Analyzing the Risk Management

Risk Management Plan for Exxon Mobil

A risk management process is a systematic application of management policies for the purpose of identifying, analyzing, evaluating and mitigating any possible risks within an organization. The following paper focuses on formulation of risk management plan for Exxon Mobil, one of the world's most renowned oil and gas companies. The risks would be identified and selected applicable to this firm and after their evaluation, a risk treatment plan would be advised.

Establish the Risk Context

Identifying the Context for Risk Assessment

Reviewing current organizational processes

Being in the gas and power marketing department of the company, there are certain risks applicable within my area of operation. In order to clearly determine those risks, first, a comprehensive look at Exxon Mobil's organizational processes along with a SWOT analysis is presented. The firm is dedicated to create and maintain an environmental policy that would protect the environment on long-term basis. It is committed to provide customers with technology driven products and services in the form of fuel efficiency and reduced oil emission (Exxon Mobil, n.d.). For this purpose, it has to comply with policies and regulations, emanating both, from the government and the organization's own management, so that structured steps could be taken for the protection of environment. The goals and tracking processes are designed so that costs and benefits are considered in the light of environmental standards, regulations and governmental laws. The firm believes in following an Operations Integrity Management System (OIMS) throughout its global operations in accordance with ISO 14001 and OHSAS 18001 occupational health and safety requirements (Exxon Mobil, n.d.). The safety of the driver is a top priority and ensured in Exxon Mobil products, since the diligent investigations revealed that less than one passenger per million driven miles faced accident (Exxon Mobil, n.d.). In addition to that, the company realizes its responsibility towards the society, and towards the same, it invests in education, health, environmental conservation and employee involvement.

Strengths

Exxon Mobil is one of the strongest names in oil and gas industry.

It has strong financial growth on yearly basis.

It has worldwide retail operations operating in several countries with more than 3000 employees.

It has made significant investments in research and development.

It has a remarkable vertically integrated supply chain, from drilling oil to producing numerous goods.

Weaknesses

Its employee management around the world is weak.

It faces legal and human rights issues.

Due to faults of some employees, it is accused of frauds and bribery cases in global operations.

It has faced issues regarding environmental hazards and oil spills (example, Valdez oil spill in 1989).

Objectives and scope of the risk management process

The objectives and scope of the risk management process will identify the following sections clearly, mentioned as follows:

Key operations / services to be assessed

The key operations or services that need to be assessed for the risk management process involve strategic planning department, legal department, and finance department. Being in the gas and power marketing department, there are four major risks to the overall company, discussed in other sections of the report, that are related to the above mentioned departments. Hence, these departments need to be made efficient in identifying those risks and mitigating their effect for the overall business health of the firm.

Resources that are vital to those operations

The human resources and technology are vital for these operations as employees are needed to operate machines and produce results based on the research so that risks could be identified and dealt with in a timely manner.

Own role and responsibilities in relation to risk management

My own role and responsibility (as a gas and power marketing officer), is to research for the risks and their outcomes so that marketing becomes easier for the firm. If there are potential risks in the global oil and gas industry, then it would be impossible for the firm to do well even in the marketing department. Hence, it is necessary to determine the risks associated with respective departments and then alleviate them in order to promote the world worldwide.

Persons that would be consulted for risk management

The person within the organization that should be consulted for risk management include:

Risk officer: A person responsible for leading the risk management plan for risk identification, encouraging communication across the departments, execution of risk management plan and many other related tasks.

Strategic planning department head: Strategic planning department head would be consulted so that it is deeply probed how the risk management plan would be executed and what steps should be taken to position the firm strategically within the industry in order to minimize those risks.

Legal department head: Legal affairs are critical aspects when implementing change or analyzing risks within the organization. Exxon Mobil's legal department would be consulted in order to highlight laws that might play their role in risk management process.

Finance department head: The finance department head would be consulted for the risk management process as he is responsible for the accounts of the company. He would be consulted to estimate how much the risk management process would cost and what benefits could be generated in the form of future profits.

CEO: The CEO would be notified before all the other department heads so that he knows what processes are taking place within the firm and how they would affect the firm's performance in short and long run.

Shareholders: There would be meetings arranged to consult the shareholders of the company since they have their stakes in the firm and should be informed about the positive and negatives of the business. They are the ones who would be affected by the profits and losses in the risk management process and their opinions count a lot for this very reason.

Risk management via STEP framework

The framework for risk management, presented by ISO 31000, gives some steps for the implementation of risk management process (Institute of Risk Management, 2010, p. 7). The steps are mentioned below:

i. Mandate and commitment from the board: After the meetings held with the shareholders, a commitment towards the risk management implementation would be gained so that risks could be minimized for improving the performance of Exxon Mobil.

ii. Design of the framework: The framework would be designed with the help of department heads and the CEO in a special meeting so that each department head can put forward the costs and benefit analysis for their respective departments and the CEO can decide what steps would prove best for the overall firm.

iii. Implement risk management: Implementation of the framework would be decided after both the meetings, the meeting with the shareholders and the meeting of CEO and department heads, so that crucial steps could be outlined and the implementation time period could be decided.

iv. Monitoring and reviewing the framework: This is of paramount importance since any oversight or possible errors could be ascertained for better implementation and results.

v. Improving the framework: If any weak areas in the plan are identified, then there would be room for improvement so that future risks could be attenuated.

