Skip to main content.

Upgrading control systems in an oilfield



This case describes a risk assessment associated with a technical program to upgrade equipment and control systems across a major oilfield. It demonstrates the relationships between program, project and headline risks, and the value of generic key elements for structuring risk management activities. It also notes that a program risk assessment may help to identify and focus attention on improvements to broader aspects of organizational performance, far beyond the program that initiated the discussion.

The program

An oil company had just initiated a technical program to upgrade equipment and control systems across a major oilfield and an associated processing complex. As well as replacing obsolescent equipment and systems, the upgrade aimed to increase automation, use ‘smart’ instruments wherever possible and move towards more integrated operations across a digital oilfield.

The program was of critical importance for the company’s future production and operations efficiency. It was anticipated that some of the main benefits would flow from:

  • Mapping, reviewing and redesigning operating processes, to simplify and streamline them by taking advantage of new hardware and software capabilities
  • Standardising processes, hardware and software, using open standards wherever possible, to improve maintenance efficiency and reduce spares holdings
  • Replacing hardware with software and systems controls where feasible, to increase flexibility and contribute to resilience and ‘future-proofing’ of oilfield operations.

The program was large, complex and extended over a long time period. Within the overall program, there were four major work packages that were projects in their own right. These contained a wide range of technical risks associated with the design, procurement, installation and commissioning of equipment in an operating production environment, as well as commercial risks associated with the contract approach and delivery. Although there was a high degree of commonality at a systems level, many technical matters were unique to each individual project.

A risk management exercise was proposed for the program, to help the company and the program director to achieve better results, specifically in the timeliness, cost and technical outcomes of the program.

Figure 1 illustrates the main features of the program structure and the kinds of risks anticipated.

Figure 1: Program structure

The company wanted a high-level risk assessment of the program, to cover:

  • Strategic risks to the company associated with the technical performance and delivery of the program, including its effects on production
  • The company’s management and administration of the program
  • Timing issues, phasing and the reliability and maintainability of obsolescent equipment over the planned duration of the program
  • Commercial relationships, processes and outcomes, including the company’s relationships with the prime contractor and the contracting strategy adopted for program delivery.


Program culture

To help set the culture of the Program Management Team (PMT) and the business units that would be affected by the program, senior executives provided guidance on the approach to be followed:

  • The objective of the program was to improve future production for the business; previous upgrades were only of interest where there were lessons to be learned, and history would not be an excuse for failure to achieve targets
  • The purpose of the program and the risk management exercise was to add value; the focus was to be on the key features of the program and the high priorities for the company
  • To enable the program to achieve its objectives, clear accountability was essential, through an agreed process with agreed roles and responsibilities
  • Integrity of teamwork was essential; a human resources plan was being developed to ensure the right skills and capabilities were available when they were required.

In all this, risk management was being undertaken to strengthen and promote the success of the program, not as a compliance or procedural requirement.

Risks within the program

The program affected much of the company’s production capability. At the program level, there were strategic, commercial and organisational risks. These included matters associated with:

  • The relationship between the program and other parts of the organisation, including senior management and operating areas focused on production targets, and the consequent degree of interaction and cooperation the PMT and the prime contractor might expect
  • The level of responsibility and decision authority held by the PMT, compared with the business units affected by the program
  • The contracting strategy adopted for the program and its impact on the schedule, tendering processes and commercial relationships with suppliers
  • Program timing and resources.

Risk assessment scales

Program risk management was intended to be consistent with the company’s enterprise risk management (ERM) approach, including its consequence and likelihood scales for risk rating. However, the objectives of the program and the criteria for measuring them had a different emphasis from the mandatory criteria used for the company’s ERM. Figure 2 shows how the specific objectives for the program were interpreted in terms of the company’s ERM consequence scales for the risk assessment.

Figure 2: Program objectives mapped to ERM scales

Key elements

A generic set of 19 key elements was developed to provide the basic structure for brainstorming in risk identification, as well as a structure and agenda for the risk assessment workshop. The same basic elements were used for all four projects, but the detail of each element was interpreted differently according to the context. For example, elements relating to project management and overarching systems were similar across the projects, but matters relating to the specific technology and its installation and commissioning were necessarily unique and project-specific.

Risk assessment

Assessment workshop

A program risk assessment workshop was conducted, involving the PMT, technical specialists and senior representatives from the business units that would be affected by the projects.

There were 96 risks identified and assessed in detail during the workshop. None was Extreme, twelve had agreed priorities of High.

The level of potential exposure was also assessed for each risk. This is the level of risk that might arise were the controls to fail in a credible manner. Of the twelve High risks, three had potential exposure levels of Extreme.

Table 1 shows the agreed priorities and potential exposures. The highlighted cells indicate risks for which the controls are providing an improved outcome for the program, and where monitoring of their effectiveness might be warranted.

