Enterprise Risk Management
Identifying, prioritizing and monitoring risk
Systematically identifying and managing economic, operational and reputational risks to our business is essential to Devon’s efforts to deliver results safely, ethically and responsibly. The Devon board of directors has primary responsibility for risk oversight, and each director has experience in risk management.
As part of this oversight role, the board helps ensure that our risk management programs are designed and implemented appropriately. Four standing board oversight committees consider the risks inherent in their areas of oversight and update the full board. The Devon management team, in turn, executes the board’s risk management directives. This includes overseeing and reporting on Devon’s day-to-day efforts to manage strategic, financial, operational, market, ESG, EHS and other business risks.
The head of our internal audit group reports directly to the board’s Audit Committee, and receives additional guidance from our executive vice president and chief financial officer. The internal audit director is certified in risk management assurance by the Institute of Internal Auditors and leads a team of professionals who hold 20 different certifications in public accounting, internal auditing with a risk management component, fraud examination, cybersecurity and other specializations.
Maintaining awareness of business risk
An important step in our enterprise risk management process is the annual analysis during which the board, management and subject matter experts across the company consider the likelihood that certain risks could cause economic or reputational damage to Devon. We also consider the level of preparedness for each risk. This analysis helps us determine the material risks to our business.
Our process includes exercises and workshops with employees focused on various risk mitigation strategies. Leaders from multiple work disciplines are involved in these workshops to help us identify new and emerging risks and maintain awareness of business risk across the organization. In 2021, we evaluated the risk management processes of our legacy companies and incorporated best practices from both companies into our go-forward process, including our series of risk management exercises and workshops.
For a more detailed discussion of Devon’s material risks, please see our Annual Report on Form 10-K for the year ended Dec. 31, 2020.