Enterprise-wide risk management

Non-financial and financial risks are regularly identified, assessed, and reported through the Group-wide Enterprise-Wide Risk Management (EWRM) process.

The main purpose of the OMV Group’s EWRM process is to deliver value through risk-based management and decision-making. The OMV Group is constantly enhancing the EWRM process based on internal and external requirements. The process is facilitated by a Group-wide IT system supporting the established individual process steps, guided by the ISO 31000 risk management framework.

The Executive Board is responsible for risk oversight, ensuring that management has put in place a rigorous process for identifying, prioritizing, managing, and monitoring the critical risks affecting the Company. The Executive Board sets, communicates, and implements our risk management culture throughout the OMV Group.

A cross-functional committee chaired by the OMV Group CFO with members of OMV Group’s senior management – the Risk Committee – ensures that the EWRM process effectively captures and manages material risks across the OMV Group.

The Risk Committee assists and advises the Executive Board on all aspects of financial, operational, and strategic risks (irrespective of their financial or non-financial dimensions). It also provides assurance to the Executive Board that the OMV Group’s risk management process is supported with the appropriate tools, policies, and procedures and that risks are identified, measured, and managed in line with the Group’s policies and risk appetite.

The role of the Risk Committee is to

  • ensure that effective risk governance is in place and that regular reviews and updates are based on a best practice approach;
  • support OMV’s processes for developing its risk appetite and allocating capital and limits across the business;
  • validate the key non-financial and financial risks identified with respect to OMV’s medium- and long-term objectives, considering the following risk categories according to OMV’s risk taxonomy: operational risks (including all risks related to physical assets, production risks, project risks, personnel risks, IT risks, HSSE, climate change, and regulatory/compliance risks), strategic risks (arising, for example, from changes in technology, climate change, risks to reputation, or political uncertainties), and financial risks, including market price risks and foreign exchange risks;
  • review the Group Risk Report and define the overall risk landscape for final submission to the Supervisory Board’s Audit Committee;
  • evaluate risk mitigation measures for effectiveness and timely implementation to address major risks and recommend further actions to the Executive Board when risk tolerance levels are exceeded;
  • promote a risk awareness culture within the Company.

The Risk Committee meets at least four times a year, ensuring that risk awareness and prevention are deeply integrated into decision-making processes. The Committee validates the key non-financial and financial risks identified with respect to OMV’s medium- and long-term objectives.

In addition to including risks and opportunities in midterm planning at OMV, we believe that creating a risk-aware culture throughout the organization, where everyone is aware of the risks related to their jobs and implements risk management practices on a daily basis, is the most effective way to avoid potentially negative effects, while embracing the opportunities that may arise. To this end, our comprehensive Enterprise-Wide Risk Management (EWRM) program is led by senior management and cascades to every employee of the Company.

Risk management process

The risk management process combines an intensive bottom-up and top-down approach, with every single employee responsible for implementing the most appropriate mitigation strategies for the risks within their sphere of responsibilities. Risks are identified in the bottom-up process during day-to-day business at asset level. Department heads are responsible for initiating the risk analysis, which includes selection of the appropriate risk identification techniques. These include not only interviews, workshops, surveys, and analyses of historical losses, but also information on risks documented in risk registers or loss databases. In particular, environmental risks are identified by using approaches such as a standardized environmental risk assessment methodology applying a double materiality approach whenever possible. Risk coordinators and subject-matter experts assist with risk identification. Such risks are then analyzed against a medium-term horizon of three years, including their possible quantitative impact as a deviation of cash flow from the midterm plan and the likelihood of such an impact. Heat maps or risk matrices are used to support the assessment process and serve to identify probability ranges and the related consequences if risks were to materialize.

The top-down risks are analyzed against a longer time horizon of up to seven years and beyond (e.g., in accordance with the life of a project or of a field). With respect to climate change, risks and opportunities include both acute and chronic physical risks, regulatory risk, technology risk, reputational risk, and new market opportunities arising in the long term.

In order to identify such risks, we continuously monitor OMV’s internal and external environment and conduct interviews with senior management, subject-matter experts, and Executive Board members. This process complements the bottom-up approach and captures the risks inherent in the strategy. We collect information on root causes, consequences, corresponding risk mitigation actions and their effectiveness, and changes in internal and external factors influencing likelihood. These are assessed in working sessions with senior management and subject-matter experts. As part of the Risk Report, this analysis is discussed at the OMV Executive Board level and presented to the OMV Audit Committee.

All risks with risk ratings exceeding a certain threshold at Group level are included in the Group Risk Report and are considered to be substantive irrespective of their probability. However, the threshold can vary depending on the management focus for that specific risk management measure. In addition, risks are considered to be substantive if they are seen as such by relevant stakeholders, such as local communities, governmental authorities, employees, or suppliers, even when the financial impact is not significant. For further information on engagement with relevant stakeholders, see Stakeholder Engagement Details.

Bottom-up and top-down perspectives are combined to provide a comprehensive risk profile of the organization, which is taken into consideration when the OMV strategy is developed or updated.

