Environment & Safety Gas Processing/LNG Maintenance & Reliability Petrochemicals Process Control Process Optimization Project Management Refining
HomeNewsDigital Feature (sponsored): Three questions oil and gas companies should ask to improve their operations risk management

Digital Feature (sponsored): Three questions oil and gas companies should ask to improve their operations risk management

3/6/2025 6:00:00 PM

Oil and gas companies can spend most of their time on a knife edge when it comes to managing risk. Managing risk really means being ready for anything and anticipating the unlikely. It requires an almost supernatural ability to anticipate any outcome, understand every factor that influences an incident and implement a plan that addresses everything.

The article will discuss the five broad categories that most of this industry’s risk falls under and address the three—equally important—areas that can have a major impact on the quality of an oil and gas company’s overall operations risk management (ORM) strategy.

Hazardous substances can damage facilities, people or the environment, pipelines or machinery can break down, digital systems can be hacked, and so on. The list of risks feels almost infinite and ever-changing.

While inherent risks are common among process industries, oil and gas companies are no exception to elevated levels of risk. This heightened vulnerability stems from dealing with hazardous materials that have the potential to cause explosive reactions. Even a minor mistake during production could set off a chain reaction of severe consequences, leading to significant financial losses—not to mention the ethical, legal and human consequences associated with any such incident.

This is what makes ORM so crucial for the oil and gas industry.

However, mitigating the likelihood of consequences is a complicated task that involves balancing numerous interconnected business processes.

How do you know if your strategy is robust enough? Or, more importantly, how can you catch any gaps in your strategy before risk becomes a reality?

This article provides the three key questions that any oil and gas company should ask when managing operational risk and how they can be used to protect business, people and the wider environment.

Major sources of risk for oil and gas companies. Before diving into ORM and those three questions, the following will examine what risk looks like for oil and gas companies.

In this industry, risk falls into five broad categories:

  1. Risk to (and from) people: This covers both the risk that the company’s people or the public will be injured by an incident, and the risk that a person will damage your business or assets in some way—either intentionally through sabotage or unintentionally through human error.
  2. Regulatory risk: Different parts of the industry are subject to very different regulations. For example, midstream companies in the U.S. must comply with regulations from the Department of Transportation, the Environmental Protection Agency (EPA), the Bureau of Land Management (BLM), the Federal Energy Regulatory Commission (FERC) and a range of other agencies, while upstream companies must comply with maritime safety regulations imposed by the U.S. Coast Guard or the Bureau of Safety and Environmental Enforcement (BSEE). All these regulations come with sizable consequences for non-compliance. The harder it is to track and prove compliance, the greater the risk of an incident and incurring a large fine.
  3. Environmental risk: Every part of the industry, from upstream to downstream, can cause major environmental damage, not to mention that fossil fuel extraction and its subsequent use carries a huge carbon footprint. This is not only a concern for the environment but also for a company’s reputation with customers.
  4. Financial risk: Profit margins in the industry tend to be razor thin, particularly for refineries. This means any incident that loses the company money—whether that is damaged equipment, downtime due to an accident or a malfunction, or fines for non-compliance—can be truly catastrophic.
  5. Cyber threats: On average, cyber-attacks caused oil and gas companies six days of disruption and $3.3 MM of financial damage.1 The role that oil and gas companies play in the economy and in wider society makes them particularly attractive targets for any attacker looking to cause disruption or extract sensitive data—whether for political reasons or financial gain. As a result, oil and gas companies must be prepared to defend themselves against everything from domain name server (DNS) hijacking to data leaks and attacks on corporate virtual private networks (VPNs).

Ensuring that a company’s risk strategy effectively covers all these risks can be tricky.

However, addressing three—equally important—areas can have a major impact on the quality of an organization’s ORM strategy: optimizing training and hiring processes, building a culture of safety, and using the right technology.

  1. Do the people on my team add to my risk or decrease it? People are inherently unpredictable. Unlike machines, they have an unsettling tendency to do things that are not strictly logical, which means they are one of a company’s biggest sources of risk. However, they are also the only way a company can go about mitigating risk. Every measure taken will depend on people doing the right thing, in the right way and at the right time.

