Governance and Risk Management

Safety, asset integrity, environmental stewardship, and community and stakeholder relations are all part of our governance and risk management processes. Senior Management supports our teams by ensuring adequate resources are in place to implement programs, maintain documentation and conduct training. 

The Health and Safety, Asset Integrity, Environment, Stakeholder and Indigenous Relations and Community Investment groups report on a regular basis to Senior Management in the Environment, Social and Governance (ESG) Committee, who in turn provide updates to the Heath Safety, Asset Integrity and Environment (HSAI&E) Committee of the Board. Progress is tracked regularly and shared across all levels of employees.

Alignment of Performance to Executive Pay

Directors on the Compensation Committee of the Board oversee alignment of executive compensation with performance under set categories which include sustainability metrics related to safety, asset integrity and environmental performance. More information on Canadian Natural’s Board Committees and the Performance Scorecard section are available in the Management Information Circular, including the Board’s expertise and experience in Schedule A. Our corporate governance policies are available here.

Managing Risk

Enterprise Risk Management (ERM) Framework

Canadian Natural uses a multidisciplinary Enterprise Risk Management (ERM) framework to identify, assess, and mitigate risks. Our ERM framework is used to capture, monitor and report the status of relevant current and emerging risks, through a top-down, bottom-up process that includes Board oversight, internal reporting and working together with stakeholders, such as landowners, investors, industry groups, etc. 

The ERM framework incorporates a matrix approach to risk assessment that categorizes and aligns risks across operational areas, allowing teams to better understand those risks and their impacts, and implement mitigation measures. 

Summaries of corporate risk, including climate-related and operational risks, are provided in the corporate enterprise risk register and reported to the Nominating, Governance and Risk Committee of the Board twice a year. To ensure proper accountability of risk, this semi-annual report includes an assessment of the inherent risk areas, mitigating action plans and the Board or Management Committees that have oversight and management responsibilities for each risk. 

Our risk processes include an assessment of the significance and scope of identified existing and emerging climate-related risks. We use an Enterprise Risk Matrix to determine likelihood (probability) and impact of risks, and classify them as High, Moderate, or Low. This process helps us prioritize climate-related risks and determine materiality.

Protecting Against Cyber Security Threats

Safety is a core value at Canadian Natural and we view protection against cyber security threats as an important element of safeguarding the wellbeing/privacy of employees and securing assets across the Company. A successful cyber attack has the potential to cause operations downtime, reputational damage, lost revenue, and a significant amount of time and cost to recover information.

Our most common cyber threat comes in the form of phishing emails, by which cyber criminals hope to steal employee credentials to access our systems. Canadian Natural has put a strong emphasis on employee education and training in recent years so phishing threats can be quickly recognized and reported. We also work continuously with a service provider that tests the integrity of our public facing cyber services. Their findings allow us to identify potentially vulnerable areas of the system and fix them before harm can be caused.