How we manage risk

We work in a high-hazard industry and risk management is key

In order to deliver energy to the world safely and sustainably, we must identify and proactively manage risks of many forms, from the strategic and commercial, to the operational.

Our risk management system and policy help us to identify and assess risks across our business and manage them at the appropriate level in BP.

Strategic and commercial risk

We look at strategic and commercial risks across the group, for example climate change, geopolitical risk and BP’s financial resilience.

Public policies relating to climate change and carbon pricing could increase costs and reduce future revenue and strategic growth opportunities for BP. We are working to help make sure our business is sustainable - commercially, environmentally and in a lower-carbon future.

The nature of our business means BP is exposed to a range of political developments around the world and subsequent changes to the operating and regulatory environment. We seek to manage this risk through our relationships with governments and stakeholders. In addition, we closely monitor events and implement risk mitigation plans where appropriate.

External market conditions can impact our financial performance. We actively manage this risk through BP’s diversified portfolio, our financial framework, regular reviews of market conditions and our planning and investment processes.

Operational risk

We prioritize the safety and reliability of our operations to protect the welfare of our workforce, the environment and local communities. Our goal is no accidents, no harm to people and no damage to the environment.

The three lines of defence

Our operating businesses are our first line of defence. They are responsible for identifying and managing risks and bringing together people with the right skills and competencies to do this. They verify their own conformance with safety and operating requirements and are also subject to independent scrutiny and assurance.

The second line of defence is our safety and operational risk team, which works alongside operating businesses to set clear requirements; maintains an independent view of operating risk, provides assurance on how risks are being assessed and managed; and intervenes when appropriate to bring about corrective action.

Our group audit team is the third line of defence, visiting sites on a risk-prioritized basis, including third-party drilling rigs, to check how they are managing risks.

BP’s operating management system

Our operating management system (OMS) is a group-wide framework designed to help us manage risks in our operating activities and drive performance improvements.

OMS brings together BP requirements on health, safety, security, the environment, social responsibility and operational reliability, as well as related issues, such as maintenance, contractor relations and organizational learning, into a common management system. It sets out the rules and principles that govern key risk management activities such as inspection, testing, competency development and business continuity and crisis response planning.

We review and amend our group requirements within OMS from time to time to reflect BP’s priorities and experience or changing external regulations. Any variations in the application of OMS - in order to meet local regulations or circumstances - are subject to a governance process.

OMS also helps us improve the quality of our operating activities. All businesses covered by OMS undertake an annual performance improvement cycle and assess alignment with the applicable requirements of the OMS framework. 

Oversight by the board

We identify certain risks as being a high priority for particular oversight by the board. For 2016 this includes financial resilience, geopolitical risk, security, ethical misconduct, legal and regulatory non-compliance, trading non-compliance, cybersecurity and incidents associated with the drilling of wells, operating facilities and the transportation of hydrocarbons.

The board delegates some of its oversight activities to its seven committees. These include the audit committee, which monitors the management of financial risk, and the safety, ethics and environment assurance committee (SEEAC), which focuses on non-financial risk. 

SEEAC reviewed reports in 2015 on the risk of major security incidents, and BP’s management of risks in marine operations, wells, pipelines and facilities. Site visits are an important part of SEEAC’s role, allowing direct interaction with operating teams. In 2015 they visited sites in the Netherlands, Oman and Trinidad. 

The board established a dedicated committee to monitor geopolitical risk and consider the effect that heightened political or social tensions or changes in key relationships can have on the economic and operating environment for BP.


The information on this page forms part of the information reviewed and reported on by Ernst & Young as part of BP's 2015 sustainability reporting. View the full assurance statement.

Related content