At Tullow, we recognise that effectively managing risks and opportunities is essential to our long-term success. Our ability to identify, assess and successfully manage current and emerging risks is critical in ensuring we achieve our strategic objectives and protect shareholder value.

Risk oversight and governance

A risk focused culture and consistent risk management framework is embedded across all levels at Tullow and is driven by the Board. The Board is responsible for overseeing  the risk identification, assessment and mitigation process.  To this end, the Board undertakes a bi-annual assessment of the risks facing the Company, including those risks that could threaten our business strategy, operating model, performance, solvency and liquidity. Emerging risks are discussed by the Board and the Senior Leadership Team periodically throughout the year. 

The Board is responsible for ensuring Tullow maintains an effective risk management and internal control system and works closely with Tullow’s Senior Leadership Team to ensure
this is in place. The Senior Leadership Team is collectively  responsible and accountable for the risk management process  in place across the organisation, with individual members
taking ownership for risks that fall in their business area.
Tullow recognises that risk cannot be fully eliminated and that there are certain risks the Board and/or the Senior Leadership Team accept when pursuing strategic business opportunities.

Acceptance of risk is made at an appropriate authority level and within Tullow’s defined risk appetite and tolerance levels.

Tullow’s risk governance framework is illustrated below:

Every layer of the organisation is responsible for identifying key risks and managing them in line with our risk appetite (as set by the Board).

  • Oversees identification, assessment and response to principal risks
  • Sets risk appetite
  • Monitors effectiveness of the risk management process
Senior Leadership Team
  • Sets the tone for an effective risk management culture
  • Identifies and assesses principal and enterprise-wide risks
  • Monitors effectiveness of risk management actions for those risks and decides the focus of effort
  • Decides which risks require periodic Board review
Extended Leadership Team (ELT)
  • Identifies and assesses their respective business delivery risks
  • Ensures effective risk mitigation actions are planned
  • Monitors effectiveness of risk mitigation and response plans
Business functions
  • Identifies business delivery risks and raises these to the leadership team
  • Identifies and assesses respective project risks
  • Ensures effective risk mitigation actions are planned and implemented

Principal risks

A summary of Tullow’s principal risks is illustrated below. Detailed risk descriptions including their potential mitigations can be found in our 2021 Annual Report & Accounts. Internally, the Group monitors and mitigates a more substantive list of risks, but those listed below are the risks considered to be the most important at the time of publishing our 2021 Annual Report that could threaten our business strategy, operating model, future performance, solvency and liquidity. Our principal risks and risk reduction actions are monitored and assessed on an ongoing basis.


Risk description

Commercial & Financial risk
1 Failure to deliver production targets
EHS or Security risk
2 Risk of a Major EHS incident
Stakeholder, Commercial & Financial risk
3 Failure to unlock value
Stakeholder & Financial risk
4 Failure to manage geopolitical risks
Climate risk
5 Failure to manage climate change risks
Financial risk
6 Risk of insufficient liquidity and funding capacity to sustain and grow the business / failure to deliver a highly cash generative business
People risk
7 Failure to develop, retain and attract capability
Ethics & Conduct risk
8 Risk of a compliance or regulatory breach
Cyber risk
9 Risk of major cyber-attack