Since Value Creation is the basic guiding principle for ERM in Statoil, the company views risks in a value chain perspective. In the corporate directives it is written that the companys is to value chain to support a Statoil's value chain Risks Project risk Production risk eservoirri 1. Upstream: exploration and development of oil and gas 2. Downstream: refinement of hydrocarbons into various 3. Markets: seling of crude oil, gas, and refined products The most important risks: 1. Market risks The value of the value chain perspective: 1. It serves as a clear signal to everybody involved (all stakeholders) that value creation is the metric being pursued through ERM, and is the impact on Statoil's performance that ultimately counts. Statoil's thinking on this issue is that if ERM is limited to managing risks related to goal achievement in various business units, the result will be "Satisficing" rather than value maximizing. 2. The fact that the large number of risks identified in the risk map can make it challenging to understand what is really going on. By sorting the risks into a value chain, one can more easily see the bigger picture and, through the lens of the company's business model, see how the different risk categories hang 2001: The Company's shares were listed. During the listing entitled to information about what exposures they were getting when they invested in Statoil shares (the most important of which was the exposure to oil and gas prices), the company 8:46 a moodle-2018-2019.fullerton.edu o Keeping people and the environment safe are the first priority and supersede any other objective o Beyond those basic objectives, risks are to be managed in a way that maximizes the value of the company Risk philosophy: risk encompasses not only downside risk but also upside potential o Existing off-the-shelf ERM frameworks were too oriented toward regulatory compliance considered and risk avoidance o Statoil philosophy instead recognizes that risk taking is unavoidable, even necessary, to create value for shareholders o What matters is that the risks are well enough understood and found acceptable, given their downside risk and upside potentials. . Risk map o Captures both upside potential and downside risk for any given risk factor o X-axis: probability of occurrence o Y-axis: impact figure, measured as the pretax impact on earnings (US millions) . The impact is measured relative to the forecasted value of earnings . All reported risks will be considered twice in the map i. Its potential contribution to upside potential (to be entered above the line) ii. Its contribution to downside risk (to benentered below the line) These two points are a summary, or synthesis, of the entire range of potential outcomes for the risk factor in question o Example: Risk A has a 5% probability that the outcome will be somewhat better than expected, yet there is a 10% probability of a fairly significant loss relative to the forecast (USS 200 million). Hence, the downside risk is larger than the upside potential 8:46 LTE a moodle-2018-2019.fullerton.edu v. External factors and. internal factors are treated differently. Energy prices and exchange rates could greatly impact the company, e.t, its EBIT, which could create incentives for the business units to manage these risks. In Statoil, however, the performance measures used (KPI, balanced scorecards, etc, that the company uses to evaluate its business units) have been designed to exclude the impact of these external factors. This means that the company achieves central management of these risks but largely avoids the discontent that could result from business units having to live with large risk vi. Keep the big picture in mind and team up everyone. Many units are very focused on meeting their own targets and consequently do not see beyond the border of their unit. ERM team has sought to make it part of anyone's job description to think in terms of Statoil's net benefits. vii. Risk Committee should remain a specialist forum, and that one should stay away from attempts to integrate i with to management. Ultimately the Risk Committee needs to remain an advisory body, not an executive one, though it needs to carry enough status to be seen as the real arbiter on risk-related issues in the conm vii. Examples of optimizing total risks: Foreign exchange (FX) risk management. a. Consider a situation where one business unit is selling into a market where the product is quoted in U.S. dollars, and another unit is sourcing material priced in the same currency, Whereas each unit may have an incentive to manage its own exposure, what counts for the company as a whole is the net of these exposures. Lacking a central policy, risk could be over managed to the extent that managers of business units use FX derivatives to cover exposures that would cancel out from the perspective of the company. Apart from the burde also significant direct costs from such over management of risk. Statoil calculates that if two business areas simultaneously cover a USD 10 million exposure, it would incur transaction costs of around NOK 180,000(assuming a USD NOK exchange rate of 6 and a bid-ask spread of 30 basis points). Since ERM was implemented, Statoil has withdrawn the ability of business units to set their own policy with regard to FX derivative Besides avoiding the transaction costs just mentioned, a centralized FX derivative policy entails a number of other advantages, such as business units focusing on their core activities and an increased ability to coordinate the derivative policy with other corporate policies. 