Value and Risk: Enterprise Risk Management in Statoil

Abstract

In Statoil, understanding and managing risk is today considered a core value. This principle has been duly integrated in the organization, and is inscribed in steering documents as well as in a booklet handed out to all employees, describing core values, corporate governance, the operating model and corporate policies. The company has developed a sophisticated approach to ERM that centers on the principle of value creation. ERM is thoroughly embedded in the business units’ way of doing things, and it appears to enjoy the wholehearted support of Statoil’s executive officers and board of directors. Statoil has, in other words, managed to make ERM into something that makes a real difference. To gain insights about the success factors behind this outcome, we will investigate how Statoil has dealt with the four main general tasks that fall on executives responsible for ERM: 1) make sure that there is an adequate process for identifying, managing and reporting risks throughout the company, 2) act as support function to business units in this work, 3) detect and counteract risk management decisions that are suboptimal for the company as a whole, and 4) analytically aggregate risks to support decision-making concerning the company’s total risk profile