Our ability to operate successfully under sometimes challenging conditions is directly linked to our active risk monitoring efforts – ensuring short-term continuity and the long-term viability of our business.
Governed by our Board’s Audit Committee, Crestwood’s Enterprise Risk Management (ERM) process enables our company to remain aware of and prepare for potential risks to the business. Each year, the ERM team led by our Vice President of Internal Audit sends out a risk survey to our business units – involving all executive officers and directors – to create a living risk catalog of our existing and potential emerging operational, financial, market, environmental, and reputational risks. The team facilitates discussions across the Company, assessing each risk to determine the likelihood of occurrence and magnitude of consequences, as well as addressing how the company will mitigate and manage risks. Once the risks are analyzed and normalized, our ERM team presents the top ten risks to the Audit Committee, who share the results with the Board and seeks alignment on risk mitigation strategies.
“We consider identification and management of risk as key to achieving our strategic business objectives. The risk environment we face changes constantly – from our ongoing oversight of safety, operations and pipeline integrity to addressing cybersecurity risks. We update our risk mitigation practices to proactively address the changing dynamics that affect our business and the world around us.”
Vice President, Internal Audit
Crestwood’s internal audit program is one of many ways we monitor and manage risk. Our internal audit plan is directly linked to the results of annual ERM evaluations. The risk catalog helps us focus attention and resources on processes that would have the greatest impact to the current year’s strategic objectives. After conducting audits, the internal audit team presents a set of recommendations to management for each top risk that includes action plans with quarterly deadlines. Progress against these is tracked and shared with the Audit Committee.
Review of Growth Capital program resulting in delivery of projects on time
One of Crestwood’s greatest strengths is building assets on time and on budget, and a large part of our success relies on project management. In 2018, our ERM initiative identified the Growth Capital Program as a key strategic component of our success; as a result, we included the capital project management function in the year’s internal audit plan. The audit objectives included a review of how well we follow our own internal guidelines around authorizing, monitoring, and managing changes on capital projects. More importantly, the review provided a collaborative platform for auditors and process owners to identify continued improvement opportunities. This project included evaluating approximately $400 million of approved capital expenditures and provided valuable insight to our Board.
The results of ERM activities not only influence audit and governance issues but also impact matters of operational improvement. Cybersecurity continues to present a persistent and rapidly evolving risk that is governed at the Board level through the Audit Committee. This area has been a highlight of ERM evaluations and has influenced both audit and operational decisions over the last few years. In 2018, we conducted an evaluation of our security capabilities as a collaborative exercise between IT, Operations, and Internal Audit. As a result, we are launching a number of programs designed to strengthen our overall IT security posture. We hired a Senior Director of Infrastructure and Security to bring greater focus in our efforts to manage IT related security concerns while ensuring that our network and infrastructure continues to meet the demands of our operations. In addition, we established a Cybersecurity steering committee consisting of senior leaders across the organization including our Director of Sustainability.
At Crestwood, we are committed to preserving the integrity of our systems and data and continuously work towards enhancing operational availability across our system. In 2019, we re-launched our company-wide security awareness programs so that everyone at Crestwood is empowered to be an active partner in protecting our systems and data.
At Crestwood, we bring the same commitment to continuous improvement within our ERM process as we do in other areas of operations. Looking towards 2019, we plan to improve standardization in risk evaluation throughout the Company and integrate more widespread use of data driven risk indicators.
Corporate Governance and Business Ethics