It seems barely believable that, after over two months, the Deepwater Horizon incident continues to dominate the news on both sides of the Atlantic. It is clear that the US media and politicians have already made up their mind that BP did not manage their risks appropriately. Surely though a company of BP’s size, operating in such an obviously dangerous industry, would have a clear policy on Risk Management.
Indeed they do and as part of this they produced an excellent guide “Integrity Management: Learning from Past Major Industrial Accidents” in 2005 (reissued in 2006 after the Texas City explosion). The objective of the book is to “Disseminate more widely and in a simple, user-friendly way, the main lessons from past incidents.” Drawing on accepted best practice, they use case studies from both within and outside the Oil & Gas industry to highlight many useful generic lessons to minimise the risk of incidents. Nevertheless, the Deepwater Horizon explosion occurred.
Turning to another industry sector; it seemed impossible (at the time) that Northern Rock could collapse so spectacularly. Once again, this was an established company operating in a sector where the risks are well known. Northern Rock also had a comprehensive Risk Management policy – taking up 6 pages (out of 108) in the company’s 2006 Annual Report – but the crisis still occurred.
The clear lesson from these, and other incidents, is that a Risk Management policy on its own is no protection against a crisis. Firstly, it is vital to ensure that everyone is aware of the policy and incentivised to follow it so as policy translates into practice. Secondly, however good your Risk Management; you have to accept the possibility that incidents will still happen and plan appropriately to deal with a crisis if it occurs.
Follow this link for more information on Risk Evaluation and Control.