Integrating risk management in our business planning

Cenovus is exposed to a number of risks as we pursue our strategic objectives, some of which impact the energy industry as a whole and others that are unique to our operations. Effective risk management helps ensure consistent and reliable execution of our strategy and major business objectives.

Our Enterprise Risk Management (ERM) Policy outlines expectations for the identification, measurement, prioritization and management of risk across Cenovus. The policy, which is approved by our Board of Directors, defines our risk management principles as well as the roles and responsibilities of all staff. As part of our risk management program, we have supporting standards, procedures and risk assessment tools. This risk management framework is embedded as a core component into our management system and contains the key attributes of the ISO 31000 – Risk Management Guidelines and COSO Enterprise Risk Management –Integrating with Strategy and Performance. The results of our enterprise risk management program are documented in an annual risk report presented to the Board as well as through regular updates.

By leveraging risk management, we’re better able to make informed decisions, prioritize capital and improve business and operating performance. As part of our strategy and business planning cycle, we identify risks that might prevent us from meeting our objectives. Risks are assessed considering the potential health and safety, operational, financial, environment and regulatory and reputational impacts in the context of our risk appetite. Risks are analyzed and prioritized based on impact and likelihood, and decisions are made based on this analysis. We also monitor our risk profile and review industry best practices throughout the year to watch for changes in operating conditions to determine if risks need to be reassessed.