommunicationandtraining,arelessdeveloped.Oneareathatappearstobeopenforimprovementisintegrationofriskmanagementinthecompany’strainingprogram.Onlythe25%mostmatureorganizationsassessthatthisintegrationtakesplacesystematically.Thisassessmentmightresultfromtheearlierfindingthatmostorganizationsoptedtotrainonlyalimitednumberofpeopleinriskmanagement.Inamajorityoftherespondingorganizations,onlythepeoplewhodirectlyperformriskmanagementactivitiesareinvolvedinanERMtrainingprogram.TechnologyAmajorityofrespondentshaveERMsoftwareortoolstosupporttheERMprocess63%oftherespondentsindicatethattheirorganizationsareusingariskmanagementtooltosupporttheERM
process.OfthoseusingERMtools,asmallmajorityof55%areusingtoolsdevelopedin-houseinsteadofusingpurchasedtools.TheuseofatoolisrelatedtooperationalstatusoftheERMprogram.80%ofthefullyoperationalERMprogramrespondentsuseatoolcomparedtoonly50%oftheERMprogramsindevelopment.Moreover,organizationsthatassessedthemselvesasbeingbetterpreparedtomanageriskalsoreportmakinguseofasupportingERMtool.Organizationsthatassessedtheirriskmaturityratherlowdidnotuseofsuchtools.
IntheearlystagesofthedevelopmentofanERMsystem,organizationsfocusonthedevelopmentofatailoredERMmethodology.Oncethismethodologyisfine-tuned,attentionispaidtoanappropriatesupportingtool.TheuseofanERMtoolhasmanybenefits.Itcontributestoauniformapplicationofriskmanagementalongbusinessunitsandfunctionsanditallowsprocessinglargeamountsofdataintocompany-wideriskmonitoringtoolsandreports.Itismainlyinthesetwodomainsthataperformingbutuser-friendlyriskmanagementtoolcanproveitsaddedvalue.
Asobservedearlier,riskmonitoringandreportingaretheleastdevelopedaspectsoftheERMprocess.AsupportingERMtoolcanfacilitatetheimplementationofthesefinalstagesoftheERMimplementationprocess.
ERMtoolsfocusondocumentation,assessment,monitoring,andreportingoftheriskmanagementprocess.TheconnectionwithotherkeymanagementactivitieshasnotyetbeenmadeRespondentshavinganERMtoolindicatethattheirorganizationsusethetooltodocument(68%),assess(61%),monitor(75%),andreport(75%)riskandcontrolactivities.ToolingcanespeciallyhelpmakeriskmonitoringandriskreportingmoreefficientandeffectiveandhencedrivethedevelopmentofthesefinalstagesintheERMprocess(whichrespondentsindicatedastheleastdevelopedaspectoftheriskmanagementprocess).
Theconnectionwithotherkeymanagementactivitieshasnotyetbeenmade,asonly25%ofrespondentindicateusingtheirERMtooltointegrateriskmanagementwithperformancemanagement(KPIs,balancedscorecards,riskadjustedperformancemanagement).ThismaymeanthatERMisdisconnectedfromvaluecreation,andthusfromfuturegrowth,makingitdifficulttoconvincemanagementofthevalueofimprovedERMsincethereisnolinkagetovalue,onlytoloss.Onlyfeworganizationsleveragetheirriskmanagementtooltointegrateriskmanagementwithperformancemanagement.
Exhibit 37: Does your company have a risk management software or tool?
63%
37%
Yes
No
Exhibit 36: Is you risk management tool built in-house or was it aquired?
45%
55%
In house
Aquired
Report risks/control activities
Monitor risks/control activities
Doc risks/control activities
Assess risks/control activities
Document processflows/narratives
Other
Integratedperformancemanagement
0% 10% 20% 30%40% 50% 60% 70% 80%
75%
75%
61%
68%
39%
29%
25%
Exhibit 38: Which activities are performed using the risk management tool?
