Enterprise Risk Management for Energy Companies – Know your Risks
Deloitte Insights video
It’s time for Insights, a video news production of Deloitte LLP. Now here’s your host, Sean O’Grady.
Kim Detiveaux, Director, Deloitte & Touche LLP
John Poma, VP, Enterprise Risk Management, Alpha Natural Resources
Sean O’Grady (Sean): Hello, and welcome to Insights. Today, we will be discussing the opportunities and pragmatics of applying Enterprise Risk Management practices to the energy industry. Joining us for this conversation is John Poma, the Vice President of Enterprise Risk Management at Alpha Natural Resources, one of the largest coal mining and distributing companies in the United States. And alongside John, we have Kim Detiveaux, a Director at Deloitte & Touche LLP who leads ERM services for Energy Sector companies, including Utilities, Oil & Gas, and Mining companies. Gentlemen, April has been a troublesome month for the energy industry in years past. Of course in 2010, there was an oil spill in the Gulf of Mexico, and 2011 saw the earthquake and subsequent Tsunami in Japan. John, as an individual who is responsible for managing risk at one of the largest energy and coal mining companies in the United States, what's keeping you up at night?
John Poma (John): That’s actually a little bit of a loaded question for me. I think what clearly keeps me up is the risk of a catastrophic event. I have lived through a catastrophe at another employer that resulted in multiple fatalities. When you go through an event like that and you see the impact that it has on families and on the community, it can’t help but transform the way you think about your job. My mantra at work has always been to come to work each day to make a difference, but when you live through a catastrophe, that has a transforming effect on you. So when I think about Enterprise Risk Management, what keeps me up is never wanting to see something like that happen again, never wanting to live through something like that. So, what I want to do is to do everything that I can through our ERM program to ensure that I never have to, and we never have to, live through a catastrophe, a major mine disaster again.
Kim Detiveaux (Kim): Maybe a useful distinction, I know. We at Deloitte do a lot of work in the financial services sector and each sector talks about operational risks. In the financial services sector, for an operational risk, you might see a crash of an important computer system, which is obviously impactful. But if you are in the Energy Sector, an operating risk is really one where real lives can be placed in jeopardy, and then, on the other side of it, many times families are never the same again. And so, if you are an Energy Risk Manager like John is, it really underscores the importance of effectively managing all the risks, but in particular operational risks.
John: It makes it real, but it gives you the passion to do what you are doing. It is not something that is an academic exercise. I mean it is real, it's real lives, and it’s real people.
Sean: Without question, I can see it in your face. So my question for you John is having lived through this kind of experience, how is that boots-on-the-ground experience coming into play in your role at Alpha Natural Resources?
John: Our ERM program at Alpha is really centered on three core principles. The first is what we call Alpha’s Running Right Program, the second is the development of a clearer set of key risk indicators, and the third is having a central risk repository system where you can house all of your risk and your risk data to effectively manage and mitigate that risk. Alpha’s Running Right Program really is an innovative safety program that defines not only our culture at Alpha, but how we view risk. And Running Right is so powerful because it gives every employee and every miner a seat at the table. It gives them the voice and how things are done.
When we talk about Running Right, it's really a culture of where we work for the miners; they don't work for us. We want to be able to hear from them once something’s wrong without us having to tell them when something is wrong. And it is the commitment of everybody from management to every employee at Alpha that differentiates Alpha from its competitors. It is the Running Right Program that really enhances our early risk warning capabilities. So, if Running Right is the heart and soul of our culture, ERM has to be the DNA of our culture of our company. And what I mean by that is ERM has to be something that's engrained throughout the entire company. It has to be something that everybody is committed to. It is not something that you just look at once a month or once a quarter. It has to be something that you live every day in whatever job you have at Alpha. And the way to do that is through a set of key risk indicators.
When I talk about key risk indicators, key risk indicators have to be something that are measurable, have to be quantifiable. And if you have key risk indicators that are measurable, then you are able to set thresholds around your risk tolerance as we are able to see how risk is changing or how risk might be emerging in new areas. So it's the development of that sort of KRIs that really is key and critical. And then the last part of the program is the central software platform. I think Alpha, like most companies, houses a lot of data. You will have safety data. You will have data in the Human Resources area, and you will have data on continuous improvement. And I think what is difficult is being able to bring all of that separate data together, house it in one system, and then try to correlate that data because there are instances where different sets of data may correlate to how risk is emerging. So, we are currently working on the next step of our ERM program to take all that separately housed data, bring it together, and then see how we can correlate that data and be able to have some of that early risk warning capabilities that are so important in preventing mine catastrophes or other financial disasters.
