Risk management approach
We make risk-informed decisions that reflect our culture of embedding sustainability considerations including active engagement with Indigenous and community stakeholders, and governed by our guiding principles for risk management.
This requires ongoing identification, assessment, treatment and monitoring of risks inherent to our assets, activities and operations. Some of these risks are common to operations, while some are unique to Suncor. Our risk management program is aligned with the International Organization for Standardization guidelines (the ISO 31000 Risk management – Guidelines), which were also adopted by the Standards Council of Canada. The guidelines provide principles, a framework and a process for managing risk.
Our risk management practice is governed by our risk management policy, and supported through processes and tools such as risk management standards and the risk matrix to effectively identify and assess risk across the enterprise. This policy and supporting tools drives a culture of being:
- Proactive: We do the right thing by identifying and managing risk in advance.
- Transparent: We encourage openness and honesty about our risks. We actively provide and seek out information so we can make better decisions.
- Consistent: We are disciplined in doing the right thing, the right way to achieve excellence in risk management.
Identifying principal risks
Principal risks are generally considered those that have the potential to materially impact our ability to meet or support our strategic objectives. In the constantly evolving energy business, new risks can emerge and established risks can take on new forms or orders of magnitude.We manage identification of new principal risks through our critical and principal risk processes. These risks are further outlined in our Management's Discussion and Analysis, and include:
- carbon risk
- commodity price
- cumulative impact and pace of change
- government/regulatory and policy effectiveness
- information security
- major operational incident (safety, environmental and reliability)
- market access
- project development and execution
All levels of our organization are engaged in our enterprise risk management (ERM) program. Suncor’s Board of Directors and Audit committee are accountable for oversight of our principal risks and ensure systems are in place to manage their impact. Individual business units and functions regularly identify, mitigate and report on critical risks in their areas of business. This coordinated approach fosters a culture of risk governance throughout the enterprise.
Risk responsibility, accountability and ownership are appropriately assigned to ensure management of identified risks. Dedicated risk co-ordinators are embedded in each function, and are instrumental in building risk awareness and competency across the business to ensure proper accountability of risk. Follow-up measures are in place to ensure risk management decisions are properly and effectively implemented and monitored.
All principal risks must be reported annually to the Board of Directors and Audit committee. Reporting includes details on what’s being done to address these risks, how the risks are being monitored and any changes in the risk profile.
Our 2018 Annual Information Form (dated Feb.28, 2019), provides a comprehensive overview of significant risks applicable to Suncor and its businesses. Since 2016, carbon risk has been included in these principal risks and subsequently undergoes an annual board review. The environment, health, safety and sustainable development committee of the board also oversees this risk.
Risk assessment and evaluation
Once identified, risks are assessed and evaluated in terms of magnitude of impact and likelihood using an internal risk-matrix tool. A single risk-matrix tool allows employees to consistently assess risks and evaluate the consequence and likelihood of risk events. It also helps to assign responsibility for different levels of residual risk. The consequence is based on the following five receptors on the risk matrix:
- Health and safety
- Financial impact
Operational Excellence Management System
Operational excellence is a disciplined way of running our business and using consistent practices to operate in a way that is safe, reliable, cost-efficient and environmentally responsible, as well as to continually improve our performance.
The Operational Excellence Management System (OEMS) is the framework we use to systematically manage operational risk and enable achievement of our operational objectives. Our OEMS enables us to:
- operate safely and reliably
- prevent and mitigate environmental and social impacts
- develop and share best practices
Through formal annual internal assessments and reviews of the system by our leaders, we continually identify opportunities to improve. Our ISO 14001 and 9001 certified facilities are also subject to regular external audits.
Sustainability considerations in project development
When initiating new projects, our governance framework ensures we continually raise the bar by systematically embedding sustainability considerations into planning and decision-making. This process is consistent with our commitment to strive for strong environmental performance, strong collaboration and strong stakeholder relationships.
We have a long history of building and maintaining relationships, listening to community needs and concerns, and working together to mitigate potential impacts while seeking opportunities.
By integrating sustainability into our process for developing physical assets we ensure:
- environmental and social risks, as well as opportunities, are identified as part of the project definition
- development options are evaluated against sustainability criteria through the concept selection process
- environmental and social risks are incorporated into the project’s risk register
- Suncor’s project portfolio supports our strategic sustainability goals and long-term vision
This process informs project development decision-making and ensures asset options include both technical and sustainability considerations in their evaluations. For example, climate change implications are considered early in the asset development process, before we commit significant resources. This ensures we mitigate risks and make the most of opportunities that will enable us to achieve our goal of reducing carbon emission intensity by 30% by 2030.