IT applications are used to assess & monitor risks
RM tool is integratedwith other systems
Integrated IT system are used to manage risks
Exhibit 39: Technology Maturity per Quartile
RM tool enables costefficience compliance Q4
Q3Q2
Q1
Risk intelligent
Systematic
Top-Down
Specialist Silos
Tribal & Heroic
28 Risk Intelligence in the Energy & Resources IndustryTop10Energy&ResourcesRisks29
TechnologyistheleastdevelopeddimensionofEnterpriseRiskManagementIngeneral,respondentsassesstheirtechnologymaturityratherlow.TheyindicatethatintheirorganizationstheuseofERMtoolsisoften‘silodriven.’ERMtoolsarebeingused,butnotyetonanintegratedandcompany-widebasis.Amongthefoursub-domainsoftechnologymaturity,asimilarmaturitylevelexistsinthreeofthefourtechnologysub-domains:50%ofrespondentsindicateanadhocorsilobasedapproachwithregardtotheuseofanintegratedERMsystem,theuseoftheIT-systemtoassessandmonitorriskquantitatively,andtheextenttowhichthesystemenablesthebundlingofrelatedrisksacrossfunctionalareas.TheintegrationoftheERMtoolwithotherIT-systemappearstobeevenlessmature.75%ofrespondentsstatethattheintegrationwithotherITsystemonlyhappensonanadhocbasis.Thisisconsistentwiththeearlierfindingthatonlyaminorityofrespondents
havetheirERMtoolintegratedwithperformancemanagementsystems,suchasbalancedscorecardsandERPsystems.ThisleadstotheconclusionthattechnologyistheleastdevelopeddimensionofEnterpriseRiskManagement.TheintegrationofanERMtoolwithothermanagementsystemsremainsamajorweaknessintheoverallERMperformance.DespiteaproliferationofvendorscompetingintheERMmarketplace,nosinglepackagesolutionhasemergedtoprovidethenecessaryfunctionalitytosupporttheentireERMcapability.Somemoreestablishedvendorsofferriskanalysissolutionsthatenableuserstomakebetterinformeddecisionsusingspecifiedriskparametersandrobustdatainput.However,functionalitytoallowuserstoperformafullrangeofERManalysessuchasmodelingdetailedevent-treesandscenarios,calculatingaggregateriskmeasures,facilitatingcapitalinvestmentandallocation,andgeneratingriskmanagementreportsremainselusive.
Respondentsindicatedthetop10risksfacedbytheircompanies.Resultsarebrokenoutbyindustry/sub-segment:ElectricPower&Utility(powergenerationandsupply);SystemOperators(transportationanddistributionofelectricity,gasandwater);andOil&Gascompanies(upstreamanddownstream).InsufficientresponseswerereceivedfromMetallurgy&Miningcompanies(extraction,productionandtreatmentofmetalsandminerals)toanalyzeseparately.
CommoditytradingrisktoppedthelistforElectricPower&Utilitycompanies.Secondcameperformanceriskrelatedtogenerationassets,followedbyoperationefficiencyriskandregulatoryrisk.Increasinginimportanceisproductdevelopmentrisk,relatedamongotherthingstotheriseofdecentralizedenergyproductionwithhouseholdsproducingtheirownenergy.ManyElectricPower&Utilitycompaniesarelookingfornewservicestocompensateforthislossofrevenues.
The“other”risksmentionedare:strategicinvestmentandprojectdevelopment.
Whenlookingatthetop10risksofcompanieswithsystemoperatoractivities,regulatoryriskisatthetop.Mostofthesecompaniesareworkinginaheavilyregulatedenvironment,withtheregulatorsettingpricesfortheservicestheyprovide.Thesecondrankedriskisassetperformancerisk,directlylinkedtotheircorebusinessoperatingthetransportationordistributiongrid(e.g.black-outs,gridlosses,etc.).
The“other”risksmentionedare:waterqualityrisk;projectfinancerisk;projectmanagementrisk;environmental,healthandsafetyrisk;ITinfrastructureriskandfinancialperformancerisk.