The formal process (“Risk Run”) of collecting risk information happens twice per year. The identified risks are aggregated and ranked depending on their impact on our business and then presented to the Risk Committee for review. The short- and long-term impact of risks and opportunities related to climate change are a special focus topic for the Risk Committee in 2020.

The OMV climate change risk management approach aims to meet the TCFD recommendations as well as the double materiality perspective proposed by the EU Non-Financial Reporting Directive. This new approach is being implemented gradually throughout the organization. Climate change risks are growing in importance in light of the oil and gas industry’s significant direct impact.

Risk taxonomy

Paying attention to every single risk makes risk management a holistic process. We use common risk terminology and language across OMV in order to facilitate effective risk communication. Environmental, Social, and Governance (ESG) risks, which specifically consider the emerging topic of climate change, are a key element in the OMV taxonomy.

The full spectrum of risks relating to OMV’s business, including economic, environmental, and social issues, is analyzed using either a semi-qualitative or quantitative approach and documented in a centralized risk repository. The resulting corporate risk profile provides a holistic view of issues that could affect Company performance in the medium and long term. The profile is therefore integrated into the decision-making process.

According to the OMV risk taxonomy, the following risk categories are considered:

  • Financial risks, including market price risks and foreign exchange risks
  • Operational risks, including all risks related to physical assets, production risks, project risks, personnel risks, IT risks, HSSE, climate change, and regulatory/compliance risks
  • Strategic risks arising, for example, from changes in technology, climate change, risks to reputation, or political uncertainties

For reporting purposes, this taxonomy is mapped to various other risk classifications such as NaDiVeG and TCFD.

Financial risk management

Market price and financial risks arise from volatility in the prices of commodities and include market price risks arising from European Emission Allowances, foreign exchange (FX) rates, and interest rates. Market price risk is monitored and analyzed centrally in respect of its potential cash flow impact using a specific risk analysis model that considers portfolio effects. Such risks also cover the impact of volatile prices for (European) Emission Allowances, where typical mitigation activities like spot, forward, or futures transactions are applied to ensure a balanced position of emission allowances by selling the surplus or covering the gap.

Operational risk management

The nature of OMV’s business operations exposes the Group to various Health, Safety, Security, and Environment (HSSE) risks. Such risks include the potential impact from natural catastrophes as well as process safety and personal security events. Other operational risks comprise risks related to the delivery of capital projects or legal/regulatory non-compliance. All operational risks are identified, analyzed, monitored, and mitigated following the Group’s defined risk management process.

OMV focuses particularly on five Sustainability Strategy areas: HSSE; Carbon Efficiency; Innovation; Employees; Business Principles and Social Responsibility. OMV Executive Board members regularly (at least quarterly) discuss current and upcoming environmental, climate, and energy-related policies and regulations; related developments in the fuels and gas market; the financial implications of carbon emissions trading obligations; the status of innovation project implementation; and progress on achieving sustainability-related targets. OMV focuses on assessing the potential vulnerabilities of the Company to climate change (e.g., water scarcity, droughts, floods, and landslides), the impact of the Company on the environment, and the mitigation actions that will ensure a proper transition to a low-carbon environment (reduction of carbon emissions, compliance with new regulatory requirements, etc.).

Strategic risks

OMV regularly evaluates the Group’s exposure to climate-change-related risks in addition to the market price risk from European Emission Allowances. Such risks comprise the potential impact of acute or chronic events, such as more frequent extreme weather events or systemic changes to our business model due to a changing legal framework or substitution of OMV’s products due to changing consumer behavior. OMV recognizes climate change as a key global challenge. We thus integrate the related risks and opportunities into the development of the Company’s business strategy.

The following emerging climate-change-related risks were identified:

  • Legal risk linked to compliance and the cost of compliance with current regulations related to climate change, such as the EU’s emissions trading legislation
  • Emerging climate-change-related regulations aimed at the decarbonization of economic activities, such as future emissions trading programs, CO2 limits for cars, and legal controls on routine flaring and venting1For example, in an impact analysis we assumed that assets with routine flaring in Romania and Tunisia were temporarily forced to cease production due to regulations. In this scenario, which we consider to be very unlikely, a six-month stoppage would result in an estimated revenue loss of EUR 525 mn, representing around 3% of OMV Group revenues (based on 2018 revenues for crude oil production facilities in Tunisia and Romania, which currently conduct routine flaring).
  • Reduction in the cost of alternative energies leading to a competitive advantage for low-carbon fuels
  • Shift in consumer and investor preferences toward products and investments strongly aligned with the energy transition and offering climate change mitigation solutions
  • Chronic risks for OMV assets in various locations affected by climate change

For more information on climate change risk management, see Carbon Efficiency. Additional information on major financial and non-financial risks is included in the Annual Report 2019 under Risk Management.

1 For example, in an impact analysis we assumed that assets with routine flaring in Romania and Tunisia were temporarily forced to cease production due to regulations. In this scenario, which we consider to be very unlikely, a six-month stoppage would result in an estimated revenue loss of EUR 525 mn, representing around 3% of OMV Group revenues (based on 2018 revenues for crude oil production facilities in Tunisia and Romania, which currently conduct routine flaring).

Related links