OMV + Sword GRC

How OMV streamline risk management processes and as a result have increased their understanding of risk exposures across their business


Oil & Gas





The Challenge

An integrated international oil and gas company that supplies more than 200 million people with energy, OMV is Austria’s largest listed industrial company.

It unites employees of more than sixty nationalities, all of whom work together to provide energy for the European market.

The Exploration and Production business segment has a strong base in Romania and Austria and a growing international portfolio. In Gas and Power, OMV operates a gas pipeline network in Austria and gas storage facilities in Austria and Germany with a capacity of 2.6 bcm. OMV sold in 2013 approximately 425 TWH of gas. In refining and Marketing OMV has an annual refining capacity of 17.4 mn tonnes and as of the end of 2013 approximately 4,200 filling stations in 11 countries including Turkey.

OMV’s strategy is to develop into an integrated, international company focused on oil and gas with clearly improved profitability and strong growth in the upstream sector. As part of this transformation and in line with the increasing challenges of the oil and gas industry, OMV recognizes the importance of assessing both business and operational risks at an early stage and taking systematic action to manage them. To support the evolving organization-wide Enterprise Risk Management program, in 2011 OMV selected Active Risk Manager (ARM) to automate its enhanced risk and business management processes.

ARM has enabled us to automate and streamline risk management processes. As a result, risk quantification capabilities have improved enabling us to increase understanding of risk exposures across the business.

Jeffrey Butrico, VP Corporate Risk & Insurance Management, OMV

OMV Risk Philosophy

A risk-aware culture within OMV is promoted continually by ensuring that risk management is integrated across the organization’s value chain. A common ERM framework has been developed and processes are embedded throughout the business with roles and responsibilities of all stakeholders clearly defined in alignment with the company’s governance model.

Jeffrey Butrico, VP Corporate Risk & Insurance Management at OMV explained; “As a facilitator of an integrated approach to Enterprise Risk Management, ARM supports a full range of risk management activities including risk identification, assessment, monitoring and reporting as well as the development of mitigation plans. ARM has enabled us to automate and streamline risk management processes. As a result, risk quantification capabilities have improved enabling us to increase understanding of risk exposures across the business.”


Since adopting ARM in 2011 OMV has achieved a range of business benefits including:

A single system to manage different risk processes (bottom up or top down)
Risks can be assessed over different time horizons to understand their impact on OMV’s strategic objectives in both the short, medium and long term, using heat map and risk simulation functionalities (Monte Carlo Analysis).

Harmonized risk content
An internally hosted web-based application collects the financial, operational and strategic risks across the OMV Group using a common risk language. Within the “Knowledge Base” ARM catalogues a list of standardized risks with commonly used causes and consequences. This provides a platform to drive improvement and consistency in how risks are described within the organization.

Group-wide coverage and flexible reporting
Facilitates effective and efficient risk management reporting across all business segments, business units and regions. ARM produces risk registers, heat maps and waterfall charts, which enable automated risk reporting.

Risk rollup capability
Risk aggregation at multiple organizational levels or risk categories.

Assessing risks on different scoring schemes
To suit the different needs of affiliates, business segments and other parties. Automatic email alerts Keeps stakeholders informed about the stages of the risk management process ensuring that nothing is forgotten or lost, and maintaining visibility.

Qualitative and quantitative risk analysis
To help assess risks that cannot be readily quantified.

Integrated Audit Assurance
When Sword GRC launched ARM 7 with an integrated audit assurance module in April 2014, OMV was the first company to take delivery. ARM 7 will be used for audit assurance globally from three hubs in Vienna, Austria; Bucharest, Romania; and Istanbul, Turkey. ARM 7 will enable OMV to automate audit recommendations and will provide the organization with ‘one source of the truth’ for all audit and risk information.

SVP Ernst PETRI, CAE at OMV stated; “Sword GRC’s commitment to the oil and gas sector means that they are in a good position to develop this combined solution. ARM 7 will help us to streamline the management of our audit recommendations and enable us to combine risk information to support management decisions.”

Want to save this for later?

Download the case study.