Top Energy & Resources Risks
78%
78%
70%
70%
63%
59%
59%
56%
52%
52%
48%
30%
19%
Commodity trading
Asset performance
Operation efficiency
Regulatory
Data quality and integrity
Compliance
Business continuity
People and talent
Credit
Competition
Brand and reputation
Product development
Fraud
Exhibit 40: Top Energy & Resoucres risks Electric Power & Utility
0% 20% 40% 60% 80% 100%
20%
13%
80%
73%
67%
60%
60%
53%
53%
47%
33%
33%
27%Commodity trading
Asset performance
Operation efficiency
Regulatory
Data quality and integrity
Compliance
Business continuity
People and talent
Credit
Competition
Brand and reputation
Fraud
Product development
Exhibit 41: Top Energy & Resoucres risks System Operators
0% 20% 40% 60% 80% 100%
30 Risk Intelligence in the Energy & Resources IndustryTop10Energy&ResourcesRisks31
ForOil&Gascompanies,therankingsshowninthechartdonotrepresentthewholepicturegiventhehighnumberof“other”risksfallingoutsidetherankedcategories.Analysisoftheriskslistedas“other”revealsomepatterns.GiventhatOil&Gascompanies,bothupstreamanddownstream,arecapitalintensive,risksrelatedtostrategyandputtingcapitaltogoodusecometothefore.Mostrespondentshadriskssuchasstrategicrisk,costofcapital,assetperformance(includingsubsurfaceandresourcerisk),andassetdevelopmentintheirtop5.Othermentionedrisksreflectacontinuingemphasisongeopoliticalriskduetoeitherassetsortransportationroutesbeinglocatedinornearpoliticallyunstablecountries.ThoseOil&Gasrespondentsthatengageincommoditytradinglistitasoneoftheirtop5risksandthosethatdonottradelistmarketorpriceriskintheirtop5.Peopleandtalentriskstillmakesthetop10forallbut1respondent,butisnolongerinthetop3-5asitcommonlywaspriortotheeconomicdownturninmanysurveysconducted.
The“other”risksmentionedare:adequaterawmaterials;alignmentwithkeystakeholders;assetintegrity;capitalcost/capitalcostestimation;carbon;environmental,healthandsafetyrisk,environmentrisk;managingdevelopmentprojects;market/commoditymarketprice;political/geopolitical;strategic;andsubsurface/resources.
FormanyElectricPower&UtilityandOil&Gascompanies,riskmanagementprogramsstartedintheircommoditytradingandhealth,safety,andenvironmentactivitiesandthenextendedtootherdomainstocoverallfunctionsandbusinessunits.Asenterprisewidecoveragewasachieved,thefocusshiftedfromcontrollingunrewardedrisks(lossprevention)toevaluatingrewardedrisks(valuecreation)suchasstrategicandproductdevelopmentrisks.FormanySystemOperators,ERMprogramshaveashorterhistory,arelessmature,andhaveamoreoperationalandcompliancefocus,althoughstrategicrisksarejustasrelevantforthem(e.g.productdevelopmentriskswithrespecttodecentralizedproduction,smartmetering,smartgrid,useofgassesfromseweragesystemtogeneratepower,injectionofbiogasesintothegrids,etc.).ThoughsystemOperatorsarequicklycatchingupandmayevenbemoreadvancedinsomeareas.
20%
0%
80%
80%
60%
40%
40%
40%
40%
40%
40%
20%
20%
Commodity trading risk
Asset performance risk
Operation efficiency risk
Regulatory risk
Data quality and integrity risk
Compliance risk
Business continuity risk
People and talent risk
Credit risk
Competition risk
Brand and reputation risk
Fraud risk
Product development risk
Exhibit 42: Top Energy & Resoucres risks Oil & Gas
0% 20% 40% 60% 80% 100%
32 Risk Intelligence in the Energy & Resources IndustryConclusion33
&Resourcescompaniescanincorporateriskintorelatedmanagementareassuchasstrategicplanning,capitalinvestmentandallocation,andperformancemeasurement.Withaclearriskappetiteandrisktolerance,theorganizationisguidedtopursuenewopportunitiesthatcreatevalueforstakeholders.
