June 2007 Capital Adequacy Extension © Copyright 2007, CCRO. All rights reserved. Page 33 of 92 4.3. Building the Framework for Assessing Operative Risks When it comes to actively managing its physical production, delivery, and/or storage of energy commodities, most companies employ very efficient and robust practices. Furthermore, Sarbanes-Oxley legislation has forced most publicly traded companies to implement strong oversight and monitoring controls of their people, processes and systems. Nonetheless, identifying these operative risks and measuring the associated financial impact on earnings and/or cash obligations is a relatively new concept in the energy industry. In order to ensure that operative risks are adequately mitigated through insurance contracts, appropriate business planning, stronger internal controls, other hedging instruments, and/or capital reserves, these elements must be part of a formal, routine operative risk assessment process. In 2001 the Basel Committee established its 10 principles for effective operational risk management. While these principles dealt specifically with the banking and financial services industry, the fundamental concepts can be appropriately applied to the management of operative risks within the energy industry. These 10 principles are divided into the following four categories 8 1. Developing an Appropriate Risk Management Framework 2. Identification, Measurement, Monitoring and Controlling Operational Risks 3. Role of Supervisors 4. Role of Disclosure Figure 4.2 illustrates how the 10 Principles fit into the categories and the informational flow of an Operative Risk Management Framework. 8 Sound Practices for the Management and Supervision of Operational Risk. Basel Committee on Banking Supervision. Bank for International Settlements. December 2001.