Identification of critical success factors/goals that will indicate the success for risk management plan

The first and foremost critical success factor is the loyalty, honesty and dedication of the firm's staff, encompassing all, right from the highest executive to the lowest worker in the hierarchy (Ranong & Phuenngam, 2009, p. 31), for the implementation of risk management plan. This is an important requirement as Exxon Mobil has suffered in the past from the dishonesty of its employees that resulted in bribery and oil spills. Top management need to inculcate trust among the employee and ensure them that they would be rewarded and acknowledged for their efforts towards the risk management process. If required, training can be provided to the employees, which is another critical success factor for the said purpose. Secondly, communication plays a vital role in risk management process and there can be many ways in which all the departments can communicate, such as via emails, telephone, meetings, and fax etc. Third, organization structure and culture are helpful in developing risk management strategies since a strong culture embeds strong values into the employees' work patterns and increase their commitment towards a goal, such as risk management. Fourth, effective use of information technology can work wonders in the risk management process since saving important pieces of information is mandatory in this course of action. If important information is missed or goes in the wrong hands, the risk would increase.

Part B: Identify Risks

Four (4) Risks within Scope in Accordance with Relevant Policies and Legislation

There are four risks identified within the scope in accordance with relevant policies and procedures and legislation in order to ensure reasonable steps being taken for their identification. The underlying causes of the risks are mentioned too so that decision regarding mitigation becomes easier. Their relevant and respective departments are contacted to assist in the identification process.

1. Political risk: It is an externally driven risk that is of concern to the legal department, risk officer, CEO and shareholders of the firm. There are different regulations in the countries where Exxon Mobil operates regarding how extraction of oil and gas is done, where and when it would be done etc. The reason for such risk is that Exxon Mobil deemed a certain country as a politically stable region but actually it was not, and afterwards the particular country did not match the firm's preference. Exxon Mobil has to select a state where the government allows easy granting of long-term leases. Moreover, changing political scenarios might bring drastic changes in the regulatory environment. Sometimes, the country where the oil is being extracted from changes its mind after the contract is started for gaining more profits.

2. Geological risk: It is also an externally driven risk factor and the reasons for this risk are the easily accessible oil and gas extraction places have been taken by other companies; others are in the process of being tapped, hence Exxon Mobil has to look for other places in less friendly environment such as in the oceans. Although, latest machines and technology have helped in extracting oil from places that were deemed impossible, yet difficulties persist. The parties contacted or consulted for this risk involve risk officer, strategic planning department, CEO and shareholders. The geological researchers of the firm identify the places that are worthy of extraction and estimate them as "proven" or "probable" depending on their strategic estimates. If these estimates are wrong, then there is high risk for the company regarding wastage of resources and time.

3. Global price risk: This risk is also externally driven since the global prices are volatile, affecting the reserve's feasibility for economic profits. The reason for price risk is high geographical barriers for easy extraction. It is sometimes economically impossible for oil and gas companies to shut down a project if there are sudden price changes. Hence, Exxon Mobil has to forecast prices on long-term basis accurately. The parties that would be consulted for this risk involve risk officer, CEO, shareholders and finance department head.

4. Weak internal control and fraud: It is an internally driven risk factor caused by deceitful acts of certain employees in the past. If Exxon Mobil had strong internal control, then the employees would not have been in the position of jeopardizing the interests of the firm. Their illegal acts, such as bribery, caused negative publicity of the firm and huge losses for the business. Reinforcement of control factors like integrity, ethical values and competence would have ensured positive results. Furthermore, fraud caused punitive damages after the lawsuit regarding oil spill at Valdez. It was alleged that Exxon Mobil did not stop the leakage due to its ineffective actions and weak monitoring techniques. Another fraud accusation occurred in 2006 for underground gas leakage in Jacksonville for not prioritizing potential harm of contamination (Hirsch, 2011). The relevant parties that could be consulted for this risk include risk officer, CEO, and shareholders.

Table 1: Simple risk table

No.

Parties Consulted

Risk Description

Possible Impact on Organization

Success Factor/s, Goals or Objectives

1

Legal department, risk officer, CEO and shareholders of Exxon Mobil

Political risk

Changes in regulation if there are changes in political environment; extraction points of oil and gas would be disturbed and eventually, the profits

Communication of Exxon Mobil with governments of other countries

2

Risk officer, strategic planning department, CEO and shareholders

Geological risk

Wastage of company's resources and time if geological estimates are wrong

Information technology, firm's staff, communication

3

Risk officer, CEO, shareholders and finance department head.

