Enterprise Risk Management

Identifying and managing material risks

Systematically identifying and managing economic, operational and reputational risks to our business is essential to Devon’s efforts to deliver results safely, ethically and responsibly.

The Devon board of directors has primary responsibility for risk oversight, and each director has experience in risk management. The board’s four standing committees consider the current and emerging risks inherent in their areas of oversight and update the full board. Our management team oversees and reports to the board on the company’s day-to-day efforts to manage strategic, financial, operational, market, ESG, EHS and other risks to our business. In addition, management executes the board’s and committees’ risk management directives.

Our vice president of internal audit, who manages our enterprise risk management (ERM) process, reports directly to the board’s Audit Committee and receives additional guidance from our executive vice president and chief financial officer. The internal audit vice president is certified in risk management assurance by the Institute of Internal Auditors and leads a team of professionals who hold 25 different certifications in accounting, internal auditing, risk management, fraud examination, cybersecurity and other specializations.

Identifying and managing material risks

Our ERM framework includes an annual risk analysis and survey to help us determine the material risks to our business. The board, management and subject matter experts across the enterprise consider the impact and likelihood that certain risks could cause economic or reputational risk to the company, as well as our level of preparedness for each risk. During this analysis, leaders from multiple work disciplines participate in exercises and workshops to help us identify new and emerging risks and maintain awareness of business risks across Devon.

Risk management is an ongoing process at Devon that includes an internal stakeholder survey annually in the summer. The survey results guide workshops to examine how we are mitigating the top ten individual risk categories and to review lower-risk categories. The workshops provide an opportunity for management to think not only about how we are managing risks today, but how we will need to think about managing our risks in the future.

Please see our Annual Report on Form 10-K for the year ended December 31, 2023, for a more detailed discussion of Devon’s material risks.

As an energy producer, we believe that strong governance of corporate climate risk is foundational to supporting climate action. At Devon, climate-related issues are managed by formal corporate management structures, including board level oversight, and are integrated into our enterprise risk management system. For example, active risk management led us in 2019 to set our first methane reduction target (beyond regulatory requirements). Read more about our updated target and other climate tactics in the Environment section and our CDP Climate disclosures.