PDF《Enterprise Risk Management》

39 Principalrisks TheBoardandmanagement are committedto an effectiveandproactiveapproachto riskmanagement asatooltoenhanceshareholdervalue. The Board is ultimately responsible for risk management within the Group in accordance with corporate governance requirements and provides oversight of the strategic direction of the business. Oversight of risk management at corporate level takes place through reporting to the Audit Committee and the Board annually. Risk Owners assess the risks and evaluate the mitigating factors and progress of planned improvements quarterlywhile reporting to the Executive Committee at department level semi-annually. TheAudit Committee and management work closely to ensure that risk management remains relevant, is periodically reviewed to complywith the approved policy and ensure it is working effectively. In addition, to ensure that management of risk is an integral part of our activities across the Group and the action plans to mitigate their impact on the business are implemented. Risk Owners at department level are responsible and accountable for overall management of risks in their respective areas of responsibilities. Significant risks are identified, assessed, monitored and reported to the Executive Committee and are ultimately reviewed by theAudit Committee. Mitigating factors and planned improvements are discussed and implemented to manage these risks. The Board recognises that risk management is an ongoing process and, while significant steps have been taken in the past, it is expected that the risk framework adopted in

2012 will improve risk monitoring. However, the implementation process will take place over a number ofyears and so the integration of risk management with business plans and objectives will continue during

2014 with a view to further refining and enhancing the process. As is consistent with best practices for the industry, the Dragon Oil Control Framework document was reviewed in

2013 to ensure the relevancy of the key elements of controls. Policies and procedures aimed at managing the strategic, operational, financial and compliance risks inherent in our business exposures are developed. The application and consistency of these policies and procedures are regularly reviewed by the Group'

s Internal Audit function, and are then overseen by and reported to the Audit Committee, who are ultimately responsible for reporting on the same to the Board. Key risks for the business We recognise that managing risks requires a continuous effort from the organisation. Our risk management strategy is to embed risk identification, assessment, monitoring and reporting into the decision making processes. Our Corporate Risk Register is compiled across the Group through a top down and bottom up review process. Those risks identified as critical and potentially affecting our employees, reputation, operations, performance and assets needed to deliver the Group'

s strategic goals and targets are identified and recorded through this process. During the year we have reviewed, identified and assessed the risks the Group faces. The risks are grouped into four categories: strategic, operational, financial and compliance-related. The principal risks and uncertainties, together with mitigating actions, are set out in the table opposite.

40 RISKDESCRIPTION MITIGATION Limitedexport routesforour entitlement shareofcrude oilproduction TheisolatedgeographyofTurkmenistancoupledwith regionalgeopolitics,particularlyvariousinternational sanctionsagainstIran,meansthatDragonOilcurrently haslimitedmarketingroutesforitsshareofcrudeoil production.AlltheGroup'