PDF《Enterprise Risk Management》

EnterpriseRiskManagement RiskManagementProcess DragonOil'

sbusinessispotentiallyexposedto different risks.

However,somebusinessriskscanbe acceptedbythe Groupprovidedthatacceptance ofsuchriskscreatesvalue andthattherisksareproperlymanaged. Riskoverview DragonOil'

sbusinessispotentiallyexposed todifferentrisks,oil&

gasindustry- specificrisksaswellasbusiness-specific risks.However,somebusinessriskscan beacceptedbytheGroupprovidedthat acceptanceofsuchriskscreatesvalueand thattherisksareproperlymanaged.We recognisethattheeffectivemanagementof thebusinessrisksiscrucialtoourcontinued growthandsuccess.In2012,weadopted anEnterpriseRiskManagement(ERM) framework.ERMconsistsofpolicies, proceduresandtheGroup'

sorganisational structurewithclearroles,responsibilities and accountabilitiesaimedatriskidentification, riskassessment,risktreatmentandrisk monitoringandreporting. Thekeyobjectives ofthegroup'

s ERMare: to ensure that the significant business risks to which Dragon Oil is exposed are systematically identified, assessed and managed to acceptable levels based on risk tolerance and appetite levels as approved by the Board;

to achieve an optimal risk-reward balance;

and to ensure that risk management is embedded in all decision-making processes. Ourapproachtoriskmanagement The Board is ultimately responsible for risk management within the Group in accordance with corporate governance requirements and provides an oversight of the strategic direction of the business. The business planning process extends over a five-year period and provides the principal parameters against which the performance of the Group is measured. These include annual objectives and targets covering production, development, exploration, HSE and financial performance. Business plans are approved by the Board together with defined operational targets and risks to delivery. Establish context Establish strategic, organisational and risk management process context by considering the environment within which the risks are present Riskmanagement Quarterly exercise Risk Identification Identifying and characterising Dragon Oil risks (corporate and department levels) to objectives and agreeing appropriate risk ownership RiskAssessment Assessing risk severity through establishing the impact and likelihood (gross, net and target basis) and the effectiveness of existing controls and mitigants in order to prioritise risks Risk Treatment Consideration for further risk mitigating actions or treatment alternatives EnterpriseRiskManagementprocessat DragonOil COMMUNICATIONANDCONSULTATION

38 Oversight of risk management at corporate level takes place through reporting to the Audit Committee and the Board annually. Risk Owners at department level assess the risks and evaluate the mitigation factors and progress of planned improvements quarterlywhile reporting to the Executive Committee semi-annually. To manage risks and embed these into business activities and processes a Corporate Risk Register, comprising key Group level risks, and the Department Risk Registers, dealing with key activity risks, are created and reviewed periodically. The CEO is the Group Risk Owner for the significant risks at corporate level and, along with the COO as the Risk Sponsor, is responsible for ensuring that each department completes an assessment of their risks, for challenging the robustness and completeness of the risk profile, for performing in-depth reviews of the key risks and monitoring the planned improvements. Adesignated risk manager assists all Department Risk Owners in the ERM process to ensure that risk management complies with the relevant standards and that it is working effectively covering all aspects of the business. The Group adopts risk management strategies based on the nature and types of risks categorising them into: strategic, operational, financial and compliance risks. In 2013, the programme of cascading the risk management process down to departments continued. Risks identified in the preceding year were reviewed in the current operating environment and updated in risk registers at corporate and department levels. The review of department risks arising from the risk assessment was focused on the critical risks that were considered in depth for mitigating measures. Several training sessions were conducted on the use of improved tools aiming to standardise the documentation. Despite significant improvements in documentation, targets have been set to modify the templates used to better reflect control over the changes between periodic assessments and mitigation plans. The focus for the next year is embedding the ERM in the strategy and planning processes through a series of communication and consultation meetings across the Group. RiskMonitoring andReporting Regular review of risk status, including changes to the risk environment and implementation progress against agreed actions. Risk reporting is the creation of useful management information that can be used to inform business decision making and prioritisation of resources Semi-annual reportingto executivecommittee Departmental Risk Registers and Corporate Risk Register Annualreporting totheaudit committee/board: Corporate Risk Register COMMUNICATIONANDCONSULTATION CorporateRisk Register DepartmentRisk Registers Escalate significant risks to add to Corporate Risk Register and update progress on existing corporate risks