https://aiche.confex.com/aiche/s14/webprogram/Paper353321.html
353321 Managing Operational Risk in an Enterprise Risk Management Framework
Tuesday, April 1, 2014: 2:00 PM
Grand Ballroom A (Hilton New Orleans Riverside)
Jean Bruney, Cheveron Corporation, San Ramon, CA and Jim Salter, Energy Technology Company, Chevron, San Ramon, CA
Chevron has a structured approach to enterprise risk management that is aligned to ISO31000 and consistent with industry best practices including the Committee of Sponsoring Organizations of the Treadway Commission (COSO) framework. Risks are assessed across the full scope of the enterprise within thirteen categories. These categories address all aspects of our business - operational, legal, strategic, financial, stakeholder, etc. Each category of risk has a senior management risk owner who is responsible for generating the assessment and reporting on the adequacy of the safeguards and systems in place to manage the risks. The risk review focuses on specific hypothetical/potential high consequence events that could be material at the corporate level, even if they have a low probability of occurrence. The enterprise risk process helps to assure that risks are managed at appropriate levels across Chevron and that sufficient safeguards are embedded in our business processes.
Our enterprise assessments have consistently identified Operational risk, particularly the potential for a major process incident, as a significant component of the overall enterprise risk profile. Operational risk is important both as an individual risk category and because an operational incident can impact other categories of risk such as stakeholder, legal, and legislative. Therefore, our ability to assess and manage operational risks at a detailed level is foundational to overall enterprise risk management.
At Chevron, the operational risk component of enterprise risk management is informed by a comprehensive health, environment and...