COPY: Risk Management at NNPC Limited

Questions and Answers

What is the primary responsibility of the ERM Function in NNPC Limited and its subsidiaries?

Developing and implementing risk management tools

Maintaining and monitoring the risk inventory (correct)

Conducting periodic scans of the operating environment

Fostering a corporate risk culture

What is the purpose of the ERM Function in engaging process owners?

To facilitate risk assessment and prioritization

To develop risk management tools

To identify and assess risks (correct)

To monitor the operational risk profile

What is the role of the ERM Function in risk assessment and prioritization?

Facilitating risk assessment and prioritization (correct)

Conducting risk assessments and prioritization

Developing risk management tools and templates

Monitoring the operational risk profile

What is the purpose of the ERM Function in consulting with process owners?

To identify and propose key risk indicators

What is the outcome of the ERM Function's periodic facilitation and validation of risk and control self-assessments?

Strengthening the control environment

What is the purpose of the ERM Function's periodic monitoring and reporting on risk management?

To provide risk management information to the BAC and Management Risk Committees

What is the role of the ERM Function in the risk management process?

Coordinating and reviewing risk inputs

What is the outcome of the ERM Function's efforts to foster a corporate risk culture?

Improved risk awareness and management across the organization

What is one of the responsibilities of the GRC Function in terms of staff development?

Administering performance evaluation and job rotation processes

What is the purpose of the GRC Function's periodic reviews of documents?

To propose recommendations for process improvement

Who does the GRC Function recommend training for?

GRC staff to address identified skill gaps

What is one of the responsibilities of the GRC Function in terms of reporting?

Consolidating and preparing periodic reports for senior management

What is the purpose of the GRC Function's research into emerging best practices?

To keep current on changes and emerging best practices of the profession

What is one of the responsibilities of the GRC Function in terms of staff resourcing?

Overseeing the resourcing of staff within the Function

What is the purpose of the GRC Function's development of SMART performance metrics?

To drive and improve the effectiveness and efficiency of the Function

What is one of the responsibilities of the GRC Function in terms of coordination?

Coordinating the development of standardized policies and procedures

What is the mission of the QA Unit in NNPC Limited?

To provide the Board and Management of NNPC Limited and its subsidiaries with assurance on GRC activities

What is the scope of the QA Unit?

To support the management of the GRC Function for NNPC Limited and its subsidiaries

Who does the Quality Assurance Manager report to?

The Head of Global Compliance

What is one of the responsibilities of the Quality Assurance Manager?

To implement and monitor compliance with the internal quality management system

What is the objective of the Quality Assurance Processes and Procedures?

To ensure effective execution of QA reviews in line with standards and stakeholder expectation

What is the responsibility of the Quality Assurance Manager regarding the database system?

To ensure maintenance of an up-to-date database system for the GRC Function

What is the role of the Quality Assurance Manager in the GRC Function?

To implement and monitor compliance with the internal quality management system

What is the organizational hierarchy of the Quality Assurance Function?

The Quality Assurance Manager reports to the Head of Global Compliance

How often will the external assessor collaborate with the GRC Function within NNPC?

Once every three (3) years

Who is responsible for monitoring the GRC Function's Key Performance Indicators (KPI)?

The QA Unit

What is included in the 'People' category of KPIs?

Satisfaction, retention, and quality of development of GRC staff

How often will the KPIs be reported to GRC leadership?

Annually

What is the purpose of the KPIs in the 'Processes' category?

To assess the effectiveness of GRC processes

What is the minimum number of GRC staff rotated into the business in one year, as per the KPIs?

Not specified

What is the purpose of the external assessor in the GRC Function?

To assess the GRC Function within NNPC

What is included in the 'Processes' category of KPIs?

Effectiveness of GRC processes

What is considered in the annual self-assessment by the QA Unit?

Both the outcome of the internal assessments and the customer satisfaction survey

Who is involved in the customer satisfaction survey?

Only management personnel (Managers and above) of NNPC Limited and its subsidiaries

What is the purpose of the QA plan?

To define the approximate resources and strategy necessary to accomplish the scope

How often does the QA team present the consolidated report(s) from ongoing internal assessments?

Quarterly

What is the minimum number of GRC engagement reviews selected for quality assurance in each calendar year?

One from each subsidiary and one from each division

What is the purpose of consolidating the report(s) from ongoing internal assessments?

To present the results at the quarterly GRC performance review meetings

What is the alternative to conducting a customer satisfaction survey?

Conducting a business unit satisfaction survey

What is the role of the QA Unit in developing the QA plan?

To develop the QA plan and define the approximate resources and strategy necessary to accomplish the scope