So, an ORM strategy needs to be built around making it easier for personnel to achieve operational excellence. Does your workforce have the training they need to perform mission-critical procedures safely and correctly? Do they understand the importance of following safety procedures? Is their training up to date?

An organization will need to carefully track every individual’s training and certifications, as well as ensure they receive the U.S. Occupational Safety and Health Administration (OSHA)-required training they need every time they use a new piece of machinery or move into a new position.

  1. Can cost pressures increase my risk? Companies need to ask themselves, have you created an environment where people feel comfortable prioritizing and minimizing risk? Do people at every level of seniority feel comfortable reporting potential risks, even if it means sacrificing productivity or reducing profits? Have you made it clear that it is always better to investigate a potential risk, even if it turns out to be nothing?

Without careful consideration, it is easy to fall into what Hopkins calls a ‘Culture of Denial’, where employees are more worried about paying lip service to safety than they are about actually following safe practices. In these cultures, people tend to cut corners and underestimate the likelihood that consequences may occur in instances where mitigating risk might lower productivity – often with devastating consequences.

  1. How am I leveraging technology to reduce risk in my operations? Managing risk really means being ready for anything and anticipating the unlikely. It requires an almost supernatural ability to anticipate any outcome, understand every factor that influences an incident and implement a plan that addresses everything. That kind of granularity is not possible without the right technology on your side.

However, the best technology does not just enable a company’s ORM strategy; it upgrades it, making the process of risk management more effective, more responsive and easier to implement.

The following are some examples of how technology can improve a company’s ORM:

  • Digital twins allow personnel to visualize all the potential risks and all of the measures that must be taken to mitigate risk, bringing all of the relevant real-time information and documentation together on one platform.
  • Operation management systems (OMS) allow users to digitalize logbooks, handovers and near misses, management of changes (MOCs), permits and lockout/tagout (LOTO), instead of relying on easily overlooked emails or paper documentation. This makes it significantly easier to ensure everyone always has the information they need to make the safest possible decision.
  • Knowledge management systems (KMS) are an excellent way to improve training and reduce personnel’s reliance on memory or paper documents. A good KMS makes process documentation and training content instantly accessible via a phone or tablet, so the information is always there when people need it.
  • Centralized asset management systems make it easy for every employee to stay up to date with the condition of your assets. By storing everything from asset structures to work orders, these kinds of tools allow personnel to make safer, more informed decisions when using any type of machinery.
  • Process safety analytic systems simplify the management of process alarms, control loop performance, critical process boundaries, and the safety systems and interlocks that an organization have implemented. This simplification allows for efficient monitoring of existing safety measures and quick identification of issues as they arise.

Safety, efficiency and control beyond ORM. Answering these three questions can be a powerful means of upgrading a company’s ORM strategy. However, implementing the right technology can allow a company to go even further. At Hexagon, we help our partners use data and technology to achieve new levels of efficiency, visibility and control, empowering them to run more profitable, safe and sustainable facilities. In our webinar Smart Digital Reality™: Solutions for the Industrial Facilities, we will show how a holistic, unified digitalization strategy can:

  • Improve asset availability
  • Reduce maintenance costs
  • Mitigate compliance and risk management and investigation efforts

If you are ready to take control and put unused data to work, head here to watch the webinar.

About Hexagon. Hexagon is a global leader in digital reality solutions, combining sensor, software and autonomous technologies.

Hexagon’s Asset Lifecycle Intelligence division helps clients design, construct and operate more profitable, safe and sustainable industrial facilities. We empower customers to unlock data, accelerate industrial project modernization and digital maturity, increase productivity, and move the sustainability needle.

Hexagon has approximately 24,500 employees in 50 countries, and net sales of approximately €5.4 B. Learn more at hexagon.com, and follow us @HexagonAB.

LITERATURE CITED

1 Trend Micro, “Oil and gas cybersecurity: Industry overview—Part 1,” August 8, 2022, online: https://www.trendmicro.com/en_gb/research/22/h/oil-gas-cybersecurity-part-1.html

Related News

From the Archive

Comments

Comments

{{ error }}
{{ comment.name }} • {{ comment.dateCreated | date:'short' }}
{{ comment.text }}