Table 1: Agreed priority and potential exposure

Controls affecting risks with Extreme or High potential exposure obviously warrant attention. This table shows that many risks that were relatively well controlled, with an agreed priority of Low or Medium, have a High potential exposure. This is valuable management information as it highlights where controls might be allowed to lapse inadvertently (and inappropriately) because the agreed priority offers a sense of security.

Headline risks

Many of the 96 risks were related to one another. They were grouped into 19 headline risks, to improve understanding of most important themes and to simplify the development of treatment options.

Summary ratings for consequence, likelihood, agreed priority and potential exposure were agreed for each headline risk, informed by the ratings of the individual risks involved. Table 2 shows an example of one of the 12 high-priority headline risks.

Table 2: Headline risk example – unclear approval authorities

Not all headline risks that were rated High contained individual risks that were High. For example, the headline risk

The selection of multiple vendors may lead to problems with interfacing, maintenance and support

contained six individual risks with agreed priorities of Medium and Low, but collectively they were perceived as posing a High risk for long-term production operations.

Risk treatment

Risk treatment workshops

Treatment workshops were conducted for selected headline risks, initially for the 12 with agreed priorities of High, and later for those with Medium priorities and potential exposures of High. In the workshops:

  • An expanded description of each headline risk was developed, and the current controls and plans relating to it were listed
  • Options for addressing the risks rated Extreme or High were identified and reviewed
  • Financial and other benefits, costs and associated resource requirements were noted for each option
  • A recommendation was agreed for each option, whether to take it forward for action, to reject it, or to collect more information and undertake further evaluation
  • Appropriate treatment actions were agreed and documented where a clear benefit for the company was evident
  • An owner responsible for managing each treatment action was assigned.

After the treatment workshops, action owners completed implementation plans. These were monitored and reported by routine project management processes, including:

  • Integration of treatment plans into project plans and budgets
  • Regular monitoring of the status of implementation in PMT and project management meetings
  • Reviewing the risks and updating the program and project risk registers where appropriate.

The treatment workshops confirmed many of the current actions, and proposed additional actions to reduce the risks. Many of the identified risks were in the process of being addressed, but time and resources were limiting what could be achieved. The risk assessment and the treatment workshops provided a priority ranking to enable a justifiable allocation of time and resources.

The commonality of risks in each group meant that, in many cases, one treatment action could influence many risks within the group at the same time. However, there were some individual risks that required specific additional actions.


Program, project and headline risks

Many project risks were common across the four projects. While some included project-specific features, there were many where the general aspects were best addressed at a program level. These included risks relating to project management, coordination with operations teams and business units, higher-level technical systems, systems interfaces and integration with legacy systems.

Figure 3 shows the general components of a program risk register. Not all the project-specific detail is needed for a program-level risk register, so any of these components might be a headline risk, that is a combination of individual risks (like Table 2), which are aggregated for analysis, risk treatment and reporting. The context of the risks is different at each level and the way risks and treatments are framed and reported on reflects this.

Figure 3: Program and project risks

In this case the headline risks supported a high-level perspective across the program, while ensuring that relevant detail about individual risks was preserved. They allowed treatment actions to be developed that were applicable to sets of risks. There were several important implications of this:

  • Treatment options were developed that could address many individual risks within each headline risk group, across projects
  • Comprehensive management and oversight of action plans was enhanced by consolidating responsibility for actions to treat a headline risk under a single action owner, thus integrating related actions and plans, rather than having a more piecemeal risk-by-risk approach with several owners in different projects whose responsibilities would then overlap

  • Tracking and reporting of the status of implementation was simplified.

It was clear that there is not a one-to-one relationship between risks and treatments. Developing treatment options that could address many individual risks enhanced the effectiveness of the work and enhanced the efficiency with which resources were used.

Generic key elements

The risk assessment started with a generic set of key elements that were tailored where appropriate for project-specific circumstances. This supported a broadly consistent approach across the four projects and at program level, and facilitated general communication and the transfer and sharing of information about uncertainties between projects. Even where there were project-specific features, the common grouping allowed areas of uncertainty to be generalised and shared.

The generic key elements enhanced:

  • More comprehensive risk identification and better understanding of common sources of uncertainty across the projects
  • More efficient selection of treatment actions at program level to address common risks.

Hard and soft risks

The program risk assessment raised many ‘soft’ issues relating to management, people, systems and procedures, as opposed to ‘hard’ or technical issues that would require capital or plant modifications. Although they may not require the same levels of expenditure as hard issues, soft issues may be more difficult to resolve in practice.

For example, many of the issues raised in the workshops in the context of the program were also relevant to the company and the way it conducted its general procurement and project management activities. This presented an important opportunity for the broader corporate implications of some of the high-priority risks raised in the assessment be recognized and addressed for the good of the company as a whole, beyond these projects.

It is often the case that large programs and projects help to identify and focus attention on broader aspects of organizational performance where improvements can be made, with benefits that extend far beyond the program or project that initiated the discussion. It is in the best interests of the organization to be alert to this and to ensure these broader lessons are recognised and exploited.

Major upstream oil company
Information and communications technology
Oil and gas
Services included:
Project risk management