Welcome to PIC | We pave the way for better future

ERM model consist of six main parts:
1- Strategy - Risk Management strategy is determined and driven by the overall corporate strategy.
2- Risk Catalogue - All relevant PIC risks are identified, classified and recorded in the Risk Catalogue/ Register.
3- Metrics, limits & treatment - Risk metrics, limits, and monitoring and treatment activities are defined and integrated in the existing processes.
4- System - It reflects all the key elements of the ERM Model and supports PIC in its Risk Management activities.
5- Processes & Procedures - Processes and procedures reflect the risk strategy and define the framework and the operative approach to the risk activities.
6- Organization - PIC risk governance structure reflects the strategy, policy and procedure needs and drives PIC to ERM Model.

On September 13, 2006, KPC approved its ERM Policy, that stated “Develop common corporate approaches, policies and processes to manage all risks facing KPC in the most efficient and effective manner.”

Therefore ERM developed their Policy and Guidelines which was Approved by PIC Board of Directors on March 26, 2007.

PIC Policy and Guidelines provides the overall context and objectives of Enterprise Risk Management within PIC. The policy contain ERM mission statement & risk appetite that describe the attitude of PIC towards risk.

PIC Risk Appetite and Tolerance of PIC’s is part of ERM Policy. “Risk Appetite” is one’s willingness to accept risks in pursuit of value. It depends on one’s strategic objectives and on their relative priority. “Ability to take risks” depends on one’s wealth and constraints. PIC has four types of tolerance high, medium, low, very low.

PIC ERM Mission statement

"To support PIC strategy by managing risks effectively through a flexible methodology, constantly reflecting changes in business needs and environment"

Risk Catalogue/Register is the central repository of PIC’s risks that categorizes and prioritizes all risks in PIC. In addition it provides detailed information on PIC risk portfolio. The Risk catalogue is a live document which is updated upon the inputs of each department. Data is gathered from each department during risk assessment where risks are identified, analyzed, quantified and inserted in the PIC risk catalogue.

Monitoring and treatment of risks are key steps of Enterprise Risk Management that ensure that the company’s risks remain under control, and that they are addressed and properly handled.

Risk monitoring and treatment are the steps that follow risk assessment in the overall risk management process. the company can decide to accept them, address them immediately, or monitor them against pre-set limits and treat them when limits are exceeded. The effectiveness of risk treatment is also monitored in order to take corrective actions and improve future action plans.

Risk treatment consists in taking preventive measures to reduce the impact of risks and to enhance the value of opportunities. Business uncertainties can be treated in different ways.

• Avoid: make the root cause impossible, e.g. by switching to a different work process that is not subject to this risk.

• Share: share the associated costs, and any positive or negative impacts, with a third party, e.g. through a JV.

• Exploit: invest resources (time, money, skills, reputation…) into realizing an opportunity.

• Contingency Plan: take no action at the moment, but prepare a plan on what to do if the risk occurs.

• Risks can also be "Accepted" as they are, if treatment is not possible or more costly than the potential benefit.

It will reflect all the key elements of the ERM model and will support PIC in its risk management activities.

One of the main systems that PIC use is Powersim software which is used as quantification tool to measure Cash Flow at Risk

“Cash Flow at Risk” (CFaR) is the metric that PIC selected to measure its overall exposure to market risk.

Cash flow is simulated on 1-year and 5-year time horizons, for PIC as a whole, and separately for each SBU or Department/JV.

Cash flow is simulated under a large number of random market scenarios (Monte Carlo simulation), and the difference between the “typical” and the “pessimistic” case is taken as a measure of PIC risk.

Enterprise Risk Management in PIC is conducted through the five high-level processes.

a. Risk Assessment: PIC periodically conducts risk assessment activities. Following guidelines issued by the ROC, the ERM team interacts with each PIC Department to identify, analyze, quantify and integrate risks throughout PIC.

b. Risk Monitoring & Treatment Review: ERM team periodically reviews the effectiveness of risk monitoring and risk treatment procedures in PIC. The review is based on guidelines provided by the ROC, and on reports from PIC Departments.

c. ERM Policy Review: For ERM policy to remain consistent with PIC strategic objectives, the ROC periodically reviews the Policy, facilitated in this task by the ERM team.

d. ERM Model Update: The ERM team periodically reviews ERM processes, organization and tools, in order to ensure their alignment with the ERM Policy and with PIC business needs. ROC provides guidelines for the review.

e. Risk Monitoring & Treatment: ERM team and departments constantly cooperate to measure, aggregate, communicate and treat risks.

One of ERM main processes is Risk assessment which is a process used to identify risks and analyze their characteristics. This includes evaluating the probability of occurrence and impact of the risks.

Risk assessment is fundamental to create and update the Risk Catalogue/ Register, therefore Risk assessment is performed periodically and requires multiple interactions between departments and the ERM Team. PIC Policy is to conduct the risk assessment on a yearly basis.

· Determine if existing controls are adequate, or if there are additional risk mitigation options that could be considered.

· Prioritize risks and control measures in order of importance to business functions.

PIC has previously (up till year 2007) managed risks using a silo approach – each department managed their own risk. A key pillar of ERM is that risk is managed as a whole (portfolio).

The risk management activities are supported by an efficient risk governance structure and processes. PIC risks are addressed on three organizational levels: