Upload
gpic
View
224
Download
1
Tags:
Embed Size (px)
DESCRIPTION
ERM Information Booklet
Citation preview
1
InformationBooklet
ENTERPRISE RISK MANAGEMENT
www.gpic.com
MANAGEMENT
2
First Version2009
3
In the last few months,the world financial marketshave seen tremendousturmoil, which has shakenthefoundationofthefinancialindustry,onceregardedasthemost regulated industries intheworld. No doubt this unexpectedupheaval has had an adverseeffectonmostglobalbusinessactivitiesandthepetrochemicaland fertilizer industries arebynomeansimmune. We at GPIC have alwaysbeen proactive in establishingsystems, procedures andeffective work practices toensure that allwork activitiesfallwithinagreedpoliciesandare in full compliance withapprovedlevelsofauthority.
In2007,weestablishedanEnterprise Risk ManagementCommittee (ERM) to workclosely with all departmentstofurtherenhancetheexistingsystemsdealingwithpotentialrisksandbringtheminlinewiththe recognised internationalstandards. This ERM booklet givesyoutheopportunitytorefreshyour understanding of thesystem currently in placeand encourages you to bringto the attention of the ERMCommitteeanyissuethatmaypose a potential risk to theorganization. Ilookforwardtoyourusualpositivecontributionand Iamconfidentthatwitheverybody’ssupportandvigilance,GPICwillcontinuetoeffectivelymanagerisks and enjoy a safe workenvironment.
General Manager’s Message
4
“Enterpriseriskmanagement(ERM)isaprocess,effectedby an entity’s Board ofDirectors,managementandother personnel, applied instrategy setting and acrossthe enterprise, designedto identify potential eventsthat may affect the entity,
We allmanage risks continuously throughout our lives,sometimesconsciouslyandsometimeswithout realising it.Butwhen itcomestoorganizations, riskmanagement isasystematic process by which companies identify, measureandmanagethevarioustypesofrisksinherentwithintheiroperations.
IntroductionDefinition of
ERM
andmanage risk tobewithinits risk appetite, to providereasonableassuranceregardingthe achievement of entityobjectives.”
Source: COSO: Committee of Sponsoring Organizations, Enterprise Risk Management – Integrated Framework, 2004
Portfolio Point of
View
Corporate Scandals
Advances in
Technology
More
Complicate
d
Risk
Best Practices
Regulat
ory
Actions
Industry Initiatives
Escalating Claims
Enterprise Risk Management
5
ERM Driving Forces
Recentyearshaveseenheightenedconcernandtheneedforarobustsystemtoeffectivelyidentify,assess,andmanagerisks.ThefollowingdiagramidentifiesfewofthedrivingforcesbehindtheEnterpriseRiskManagement.
6
Risk Response
ERM COSOFramework
Key Components of Effective Enterprise Risk Management
OObObObObOObbbbObObOOOO jejejejjejejejejj cctctctctcttiivivivivivvvvivvveee e eSSShShShhhhS arara ininininggggSSSShhShShhaararararininnnini ggggggg
jjj
EvEvEvEvEvEvEvEEvEvEvEvEvEvEvEvEEE enenenenenenenenenenenenenennnntttttttttttttttIdenentitiiititititi����c�c�c�caatatiionntiti�c�ca
InInInnInInIIIntettteteteterrnrnrnrnnaaalalalalalallalttEnEnnnEnEE viviviivivivivirorororororor nnmnmnmnmnmnmmeeeenennnentttttttton
MMMMoooninininiiininiiniitttototootootototorrriririnnnggg
InInnnInInnInfofofofoffoffoof rmrmmrmrmrmrmatatatattata iioioioiooioioonnnnn n nn &&&&&& && & nCCoCoCCoCC mmmmmmmmmmmununununniicicicicicicaatatattiioioioionnnnnnnnnmmmmununiici a
RiRiRiRiRiRiRiRiRiRiRiRiRRiRiRiRiR kkkkskskskskskskskskskskskskskkkkkkAssesessssmementsesesssssssmemeCoCoCoCoCoCoCoCoCooCoCoCoCoCoCCoCCCC tttntntntntntntntntntntntntnttrrrrorororororororororooroooolllllllllll
AcActiitititi iiivivititititieescctitivivititie
TheERM frameworkconsidersactivities at all levels of theorganization. i.e. Enterprise/Entity,Department,andProcesslevel. In the past GPIC wasmanagingrisksusingasiloorstandaloneapproachwherebyeach individual department/project was managing itsrisks separately. With theimplementation of ERM, GPICis now addressing risks in anintegrated and professional
ERM Framework
manner.Attheenterpriselevel,risks are currently addressedby appointing risk championswho pursue the identifiedrisks with the respective riskowners. In future,mechanismfor addressing risks at thedepartmental/businessprocesslevel will be formulated onsimilarlines,asalsostipulatedin the Company’s RiskManagement Policy (Ref: Pol/Risk/001)
7
Benefits of ERM
1 Minimize operational surprises and losses
2Improve ability to predict, identify and manage cross-enterprise risks
3Provide integrated responses to multiple risks
4 Improve information for decision making
5Improve service quality & Protect Reputation
6 Attain enterprise objectives
7Enhance good governance and transparency
8 Add and Create Shareholder value
9 Capture Opportunities
8
Inordertoprovideclearguidelinesandbroadlydescribethe RiskManagement Process at GPIC a comprehensivepolicydocument(Ref: POL/RISK/001)hasbeenpreparedand approved by the Board of Directors as per BoardResolutionNo:2/139/2008. Ref.Pol/Rev/001 Date:1March2008 Rev.:0
GPIC producesandmarketsMethanol,AmmoniaandGranularUrea. GPIC embraces the best practices and followsinternationalstandardsinconductingitsoperations. Tosafeguarditsbusinessandprotecttheinterestoftheshareholders against potential risks (categories such asstrategicrisks,financialandmarketrisks,geo-politicalrisks,operationalrisks,legalandregulatoryrisksandreputationrisks) associated with the nature of its core business,the company shall endeavour to obtain appropriateenvironmentandframeworkwhererisksattheenterpriselevel as well as at the business process and functionallevelareappropriatelyassessed,evaluatedandeffectivelymanaged. Themanagementwillprovidesupportaswellas theresourcesandtechnicalmeanstodevelopanunderstandingofbusinessriskandthemeasurestocombatandmanagetheserisksinacost-efficientmanner.Inthecaseofresidual
GPIC ERMPolicy and Guidelines
9
risks, themanagementwill establish the level towhichbusinessrisksareacceptedandborne/tolerated. The active participation of all employees in theimplementation of this policy will be sought and theworkforcewillbetrainedandfullyinformedoftheirrolesandresponsibilities,enablingthemtoeffectivelydischargetheseresponsibilities.
GPIC addresses the Risk Management process through a two tiered mechanism: 1. Enterprise Risk Management (ERM):
ERMImplementationTeamisresponsibleforidentifyingexposure,appraisalofmajorrisksattheenterpriseleveland compiling ERM Risk Profile based on the criteriaandguidelinesforriskappetiteandtolerancesetbytheManagement/ERMSteeringCommitteeandapprovedby the Managing Director / Board of Directors. AnupdatedERMRiskRegister listingtheseriskstogetherwiththerecommendationsformitigation/managementis forwarded to the General Manager who has theoverallresponsibilityforreportingannuallyontheriskmanagementframeworkandprofileofexposuretotheManagingDirectorandtheBoardofDirectorstoprovideconfidencetothemthatrisksaremanagedtothemostcost-efficientextent.
GPIC ERMPolicy and Guidelines
10
2. Business Process Risk Management (BPRM):
All Managers, Supervisors and Section Heads areresponsible for anticipating exposure and continuousappraisalofbusinessprocessrisksrelevanttotheirareaof responsibility. Business process-wise Risk Profilesarecompiledbasedon thecriteriaandguidelines forrisk appetite and tolerance set by the ERM SteeringCommittee.AnupdatedBusinessProcessRiskRegisterlistingtheseriskstogetherwiththerecommendationsfor risk mitigation/management at the most cost-efficientextentisforwardedtotheGeneralManageronaperiodicbasisforperusalandapproval.
