NNPCL GRC_Risk Culture.pdf

Full Transcript

NNPC Limited ERM Processes and Procedures

Policies
S/N
10.

Description
Re-evaluation of the risk appetite
NNPC Limited’s risk appetite will need to be re-evaluated:
a)

As part of Its strategy planning cycle and goal-setting
process;

b)

When significant changes are made to NNPC Limited’s
organisational structure;

c)

When changes are made to Its overall strategy and goals; and

d)

When there are changes in the expectations and risk
preferences of key stakeholders.

The following considerations shall be made in the course of the
review:


Changes to the Company’s strategic objectives and risk
preferences



Changes in prevailing market realities and economic
conditions



The output shall be the revised risk appetite statements and
key risk indicators.

Page 15 of 347

NNPC Limited ERM Processes and Procedures

3.0 Risk Culture
Introduction
NNPC’s risk culture encompasses the shared knowledge, understanding,
values, beliefs, attitudes of Management and staff towards risks. A strong
risk culture leads to effective management of risks while a weak risk
culture.
Objectives
To ensure the development of a strong risk culture, alignment of vision
and values in the management of risks across NNPC Limited.

Policies
Policies
S/N
1.

Description
Management and staff of NNPC Limited shall be committed to
the optimal management of risk in order to achieve the
Company’s mission and vision, as well as protect Its core values.

2.

Management shall ensure periodic training and awareness on
risks are provided to all stakeholders within NNPC Limited

3.

NNPC Limited shall proactively identify future uncertainties and
adequately plan for them without inhibiting growth and value
creation.

Page 16 of 347

NNPC Limited ERM Processes and Procedures

Policies
S/N
4.

Description
Employees are expected to proactively manage risks in their
operations

and

will

be

recognised

for

their

good

risk

management practices in our performance evaluation process.
5.

NNPC Limited and its subsidiaries shall adhere to the following
four (4) key pillars:

a)

Leadership – The Board and Senior Management shall set
the tone at the top by establishing and promoting a strong
culture of adherence to risk limits and boundaries.

b)

Ownership – Every employee shall proactively manage risks
in their day-to-day activities i.e. risk management is a shared
responsibility. Every staff shall be trained to integrate risk
management in their respective day to day operations. See
Appendix A for the training policy.

c)

Transparency – There shall be open, clear and honest
communication
information

of

shall

risks
be

within

NNPC

communicated

Limited.
to

Risk

relevant

stakeholders periodically, to aid decision making.

d)

Compliance – There shall be low risk tolerance for breach of
laws,

regulations

and

organizational

policies.

The

Governance, Risk and Compliance Function shall be
empowered to monitor compliance.
Where the need arises, the GCEO is authorized to grant
exceptions to the application of this policy, and thereafter

Page 17 of 347

NNPC Limited ERM Processes and Procedures

Policies
S/N

Description
seek ratification from the NNPC Limited Board.

4.0

Risk Governance

4.1

Introduction
Risk governance refers to the structure for managing risks within NNPC
Limited and its subsidiaries. It also presents a comprehensive detail of the
responsibilities for monitoring and reporting business risks within NNPC
Limited and its subsidiaries.
The risk governance structure comprises:
1) The risk governance structure;
2) The ERM organizational structure;
3) The risk reporting structure;
4) The ERM roles and responsibilities; and
5) The ERM stakeholder relationships.
These are further detailed below:

1. Risk Governance Structure
NNPC Limited’s risk governance structure is based on the “three lines of
defense” model, which ensures that risk is properly managed throughout
NNPC Limited and its subsidiaries.

Page 18 of 347