BP insiders may be the only people who are privy to the truth behind what actually went wrong and caused the explosion of the Deepwater Horizon offshore oil rig in April of 2010. However, history shows that this isn’t the only disaster BP has encountered over the years. Other incidents include a refinery explosion in 2005, ruptured pipeline in 2006 and narrowly missed platform explosion in 2003. All these accidents occurred amidst a flurry of safety violations, sparking a comment by CEO Tony Hayward in 2007 acknowledging a failure to meet standards and a promise to improve risk management. So where did he go wrong? A recent Compliance Week article discusses answers to this question.

Toxic Corporate Culture

The concept of enterprise risk management is founded upon a tone at the top set by executives who believe in and support a corporate culture that raises awareness about key risks and how to handle them throughout the organization. In BP’s case, while the CEO called for increased risk management, he never delivered. At the Deepwater Horizon well, the company opted for cheaper and easier solutions in order to save time and money both before and after the explosion in 2010.

Senior BP executives have also been ambitious in exploration and production endeavors while showing indifference towards engineering excellence and maintenance budgets. The majority of safety focus was on infractions that were highly likely with lower impacts with hardly any consideration of less likely, high impact risks.

What BP Did Wrong

Any company seeking to implement successful processes to manage enterprise risks can learn several key lessons from BP’s business practices.

1. Effective communication throughout an organization must be available to ensure the right people are informed about the right risks on a timely basis. This includes whistleblower processes, a system that was ineffective at BP noted by workers who feared for their jobs for raising safety concerns.

2. Executives need to consider the “black swans” of potential risks; the ones that carry a low likelihood of happening but could destroy a company in one fell swoop. BP stands as the current day example with economical, ecological and reputational damage eating away at the company.

3. Scenario planning should be considered for identified risks where no current solution exists. If BP had already practiced emergency procedures for a burst oil pipe, the damage could have been less severe.

4. Board members should also provide oversight for risk management practices and serve in the investor’s best interest. It appears that BP’s board of directors was either comfortable with the extreme amount of risk management was taking or was uninformed about the practices that were going on.

What is important to take away from BP’s experience is that risk management isn’t about avoiding risks. Instead, it is focused on understanding the key risks a company faces then taking the right risks at the best time after using the most appropriate precautions.

Click below to access Compliance Week to purchase the article