Risk Management Plan for Exxon Mobil A risk management process is a systematic application of management policies for the purpose of identifying, analyzing, evaluating and mitigating any possible risks within an organization. The following paper focuses on formulation of risk management plan for Exxon Mobil, one of the world's most renowned oil and gas companies. The risks would be identified and selected applicable to this firm and after their evaluation, a risk treatment plan would be advised.

Establish the Risk Context

Identifying the Context for Risk Assessment

Reviewing current organizational processes

Being in the gas and power marketing department of the company, there are certain risks applicable within my area of operation. In order to clearly determine those risks, first, a comprehensive look at Exxon Mobil's organizational processes along with a SWOT analysis is presented. The firm is dedicated to create and maintain an environmental policy that would protect the environment on long-term basis. It is committed to provide customers with technology driven products and services in the form of fuel efficiency and reduced oil emission (Exxon Mobil, n.d.). For this purpose, it has to comply with policies and regulations, emanating both, from the government and the organization's own management, so that structured steps could be taken for the protection of environment. The goals and tracking processes are designed so that costs and benefits are considered in the light of environmental standards, regulations and governmental laws. The firm believes in following an Operations Integrity Management System (OIMS) throughout its global operations in accordance with ISO 14001 and OHSAS 18001 occupational health and safety requirements (Exxon Mobil, n.d.). The safety of the driver is a top priority and ensured in Exxon Mobil products, since the diligent investigations revealed that less than one passenger per million driven miles faced accident (Exxon Mobil, n.d.). In addition to that, the company realizes its responsibility towards the society, and towards the same, it invests in education, health, environmental conservation and employee involvement.

Strengths

Exxon Mobil is one of the strongest names in oil and gas industry.

It has strong financial growth on yearly basis.

It has worldwide retail operations operating in several countries with more than 3000 employees.

It has made significant investments in research and development.

It has a remarkable vertically integrated supply chain, from drilling oil to producing numerous goods.

Weaknesses

Its employee management around the world is weak.

It faces legal and human rights issues.

Due to faults of some employees, it is accused of frauds and bribery cases in global operations.

It has faced issues regarding environmental hazards and oil spills (example, Valdez oil spill in 1989).

Objectives and scope of the risk management process

The objectives and scope of the risk management process will identify the following sections clearly, mentioned as follows:

Key operations / services to be assessed

The key operations or services that need to be assessed for the risk management process involve strategic planning department, legal department, and finance department. Being in the gas and power marketing department, there are four major risks to the overall company, discussed in other sections of the report, that are related to the above mentioned departments. Hence, these departments need to be made efficient in identifying those risks and mitigating their effect for the overall business health of the firm.

Resources that are vital to those operations

The human resources and technology are vital for these operations as employees are needed to operate machines and produce results based on the research so that risks could be identified and dealt with in a timely manner.

Own role and responsibilities in relation to risk management

My own role and responsibility (as a gas and power marketing officer), is to research for the risks and their outcomes so that marketing becomes easier for the firm. If there are potential risks in the global oil and gas industry, then it would be impossible for the firm to do well even in the marketing department. Hence, it is necessary to determine the risks associated with respective departments and then alleviate them in order to promote the world worldwide.

Persons that would be consulted for risk management

The person within the organization that should be consulted for risk management include:

Risk officer: A person responsible for leading the risk management plan for risk identification, encouraging communication across the departments, execution of risk management plan and many other related tasks.

Strategic planning department head: Strategic planning department head would be consulted so that it is deeply probed...

Exxon Mobil's legal department would be consulted in order to highlight laws that might play their role in risk management process.
Finance department head: The finance department head would be consulted for the risk management process as he is responsible for the accounts of the company. He would be consulted to estimate how much the risk management process would cost and what benefits could be generated in the form of future profits.

CEO: The CEO would be notified before all the other department heads so that he knows what processes are taking place within the firm and how they would affect the firm's performance in short and long run.

Shareholders: There would be meetings arranged to consult the shareholders of the company since they have their stakes in the firm and should be informed about the positive and negatives of the business. They are the ones who would be affected by the profits and losses in the risk management process and their opinions count a lot for this very reason.

Risk management via STEP framework

The framework for risk management, presented by ISO 31000, gives some steps for the implementation of risk management process (Institute of Risk Management, 2010, p. 7). The steps are mentioned below:

i. Mandate and commitment from the board: After the meetings held with the shareholders, a commitment towards the risk management implementation would be gained so that risks could be minimized for improving the performance of Exxon Mobil.

ii. Design of the framework: The framework would be designed with the help of department heads and the CEO in a special meeting so that each department head can put forward the costs and benefit analysis for their respective departments and the CEO can decide what steps would prove best for the overall firm.

iii. Implement risk management: Implementation of the framework would be decided after both the meetings, the meeting with the shareholders and the meeting of CEO and department heads, so that crucial steps could be outlined and the implementation time period could be decided.

iv. Monitoring and reviewing the framework: This is of paramount importance since any oversight or possible errors could be ascertained for better implementation and results.

v. Improving the framework: If any weak areas in the plan are identified, then there would be room for improvement so that future risks could be attenuated.

Identification of critical success factors/goals that will indicate the success for risk management plan

The first and foremost critical success factor is the loyalty, honesty and dedication of the firm's staff, encompassing all, right from the highest executive to the lowest worker in the hierarchy (Ranong & Phuenngam, 2009, p. 31), for the implementation of risk management plan. This is an important requirement as Exxon Mobil has suffered in the past from the dishonesty of its employees that resulted in bribery and oil spills. Top management need to inculcate trust among the employee and ensure them that they would be rewarded and acknowledged for their efforts towards the risk management process. If required, training can be provided to the employees, which is another critical success factor for the said purpose. Secondly, communication plays a vital role in risk management process and there can be many ways in which all the departments can communicate, such as via emails, telephone, meetings, and fax etc. Third, organization structure and culture are helpful in developing risk management strategies since a strong culture embeds strong values into the employees' work patterns and increase their commitment towards a goal, such as risk management. Fourth, effective use of information technology can work wonders in the risk management process since saving important pieces of information is mandatory in this course of action. If important information is missed or goes in the wrong hands, the risk would increase.

Part B: Identify Risks

Four (4) Risks within Scope in Accordance with Relevant Policies and Legislation

There are four risks identified within the scope in accordance with relevant policies and procedures and legislation in order to ensure reasonable steps being taken for their identification. The underlying causes of the risks are mentioned too so that decision regarding mitigation becomes easier. Their relevant and respective departments are contacted to assist in the identification process.

1. Political risk: It is an externally driven risk that is of concern to the legal department, risk officer, CEO and shareholders of the firm. There are different regulations in the countries where Exxon Mobil operates regarding how extraction of oil and gas is done, where and…