(ON APPROACHES TO ASSESSING THE RISK MANAGEMENT SYSTEM MATURITY IN VERTICALLY INTEGRATED INTERNATIONAL PETROLEUM HOLDING COMPANIES. PART 1. MODELS FOR ASSESSING THE RISK MANAGEMENT SYSTEM MATURITY IN COMPANIES IN VARIOUS ECONOMY SECTORS)
This article deals with a review of methodological approaches to maturity assessment of risk management systems. The study is destined for identifying components of such systems and determining its relationship with their maturity levels in vertically integrated petroleum holding companies.
Part 1 provides a summary of the key elements of risk management systems which are in place in various organizations and expert communities in their methodology and in models for assessing such systems’ maturity. The task of the study is to determine all the components and provide their brief description being the basis of further maturity assessment in various models.
Part 2 of this article will provide proposals on the risk management system key components based on which it is recommended their maturity levels be assessed in vertically integrated companies including those of the petroleum industry. Knowledge of these components will allow risk owners and risk coordinators to more clearly and consciously form approaches to selfassessment of maturity levels of risk management systems prioritizing their development for the maturity level increase, based on the optimal use of limited resources.
Д.А. Пашковский, к.э.н., ПАО «Газпром» (Санкт-Петербург, Россия), A.Tarasova@adm.gazprom.ru
А.А. Быков, д.ф.-м.н., ПАО «Газпром», A.Bykov@adm.gazprom.ru
D.A. Pashkovsky, PhD in Economics, PJSC Gazprom (Saint Petersburg, Russia), A.Tarasova@adm.gazprom.ru
A.A. Bykov, DSc in Physics and Mathematics, PJSC Gazprom, A.Bykov@adm.gazprom.ru
Bank of Russia. Letter No. 06-52/2463 dated 10 April 2014. On the corporate governance Code. Available from: http://www.cbr.ru/statichtml/file/59420/inf_apr_1014.pdf [Accessed: 8 November 2022]. (In Russian)
COSO. Enterprise risk management. Integrating with strategy and performance. Executive summary. Available from: https://www.coso.org/Shared%20Documents/2017-COSO-ERM-Integrating-with-Strategy-and-Performance-Executive-Summary.pdf [Accessed: 8 November 2022].
ISO. ISO 31000:2018. Risk management – Guidelines. Available from: https://www.iso.org/standard/65694.html [Accessed: 8 November 2022]. (Available upon purchase)
President of Russia. List of requests following the meeting on improving the efficiency of state-owned companies approved by the President of Russia on 27 December 2014. Available from: http://www.kremlin.ru/acts/assignments/orders/47370 [Accessed: 8 November 2022]. (In Russian)
The Russian Government. Order No. 91-r dated 23 January 2003. On the list of joint-stock companies. Available from: http://government.ru/docs/all/44369/ [Accessed: 8 November 2022]. (In Russian)
Ernst & Young Global Limited. Research in the Field of Internal Audit, Risk Management, Internal Control, And Compliance in Russian Companies with State Participation. 2019. Moscow: EY; 2020. (In Russian)
Federal Agency on Technical Regulating and Metrology (Rosstandart). GOST R ISO 31000–2019 (state standard). Risk management. Principles and guidelines. Available from: https://docs.cntd.ru/document/1200170125 [Accessed: 8 November 2022]. (In Russian)
OAO Gazprom (open joint-stock company). STO Gazprom 4.2-5-002–2013 (company standard). Assessment of the organization maturity. Moscow: Gazprom; 2014. (In Russian)
Paulk M, Curtiss W, Chrissis MB, Weber CV. Capability maturity modelSM for software, version 1.1. Carnegie Mellon University. Report No.: CMU/SEI-93-TR-024 ESC-TR-93-177, 1993.
Rosstandart. GOST R ISO 9000–2015. Quality management systems. Fundamentals and vocabulary. Available from: https://docs.cntd.ru/document/1200124393 [Accessed: 8 November 2022]. (In Russian)
Blank IA. Dictionary-Reference Book of the Financial Manager. Kyiv: Nika-Centre; 1998. (In Russian)
ISO. ISO/IEC/IEEE 24765:2017. Systems and software engineering – Vocabulary. Available from: https://www.iso.org/standard/71952.html [Accessed: 8 November 2022]. (Available upon purchase)
Humphrey WS. Characterizing the software process: A maturity framework. IEEE Software. 1988; 5(2): 73–79. https://doi.org/10.1109/52.2014.
Paulk MC, Curtis B, Chrissis MB, Weber CV. Capability maturity model, version 1.1. IEEE Software. 1993; 10(4): 18–27. https://doi.org/10.1109/52.219617.
EFQM. The EFQM Model. Available from: https://efqm.org/the-efqm-model/ [Accessed: 8 November 2022].
Carnegie Mellon University. CMMI® for development, version 1.3. Carnegie Mellon University. Report No.: CMA/SEI-2010-TR-033 ESC-TR-2010-033, 2010.
