Enterprise Risk Management

Identifying, prioritizing and monitoring risk

Systematically identifying and managing economic, operational and reputational risks to our business is essential to Devon’s efforts to deliver results safely, ethically and responsibly.

The Devon board of directors has primary responsibility for risk oversight, and each director has experience in risk management. The board’s four standing committees consider the current and emerging risks inherent in their areas of oversight and update the full board. Our management team oversees and reports to the board on the company’s day-to-day efforts to manage strategic, financial, operational, market, ESG, EHS and other risks to our business. In addition, management executes the board’s and committees’ risk management directives.

Our internal audit director, who manages our enterprise risk management (ERM) process, reports directly to the board’s Audit Committee and receives additional guidance from our executive vice president and chief financial officer. The internal audit director, is certified in risk management assurance by the Institute of Internal Auditors and leads a team of professionals who hold 22 different certifications in accounting, internal auditing, risk management, fraud examination, cybersecurity and other specializations.

Our ERM framework includes an annual risk analysis to help us determine the material risks to our business. The board, management and subject matter experts across the enterprise consider the likelihood that certain risks could cause economic or reputational risk to the company, as well as our level of preparedness for each risk. During this analysis, leaders from multiple work disciplines participate in exercises and workshops to help us identify new and emerging risks and maintain awareness of business risk across Devon.

During our post-merger integration in 2021, we evaluated every risk category, as well as the risk management processes of both legacy companies, and incorporated best practices from each into our ERM process.

In June 2022, climate change, which previously was a facet of other risk categories, was added as a standalone risk category to help ensure we continue to adequately monitor and mitigate climate-related risks.

Risk review is a year-round process and we plan to review individual risk categories again during workshops in 2023.

Please see our Annual Report on Form 10-K for the year ended December 31, 2021, for a more detailed discussion of Devon’s material risks.

As an energy producer, we believe that strong governance of corporate climate risk is foundational to supporting climate action. At Devon, climate-related issues are managed by formal corporate management structures, including board level oversight, and are integrated into our enterprise risk management system. For example, active risk management led us in 2019 to set our first methane reduction target (beyond regulatory requirements). Read more about our targets and other climate tactics in the Environment section and our CDP Climate disclosures.