Global price risk

Wastage of company's resources and time

Information technology, firm's staff, communication of correct estimates

4

Risk officer, CEO, and shareholders

Internal control and fraud

Negative publicity, punitive damages and financial losses

Honesty of Exxon Mobil's staff, communication, information technology, organization structure and culture

Part C: Analyze and Evaluate Risks

Potential Impact/Consequences of Risks on Organization

The potential impact of the four risks on the organization if they occur is disastrous. Although, they are mentioned in table 1, their details are discussed below:

1. Potential impact of political risk: The political risk can have adverse effects on the cash flows of Exxon Mobile as well as on the daily operations. Moreover, the net income derived from an investment in a foreign company can be substantial if the country is politically stable; otherwise, Exxon Mobil would suffer hugely. For example, if the firm plans to invest in three places for extraction of oil and gas in a specific state, and later on realizes that there are certain governmental risks involved, then there would be three potential investment losses for the firm. Exxon Mobil has to deal with high uncertainty about its future revenues along with ambiguity in technological advancements for the future projects, entry modes, short and long duration assets, and installation of production facilities (Bastian & Tucci, 2010, p. 15).

2. Potential impact of geological risk: As mentioned earlier, many other oil and gas companies have extracted or are in the process of extracting oil and gas from the most accessibly suitable areas of the world. Exxon Mobil has to look for other areas that might require expensive drilling licenses and exploration costs. Additionally, unique areas like Arctic have other environmental hazards associated with oil extraction such as thick ice covers, extreme weather, plenty of sea birds and marine animals that are vulnerable to potential oil spills (Green Peace, 2011). The unconventional processes for extraction would cost heavily with greater chances of oil spill that might again overburden the firm with accusations of mismanagement and fraud. It can be inferred that there is no certainty in decision making for geological locations for better discoveries (Suslick, Schiozer, & Rodriguez, 2009, p. 30).

3. Potential impact of global price risk: Oil and gas companies are significantly affected by the re-pricing of oil globally. During periods of high oil prices, energy firms can face high debts and banks report increased loans by these firms. Exxon Mobil can potentially be affected by global price changes that might leave the firm with a serious financial strain.

4. Potential impact of weak internal control and fraud: The potential impacts of weak internal control and fraud can be enlisted in the form of punitive damages, negative publicity, bad repute and financial losses. If Exxon Mobil ignores the significance of integrity, ethical values and competence and does not emphasize these elements within the training of the employees by fostering such culture in the firm, then company would not only have to pay heavy fines but also would lose integrity and market share in the oil and gas industry.

Likelihood of Risk Occurring

The likelihood of political risk is medium since Exxon Mobil can choose and deliberate on stable regions. The likelihood of geological is high as the company is exposed to it on continual basis. The likelihood of global price risk is medium to high due to its regulation by many interested parties and industries as well as national economies. The likelihood of weak internal control and fraud is medium to low since the firm can control it effectively if it takes precautionary measures. It would not occur reportedly if the management takes proper action against it.

Categorize and Prioritize Each Risk

Risks can be prioritized as follows (1 being highly prioritized and 4 being the lowest):

1. Geological risk

2. Global price risk

3. Political risk

4. Weak internal control and fraud

Likelihood

Consequence

Rare

Unlikely

Moderate

Likely

Certain

May occur in exceptional circumstances.

Could occur at some time.

Will probably occur at some time.

Will occur in most circumstances.

Expected to occur in all circumstances.

Less than once in 2 years

At least once per year.

At least once in 6 months.

At least once per month.

At least once per week.

Level

1

2

3

4

5

Negligible

0

0

0

0

0

0

No injuries. Low financial loss.

Minor

1

1

2

3

4

5

First-aid treatment. Moderate financial loss.

Serious

2

2

4

(political risk, weak internal control & fraud)

6

(Global price risk)

8

10

Medical treatment required. High financial loss. Moderate environmental implications. Moderate loss of reputation. Moderate business interruption.

Major

3

3

6

9

(Geological risk)

12

15

Excessive, multiple long-term injuries. Major financial loss. High environmental implications. Major loss of reputation. Major business interruption.

Fatality

4

4

8

12

16

20

Single death.

Multiple Fatalities

5

5

10

15

20

25

Multiple deaths and serious long-term injuries.

Part D: Select and Implement Risk Treatments

Risk Treatments

i. The risk treatment for 'political risk' would be to reduce the consequences of the risk occurrence. As this risk cannot be controlled by the company on its own, therefore, it is suggested that its consequences could be reduced. There would be high costs involved as the company has to comply with changing regulation due to changing political scenarios, however, the effectiveness would be considerable too since the firm can reap profits once it starts abiding to the set policies.

ii. The risk treatment for 'geological risk' would be to reduce the likelihood of the occurrence. This risk can be reduced by reducing its probability in the form of making most accurate estimates about the geographical location. Its costs would include highly advanced technology that would assist in making the right choices of areas in relation to their characteristics, surface properties, oil and gas extraction percentages, and possibilities of oil spill etc.; however, the effectiveness would be significant as well.