Sean: Certainly, thank you for that John. And we have been talking about the micro at Alpha Natural Resources. Kim, your role gives you the opportunity to have some touch with a variety of different energy organizations. So I am interested to know if you're seeing some of those elements at other organizations. Are you seeing some different things? What is your perspective?
Kim: Alpha has a very comprehensive program. They have identified their risks. They have prioritized them. They are clear on what the few and most important risks are. They have identified their risk appetite. They are actively managing those key risks to make sure that their exposure is within appetite. What you see Alpha doing as well as other leading companies in the Energy Sector is really starting to concentrate on predictive capabilities — you heard John talk about some of the elements there — and really it is the place where the foremost thinking in the energy space with regard to risk management is focused at this point.
Sean: So with that in mind, what are some of the practices that you think these organizations need to be taking into consideration right now?
Kim: The Energy Sector is great, filled with very practical thinkers. An Energy CEO that I work with, after hearing an assessment of his existing ERM program described very specifically what he believes the next thing that needs to be the focus of their effort should be. He basically said, “I want to be able to look around the corner and see when risks are getting closer so that it puts me and my team in a position of actually taking preventative action before the event takes place.” So in that way, they avoid all the downside management that needs to follow.
In order to do that, what you typically see is a focus on three areas: it's KRIs, it is risk interdependence, and it’s emerging risk. So, in order, KRIs — you heard John talk about them — are really critical bits of information that give the risk manager an idea as to when conditions are changing around the causes for risks, with the logic being if you can track changes and causes, through that you can see when risks are becoming more likely. And so KRIs provide an advanced warning of when a risk might be becoming more likely. The second one that I talked about is risk interdependence, and there it's moving from maybe the first stage of ERM to look at independent risks, each individually, and then understand what might cause that risk. If you move past that to looking at combinations of risks, what you can then get into is understanding correlations between them. And so you can then understand when multiple risks may be becoming more likely either having an amplifying effect, if they are positively correlated, or they may be having an offsetting effect if they are negatively correlated. And then lastly, emerging risks is a really key area.
Nothing about the Energy Sector is static. Conditions are constantly changing, and the risk management process and capability really needs to accommodate that sort of change. If you did a risk identification this month, three months from now, a lot of it would be the same, but some of those risks would be different, and it is getting clued in on those emerging characteristics of risks, that’s the third leg of the stool. It is really trying to get dialed in on when new things have become more likely, and so therefore need to be further on your radar screen. Or, maybe it's getting sensitized to where a risk that you identified as low probability, although it may be very impactful if it were to occur. Now you have got some idea that likelihood is getting higher and so it needs more attention. So, it is sort of the combination of those three things that we see most energy companies focused on. If you can get efficient at doing those three things, you have really taken a big step towards becoming more productive in your risk program.
Sean: I have to bring my last question over to you John, and you said, Kim, that this is not a static industry. This is a dynamic industry and yet you are being asked to look around corners that could potentially be moving, they could be shifting. Where do you see your role going? What's next?
John: I think you're right. It is not easy and what is important is to be able to have that predictive ability to see around the corner. I think where it is going is where I touched on earlier in the conversation that it has to be a process that becomes more quantitative and being able to have more sophisticated software platforms. We can bring that data in together from different silos in the company, be able to correlate that data. I think if you can see how risk is interrelating and maybe correlating with each other, that will provide the ability to see how risk is emerging or changing. I have a mantra that I always go back to that you can't manage what you can't measure. You have to be able to measure your risk and you can only do that through a more sophisticated quantitative analysis of your different key risk indicators and risk data. I think it is clearly going to become more quantitative and a little bit more sophisticated in how we actually interpret that data.
Sean: We have heard it said here in this program before “you can measure it, you can make it better.” Gentlemen, thank you both for joining us today.
Kim: Thank you.
John: Thank you.
Sean: You’re welcome. Okay, we have been talking about Enterprise Risk Management in the Energy Industry with John Poma, Vice President of Enterprise Risk Management at Alpha Natural Resources, and Kim Detiveaux, a Director at Deloitte &Touche LLP. If you would like to learn more about John, Kim, or any of the topics discussed on today’s broadcast, you can find that information on our website, it is www.deloitte.com/insightsus. For all the good folks here at Insights, I am Sean O’Grady. We will see you next time.
Join the Conversation