Gulf Oil Spill, an Operational Risk Disaster
By Gideon T. Rasmussen, CISSP, CISA, CISM, CIPP
Wednesday, June 16, 2010

The ecological impact of the recent oil spill in the gulf is obvious. Now is the time to reflect on the resulting business impact, what could have been done to prevent it and steps we can take with our business partners to prevent a similar issue.

BP spent the past ten years honing their brand as a green, ecologically friendly, company. In fact, their green-and-yellow sunflower logo is designed to show the company's commitment to the environment and solar power[i]. The BP slogan is Beyond Petroleum.

BP leased the now infamous Deepwater Horizon drilling rig from Transocean. Haliburton was contracted to seal the well with cement. Each company has been accused of passing blame for the oil spill[ii]. A blowout preventer and a dead man switch failed to stop the oil leak. The drilling rig has a replacement value of about $560 million and BP is spending $6 million per day addressing the oil spill[iii]. The White House has asked Congress to raise limits on BP's liability for the oil spill from $75 million. Legislation has been introduced raising the limit to $10 billion [iv]. It is safe to conclude BP has suffered severe business impact as a result of the oil spill, with more on the way.

A $500,000 remote shut-off switch, known as an acoustic trigger, could have stopped the flow of oil. In 2000, the Minerals Management Service (MMS) deemed acoustic triggers "essential" for drilling safety [v]. They are known in the oil industry as a safeguard against oil spills. The logical question is why an acoustic trigger was not in place? Acoustic triggers are not mandated by MMS. In the absence of a compliance requirement, it seems reasonable to assume a business decision was made to pass on the remote shut-off switch.

This oil spill is a classic example of a black swan (events with the potential for severe impact to business and a low rate of occurrence)[vi]. In retrospect, should an oil company risk hundreds of millions and severe reputation damage over a $500,000 safeguard? The obvious answer is a resounding "No". It is easy to play Monday morning quarterback. However, most will agree either an independent Operational Risk function was not in place or the wrong decision was made.

There is an obvious need to have checks and balances in place when managing business operations. Operational Risk is defined in Basel II as "the risk of loss resulting from inadequate or failed internal processes, people and systems, or from external events"[vii]. Operational Risk Management fills the gap between information security and business administration. Have at least one person dedicated to Operational Risk. In a medium sized company, a small team is warranted. As the size and complexity of the company expands, grow the Operational Risk team to ensure appropriate coverage.

Risk can be mitigated, accepted or transitioned. If left with a black swan in your midst, develop appropriate countermeasures and transition a portion of the risk by way of insurance. Insurance companies apply the same technique through policies with reinsurance companies.

About the author:

Gideon T. Rasmussen is a Charlotte-based Information Security Manager with over 10 years experience in Fortune 50 and military organizations. His website is The opinions expressed here are those of Gideon Rasmussen and do not necessarily represent those of his current or past employers.

[i] "BP goes green", BBC News, July 24, 2000.
[ii] "BP, Transocean, Halliburton pass oil spill blame", NECN/CNN, May 12, 2010.
[iii] "Leaking Oil Well Lacked Safeguard Device", The Wall Street Journal, April 28, 2010.
[iv] "Obama Seeks Greater Liability from BP on Spill", CBS News, May 12, 2010.
[v] "Sex, Lies and Oil Spills",, Inc., May 5, 2010.
[vi] "The Black Swan: The Impact of the Highly Improbable", Nassim Nicholas Taleb, 2007.
[vii] "Basel II: Revised international capital framework", Bank for International Settlements, 2006.

Originally published by RiskCenter (June, 2010)