Risk Management at NNPC Limited

Questions and Answers

What is the primary responsibility of the ERM Function in NNPC Limited and its subsidiaries?

Developing and implementing risk management tools

Maintaining and monitoring the risk inventory (correct)

Conducting periodic scans of the operating environment

Fostering a corporate risk culture

What is the purpose of the ERM Function in engaging process owners?

To facilitate risk assessment and prioritization

To develop risk management tools

To identify and assess risks (correct)

To monitor the operational risk profile

What is the role of the ERM Function in risk assessment and prioritization?

Facilitating risk assessment and prioritization (correct)

Conducting risk assessments and prioritization

Developing risk management tools and templates

Monitoring the operational risk profile

What is the purpose of the ERM Function in consulting with process owners?

To identify and propose key risk indicators

What is the outcome of the ERM Function's periodic facilitation and validation of risk and control self-assessments?

Strengthening the control environment

What is the purpose of the ERM Function's periodic monitoring and reporting on risk management?

To provide risk management information to the BAC and Management Risk Committees

What is the role of the ERM Function in the risk management process?

Coordinating and reviewing risk inputs

What is the outcome of the ERM Function's efforts to foster a corporate risk culture?

Improved risk awareness and management across the organization

What is one of the responsibilities of the GRC Function in terms of staff development?

Administering performance evaluation and job rotation processes

What is the purpose of the GRC Function's periodic reviews of documents?

To propose recommendations for process improvement

Who does the GRC Function recommend training for?

GRC staff to address identified skill gaps

What is one of the responsibilities of the GRC Function in terms of reporting?

Consolidating and preparing periodic reports for senior management

What is the purpose of the GRC Function's research into emerging best practices?

To keep current on changes and emerging best practices of the profession

What is one of the responsibilities of the GRC Function in terms of staff resourcing?

Overseeing the resourcing of staff within the Function

What is the purpose of the GRC Function's development of SMART performance metrics?

To drive and improve the effectiveness and efficiency of the Function

What is one of the responsibilities of the GRC Function in terms of coordination?

Coordinating the development of standardized policies and procedures

What is the mission of the QA Unit in NNPC Limited?

To provide the Board and Management of NNPC Limited and its subsidiaries with assurance on GRC activities

What is the scope of the QA Unit?

To support the management of the GRC Function for NNPC Limited and its subsidiaries

Who does the Quality Assurance Manager report to?

The Head of Global Compliance

What is one of the responsibilities of the Quality Assurance Manager?

To implement and monitor compliance with the internal quality management system

What is the objective of the Quality Assurance Processes and Procedures?

To ensure effective execution of QA reviews in line with standards and stakeholder expectation

What is the responsibility of the Quality Assurance Manager regarding the database system?

To ensure maintenance of an up-to-date database system for the GRC Function

What is the role of the Quality Assurance Manager in the GRC Function?

To implement and monitor compliance with the internal quality management system

What is the organizational hierarchy of the Quality Assurance Function?

The Quality Assurance Manager reports to the Head of Global Compliance

How often will the external assessor collaborate with the GRC Function within NNPC?

Once every three (3) years

Who is responsible for monitoring the GRC Function's Key Performance Indicators (KPI)?

The QA Unit

What is included in the 'People' category of KPIs?

Satisfaction, retention, and quality of development of GRC staff

How often will the KPIs be reported to GRC leadership?

Annually

What is the purpose of the KPIs in the 'Processes' category?

To assess the effectiveness of GRC processes

What is the minimum number of GRC staff rotated into the business in one year, as per the KPIs?

Not specified

What is the purpose of the external assessor in the GRC Function?

To assess the GRC Function within NNPC

What is included in the 'Processes' category of KPIs?

Effectiveness of GRC processes

What is considered in the annual self-assessment by the QA Unit?

Both the outcome of the internal assessments and the customer satisfaction survey

Who is involved in the customer satisfaction survey?

Only management personnel (Managers and above) of NNPC Limited and its subsidiaries

What is the purpose of the QA plan?

To define the approximate resources and strategy necessary to accomplish the scope

How often does the QA team present the consolidated report(s) from ongoing internal assessments?

Quarterly

What is the minimum number of GRC engagement reviews selected for quality assurance in each calendar year?

One from each subsidiary and one from each division

What is the purpose of consolidating the report(s) from ongoing internal assessments?

To present the results at the quarterly GRC performance review meetings

What is the alternative to conducting a customer satisfaction survey?

Conducting a business unit satisfaction survey

What is the role of the QA Unit in developing the QA plan?

To develop the QA plan and define the approximate resources and strategy necessary to accomplish the scope

Study Notes

Second Line of Defence – Risk Oversight

• The ERM Function at NNPC Limited and its subsidiaries performs various risk management activities, including:
  • Periodic scans of the operating environment for emerging risks
  • Developing and implementing tools and templates to embed ERM
  • Maintaining and monitoring the risk inventory by engaging process owners
  • Fostering a corporate risk culture through training and serving as an internal ambassador
  • Facilitating risk assessment and prioritization by management

ERM Processes and Procedures

• The ERM Function is responsible for:
  • Coordinating and reviewing risk input from risk owners
  • Identifying and proposing key risk indicators, threshold limits, and mitigating strategies
  • Periodically facilitating and validating risk and control self-assessments
  • Monitoring and reporting on risk management to the BAC and Management Risk Committees

GRC Function

• The GRC Function is responsible for:
  • Coordinating budgeting and financial administrative activities
  • Overseeing the resourcing of staff, including job rotation and management development programs
  • Developing SMART performance metrics to drive and improve the effectiveness and efficiency of the Function
  • Coordinating the development of standardized policies, procedures, and manuals

Quality Assurance Processes and Procedures

• The Mission of the QA Unit is to provide assurance that all GRC activities have been conducted in accordance with standard practices across NNPC Limited and its subsidiaries.
• The QA Unit shall support the management of the GRC Function to coordinate quality assurance activities.
• The QA Unit shall cover NNPC Limited and its subsidiaries.

Structure of the QA Unit

• The QA Unit reports to the Head of Global Compliance and ultimately to the Chief Compliance Officer.
• The Quality Assurance Manager is responsible for implementing and monitoring compliance with the internal quality management system.

Objective and Policy

• The objective is to consolidate and standardize the tasks and responsibilities to ensure effective execution of QA reviews in line with standards and stakeholder expectations.
• The QA Unit shall collaborate with an external assessor every three years to assess the GRC Function within NNPC Limited.

Key Performance Indicators (KPIs)

• The QA Unit shall be responsible for monitoring the KPIs for the GRC Function, which include:
  • Staff satisfaction, retention, and quality of development
  • Percentage of certified staff
  • Training cost as a percentage of GRC budget
  • Minimum training hours per GRC staff
  • Minimum number of GRC staff rotated into the business in one year
  • Minimum number of process owners rotated into GRC in one year
• The QA Unit shall report the KPIs to GRC leadership annually.

QA Planning and Resourcing Strategy

• The QA Unit shall develop an annual plan for ongoing internal assessments and define the approximate resources and strategy necessary to accomplish the scope.
• The QA plan shall ensure that at least one GRC engagement review from each subsidiary and one GRC engagement within each division at NNPC Limited is selected for quality assurance in each calendar year.

Description

This quiz is about the risk oversight function of NNPC Limited and its subsidiaries, including risk management activities such as identifying emerging risks, implementing ERM tools, and maintaining a risk inventory. It covers the Enterprise Risk Management (ERM) function at NNPC Limited.