Follow LogicManager

Subscribe via Email

Your email:

5 minute Videos

Top-down strategic or bottom-up governance approach, watch the video that represents the priority for your ERM program.

Stream_btn

Strategic_btn

Or if you are just getting started, understand what is involved and how to define an ERM framework.

Getting_btn


Solution Overview

Download_btn_orange

Understand the benefits of LogicManager’s ERM SaaS platform and how we support your organization’s challenges

Latest Posts

Browse by Tag

Best Blog Badge

Manage Tomorrow's Surprises Today

Current Articles | RSS Feed RSS Feed

Government Finds BP Blowout was Preventable by ERM and Not GRC

Posted by Steven Minsky on Fri, Jan 14, 2011 @ 07:15 AM
  
  
  
  

View all posts | View current post

The presidential commission stated that compliance, the focus of GRC efforts, was not a key cause of the Deepwater Horizon disaster. They concluded instead that it was BP's lack of governance or an ERM approach to risk management that was the root cause of their failure.

The commission reported that, "BP did not have adequate controls in place to ensure that key decisions in the months leading up to the blow-out were safe or sound from an engineering perspective."

This report confirms what we have been saying since 2006 in our blogs BP Oil Pipeline Leak: A Cry for Enterprise Risk Management and Don't Let BP's Disaster Happen to You; in these blog entries we revealed that BP had failed to identify key vendor risks and depended too heavily on quantitative models to make decisions.

Following both incidents employee written notifications surfaced that identified critical risks not addressed and that BP lacked the ability to reach front line managers with a risk management infrastructure to prioritize these unresolved issues.

An oil rig blowout that could cost billions in losses and clean-up is certainly a risk BP can manage, however it is the gaps between silos (vendor management) and the consequences of those gaps that blindsides them in their most critical core competency areas. As long as this blind side exists, the accidents will continue to occur.

There are far too many controls to spend resources on all of them equally. If BP were using an ERM approach they would have identified which controls were managing the most risky issues and put their resources on those most impactful controls.

GRC misses the point; more money allocated to safety regulations is not going to solve the problem. You can spend all you like on compliance but it's a waste of time unless you can use a risk based approach to prioritize resources to those issues that matter most and deliver actual business value.

Here are the top three things that BP should do now:

  • Connect vendor risk to business processes based on the impact of their products and services
  • Have front line process owners assess their risks
  • Use standards in risk assessment criteria to make priorities comparable across business silos

Can you measure the degree your risk management activities contribute to your organization's bottom line? Go to the RIMS Risk Maturity Model (RMM) and take the RIMS RMM assessment to get your score and specific action items of what to do next based on your score.

Tags: , , ,

Comments

Currently, there are no comments. Be the first to post one!
Post Comment
Name
 *
Email
 *
Website (optional)
Comment
 *

Allowed tags: <a> link, <b> bold, <i> italics