Cenovus is exposed to a number of risks as we pursue our strategic objectives, some of which impact the oil and gas industry as a whole and others that are unique to our operations. Effective risk management helps ensure consistent and reliable execution of our strategy and major business objectives.

Our Enterprise Risk Management Policy (ERM) outlines expectations for the identification, measurement, prioritization and management of risk across Cenovus. The policy, which is approved by our Board, defines our risk management principles as well as the roles and responsibilities of all staff. As part of our risk management program, we have supporting practices, procedures and risk assessment tools. This risk management framework is embedded as a core component into our management system (read more about the Cenovus Operations Management System below) and contains the key attributes recommended by the International Standards Organization (ISO) in its ISO 31000 – Risk Management Principles and Guidelines. The results of our enterprise risk management program are documented in an annual risk report presented to the Board as well as through quarterly updates.

By leveraging risk management, we’re better able to make informed decisions, prioritize capital and improve business and operating performance. As part of our strategy and business planning cycle, we identify risks that might prevent us from meeting our objectives. Risks are assessed considering the potential health and safety, operational, financial, environment and regulatory or reputational impacts in the context of our risk appetite. Risks are analyzed and prioritized based on impact and likelihood, and decisions are made based on this analysis. We also monitor and review our risk profile throughout the year to watch for changes in operating conditions to determine if risks need to be reassessed.

Risk Management Framework
Our approach to risk management begins with our Board-approved policy, which informs our Risk Management Framework. The framework is embedded into various standards, practices, processes and risk assessment tools we use across the company.