Risk management

We recognise that effective risk management is fundamental to helping us achieve our strategic objectives. Risk management is embedded in our critical business activities, functions and processes. Materiality and our tolerance for risk are key considerations in our decision making process. 

The Board, as part of its role in providing strategic oversight and stewardship of the Company, is responsible for maintaining a sound risk management and internal control system. As part of that system, the Board determines principal risks and sets respective risk tolerance/appetite levels.

The Executive Team, Group Functional Heads and Business Delivery Teams (BDTs) are responsible and accountable for monitoring and managing the risks that fall under their remit. It is then every leader’s and manager’s job to manage the day-to-day risks the Group may face. They are responsible for identifying the risks, assessing their impact and determining their consequence for the business. Appropriate actions are then taken to manage the risk to an acceptable level defined by the Board.



Risk Hierarchy

(Click on image to view full size)


Principal risks 

A summary of Tullow’s principal risks are listed below, and full commentary on their potential impacts and our mitigation and assurance processes can be found in our 2017 Annual Report & Accounts. Internally, the Group monitors and mitigates a more substantive list of risks, but those listed are the risks considered to be the most important at the time of publishing our 2017 Annual Report, because of their likelihood, the magnitude of their potential impact, frequency on the Executive’s agenda, or a combination of these reasons. Our principal risks are monitored and assessed on an ongoing basis.


1. Strategy not fully achievable in sustained low oil prices
2. Inability to progress major portfolio options
3. Disruption to business due to community/political/regulatory influence


4. Insufficient liquidity and funding capability
5. Failure to manage oil price risk


6. Major process safety/equipment/EHS failure
7. Inability to replenish exploration portfolio
8. Major cyber or information security incident
9. Failure to have a balanced, diverse workforce & attractive employee proposition


10. Major breach of business or ethical conduct standards