The increasing complexity of business processes and the materialization of large risk events have significantly increased the risk management activity in recent years, which has led to many reflections, regulations and recommendations on the subject as well as to much work being carried out to enhance risk management in all types of businesses and institutions.
This has gone hand in hand with the growing use of quantitative methods in company and business management, which has been brought about by the need for improved systems in areas as competitive as traditionally regulated energy markets, and further assisted by greater availability of data, technology resources and knowledge.
Against this backdrop, companies have created or developed risk functions and worked on evolving the organization and its governance, policies and models, as well as processes and technology to support the risk management and control activity. Significant improvements have been made in how risk is approached, driven by greater requirements from stakeholders and new regulations, or simply by the added value that developing best market practices provides.
One of the main challenges facing the Risk Function lies in contributing to value generation by integrating the risk model in the business processes to support decision-making and not just as a control tool. It could be argued that the level of effective integration of the risk model in the management process is the most significant differentiating factor when it comes to identifying the maturity of this function in non-financial companies. This maturity, however, tends to vary within the same company depending on the types of risk involved as well as on the company areas and activities.
One of the most significant risks facing businesses in general and energy companies in particular is operational risk, as it affects productive assets that are susceptible to failure and thus to generating economic loss and personal injury or environmental damage, with a potentially significant impact on reputation.
It is precisely because of the potentially fatal consequences it has in terms of economic loss, environmental impact and loss of human life, that operational risk has been traditionally managed through prevention and contingency plans. Operational risk has also been addressed through insurance programs run by specialist departments within the organization that are generally advised by insurance companies and brokers. Although operational risk in general, and insurable operational risk in particular, have a history of being managed by the companies themselves, the use of quantitative techniques has been lower and less uniformly carried out among companies.
This publication is precisely intended to explore the practical application of operational risk models and techniques in the industry, and therefore to serve as an example of how the use of advanced methodologies for operational risk management may contribute to adequate operational risk quantification and improved insurance programs.
To do this, the document first provides an overview of the Risk Function in the broad sense (Enterprise-Wide Risk Management), followed by an explanation of the operational risk management concept and related methodologies, and concludes with a quantitative exercise illustrating the specific application of these methods for optimizing the insurance program of firms in the industrial sector, particularly those in the energy industry.