Statoil defines risk as a deviation from a specified reference value and the uncertainty associated with it. A positive deviation is defined as an upside risk, while a negative deviation is a downside risk. The reference value is expectation - most likely a forecast, percentile or target. We manage risk in order to ensure safe operations and to reach our corporate goals in compliance with our requirements.
We have an enterprise risk management (ERM) approach, which means that we:
- Have a risk and reward focus at all levels of the organisation,
- Evaluate significant risk exposure relating to major commitments, and
- Manage and coordinate risk at the corporate level.
All risks are related to Statoil's value chain, which denotes the value that is added in each step - from access, maturing, project and operation to market. In addition to the economic impact these risks could have on Statoil's cash flows, we also try to avoid HSE and integrity-related incidents (such as accidents, fraud and corruption). Most of the risks are managed by our principal business area line managers. Some operational risks are insurable and are managed by our captive insurance company operating in the Norwegian and international insurance markets.
Our corporate risk committee (CRC) is headed by our chief financial officer and its members include representatives of our principal business areas. It is an enterprise risk management advisory body that primarily advises the chief financial officer, but also the business areas' management on specific issues. The CRC assesses and advises on measures aimed at managing the overall risk to the group, and it proposes appropriate measures to adjust risk at the corporate level. The CRC is also responsible for reviewing, defining and developing our risk policies. The committee meets at least six times a year to decide our risk management strategies, including hedging and trading strategies, together with risk management methodologies. It regularly receives risk information relevant to the group from our corporate risk department.
We have developed policies aimed at managing the financial volatility inherent in some of our business exposures, and, in accordance with these policies, we enter into various financial and commodity-based transactions (derivatives). While the policies and mandates are set at the group level, the business areas responsible for marketing and trading commodities are also responsible for managing commodity-based price risks. The interest, liquidity, liability and credit risks are managed by the company's central finance department.
The following section describes in some detail the market risks to which we are exposed and how we manage these risks.