4. Risk Aggregation: the company needs to take a more analytical and quantitative approach to risk management, such as building models and simulations that combine the company's many different risks into a probability distribution. LTE moodle-2018-2019.fullerton.edu formulated the idea of core risks, understood as the risk exposures that an investor would expect, and even desire, to have from buying Statoil shares. The core risks are owned by the CEO of the company and are coordinated centrally in the organization The ERM project increase the transparency and predictability of the risk exposures obtained by investing in Statoil shares. Tasks of ERM at Statoil: 1. Risk mapping proces i. Identifying, mitigating, and reporting risks ii. At Statoil business units are required to update their risk maps on quarterly basis. ili. During quarterly review meetings, two factors ensure the quality of the outputs of the ERM process a. The units are expected to provide discussions and for their assumptions, and explain what their policy on each main risk is. iili. The risk department, in turn, writes a brief in response to the business units' risk v, Statoil's board of directors is also briefed on the risk profile on a quarterly basis, and they receive a condensed version of the risk map prepared by the risk department. 2. Role of adviser to the business area i. The risk department is not only a supervisor of the risk mapping process. It also provides support to business areas and helps spread best practices. It has the expertise and resources to assist business units in multiple ways from advice on how to manage a particular credit risk to suggesting a methodology for quantifying a certain market risk ii. Example: Statoil's risk department has, in collaboration with consultancy firm HIS Global Insight, developed a deep expertise in the area of country risks, which is of particular importance to a company active in many of the world's most risky countries. This effort has resulted in a large internal knowledge base on country risk, as well as a standardized methodology for evaluating country risk as part of new investment proposals. The business areas are able to draw on these resources, and work with the risk department to reach the appropriate policies for each country and new investment 3. Optimizing total risk: avoiding risk management decisions that are suboptimal for the company as a whole i. Optimization of total risk has been unyieldingly pursued by the ERM team, with several tangible benefits for the ii. The value metric that underpins ERM in Statoil implies that it is the perspective of the company as a whole that should rule in practical situations where different individuals and business units may have differing views on how to proceed. Questions: 1. What difference does the value chain perspective make? 2. How the ERM at Statoil counteracts any tendency of managers to think along the lines that "this risk certainly exists, but it surely will not happen during my time in office, so I will just do nothing"? 3. Why people from Statoil, or any organization, may resist the implementation of ERM? 4. Is Risk Committee an advisory body or a management body at Statoil? 5. Should all advisory body remain independent from management? Since Value Creation is the basic guiding principle for ERM in Statoil, the company views risks in a value chain perspective. In the corporate directives it is written that the companys is to value chain to support a Statoil's value chain Risks Project risk Production risk eservoirri 1. Upstream: exploration and development of oil and gas 2. Downstream: refinement of hydrocarbons into various 3. Markets: seling of crude oil, gas, and refined products The most important risks: 1. Market risks The value of the value chain perspective: 1. It serves as a clear signal to everybody involved (all stakeholders) that value creation is the metric being pursued through ERM, and is the impact on Statoil's performance that ultimately counts. Statoil's thinking on this issue is that if ERM is limited to managing risks related to goal achievement in various business units, the result will be "Satisficing" rather than value maximizing. 2. The fact that the large number of risks identified in the risk map can make it challenging to understand what is really going on. By sorting the risks into a value chain, one can more easily see the bigger picture and, through the lens of the company's business model, see how the different risk categories hang 2001: The Company's shares were listed. During the listing entitled to information about what exposures they were getting when they invested in Statoil shares (the most important of which was the exposure to oil and gas prices), the company 8:46 a moodle-2018-2019.fullerton.edu o Keeping people and the environment safe are the first priority and supersede any other objective o Beyond those basic objectives, risks are to be managed in a way that maximizes the value of the company Risk philosophy: risk encompasses not only downside risk but also upside potential o Existing off-the-shelf ERM frameworks were too oriented toward regulatory compliance considered and risk avoidance o Statoil philosophy instead recognizes that risk taking is unavoidable, even necessary, to create value for shareholders o What matters is that the risks are well enough understood and found acceptable, given their downside risk and upside potentials. . Risk map o Captures both upside potential and downside risk for any given risk factor o X-axis: probability of occurrence o Y-axis: impact figure, measured as the pretax impact on earnings (US millions) . The impact is measured relative to the forecasted value of earnings . All reported risks will be considered twice in the map i. Its potential contribution to upside potential (to be entered above the line) ii. Its contribution to downside risk (to benentered below the line) These two points are a summary, or synthesis, of the entire range of potential outcomes for the risk factor in question o Example: Risk A has a 5% probability that the outcome will be somewhat better than expected, yet there is a 10% probability of a fairly significant loss relative to the forecast (USS 200 million). Hence, the downside risk is larger than the upside potential 8:46 LTE a moodle-2018-2019.fullerton.edu v. External factors and. internal factors are treated differently. Energy prices and exchange rates could greatly impact the company, e.t, its EBIT, which could create incentives for the business units to manage these risks. In Statoil, however, the performance measures used (KPI, balanced scorecards, etc, that the company uses to evaluate its business units) have been designed to exclude the impact of these external factors. This means that the company achieves central management of these risks but largely avoids the discontent that could result from business units having to live with large risk vi. Keep the big picture in mind and team up everyone. Many units are very focused on meeting their own targets and consequently do not see beyond the border of their unit. ERM team has sought to make it part of anyone's job description to think in terms of Statoil's net benefits. vii. Risk Committee should remain a specialist forum, and that one should stay away from attempts to integrate i with to management. Ultimately the Risk Committee needs to remain an advisory body, not an executive one, though it needs to carry enough status to be seen as the real arbiter on risk-related issues in the conm vii. Examples of optimizing total risks: Foreign exchange (FX) risk management. a. Consider a situation where one business unit is selling into a market where the product is quoted in U.S. dollars, and another unit is sourcing material priced in the same currency, Whereas each unit may have an incentive to manage its own exposure, what counts for the company as a whole is the net of these exposures. Lacking a central policy, risk could be over managed to the extent that managers of business units use FX derivatives to cover exposures that would cancel out from the perspective of the company. Apart from the burde also significant direct costs from such over management of risk. Statoil calculates that if two business areas simultaneously cover a USD 10 million exposure, it would incur transaction costs of around NOK 180,000(assuming a USD NOK exchange rate of 6 and a bid-ask spread of 30 basis points). Since ERM was implemented, Statoil has withdrawn the ability of business units to set their own policy with regard to FX derivative Besides avoiding the transaction costs just mentioned, a centralized FX derivative policy entails a number of other advantages, such as business units focusing on their core activities and an increased ability to coordinate the derivative policy with other corporate policies. 4. Risk Aggregation: the company needs to take a more analytical and quantitative approach to risk management, such as building models and simulations that combine the company's many different risks into a probability distribution. LTE moodle-2018-2019.fullerton.edu formulated the idea of core risks, understood as the risk exposures that an investor would expect, and even desire, to have from buying Statoil shares. The core risks are owned by the CEO of the company and are coordinated centrally in the organization The ERM project increase the transparency and predictability of the risk exposures obtained by investing in Statoil shares. Tasks of ERM at Statoil: 1. Risk mapping proces i. Identifying, mitigating, and reporting risks ii. At Statoil business units are required to update their risk maps on quarterly basis. ili. During quarterly review meetings, two factors ensure the quality of the outputs of the ERM process a. The units are expected to provide discussions and for their assumptions, and explain what their policy on each main risk is. iili. The risk department, in turn, writes a brief in response to the business units' risk v, Statoil's board of directors is also briefed on the risk profile on a quarterly basis, and they receive a condensed version of the risk map prepared by the risk department. 2. Role of adviser to the business area i. The risk department is not only a supervisor of the risk mapping process. It also provides support to business areas and helps spread best practices. It has the expertise and resources to assist business units in multiple ways from advice on how to manage a particular credit risk to suggesting a methodology for quantifying a certain market risk ii. Example: Statoil's risk department has, in collaboration with consultancy firm HIS Global Insight, developed a deep expertise in the area of country risks, which is of particular importance to a company active in many of the world's most risky countries. This effort has resulted in a large internal knowledge base on country risk, as well as a standardized methodology for evaluating country risk as part of new investment proposals. The business areas are able to draw on these resources, and work with the risk department to reach the appropriate policies for each country and new investment 3. Optimizing total risk: avoiding risk management decisions that are suboptimal for the company as a whole i. Optimization of total risk has been unyieldingly pursued by the ERM team, with several tangible benefits for the ii. The value metric that underpins ERM in Statoil implies that it is the perspective of the company as a whole that should rule in practical situations where different individuals and business units may have differing views on how to proceed. Questions: 1. What difference does the value chain perspective make? 2. How the ERM at Statoil counteracts any tendency of managers to think along the lines that "this risk certainly exists, but it surely will not happen during my time in office, so I will just do nothing"? 3. Why people from Statoil, or any organization, may resist the implementation of ERM? 4. Is Risk Committee an advisory body or a management body at Statoil? 5. Should all advisory body remain independent from management