We work in a complex industry so we must manage many forms of risk
We look at strategic, operational and compliance risks across the group.
External market conditions, for example, can impact our financial performance. We actively manage this risk through BP’s diversified portfolio, our financial framework, regular reviews of market conditions and our planning and investment processes.
The diverse locations of our operations around the world expose us to a wide range of political developments and consequent changes to the operating environment. We seek to manage this risk through our relationships with governments and stakeholders. In addition, we closely monitor events and implement mitigation plans where appropriate.
Changes in laws and public policies relating to climate change, such as carbon pricing, could impact our assets, costs, revenue generation and demand for our products. We are working to help make sure our business is sustainable - commercially, environmentally and in a lower carbon future.
We identify risks for particular oversight by the board. For 2017 those include financial resilience, geopolitical risk, security, ethical misconduct, legal and regulatory non-compliance, trading non-compliance, cybersecurity and incidents associated with the drilling of wells, operating facilities and transporting hydrocarbons.
Encouraging employees to think before they click
We rank cybersecurity as one of our highest priority risks. We deal with attempted cyber attacks on our business every day. Employees are our first line of defence against these attacks and we promote secure behaviours to mitigate this growing concern. Read more...
The three lines of defence
We prioritize the safety and reliability of our operations to protect the welfare of our workforce, local communities and the environment.
- Our operating businesses are our first line of defence. They are responsible for identifying and managing risks and bringing together people with the right skills to do this. They verify their own conformance with safety and operating requirements and are also subject to independent scrutiny and assurance.
- The second line of defence is our safety and operational risk team, which works alongside operating businesses. The team is responsible for setting clear requirements, maintaining an independent view of operating risk, providing assurance on how risks are being managed, and intervening when appropriate to bring about corrective action.
- Our group audit team is the third line of defence, visiting sites on a risk-prioritized basis, including third-party drilling rigs, to check how they are managing risks.
BP’s operating management system
Our operating management system (OMS) is a group-wide framework designed to help us manage risks in our operating activities and drive performance improvements.
OMS brings together BP requirements on health, safety, security, the environment, social responsibility and operational reliability, as well as related issues, such as maintenance, contractor relations and organizational learning, into a common management system.
It sets out the rules and principles that govern key risk management activities such as inspection, testing, competency development, as well as business continuity and crisis response planning. OMS also helps us improve the quality of our activities. All businesses covered by OMS undertake an annual performance improvement cycle and assess alignment with the applicable requirements of the OMS framework.
Any variations in the application of OMS, in order to meet local regulations or circumstances, are subject to a governance process.
Our joint venture partners
In joint ventures where we are the operator, our OMS, code of conduct and other policies apply. We aim to report on all aspects of our business where we are the operator - as we directly manage the performance of these operations.
Where we are not the operator, our OMS is available as a reference point for BP businesses when engaging with operators and co-venturers. We monitor performance and how risk is managed in our joint ventures, whether we are the operator or not. For example, in Canada we have 50% ownership of the Sunrise oil sands venture but it is operated by another company. We benchmark the operator’s safety, financial and environmental performance against our expectations. And BP representatives on the venture’s governance committee are responsible for confirming that activities are consistent with our investment requirements and code of conduct.
Around 45% of our upstream production and 7% of our refining capacity in 2016 were from joint ventures where BP is not the operator.
We have a group framework to assess BP’s exposure related to safety, operational and bribery and corruption risk from our participation in these types of ventures.
An ethics monitor and a process safety monitor were appointed under the terms of the plea agreement that BP reached with the US government in 2012, following the Deepwater Horizon accident in 2010. The ethics monitor was also appointed under the terms of an administrative agreement reached with the US Environmental Protection Agency in 2014. Under the terms of both agreements, we are taking additional actions to further enhance ethics and compliance across BP and the safety of our drilling operations in the Gulf of Mexico.
The agreements have terms of five years and we are working closely with the monitors who will review ongoing progress until the agreements end.