Annual Report 2010 - SBM Offshore
Annual Report 2010 - SBM Offshore
Annual Report 2010 - SBM Offshore
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Risk Management<br />
Risk Management operates on three fronts through a<br />
standard process of risk identification, risk assessment,<br />
and risk mitigation actions. Firstly, business processes<br />
are subject to risk assessments and key controls are<br />
updated where necessary. Continuing projects initiated<br />
in previous years, additional Internal Control workshops<br />
took place, particularly related to Financial <strong>Report</strong>ing.<br />
Secondly, major projects are subject to ongoing risk<br />
workshops by an independent Risk Management<br />
team from early in the proposal phase until project<br />
completion. The dedicated Project Controls department<br />
continued to work on specific improvement<br />
initiatives in the field of project execution. An important<br />
development in <strong>2010</strong> was the introduction of a formal<br />
Independent Project Review (IPR) process. The Project<br />
Risk Management process is reinforced by dedicated<br />
Legal, Quality Assurance, Health, Safety, Security &<br />
Environment (HSSE) and Internal Audit departments.<br />
Risk Management was reinforced during the year with<br />
the roll-out of a bespoke, on-line risk management tool<br />
“eRisk”. The principles of Risk Management in <strong>SBM</strong><br />
<strong>Offshore</strong> are:<br />
• integration of Risk Management into the general<br />
management process;<br />
• comprehensive Risk Management assurance based<br />
on a matrix of agreed objectives at risk and analysis<br />
of the complete spectrum of sources of risk to be<br />
analysed;<br />
• communication involving all critical personnel contributing<br />
to the Risk Register;<br />
• agreement on mitigating actions and controls in a<br />
risk workshop;<br />
• Risk Management function providing facilitation,<br />
monitoring and reporting to Company Management.<br />
The policy of <strong>SBM</strong> <strong>Offshore</strong> is to accept risks which<br />
are inherent to its business activity, that are within its<br />
risk appetite and for which it has competence and an<br />
agreed control process.<br />
Controls<br />
To ensure good Corporate Governance, the Company<br />
maintains a documented system of key processes<br />
and controls. The Company recognises the need for<br />
<strong>Report</strong> of the Board of Management<br />
ongoing development in this area and attention is being<br />
devoted to assess the effectiveness of those processes<br />
and key controls as well as the application of a continual<br />
improvement process. Financial reporting controls<br />
were reviewed and tested in detail in each of the project<br />
execution centres, using a risk based approach. This<br />
process will continue in all other departments based on<br />
an objective and risk assessed approach. IT controls<br />
were tested by an external party with results showing a<br />
strong level of protection and continued improvement<br />
over recent years.<br />
Information systems<br />
The Company maintains a relatively flat organisation<br />
structure with short lines of communication. Information<br />
flows upwards to the appropriate department managers<br />
and decision making is made in consultation with<br />
other department managers where necessary. The<br />
Company has requested an external review of its information<br />
systems network. The first conclusions are that<br />
the systems support the business activities and there<br />
are no areas of major risk. As expected, there is opportunity<br />
for optimisation and improved integration of the<br />
various reporting systems. Project teams were formed<br />
and a consultant employed to help identify the process<br />
weaknesses and information gaps and propose a roadmap<br />
for the future.<br />
Internal assurance<br />
Conformance to Audit standards and compliance<br />
with Company procedures (GMS) are under the<br />
joint responsibility of the Internal Audit and Quality<br />
Assurance disciplines. Both operate independently<br />
from the business line functions and report directly to<br />
the Management Board and the Audit Committee. The<br />
objective of Internal Audit and Quality Assurance is not<br />
only compliance testing in respect of procedures and<br />
controls but also to form an independent opinion on the<br />
effectiveness of the underlying processes and controls.<br />
The audit functions of these two disciplines are planned<br />
to be combined in 2011.<br />
To best monitor compliance activities, the Internal<br />
Assurance process has been designed to consolidate<br />
all Corporate and Divisional audits. It is constructed<br />
using a variety of tools, including information from both<br />
<strong>SBM</strong> <strong>Offshore</strong> – <strong>Annual</strong> <strong>Report</strong> <strong>2010</strong> 87