Vermilion’s Enterprise Risk Management Process
Risk associated with climate change has been quantified for each business unit utilizing the Enterprise Risk Management process. This process is utilized to assess implications and identify mitigating measures that are required to limit or reduce risk and potential liabilities to an acceptable and manageable level. Risk is assessed based on the anticipated impact severity and probability of an event occurring in consideration of human, environment, financial and social license to operate. Stakeholders in risk assessment include internal (Board of Directors, Executive, Staff) and external parties (Landowners, NGOs, investors, the general public, industry groups). Vermilion proactively conducts operational and engineering reviews aimed at increasing efficiency, including reducing emissions and monetary expenditure requirements at major facilities.
One of the key roles of the board and company senior leadership is to provide risk oversight for Vermilion, including sustainability-related risks.102-30
As a responsible company, effective risk and crisis management is vital for Vermilion. We use a multi-layered approach to ensure identification, awareness and effective management of our business-related risks, including sustainability risks. This includes identifying business opportunities that may arise from changing conditions.
Our Enterprise Risk Management program enables us to identify and continually monitor risks – including economic, environmental and social risks – defined in the following categories:
Risk is assessed based on the anticipated impact severity and the probability of an event occurring, in consideration of human, environment, financial and social license to operate factors. We use our corporate risk register to assess implications and identify mitigating measures to limit or reduce risk and potential liabilities to an acceptable level. This provides uniformity across the company while allowing for customization in each of our Business Units.
A detailed discussion of our risk factors can be found in our Annual Information Form (pages 57-63), and is aligned with the Task Force on Climate-related Financial Disclosures (TCFD).
Risk Identification: Staff in operations and departments throughout the company feed into this risk framework in their own areas of expertise. This includes our Health, Safety and Environment team, Sustainability team, technical teams and Marketing (Economics) team. 102-31 Our staff also play a key role in identifying potential risk areas through their participation in the anonymous surveys prior to and after our quarterly global town halls. Their feedback and questions are shared with the Executive team, which in turn uses the information to guide strategy discussions, and reports back to staff with responses to concerns, ideas and suggestions raised. The feedback is also communicated to the Board when considered material.
In addition, external stakeholder engagement is used to identify risks that are important to those external to the company, including communities, landowners, investors, government and regulators, NGOs, the public and industry groups.
Risk Management: To manage identified risks, our internal control processes are proactive, and designed to help us achieve our business strategy of delivering modest annual growth in production and cash flow while also providing reliable and growing dividends to our shareholders. Our management approach reflects this, with a 10-year long-range plan that covers business strategy and related goals and objectives.
Risk awareness and management are the responsibility of the Board and the Executive team. Vermilion’s Board independently reviews the effectiveness of our identification and management of risk quarterly, through its four committees. This gets translated into action by our Executive team, through implementation of associated policies and procedures that the Board approves.102-31
Risk identification occurs in several ways. Teams and specialist staff across the business – including HSE, Finance, Governance, Economics and Sustainability - identify risks and work together as needed to assess impact and probability. The results are provided via briefings and advisory services to senior management, the Executive team and the Board of Directors. In the past year, this has included Board briefings and strategy discussions on topics such as Disruptive Technologies (e.g. Electric Vehicle Impact), Energy Storage, Renewable Energy, and Regulatory Changes in Oil and Gas Producing Regions.
Board governance of risks, including economic, environmental and social risks, is self-assessed annually against our corporate performance scorecard indicators. These include both standard industry metrics and internal measures of performance that are compared to plans established by management and approved by the Board of Directors each year. 102-30
Our corporate risk register is reviewed annually, and updated on an as-needed basis.
The Board has responsibility for reviewing all risks, including climate related, and their implications for our business strategy. Our executive team is responsible for the review and management of the Enterprise Risk Management process. These form an integral part of decision making and are documented and regularly reviewed, with appropriate action taken to manage risks to a level as low as reasonably practicable. For each risk case, our technical teams, business unit leadership, executive team and Board of Directors (depending on the risk case) assess the scope and materiality of the risk. These reviews include an assessment of the integrated nature of many risks that span more than one risk category. These assessments feed into our Corporate Risk Register, which provides a consistent framework to ensure the effective tracking of all of our material risks, communication of our risks throughout the organization, as well as the mitigation plans associated with reducing their impact.
Sustainability-related risks and opportunities, including those related to climate, are identified by key staff across our Company, including our Health, Safety and Environment team, Sustainability team, Government and Public Relations teams, and our business unit leaders. All of these employees have significant experience in their fields, and gather a wide array of inputs that inform our analysis. These include research reports, external stakeholder organizations, government policy and regulation discussions, industry initiatives, communities and landowners, and global non-governmental entities.
As part of our ongoing cycle of risk identification, every business unit in 2018 assessed all current identified risk cases to determine where climate-related risk is a contributing factor. These were incorporated into the Corporate Risk Review, and provided to the HSE Committee, including projected timelines and the mitigation or opportunity measures related to them. This process formalizes identification and assessment of climate-related risks and integrates them into the overall Enterprise Risk Management system, supporting the Board’s oversight of climate-related risks and business sustainability.
In 2017 and 2018, to support climate risk identification and management, we also developed a Carbon Liability Assessment Tool, with Scope 1 emissions quantification information and regulatory information for each business unit. We assessed the price of carbon on both a realized cost and shadow pricing basis, and have identified likely carbon pricing scenarios for all areas under our operational control. The Tool provides a screening-level overview of Vermilion’s exposure to this emerging financial risk factor. It also provides the basis for developing carbon liability risk cases for all business units in 2019, supports ongoing identification of carbon opportunities, and supports activities such as business development, taxation review and Marginal Abatement Cost Curve preparation.
In 2019, we will further integrate our sustainability materiality analysis (incorporating issues with impact for both the Company and our key stakeholders) into our Enterprise Risk Management process and Corporate Risk Register.