At Tullow, we recognise that effectively
managing risks and opportunities is essential to our long-term success. Our ability to identify, assess and successfully manage current and emerging risks is critical in ensuring we achieve our strategic objectives and protect shareholder value.
Risk oversight and governance
A risk focused culture and consistent risk management framework is embedded across all levels at Tullow and is driven by the Board. The Board is responsible for overseeing the risk identification, assessment and mitigation process. To this end, the Board undertakes a bi-annual assessment of the risks facing the Company, including those risks that could threaten our business strategy, operating model, performance, solvency and liquidity. Emerging risks are discussed by the Board and the Senior Leadership Team periodically throughout the year.
The Board is responsible for ensuring Tullow maintains an effective risk management and internal control system and works closely with Tullow’s Senior Leadership Team to ensure
this is in place. The Senior Leadership Team is collectively responsible and accountable for the risk management process in place across the organisation, with individual members
taking ownership for risks that fall in their business area.
Tullow recognises that risk cannot be fully eliminated and that there are certain risks the Board and/or the Senior Leadership Team accept when pursuing strategic business opportunities. Acceptance of risk is made at an appropriate authority level and within
Tullow’s defined risk appetite and tolerance levels.
Tullow’s risk governance framework is illustrated below:

Every layer of the organisation is responsible for identifying key risks and managing them in line with our risk appetite (as set by the Board).
Board
- Oversees identification and assessment of, and response to, principal risks
- Sets risk appetite
- Monitors effectiveness of the risk
management process
Senior Leadership Team
- Sets the tone for an effective risk
management culture - Identifies and assesses principal and
enterprise-wide risks - Monitors effectiveness of risk
management actions for those risks
and decides the focus of effort - Decides which risks require periodic
Board review - Provides oversight, support and challenge to the Extended Leadership Team and business functions
Business functions
- Identifies and assesses business
delivery risks and raises these to the
leadership team - Identifies and assesses respective
project risks - Ensures effective risk mitigation
actions are planned and implemented - Monitors effectiveness of risk
mitigation and response plans
Principal risks
The Company risk profile has been closely monitored throughout the year, with consideration given to the risks to delivering the Business Plan, as well as whether external factors such as the war in Ukraine, inflationary pressures and oil price volatility have resulted in any new risks or changes to existing risks. The impact of these factors has been considered and managed across all principal risks. The following table represents the Company’s
current principal risks.
No |
Risk description |
Commercial & financial risk | |
1 | Failure to deliver production targets |
Commercial and EHS or security risk | |
2 | Risk of an asset integrity breach |
EHS or security risk | |
3 | Risk of a major accident event |
Stakeholder, commercial and financial risk | |
4 | Failure to unlock value |
Stakeholder and financial risk | |
5 | Failure to manage geopolitical risks |
Climate risk | |
6 | Failure to manage climate change risks |
Financial risk | |
7 | Risk of insufficient liquidity and funding capacity to sustain and grow the business or failure to deliver a highly cash-generative business |
People risk | |
8 | Failure to develop, retain and attract capability |
Ethics and conduct risk | |
9 | Risk of a compliance or regulatory breach |
Cyber risk | |
10 | Risk of major cyber-attack |