At Tullow, we recognise that effectively managing risks and opportunities is essential to our long-term success. Our ability to identify, assess and successfully manage current and emerging risks is critical in ensuring we achieve our strategic objectives and protect shareholder value.
Risk oversight and governance
A risk focused culture and consistent risk management framework is embedded across all levels at Tullow and is driven by the Board. The Board is responsible for overseeing the risk identification, assessment and mitigation process. To this end, the Board undertakes a bi-annual assessment of the risks facing the Company, including those risks that could threaten our business strategy, operating model, performance, solvency and liquidity. Emerging risks are discussed by the Board and the Senior Leadership Team periodically throughout the year.
The Board is responsible for ensuring Tullow maintains an effective risk management and internal control system and works closely with Tullow’s Senior Leadership Team to ensure
this is in place. The Senior Leadership Team is collectively responsible and accountable for the risk management process in place across the organisation, with individual members
taking ownership for risks that fall in their business area.
Tullow recognises that risk cannot be fully eliminated and that there are certain risks the Board and/or the Senior Leadership Team accept when pursuing strategic business opportunities.
Acceptance of risk is made at an appropriate authority level and within Tullow’s defined risk appetite and tolerance levels.
Tullow’s risk governance framework is illustrated below:
Every layer of the organisation is responsible for identifying key risks and managing them in line with our risk appetite (as set by the Board).
- Oversees identification, assessment and response to principal risks
- Sets risk appetite
- Monitors effectiveness of the risk management process
Senior Leadership Team
- Sets the tone for an effective risk management culture
- Identifies and assesses principal and enterprise-wide risks
- Monitors effectiveness of risk management actions for those risks and decides the focus of effort
- Decides which risks require periodic Board review
Extended Leadership Team (ELT)
- Identifies and assesses their respective business delivery risks
- Ensures effective risk mitigation actions are planned
- Monitors effectiveness of risk mitigation and response plans
- Identifies business delivery risks and raises these to the leadership team
- Identifies and assesses respective project risks
- Ensures effective risk mitigation actions are planned and implemented
A summary of Tullow’s principal risks is illustrated below. Detailed risk descriptions including their potential mitigations can be found in our 2021 Annual Report & Accounts. Internally, the Group monitors and mitigates a more substantive list of risks, but those listed below are the risks considered to be the most important at the time of publishing our 2021 Annual Report that could threaten our business strategy, operating model, future performance, solvency and liquidity. Our principal risks and risk reduction actions are monitored and assessed on an ongoing basis.
|Commercial & Financial risk|
|1||Failure to deliver production targets|
|EHS or Security risk|
|2||Risk of a Major EHS incident|
|Stakeholder, Commercial & Financial risk|
|3||Failure to unlock value|
|Stakeholder & Financial risk|
|4||Failure to manage geopolitical risks|
|5||Failure to manage climate change risks|
|6||Risk of insufficient liquidity and funding capacity to sustain and grow the business / failure to deliver a highly cash generative business|
|7||Failure to develop, retain and attract capability|
|Ethics & Conduct risk|
|8||Risk of a compliance or regulatory breach|
|9||Risk of major cyber-attack|