Incorporatingriskintocapitalandperformanceactivitiesthroughadvancedmeasurementtechniquescanprovidetheboardofdirectorsandseniormanagementwiththenecessaryconfidencetostartdeployingcapitalwiththeoverarchingobjectiveofcreatingvalueratherthansimplypreservingvalue.
A way forwardBuildingtheRiskIntelligentEnergy&ResourcesEnterprisehasproventobeadauntingtask,evenforEnergy&ResourcescompanieswiththemostadvancedandsophisticatedERMcapabilities.GiventhescopeandcomplexityofimplementingtheERMcapabilityandthediversityofstartingpointsamongmostEnergy&Resourcescompanies,aflexibleapproachisprobablymostappropriate.Belowisanapproachforbuilding/enhancingandsustainingtheERMcapabilitiesthatcanbeeffectiveformanyorganizationsalongtheERMjourney.
Build/enhancetheERMCapabilityTobuild/enhancetheERMcapability,theERMprogramshouldstartitsplanningwiththeassessmentoftheorganization’sERMcapability,relativetocapabilitycomponentsthatcorrespondtoeachstageinthecapabilitymaturitymodel,inordertoestablishabaseline.TheoutcomeofthisdiagnosticshouldprovidesufficientinformationtoevaluatethenatureandextentofgapsbetweenthecurrentanddesiredERMcapabilitymaturitystages.Itshouldalsoprovidetherelevantdatatoperformacost-benefitanalysisfortheERMcapabilityandprepareabusinesscase.MilestonesshouldbebasedonkeyattributesintheERMcapabilitymaturitymodelsothattheprogramteamcaneffectivelymonitorandreportonprogress.
SustaintheERMCapabilityAswithmostoftoday’scriticalmanagementcapabilities,sustainingtheERMcapabilityatmostEnergy&Resourcescompanieswillrequireaprocessofcontinuousimprovement.Changesinprevailingconditionsintheoperatingenvironment,theorganization’scompositionandobjectives,orthe
expectationsofkeystakeholdersmayrequireadditionalefforttomaintainthedesiredstageofERMcapabilitymaturity.Movingtomoreadvancedstageswilllikelyinvolveaniterativeprocess.DevelopinganERMcapabilitycanrequiresubstantialeffortaswellasscarceresourcesandseniormanagementattention.Thebenefitsandcostsofmovingfromless-advancedtomore-advancedstagesoftheERMcapabilitymaturitymodelshouldbecarefullyconsideredbeforelaunchingtheprogram.
TheEnergy&Resourcesindustry,alongsidethefinancialservicesindustry,keepsonfulfillingitsroleofearlyadaptorandpioneerintheongoingevolutionoftheERMcapabilitytowardsbecomingatrulyRiskIntelligentEnterprise™.
Building the Risk Intelligent Energy & Resources EnterpriseWhiletheEnergy&ResourcesindustrymaybeleadingthewayinimplementingERM,thereisstillconsiderableroomforimprovement.ManyEnergy&Resourcescompaniesareaskingthequestion:WhatwillittaketomovebeyondourcurrentstageofERM?
ThisreportshouldhelpEnergy&ResourcescompaniesidentifyopportunitiestomovetowardbecomingaRiskIntelligentEnergy&ResourcesEnterprise.
SomeoftheremainingchallengesfacedbyEnergy&ResourcescompaniesandsuggestionsformovingtowardtheRiskIntelligentEnterprisearediscussedbelow.
