Suncor has an established Enterprise Risk Management Program and Operational Excellence Management System which support effective and efficient risk management across the organization.
Risk management approach
We make risk-informed decisions that reflect our triple-bottom-line responsibilities and obligations, the input and expectations of our stakeholders, and our guiding principles for risk management. This requires ongoing identification, assessment, treatment and monitoring of risks inherent to our assets, activities and operations. Some of these risks are common to oil and gas industry operations broadly, while some are unique to Suncor.
Our risk management program is aligned with the International Organization for Standardization guidelines (the ISO 31000 Risk management – Guidelines), which were also adopted by the Standards Council of Canada. The guidelines provide principles, a framework and a process for managing risk.
Our risk management practice is governed by our Risk Management Policy, and supported through tools such as Risk Management Standards and the Risk Matrix to effectively identify and assess risk across the enterprise. This policy and supporting tools drives a culture of being:
- proactive – we do the right thing by identifying and managing risk in advance
- transparent – we encourage openness and honesty about our risks. We actively provide and seek out information so we can make better decisions
- consistent – we are disciplined in doing the right thing, the right way to achieve excellence in risk management
Identifying principal risks
Principal risks are generally considered those that have the potential to materially impact our ability to meet or support our business strategy. In the constantly evolving energy business, new risks can emerge and established risks can take on new forms or orders of magnitude.
We manage identification of new Principal risks through our Critical and Principal Risk processes.
All levels of our organization are engaged in our Enterprise Risk Management (ERM) program – from the Board of Directors and Audit Committee, which are responsible for oversight of our principal risks and ensuring there are systems in place to manage their impact – to individual business units and functions, which regularly identify, mitigate and report on critical risks in their areas of business.
Risk responsibility, accountability and ownership are appropriately assigned to ensure management of identified risks. Dedicated risk coordinators are embedded within each function, and are instrumental in building risk awareness and competency across their business unit, and ensure proper accountability of risk. Follow-up measures are in place to ensure risk management decisions are properly and effectively implemented and monitored.
All principal risks must be reported annually to the Board of Directors and Audit Committee. Reporting includes details on what’s being done to address these risks, how the risks are being monitored and any changes in the risk profile.
Our 2017 Annual Information Form (dated March 1, 2018), provides a comprehensive overview of significant risks applicable to Suncor and its businesses. Since 2016, carbon risk has been included in these principal risks and subsequently undergoes an annual Board review. The environment, health, safety and sustainable development committee of the Board also oversees this risk.
Risk assessment and evaluation
Once identified, risks are assessed and evaluated in terms of magnitude of impact and likelihood using an internal risk-matrix tool. A single risk-matrix tool allows employees to consistently assess risks and evaluate the consequence and likelihood of risk events. It also helps to assign responsibility for different levels of residual risk. The consequence is based on the following five receptors on the risk matrix:
- Health and safety
- Financial impact
Operational Excellence Management System (OEMS)
Operational excellence is a disciplined way of running our business, using consistent practices to continually improve our performance and operating in a way that is safe, reliable, cost-efficient and environmentally responsible. The OEMS is our framework of controls with consistent standards, processes and procedures that enable Suncor to consistently and effectively:
- manage risk
- operate safely and reliably
- mitigate environmental and social impacts
- develop and share best practices
- support continuous improvement
Sustainability considerations in project development
To ensure holistic development and sustainment of physical assets, we incorporate environmental and social aspects such as water use, air emissions, energy use, human rights, stakeholder and Aboriginal relations into new projects.
The purpose of sustainability integration into our process for developing physical assets, is to ensure:
- environmental and social risks are identified as part of the project definition
- development options are evaluated against environmental and social risks through the concept selection process
- environmental and social risks are incorporated into the project’s risk register
- Suncor’s project portfolio is in line with our strategic sustainability goals and vision over the long-term
These screening assessments help translate relevant social or environmental impacts as potential project risks. For example, climate change implications are considered early in the asset development process, prior to the commitment of significant resources, which ensures climate change risks and opportunities are well understood. From a decision-making perspective, this process allows asset development options to be analyzed from both a technical and sustainability perspective.