Risk management

Effectively managing risk across the Group is a competitive necessity and fundamental to creating and maintaining shareholder value and protecting our business, people and reputation. 

The Board, as part of its role in providing strategic oversight and stewardship of the Company, is responsible for maintaining a sound risk management and internal control system. As part of that system, the Board determines principal risks and sets respective risk tolerance/appetite levels.

The Executive Team, Group Functional Heads and Business Delivery Teams (BDTs) are responsible and accountable for monitoring and managing the risks that fall under their remit. It is then every leader’s and manager’s job to manage the day-to-day risks the Group may face. They are responsible for identifying the risks, assessing their impact and determining their consequence for the business. Appropriate actions are then taken to manage the risk to an acceptable level defined by the Board.


Risk hierarchy

Risk hierachy


Principal risks 

A summary of Tullow’s principal risks are listed below, and full commentary on their potential impacts and our mitigation and assurance processes can be read here. Internally, the Group monitors and mitigates a more substantive list of risks, but those listed are the risks considered to be the most important at the time of publishing our 2015 Annual Report, because of their likelihood, the magnitude of their potential impact, frequency on the Executive’s agenda, or a combination of these reasons. Our principal risks are monitored and assessed on an ongoing basis.


1. Strategy not fully achievable in sustained low oil prices
2. Inability to progress major portfolio management options
3. Impact on TEN expected value due to border dispute between Ghana and Côte d’Ivoire
4. Impact on TEN expected value due to delayed delivery
5. Failure to adequately manage stakeholder relationships 


6. Insufficient liquidity and funding capability
7. Failure to manage oil price risk


8. Loss of production revenue from Jubilee field
9. Major operational incident
10. Inability to replenish exploration portfolio
11. Major cyber or information security incident
12. Failure to retain or develop key staff 


13. Major breach of business or ethical conduct standard