Risk Review and MonitoringGPIC monitors its Risk Management frameworkthrough continuous improvement of its practices andactivitiesimplementedunderaregularlyreviewedsetof documented procedures. The ERM ImplementationTeam will be responsible for monitoring and annualreview of risks at the enterprise level. AllManagers,Supervisors and Section Heads will also conductcontinuousmonitoring and annual review of the riskprofiles relevant to their areas and implement therecommendationsmadetomanage/mitigatetherisks.
GPIC ERMPolicy and Guidelines
11
AccountabilityandReportingatalllevelsisrequiredtosupporttheERMprocess.Thefollowingchartgivesabriefinsight into the role of various entities in theGPIC ERMGovernanceModel.
Audit, Finance & Risk Committee:� Make policy and risk tolerance
decisions
� Approve strategies and guidelines to manage risk
Risk Owners | Risk Champions | Risk Auditors
Functional / Operating Units
� Implement strategies Im� ommunicate guidelines Co� sk Analysis & Reportin Ris� pdate Risk Catalogue Up
GPIC ERMGovernance Model
12
The GPIC ERMProcess Flow Chart
13
What is a Risk? Risk Identification
Techniques
Riskisbroadlydefinedas“anuncertaineventorconditionthat, if itoccurs,hasan impactonaproject’sorbusiness’objectives”.
The following chart shows some of the techniquesemployedtoidentifyrisks.
InInInInspspspsppecececectitititionononon
BrBraiainsnstotormrmSWSWSWSWSWWWWOOOTOTOTOTAAnAnAnAnAnAnnaalalallyyysysssisisis
CCCCCCCChhhhhhheeeeeccckkkliiiisssstttt
eeeeeeeerererererererererereeee
Questiononnanairri ee
InterrvviieewwwwIntternaalDDDooccumeennt
WoWoWooorkrkrkrkrkkkkinininininininggggggGrGrGrGrGrooouououououuuppppppp
14
STRATEGIC Risk that relates to doing the wrong thing.
OPERATIONAL Risk that relates to doing the right things in the wrong way.
BUSINESS(FINANCE/ MARKET)
Risk that relates to losing monetary resources or incurring unacceptable liability.
REPUTATION Risk that relates to the organization’s brand or image.
PEOPLE Risk associated with employees and management
INFORMATIONRisk that relates to loss or inaccuracy of data systems or reported information.
REGULATORY Risks related to regulatory environment.
GPIC Risk Categories
AllGPICEnterpriseRiskshavebeenclassifiedunderthefollowingsevenriskcategories.
15
The Risk Catalogue is the centralrepositoryforallGPIC’sEnterpriserisks.ItisamainregisterwhereallGPICrisksarecategorizedandprioritized.
TheRiskCatalogueisalivingdocumentupdatedonthebasisoffreshinputsi.e.whennewenterpriserisksareidentifiedbyanydepartmentintheorganization.Eachinputi.e.riskisassessedandanalyzedfullybygatheringallrelevantfactsanddatabefore includingintheRiskCatalogue.TheERMCommitteeisresponsibleforsafecustodyandupdatingtheERMRiskCatalogue.
ERM Risk Catalogue
16
Risk Management is everybody’s job. Everyonewhodoesanythinginthecompanyisariskmanagertosomeextent.RiskManagementisnotaonetimeprojectinfactit isacontinuousprocesswhichneedstobeseamlesslyembedded inourexistingbusinesssystemsandculture.It is therefore essential that we all develop a deeperunderstanding of the subject and exercise flexibilityand open-mindedness in our approach to adapting riskmanagementpractices.
TofurtherfacilitateandencourageparticipationintheRiskManagement process a broad system of capturingnewrisksandarchivingthemhasbeendevised,atGPIC.
Risk Management isEverybody’s Responsibility
17
Any employee in the organization can identify andsubmit a new risk by completing a short form entitled“Risk Identification and Assessment Form”(FR-ERM-01).
Process For Raising New Risks
���
��
18