Like what we have to say? SIGN-UP for our NEW FEATURE POSTS & never miss any of our tips, tricks, trends & best practices!


Date Posted: 4/3/2018
By Guest Blogger:  Julie Nelson, Senior Counselor, Strategic Public Affairs®,

By Guest Blogger:  Andrew Biar, President, Strategic Public Affairs®,



Risk-ier Business - Managing Your Social and Political Risk


Managing risk is an essential requirement for anyone owning and operating a business.  Routinely you hear company executives talking about investment risk, market risk, financial risk, operational risk and safety risk.   But you only hear about social and/or political risk when a company experiences an incident such as BP’s Macondo event or social opposition as in the Keystone pipeline.  If a company does not do their due diligence in this area and identify and determine how to mitigate these risks there will be financial ramifications.

What are social and political risks? 

Social and political risks are non-technical and both will affect a company’s bottom line and comprise your “license to operate”.   From regulatory risk to engagement with the public to environmental risks, managing non-technical risk is highly important as the failure to do so can stop work in its track.  Failing to appropriately manage your social and political risks can cost you time, money and your reputation. 

For energy companies in all aspects of the industry, upstream, midstream and downstream, non-technical risks are normally “above-ground” risks.  For example, is your oil & gas production company operating in an area where oil and gas exploration is accepted by the local community?  Do your operations cause adverse or beneficial impacts?  Are you complying or going beyond regulatory or permitting requirements?  How does your company impact the surrounding environment or protect it?

For others, such as a private equity firm or an M&A lawyer doing due diligence for an investment in an energy project or asset, these non-technical risks are important to evaluate and address.  Is the business or industry acceptable within the area of operation?   Does the business cause adverse impacts or provide benefits back to the community?  Has and will the company go above and beyond what is needed to do to protect the company, employees, the community and the environment?   Are there current or future regulatory risks to consider?

Why should you be concerned about non-technical risks? 

With the rapid pace of communications, due to the instantaneous impact of social and digital media, more people can now express their opinions and opposition about what you and your company are doing and have an immediate negative impact on it.  Communities and shareholders are looking to corporations to not only increase profits for shareholders but also be good corporate citizens.  Employees, especially millennials want the companies that they work for to be good corporate citizens who participate in their communities.  Companies that aren't concerned about non-technical risks are more likely to have challenges to their operations and projects from a broad base of stakeholders including surrounding communities, environmental coalitions and political stakeholders.  It's not enough anymore to simply do what is required by law, companies need to think about how their work can provide benefits beyond just jobs and shareholder returns. 

Whether you are an energy company, a private equity firm, or a company in any other industry, you should be managing your non-technical risks.   A good start would be to do the following three things: 

  1. IDENTIFY the non-technical risks that your business faces. 
  2. QUANTIFY the risks that you have identified and prioritize them in order of the value (or cost) to your company. 
  3. MANAGE your non-technical risks with an effective plan. 

If you do a good job with all three of these things, the reputation of your company should be enhanced. 


Identifying your non-technical risks can be a lengthy exercise.  Knowing the entire lifecycle of your project or operations is essential to identifying these risks. 

· What exactly are you doing or providing or constructing? 

· Does your work have impacts either positive or negative? 

· What do your stakeholders think or believe about your operations/project and do they believe that you will do the work properly? 

· Are there any environmental benefits or impacts? 

· What type of actions by external sources or stakeholders can impact your operations or project?

· Do you have political and community support for what you are doing? 

· Who is interested in what you are doing (key stakeholders) and what are their concerns? 

· What if any are the current and future regulatory risks?

These are some of the things you should think about.

Your public affairs and permitting teams will also have valuable input into what non-technical risks are important.   Are there any regulatory issues or permitting issues that will be difficult to comply with?  What government officials will be interested in what you are doing?  Can these types of concerns stop or inhibit your development or operations? 

Creating a full list of potential social and political risks will usually need input from staff across the business, including operations, permitting, and legal.  Your communications team should also be involved.  If you don't have sufficient in-house staff, there are public affairs firms that specialize in identifying (and helping to mitigate) social and political risks. 


Once you have a full complement of non-technical risks for your project, you should prioritize the risks so that you can start mitigating them accordingly.  It may be that some of these risks are negligible or so remote that you don't want to spend any or much time mitigating them.   For other risks, they may be so important that you might want to create and implement a mitigation plan, prior to starting your project.  

There are different ways to quantify or prioritize your social and political risks.  Usually the primary factor for quantifying risks is by cost.  What will mitigation of the risks cost the business?  What cost impact does the risk have on the business?  How much extra will the business need to spend to negate or minimize the risk.  If these risks are not taken into consideration and addressed there can be financial consequences.

Another way to quantify the risk is whether the risks are foreseeable, e.g. possible, probably or likely.  What is the likelihood that each risk will occur?  Not all risks will occur during the lifecycle of the project. However, you should be able to determine whether the risks are possible, probable or likely to happen.  If you prioritize by likelihood of occurrence, you may only have to mitigate the likely risks and some of the probable risks. 


Once you have all your risks identified and prioritized, the next step is to create a plan to manage the risks.  For each risk, you may have several actions or steps that need to be taken in order to mitigate the risk.  Creating a full risk management plan will include your stakeholders, a financial plan, a timeline for actions, identifying who is responsible for implementing the plan as well as ensuring the appropriate steps are completed.

General non-technical risks management plans are not "off-the-shelf" products.  The plans should be tailored to your business or project to ensure that you are managing and mitigating the risks that are most important to protecting your return on investment. 

It is likely that many of your non-technical risks will involve engagement with the public, political officials, NGOs and the communities surrounding your operations or project.  Therefore, it is essential that your risk management plan include consistent messaging about your work and its' benefits.  At a minimum, you must highlight safety.  This includes your safety protocols and how your company works to protect both the community and your employees. 

Retaining the services of an effective public affairs and government relations firm that specializes in assessing and mitigating social and political risk has become essential.  Again, the examples of the Keystone project and Macando highlight what can happen.  With this in mind, it is important to have a robust management plan to assess and mitigate non-technical risks and to ensure that you are being proactive, not simply "reactive”.  Implementing a well-thought out plan will avoid these risks thereby preventing any work at a minimum from being delayed or in the worst case scenario - completely suspending the project, such as in the proposed North East Energy Direct and Palmetto pipeline projects.




Sign up to receive thought leadership summaries from KCA and get access to the FREE LIVE AUDIO
from the September 16th Houston Energy Breakfast including updates from, WoodMackenzie, Houston Technology Center, Burnett Oil and the Society of Petroleum Engineers (SPE).

We respect your privacy and will never share your information.

Spacer 12203 Cabo Blanco Court | Houston, TX 77041


Spacer Call Us: 832-303-3308