NNPC Limited ERM Processes and Procedures PDF

NNPC Limited ERM Processes and Procedures Policies S/N 4. Description Employees are expected to proactively manage risks in their operations and will be recognised for their good risk management practices in our performance evaluation process. 5. NNPC Limited and its subsidiaries shall adhere to the following four (4) key pillars: a) Leadership – The Board and Senior Management shall set the tone at the top by establishing and promoting a strong culture of adherence to risk limits and boundaries. b) Ownership – Every employee shall proactively manage risks in their day-to-day activities i.e. risk management is a shared responsibility. Every staff shall be trained to integrate risk management in their respective day to day operations. See Appendix A for the training policy. c) Transparency – There shall be open, clear and honest communication information of shall risks be within NNPC communicated Limited. to Risk relevant stakeholders periodically, to aid decision making. d) Compliance – There shall be low risk tolerance for breach of laws, regulations and organizational policies. The Governance, Risk and Compliance Function shall be empowered to monitor compliance. Where the need arises, the GCEO is authorized to grant exceptions to the application of this policy, and thereafter Page 17 of 347 NNPC Limited ERM Processes and Procedures Policies S/N Description seek ratification from the NNPC Limited Board. 4.0 Risk Governance 4.1 Introduction Risk governance refers to the structure for managing risks within NNPC Limited and its subsidiaries. It also presents a comprehensive detail of the responsibilities for monitoring and reporting business risks within NNPC Limited and its subsidiaries. The risk governance structure comprises: 1) The risk governance structure; 2) The ERM organizational structure; 3) The risk reporting structure; 4) The ERM roles and responsibilities; and 5) The ERM stakeholder relationships. These are further detailed below: 1. Risk Governance Structure NNPC Limited’s risk governance structure is based on the “three lines of defense” model, which ensures that risk is properly managed throughout NNPC Limited and its subsidiaries. Page 18 of 347 NNPC Limited ERM Processes and Procedures The model also provides a clear allocation of responsibilities for the ownership and management of risk, to avoid overlaps and/or gaps in risk governance as shown below: Board Audit Committee 1st Line: Primary 2nd Line: Risk Risk Oversight 3rd Line: Assurance Management Page 19 of 347 NNPC Limited ERM Processes and Procedures Board Audit Committee a) Operational a) The Risk a) The Assurance management Management units in Functions within NNPC the provide Limited and its and its subsidiaries independent subsidiaries shall reviews of controls at have the management NNPC Limited and primary support by reviewing its subsidiaries. responsibility for and reporting on key identifying, risks managing designated and reporting risks. b) They shall NNPC Limited provide to Committees the at the Board and Management manage their with risks by responsibilities implementing risk. and risk level oversight for b) They shall collaborate maintaining with effective management internal develop and monitor procedures processes daily. shall operational to and controls to mitigate identified risks c) They risk shall facilitate assessment sessions, develop risk management Page 20 of 347 NNPC Limited ERM Processes and Procedures Board Audit Committee programs and alert management to emerging issues and changing risk scenarios d) They shall also provide support by training and providing counsel to business units relation to in risk management. e) The specialized risk functions (i.e. ETD, HSE, insurance) shall provide risk oversight on their risk areas respectively. However, they shall periodically report on the status of their risk profile to the ERM Function . Notes: In line with the policy: Page 21 of 347 NNPC Limited ERM Processes and Procedures a) The Level 1 and 2 Committees at NNPC Limited double as the risk management committees for the Company. b) The Level 1 committee at each subsidiary double as the risk management committee for the subsidiary. c) The Heads of Risk management at NNPC Limited and the Subsidiaries shall serve as members of the Committees. 2. ERM Organisational Structure The organisational structure for the ERM Function is depicted below: Board of Directors Board Audit Committee GCEO Chief Compliance Officer MD/Head of BU Head, Governance & Risk Management ERM Manager Head of GRC (BU) Page 22 of 347 NNPC Limited ERM Processes and Procedures Notes a) The Chief Compliance Officer shall double as the Chief Risk Officer for NNPC Limited. b) The Chief Compliance Officer shall report directly to the Managing Director and have direct access to BAC on risk management activities. c) The Head of Risk Management would primarily oversee the risk management activities of the risk management teams at the Headquarters & Subsidiary and report directly to the NNPC Limited Chief Compliance Officer. d) There shall be GRC function at each subsidiary, headed by the Head of GRC (BU). The Subsidiary GRC Unit shall report functionally to the NNPC Limited’s GRC through the Head of Risk Management on risk management matters. The ED shall also have direct access to the MD of the subsidiary and the subsidiary Board through the BAC in line with leading practices. 