NNPCL GRC Risk Monitoring PDF
Document Details
Uploaded by ReplaceableSalmon
null
Tags
Summary
This document details risk monitoring and reporting procedures for NNPC Limited. It covers the objective, policies, procedures, reporting framework, and key performance indicators. It describes the various steps in risk monitoring and reporting, along with the responsibilities for each step.
Full Transcript
NNPC Limited ERM Processes and Procedures 5.5 Risk Monitoring and Reporting Introduction Risk monitoring involves the re-evaluation of all risks recorded on the risk treatment plan to ensure that the current assessment remains valid. Objective To keep track of the risks that occur and the effe...
NNPC Limited ERM Processes and Procedures 5.5 Risk Monitoring and Reporting Introduction Risk monitoring involves the re-evaluation of all risks recorded on the risk treatment plan to ensure that the current assessment remains valid. Objective To keep track of the risks that occur and the effectiveness of the responses which are implemented by an organization. The objective is to enable decision-makers to regularly evaluate risk management performance. Policies S/N 1. Description Risk monitoring and review shall form part of NNPC Limited and its subsidiary normal management reviews and shall be performed either daily, weekly, monthly, quarterly, half-yearly or yearly depending on the type and nature of the risks. 2. The following aspects of risk management shall be monitored: 1. Status of mitigation plans The status of implementation of mitigation strategies agreed to prevent risks or lower them to acceptable limits shall be monitored periodically. 2. Key risk indicators (KRIs) Page 66 of 347 NNPC Limited ERM Processes and Procedures Policies S/N Description Key risk indicators are metrics to be used in providing early signals of increasing risk exposures in various areas of NNPC Limited and its subsidiaries. A threshold limit shall be defined for each KRI. The KRIs shall be periodically monitored against their threshold limits. 3. Risk and control self-assessment (RCSA) The RCSA is a repository of applicable controls designed to address operational risks within the business. The process owners shall be required to periodically attest to compliance with the controls and the result shall be validated by the RM function. 4. Risk register review The risk register is a comprehensive record of all risks within NNPC Limited. The document shall be maintained by the Risk Management Division. The risk register may be maintained in MS Excel or in applicable risk management software/ERP system. Regardless of the form taken, the risk register would at a minimum capture the following information: a) Description of risk; b) Type of risk; c) Likelihood and impact of risk on NNPC Limited and its subsidiaries; d) Level of risk; e) Mitigating controls; and Page 67 of 347 NNPC Limited ERM Processes and Procedures Policies S/N Description f) Risk owners. 5. External risk review There shall be periodic examination of the environment for emerging risks within the NNPC Limited’s sphere of operation. This shall be done by performing a thorough scan and analysing all relevant risk factors that may directly or indirectly impact NNPC Limited’s objectives. 6. Risk events This is a review of the risk incidents that have occurred within the various business units within NNPC Limited and its subsidiaries. The risk event documentation shall in the minimum contain description of event, root cause, severity of impact and summary of action plan. 3. A reporting framework shall be developed and maintained by the ERM Function, detailing the risk reports to be generated, the frequency and the recipients. (Please see Appendix B for a reporting framework which can be periodically updated to reflect changes in the business or additional information required by the management of NNPC Limited). 4. Risk progress reports shall be generated by the ERM Function to assess the adequacy and completeness of the risk management process. Page 68 of 347 NNPC Limited ERM Processes and Procedures Policies S/N 5. Description Every support unit of the Company shall conduct a detailed risk and control self-assessment for all its processes on an annual basis. Procedures Responsibl e Party Description Job Aid 1. ERM Function and Risk Owner Determine qualitative and quantitative risk information to be monitored and reported. Office tools 2. ERM Function and Risk Owner Establish indicators, triggers and standards for tracking, capturing and monitoring risk information. Office tools 3. ERM Function Establish a centralised risk management NA system to identify, value, and capture risk information. 4. ERM Function Establish and agree risk monitoring and ERM Function Establish and agree risk escalation NA procedures including the following: S/N 5. Office Tools reporting responsibilities. Frequency and format for reporting. Triggers to prompt management Page 69 of 347 NNPC Limited ERM Processes and Procedures Procedures S/N Responsibl e Party Description Job Aid actions. 6. ERM Function Establish process for continuous risk NA monitoring. 7. ERM Function and Risk Process Owner Define key risk indicators and assign NA accountability and responsibility for the risks. Input & Output Documents S/N 1. Document Description Type Frequen cy Risk Tool Input Quarterly ERM Function ERM Function & Risk Owner Output Quarterly ERM Function Board & Executive Manageme nt Monitoring Risk Report 2. Source Recipient Key Performance Indicators S/ N Performance Measure Basis Measurement of Timeframe Target Page 70 of 347 NNPC Limited ERM Processes and Procedures Key Performance Indicators 1. 2. Timeliness Board reporting Accuracy reporting of of Circulation quarterly papers of board Number of material errors, omissions, and misrepresentations in the report. Quarterly At least one week before Board meeting Quarterly TBD Page 71 of 347 NNPC Limited ERM Processes and Procedures Page 72 of 347