Enterprise Risk Management

Identifying and managing material risks

Systematically identifying and managing economic, operational and reputational risks to our business is essential to Devon’s efforts to deliver results safely, ethically and responsibly.

The Devon board of directors has primary responsibility for risk oversight, and each director has experience in risk management. The board’s four standing committees consider the current and emerging risks inherent in their areas of oversight and update the full board. Our management team oversees and reports to the board on the company’s day-to-day efforts to manage strategic, financial, operational, market, ESG, EHS and other risks to our business. In addition, management executes the board’s and committees’ risk management directives.

Our vice president of internal audit, who manages our enterprise risk management (ERM) process, reports directly to the board’s Audit Committee and receives additional guidance from our executive vice president and chief financial officer. The internal audit vice president is certified in risk management assurance by the Institute of Internal Auditors and leads a team of professionals who hold 23 different certifications in accounting, internal auditing, risk management, fraud examination, cybersecurity and other specializations.

Our ERM framework includes an annual risk analysis to help us determine the material risks to our business. The board, management and subject matter experts across the enterprise consider the likelihood that certain risks could cause economic or reputational risk to the company, as well as our level of preparedness for each risk. During this analysis, leaders from multiple work disciplines participate in exercises and workshops to help us identify new and emerging risks and maintain awareness of business risk across Devon.

Devon added climate change as a standalone risk category in June 2022 to help ensure we continue to adequately monitor and mitigate climate-related risks. Previously, climate change was a facet of other risk categories.

Risk management workshops

Risk review is a year-round process at Devon that includes an internal stakeholder survey annually in the summer. Through May 2023, we plan to hold workshops to examine our risk management practices for the top ten individual risk categories and to review lower-risk categories identified in our 2022 survey. The workshop results will guide our efforts to manage risk effectively going forward.

Please see our Annual Report on Form 10-K for the year ended December 31, 2022, for a more detailed discussion of Devon’s material risks.

As an energy producer, we believe that strong governance of corporate climate risk is foundational to supporting climate action. At Devon, climate-related issues are managed by formal corporate management structures, including board level oversight, and are integrated into our enterprise risk management system. For example, active risk management led us to set our first methane reduction target (beyond regulatory requirements) in 2019 and additional aggressive, board-approved environmental targets in 2021. Read more about our targets and other climate tactics in the Environment section, our CDP Climate disclosures and our Climate Change Assessment Report.