3. Risk Reporting Structure NNPC Limited’s risk reporting structure is depicted in the diagram below: Page 23 of 347 NNPC Limited ERM Processes and Procedures Board of Directors Board Audit Committee GCEO Level 1 and 2 Committees Chief Compliance Head, Governance and Risk Management ERM Manager Subsidiary Board Risk Management Personnel at CHQ Board Audit Committee Subsidiary Companies Subsidiary MD GCEO’s Office Corporate Services Finance and Accounts GCEO’s Office Risk Champion s Corporate Services Risk Champion Finance & Accounts Risk Champion Executive Director of GRC Level 1 Committee Subsidiary Risk Management Team Subsidiary Risk Champion Page 24 of 347 NNPC Limited ERM Processes and Procedures 4. ERM Roles and Responsibilities Summary of Roles and Responsibilities A. The following actions relating to this section shall be defined as follows: Action Definition I – Initiate To commence a risk management process. C – Consult R – Recommend To seek the views and opinions before taking risk management decisions. To propose a risk management decision for endorsement or approval. To pre-approve a risk management decision before E – Endorse it is presented to a higher authority for final approval. A – Approve IMP – Implement INF – Inform To officially accept a risk management decision. To implement the risk management decisions taken. To be notified of an outcome of a risk management process or decision B. Below is a summary of the roles and responsibilities of stakeholders for ERM and its key elements: Page 25 of 347 NNPC Limited ERM Processes and Procedures Element of Risk Managemen t Manual NNPC Ltd Board BAC Managem ent Committe e HODs/Proc ess Owners/Pr oject Managers Risk and Control Function ERM policies and procedures A R R INF/IMP I/C Risk appetite A E R IMP I/C Risk identificatio n and assessment - INF A I/C I/C Risk mitigation and control A INF/R A IMP I/R Risk monitoring and reporting INF INF INF I/C I/C Legend: I – Initiate; C – Consult; R – Recommend; E – Endorse; A – Approve; IMP – Implement; INF – Inform First Line of Defence – Risk Management 1. Board of Directors The Board sets the overall risk appetite, approves the risk management strategy and is ultimately responsible for the effectiveness of the risk management process and system of internal control within NNPC Page 26 of 347 NNPC Limited ERM Processes and Procedures Limited. The Board oversees risk management through the Board Audit Committee. 2. Board Audit Committee (BAC) The Committee shall: a) Assist the Board in setting an overall risk culture and appetite at the top; b) Assist the Board in overseeing the effectiveness of risk management and controls through the review of periodic risk management reports; c) Discuss risk management philosophy and risk appetite d) Review the framework for managing risks and recommend to the Board for approval; e) Review the propositions of Senior Management to identify potential risk exposures and direct appropriate actions to be taken by Senior Management; and f) Empower the ERM Function to enable it to discharge its responsibilities effectively. 3. Management Risk Committee The Committee shall: a) Implement an effective risk management system and instil the right culture throughout NNPC Limited and its subsidiaries for effective risk governance; b) Ensure that the internal and external risks relevant to the organisation have been effectively identified and assessed; Page 27 of 347 NNPC Limited ERM Processes and Procedures c) Develop and implement a sound system of internal controls and mitigating strategies to bring risks within acceptable levels and threshold limits; d) Review and validate key risk indicators & threshold limits for recommendation to the BAC for approval; e) Evaluate strategic initiatives and management decisions to ensure that they are within the approved risk appetite; f) Appoint risk owners for the key risks of the organisation; and g) Ensure that risk management policies are integrated into NNPC Limited’s culture 4. Functional Heads All functional heads will be responsible for the day-to-day identification, mitigation, management and monitoring of risks within their respective departments. Specifically, they shall: a) Adhere to NNPC Limited’s process for identifying and managing risks to which they are exposed; b) Identify and report risk events to RM function; c) Report on associated risk profile and status of risk mitigating strategies to the ERM Function; d) Continuously identify, mitigate and monitor risks within their respective business areas; e) Implement policies and procedures developed to manage risks; and f) Manage day-to-day risk exposures by complying with standard operating policies and procedures. Page 28 of 347 NNPC Limited ERM Processes and Procedures Functional Heads as Risk Champions: Functional Heads shall serve as functional risk champions or appoint champions within their function who shall perform the following risk management activities: a) Act as a communication channel between the ERM Function and risk owners; b) Educate members of their team on the use of the control selfassessment questionnaires; c) Drive the implementation of risk mitigation plans within the risk register for the departments; d) Conduct risk awareness sessions at departmental meetings; e) Manage the team’s risk event database and communicate identified risks to the ERM Function ; and f) Escalate challenges with risk management efforts within their departments. Second Line of Defence – Risk Oversight The ERM Function s at NNPC Limited and its subsidiaries perform the following risk management activities: a) Perform periodic scans of the operating environment for emerging risks; b) Develop and implement the necessary tools and templates to embed ERM across NNPC Limited and its subsidiaries; c) Maintain and monitor (changes in) NNPC Limited’s risk inventory by engaging all process owners to identify risks and obtain an enterprisewide view of risks; d) Foster a corporate risk culture through adequate training and serving as an internal ambassador and resource centre for ERM; Page 29 of 347

NNPC Limited ERM Processes and Procedures PDF

Document Details

Tags

Related

Summary

Full Transcript

Upgrade to continue