MovingbeyondtheinitialstageManyEnergy&Resourcescompanieshavemovedforwardbyperformingenterpriseriskassessments,implementingriskregisters,developingrisktreatmentplans,andmonitoringthestatusofcertainhigh-priorityriskexposures.AlthoughsomeEnergy&ResourcescompanieshaveconsideredimplementingmostorallcomponentsofanERMcapabilityatonce,manyhaveinsteadchosenanincrementalapproachfortheimplementationoftheirERMprogram.Startingwithafewrisktypesorbusinessunitscanprovideopportunitiestoestablishcredibilityandbolstersupportthroughearlywinswhilegraduallychangingtheenterprise’scultureandlearningvaluablelessonsalongtheway.Thechallengeistoturnthisone-offexercise,mostoftentop-downdriven,intoacontinuousprocess.Keytoovercomingthishurdleisthecriticalconnectionofthe“top-down”identifiedriskswiththeoperationalriskspeopleencounterintheirday-to-dayactivities.Oncethisisaccomplished,riskmanagementcanbetrulyembeddedintotheorganization,makingitpartofdailyprocessesandoperations.Structuresneedtobedesignedwhereoperationalriskinformationcanfeduptothehigherenterprise-levelrisksrequiredforinformed“top-down”managementoftheorganization’srisks.Incontrast,enterprise-levelriskinformationneedstobefeddown,beingtranslatedintoconcreteactivitiesontheworkfloorrequiredforeffective“bottom-up”managementofspecificexposures.Theabilitytomeasureandmanageriskexposuresfromboththetop-downandbottom-upiscriticaltobecomingafullyRiskIntelligententerprise–tobuildinformedrisk-
takingandinformationintorelevantdecision-makingthroughouttheorganizationinacontinuousprocess.
AchievingenterprisewidecoverageManyEnergy&Resourcescompanieshavedevelopedfairlyrobustapproachestomanageafewrisktypesinisolation,includinginsurablehazardrisksandreadilyquantifiablemarket(orprice)riskandcreditrisk.Somealsorelyonrelativelyhaphazardorunsophisticatedquantitativeandqualitativeriskanalysistechniquestoaddressotherrisktypesonanindividualbasis.ManyEnergy&Resourcescompaniesalsofocustheirriskmanagementactivitiesonbusinessunitsthatareassumedtoincludethemostsignificantriskexposuressuchascommoditytrading.
MovingbeyondafragmentedERMcapabilityinvolvesexpandingthecoverageofriskmanagementactivitiestoencompassallmaterialrisktypesandbusinessunits.Suchanapproachdoesnotmeanthatallriskexposuresaregivenequalconsiderationoraremanagedinthesameway;rather,itmeansthattheorganizationisabletomakeamoreinformedandconsciousdecisiononwhichrisksitshouldactivelymanageandhowitshouldmanagetheseexposures.Forexample,theorganizationmayelecttoself-insurecertainnonmaterialexposuresdependingonitsoverallriskprofileandriskappetite.
Achievinggreatercoveragerequiresdevelopingandapplyingdifferentapproachestoanalyzeandmanagethereadilyquantitativerisktypesdescribedaboveandthemorequalitativestrategic,political,legal,andregulatoryrisktypes.Forexample,commoditytradingbusinessunitsmaydecidethatindividualtransactionsandriskexposuresshouldbedirectlymodeled,measured,reported,andmonitored.Incontrast,techniquessuchasscenarioanalysismaybeappropriateformorequalitativerisktypes.
IncorporatingRiskintoStrategyBeforeriskcanbeaggregatedintostrategy,riskacrossrisktypesandbusinessunitsneedtobeintegratedandaggregatedtoprovideatrulyenterprise-wideperspective.Oncetheboardofdirectorsandseniormanagementbetterunderstandhowindividualriskexposures—arisingfromeachrisktypeandbusinessunit—contributetotheenterprise’saggregateriskexposure,theyarepositionedtouseriskinamorestrategicway.Relyingontheaggregateriskmeasures,Energy
Conclusion
34
Contact us
BelgiumLaurent Vandendooren DeloitteBedrijfsrevisorenBVo.v.v.e.CVBARiskIntelligenceLeaderEnterpriseRiskServices+3228002281lvandendooren@deloitte.com
LaurentVandendoorenisapartneratDeloitteEnterpriseRiskServicesinBelgium.LaurentistheLeaderoftheBelgianInternalAudit&RiskManagementpractice,activeinthesetupandenhancementofRiskManagementdepartmentsandsponsoringthedevelopmentofRiskManagementframeworks,processes,toolsandtechniques.