Fahrenkrog SL, Haeck W, Abrams F, Whelbourn D. PMI’s organizational project management maturity model. In: PMI Proceedings of the PMI® Global Congress, 25 September 2003, Baltimore, MD, USA. Newtown Square, PA, USA: Project Management Institute; 2003. Available from: https://www.pmi.org/learning/library/pmi-organizational-maturity-model-7666 [Accessed: 8 November 2022].
Redmond S (ed.), Sowden R, Hinley D, Clarke S. Portfolio, Programme and Project Management Maturity Model (P3M3). Introduction and Guide to P3M3®. London: OGC; 2010.
Kerzner H. Strategic Planning for Project Management Using a Project Management Maturity Model. New York, NY, USA: John Wiley & Sons; 2001.
Kwak YH, Ibbs CW. Project management process maturity (PM)2 model. Journal of Management in Engineering. 2002; 18(3): 150–155. https://doi.org/10.1061/(ASCE)0742-597X(2002)18:3(150).
Bushuyev S, Wagner RF. IPMA Delta and IPMA Organisational Competence Baseline (OCB): New approaches in the field of project management maturity. International Journal of Managing Projects in Business. 2014; 7(2): 302–310. https://doi.org/10.1108/IJMPB-10-2013-0049.
Meisner R. MINCE – A Framework for Organizational Maturity. Zaltbommel, Netherlands: Van Haren Publishing; 2007. 248 p.
Jeong KS, Siriwardena ML, Amaratunga RDG, Haigh RP, Kagioglou M. Structured process improvement for construction enterprises (SPICE) level 3: Establishing a management infrastructure to facilitate process improvement at an organisational level. Available from: http://usir.salford.ac.uk/id/eprint/9965/1/280_Jeong_KSStructured_Process_Improvement.pdf [Accessed: 8 November 2022].
Hillson D. Assessing organisational project management capability. Journal of Facilities Management. 2003; 2(2): 298–311. https://doi.org/10.1108/14725960410808276.
Crawford KJ. Project Management Maturity Model. New York, NY, USA: Auerbach Publ.; 2007. https://doi.org/10.1201/9781003129523.
Nikolaenko VS, Miroshnichenko EA, Grisaev RT. Project management maturity models: Critical review. Public Administration. E-Journal [Gosudarstvennoe upravlenie. Elektronnyj vestnik]. 2019; 73: 71–111. (In Russian)
Hillson D. Towards a risk maturity model. The International Journal of Project and Business Risk Management. 1997; 1(1): 35–45.
Deloitte LLP. Enterprise Risk Management. A ‘Risk‑Intelligent’ Approach. London: Deloitte; 2015.
KPMG International Limited. Taking ERM to a Global Scale. Available from: https://assets.kpmg/content/dam/kpmg/pdf/2015/11/taking-erm-to-aglobal-scale.pdf [Accessed: 8 November 2022].
PricewaterhouseCoopers Oy. Enterprise Risk Management (ERM). Benchmarking Survey 2008. Helsinki: PwC; 2008.
The Risk Maturity Model. The RMM Explained. Available from: https://www.riskmaturitymodel.org/rims-risk-maturity-model-rmm-for-erm/ [Accessed: 8 November 2022].
Walker P, Shenkir WG. Enterprise risk management: Tools and techniques for effective implementation. Available from: https://www.imanet.org/insights-and-trends/risk-management/enterprise-risk-management-tools-and-techniques-for-effective-implementation?ssopc=1 [Accessed: 8 November 2022].
Standard & Poor’s Financial Services LLC. Criteria. Insurance. General: Enterprise Risk Management. New York, NY, USA: Standard & Poor’s Financial Services; 2013.
Hopkinson M. The Project Risk Maturity Model. Measuring And Improving Risk Management Capability. London: Routledge; 2010. https://doi.org/10.4324/9781315237572.
Brykalov SM, Kuznetsova NA, Trifonov VYu, Trifonov YuV. Risk management maturity model efficiency assessment. Fundamental Research [Fundamental’nye issledovaniya]. 2021; (3): 17–26. https://doi.org/10.17513/fr.42974. (In Russian)
Purdy G. How Good is Our Risk Management? Available from: https://broadleaf.com.au/old/pdfs/articles/RiskWatch_December2010.pdf [Accessed: 8 November 2022].
New Zealand Government. Enterprise Risk Maturity. Available from: https://www.digital.govt.nz/assets/Standards-guidance/Governance/AoGenterprise-risk-maturity-assessment-framework.xlsx [Accessed: 8 November 2022].
Yevich AI. Results of diagnosing the current state of risk management, internal control, and internal audit systems in federal executive authorities, executive authorities of the constituent entities of the Russian Federation, and local governments. Available from: https://minfin.gov.ru/common/upload/library/2017/07/main/Diagnostika_tekushchego_sostoyaniya_sistem.pdf [Accessed: 8 November 2022]. (In Russian)
Federal Agency for State Property Management. Order No. 306 dated 22 August 2014. On approval of the Methodology for self-assessment of the quality of corporate governance in companies with state participation. Available from: https://www.consultant.ru/document/cons_doc_LAW_168788/ [Accessed: 8 November 2022]. (Accessible for registered users; in Russian)