NNPCL GRC_Risk Mitigation.pdf

NNPC Limited ERM Processes and Procedures 5.4 Risk Mitigation and Control Introduction Risk mitigation is a process of putting controls in place to reduce the level of occurrence or magnitude of impact of risks. When risks have been identified and assessed, the next step is to carefully decide on the best approach to mitigate the risks. NNPC Limited and its subsidiaries shall adopt any of the four (4) risk treatment approaches below. The risk mitigation strategies would differ based on the severity of the risk. S/ Mitigation Description Manageme Example Applicab N Alternativ nt Action le Risk e 1 Tolerate In using this approach, Accept the No (Acceptan NNPC will accept the stated risk incrementa ce) risks inherent in the exposure l treatment  Low risk Corporation’s or transactions i.e. the mitigation consequences of the risk is will be absorbed. This employed approach will either be adopted in instances where the magnitude of impact of these risks is low/minimal or where the cost of managing the risk far outweighs the loss to be incurred Page 57 of 347 NNPC Limited ERM Processes and Procedures S/ Mitigation Description Manageme Example Applicab N Alternativ nt Action le Risk e should the risk occur. 2 Treat  (Reduce) Under this approach, Employ one Policies NNPC will accept the or more risk and risk and adopt mitigation  High risk procedures  measures to reduce the strategies to , defining probability of its reduce all or authority occurrence and the partial limits, severity should it exposure obtaining crystallise. Processes expert and procedures advice Mediu m risk  Low risk standardisation, policy formulation, continuous education, regular defining training program, defining authority limits, obtaining expert advice are some of the risk reduction measures NNPC will deploy. 3 Transfer (Share)  Under this approach, Shift risk to Purchase  High NNPC will transfer the a third party insurance  Mediu Page 58 of 347 NNPC Limited ERM Processes and Procedures S/ Mitigation Description Manageme Example Applicab N Alternativ nt Action le Risk e consequences of the Outsourcin Corporation’s risks to g m other sources. Some common practices involved in risk sharing include purchasing various forms of insurance and finding external sources to perform activities of undesired risk levels also known as outsourcing. NNPC will transfer its risks to independent counterparties by utilising contracts, insurance arrangements, outsourcing arrangements and hedging instruments. 4 Terminate  These risks will include Discontinue (Avoidanc risks outside the all or partial e) Corporation’s risk activities appetite or risks whose  Obtain executive orders to High risk actions that specify Page 59 of 347 NNPC Limited ERM Processes and Procedures S/ Mitigation Description Manageme Example Applicab N Alternativ nt Action le Risk e rewards are not contributin mandate remain commensurate with the g to or  risks undertaken. creating risk Specifically, NNPC will exposure Discontin tably ue specific discontinue activities activity that generate these from risks, where possible. which The Corporation would the risk utilise this approach for unaccep arises high-risk actions that high even after controls have been applied. remain unacceptably high even after controls have been applied. The risk map below illustrates the effects of an implemented mitigation plan on the inherent/gross risk. The implemented plan should have the effect of moving the gross risks towards the bottom left hand corner of the grid, resulting in residual risk. An illustration of this effect is graphically depicted as follows: 8 4 5 9 7 Major Impact 1 7 Extreme 8 Moderate 13 Minor 1 1 1 4 9 17 14 5 Page 60 of 347 1 NNPC Limited ERM Processes and Procedures Objectives To reduce and eliminate the impact that risk has on the strategic objective of the organisation. Policies S/N Description 1. All identified and prioritised risks shall have documented mitigation strategies 2. The Risk Management Team shall identify the existing controls and ascertain their effectiveness. 3. The RMF shall ensure the relevant risk mitigation approach for the level of risk is considered by Management before decisions are made 4. The mitigation plan shall clearly identify the individuals responsible for implementing the plan Procedures S/N 1. Responsible Party Description Job Aid ERM Function Review risk identification and risk Office tools assessment reports to identify areas of significant exposure Page 61 of 347 NNPC Limited ERM Processes and Procedures Procedures S/N 2. Responsible Party ERM Function Description Job Aid Revalidate the control assessment Office tools performed during the risk assessment phase. The revalidation will involve reviewing the internal and external audit reports, focusing on the following: a) Independent on assurance the effectiveness of identified controls and mitigation activities. b) Control gaps noted and recommendations to address noted gaps. c) Significant and recurring control issues and failures. 3. 4. ERM Function and Risk Process Owner Identify and select appropriate risk ERM Function and Risk Assist process and risk owners with the Office tools mitigation approach and strategy. design and implementation of controls Office tools Email Page 62 of 347 NNPC Limited ERM Processes and Procedures Procedures S/N Responsible Party Description Process Owner to address Job Aid deficiencies and weaknesses noted. Input & Output Documents S/N 1. 2. Document Description Type Frequen cy Source Recipient Risk Ranking Input As required ERM Function Risk Owners Annually ERM Function Risk and Control Register Output ERM Function and Executive Management Key Performance Indicators S/N 1. Performance Measure Basis Measurement of Completeness of risk mitigation plans Number of risks without risk mitigation plans Timeframe Target As required TBD Page 63 of 347 NNPC Limited ERM Processes and Procedures Page 64 of 347 NNPC Limited ERM Processes and Procedures Page 65 of 347

NNPCL GRC_Risk Mitigation.pdf

Document Details

Tags

Related

Full Transcript

Upgrade to continue