BelgiumJeroen Vergauwe DeloitteBedrijfsrevisorenBVo.v.v.e.CVBASeniorManagerEnterpriseRiskServices+32496578323jvergauwe@deloitte.com
JeroenVergauweisseniormanagerinDeloitte’sEnergy&Resourcespractice.JeroenisplayingakeyroleinthedevelopmentoftheEnergy&ResourcespracticeinBelgium,developingcomprehensiveandintegratedsolutionstomeettheneedsoftheEnergy&Resourcesmarket,developmentofthoughtleadership,performingmarketresearchandorganizingindustrytraining.
GlobalJohn England DeloitteToucheTohmatsuGlobalEnergy&ResourcesLeaderEnterpriseRiskServices+17139822556jengland@deloitte.com
DenmarkMikkel Boe DeloitteBusinessConsultingA/[email protected]
FinlandTuomo SalmiDeloitte&ToucheOyPartnerBusinessConsulting&[email protected]
FranceThomas Aragnetti DeloitteConseilPartnerEnterpriseRiskServices+33155616209taragnetti@deloitte.fr
GermanyAndreas Herzig Deloitte&ToucheGmbHWirtschaftsprüfungs-gesellschaftPartnerEnterpriseRiskServices+49711165547160aherzig@deloitte.de
ItalyCiro Trotta DeloitteEnterpriseRiskServicesSrlaSocioUnicoDirectorEnterpriseRiskServices+393351350759ctrotta@deloitte.it
NetherlandsMarko van Zwam DeloitteAccountantsB.V.PartnerDeloitteEnterpriseRiskServices+31621272904mvanzwam@deloitte.nl
NigeriaOlufemi AbegundeAkintolaWilliamsDeloitteLeader,WestAfricaOil&[email protected]
SouthAfricaCathy Gibson Deloitte&[email protected]
SpainAlberto Amores González Deloitte,[email protected]
SwedenJan Bäckman DeloitteABPartnerBusinessConsulting+46752462689jbackman@deloitte.se
UAEDr. Patchin Curtis Deloitte&Touche(M.E.)Leader,MiddleEastERMCenterofExcellenceEnterpriseRiskServices+971(4)[email protected]
Authors
Other contacts
Deloitteprovidesaudit,tax,consulting,andfinancialadvisoryservicestopublicandprivateclientsspanningmultipleindustries.Withagloballyconnectednetworkofmemberfirmsinmorethan140countries,Deloittebringsworld-classcapabilitiesanddeeplocalexpertisetohelpclientssucceedwherevertheyoperate.Deloitte'sapproximately169,000professionalsarecommittedtobecomingthestandardofexcellence.Deloitte’sprofessionalsareunifiedbyacollaborativeculturethatfostersintegrity,outstandingvaluetomarketsandclients,commitmenttoeachother,andstrengthfromculturaldiversity.Theyenjoyanenvironmentofcontinuouslearning,challengingexperiences,andenrichingcareeropportunities.Deloitte’sprofessionalsarededicatedtostrengtheningcorporateresponsibility,buildingpublictrust,andmakingapositiveimpactintheircommunities.
DeloittereferstooneormoreofDeloitteToucheTohmatsu,aSwissVerein,anditsnetworkofmemberfirms,eachofwhichisalegallyseparateandindependententity.Pleaseseewww.deloitte.com/aboutforadetaileddescriptionofthelegalstructureofDeloitteToucheTohmatsuanditsmemberfirms.
©April2010-DeloitteBedrijfsrevisoren/Reviseursd’Entreprises.MemberofDeloitteToucheTohmatsuDesignedandproducedbytheCreativeStudioatDeloitte,Belgium