A series of internal BP memos were recently published by Congressional investigators which, they say, are proof that the British company systematically and negligently put safety at risk on the Deepwater Horizon oil rig in exchange for the prospect of increased profits. Henry Waxman, chairman of the House Energy and Commerce Committee and head of its oil spill investigation, accused BP of making at least five questionable decisions prior to the disaster (see Times Online). Every time BP had a decision to make, they chose to cut corners; to do things more quickly than they should have; and, to take the less expensive route. The consequence of these decisions is what has left us a blackened Gulf of Mexico. Time after time, it appeared that BP made selfish decisions that increased wide-scale risk for the sake of saving the company time or money.
The key factor in the case against BP is that the Gulf catastrophe was not merely an “unfortunate accident” resulting from a single misstep, but was caused by a series of poor, consciously-made decisions. As muddied as the Gulf waters now are, it’s crystal clear to investigators that BP chose to blatantly bypass the rigorous risk and safety practices to which the rest of its industry adheres. Here’s a prime example of BP’s negligence in the Deepwater Horizon project (Overview of a Failed Approach):
- one week before the rig explosion, BP requested three design changes to the well over a 24-hour period
- failure of Blow-Out-Preventers (BOP) seems to be a general failure in proper maintenance and precaution on the part of the well designers, who were rushing through the process in which they were behind schedule
- a possible dead battery was not replaced which may have left the BOP activation system inoperable
- the issue to shut down and evacuate as part of the emergency plans failed due to an inexperienced captain not familiar with the plans
The magnitude and “schizophrenic” nature of these change requests and issues reflected BP’s general failure to properly maintain and protect its operation and its operators, and points to the corporation’s general neglect for safety.
This wasn’t the first time BP risked disaster as a result of neglect for safety. The near sinking of Thunder Horse in 2005 was caused by a shockingly simple mistake: a check valve had been installed backward. After costly repairs to fix that damage, BP discovered a more significant problem: rudimentary mistakes in the welding of pipes in the underwater manifold. Had the well been active, the damaged pipes would have caused a major oil spill much like the Deepwater Horizon fiasco.
Time and again, BP has insisted that it knows how to successfully balance risk and safety with efficiency and profit. Yet evidence clearly indicates that it has been unable to effectively maintain that balance. The numbers speak for themselves – 760 safety violations against BP administered by OSHA. Compare that with the track records of Sunoco (8) , Conoco-Phillips (2), CITGO (2), and ExxonMobil (1). This is not an industry problem. This is a BP problem.
“You can have the best intentions in the world, you can have the best equipment in the world, but it’s a combination of intentions, equipment and judgment that keeps accidents out of the workplace. If you are going to ask people to innovate, you’d better make sure that they know that any risks they take are manageable,” quoted from a former BP executive (see NY Times).
So what is the root cause of all these BP issues?
The Department of Energy National Commission on the BP Deepwater Horizon Oil Spill and Offshore Drilling (see Charter of the Commission) discussed that very question during its July 12-13th meeting – an examination of facts and circumstances concerning the root cause(s) of the explosion, the fire and the oil spill, and to develop options to safeguard and mitigate the impact of any oil spills associated with offshore drilling in the future.
Do you think BP had a solid risk plan, risk assessment of decisions made, and risk analysis of risk tolerance vs. cost, and that real-time risk data was available throughout the entire business process and across the organization? Well, maybe not then, but curiously, Mr. Hayward (BP CEO who has now been released from involvement with the disaster follow-up) recently set up a new company-wide management system to evaluate risks, standardize safety practices and improve decision-making — a step in the right direction, but a little too late.
So why would the world’s second largest oil company just now be implementing a risk management system? Simply put, for BP and many other highly regulated firms, risk is all too commonly seen as a burden to innovation and delivery. Many companies still struggle to see that a good risk management system helps, not hinders business performance. Sure, healthy risk-taking drives business; however, organizations must be aware – in advance, not in hindsight – whether they are taking the appropriate risk, whether that risk is being managed effectively, and if there is a plan in place to monitor risk. It’s inevitable that a casual and uncontrolled approach to risk will result in disaster — have you looked in own your own backyard lately?
Poorly managed risk and compliance generates complexity, redundancy, and failure. Poor management means an organization is not thinking about how controls and processes can be designed to meet a range of risk and compliance needs. Likewise, the organization doesn’t grasp how risk management and compliance impact operational and corporate performance. What may seem to one area in the organization to be an insignificant risk may, in turn, have a far more serious impact when other risks are factored-in, either from another area’s business process or a different risk category. Too often organizations are reactive and lack a cohesive strategy. Typically, and regrettably for most, the reaction occurs after a dangerous fire has been put out.
So when are organizations truly at-risk? When they continue to depend on out-of-sync control mechanisms and/or disconnected risk policies, processes and systems. The companies that maintain this careless approach to risk and compliance ends up, in the long-run, spending excessively on internal management; and when things go awry, they face the inevitable overwhelming costs of regulatory fines, lawsuits and losses due to soiled brand reputation.
The industry says that BP may be looking at over $40-50 Billion — can your company afford that?
New risk and compliance issues constantly emerge in industry, so it’s critical that organizations take care to tackle problems at their roots, before they spread like ugly, damaging weeds. To attain a sustainable enterprise view of risk, accountability must be effectively managed, and a complete system of record should provide visibility across the key business processes and systems. Today, we have the technology to empower business-process owners to continuously manage risk and compliance. Technology is also there to directly integrate controls within business processes, applications, and systems, thereby preventing and/or detecting unwanted behavior. More and more, executives are becoming aware of these redundant risk-and-compliance projects, and are committing to an enterprise risk and compliance strategy. Even Mr. Hayward (yes, hindsight is 20/20!).
All organizations face a complex array of risk and compliance demands that impact business. Today’s organization – whether in the oil, life sciences, or other high-risk industry — must implement control-monitoring processes and technology that streamlines operations, minimizes risk, meets regulatory requirements, and supports business agility and efficiency. Risk is about protecting the business — staying within defined risk and requirement boundaries to minimize loss while optimizing performance – and that leads to better performing profitability.