2024-25 Statement of Corporate Governance Practices
Cyber Security Risk SaskEnergy relies on its information and operations technology systems to safely and efficiently operate corporate assets and protect corporate data and personal information. These systems are subject to cyber security risks including, but not limited to, targeted attacks, exposure to computer viruses, and breaches of corporate and personal information within technology systems managed by internal and external parties. A cyber security event could expose the Corporation to loss or misuse of critical data and information, leading to property damage, disruptions to its operations, privacy breaches, loss of confidentiality, and financial or reputational losses. SaskEnergy proactively and continuously monitors its systems to identify and address malicious activity and potential or emerging threats. Business continuity exercises are also conducted regularly. SaskEnergy has developed a cyber security strategy whereby the Corporation tests its systems, builds controls and conducts investigations to manage cyber security risk. This strategy is partly enshrined in the Enterprise Security Policy, SaskEnergy’s Cyber Incident Response Plan, and the Acceptable Use of Technology Policy. In addition, the Corporation has added incremental resources to manage and evaluate cyber risks and privacy processes related to the growing adoption of cloud migration, data analytics and mobile technology. Further, to assist with the proper corporate usage of artificial intelligence (AI) services, while mitigating risks to the organization, SaskEnergy has developed an AI Policy. The policy provides guidance to SaskEnergy employees and contractors on the responsible and efficient use of AI and generative AI tools and services, for positive business outcomes, while minimizing potential risks to the organization. SaskEnergy’s AI Policy provides an overview of the: use of corporately approved AI services; obligations of staff with respect to the ethical and responsible application of AI and Generative AI within SaskEnergy; roles of both staff and managers in AI training and education; commitment to use AI technologies in a way that is transparent, accountable, respectful of privacy, and in line with corporate and regulatory standards; and, responsibilities of employees in the development, maturation, or request of new AI services.
The Integrity of Internal Controls and Management Systems SaskEnergy’s financial statements are prepared following International Financial Reporting Standards (IFRS ® Accounting Standards). As part of the March 31 year- end audit, the external auditors have stated that the Corporation’s financial statements have been prepared following IFRS Accounting Standards. As part of SaskEnergy’s commitment to accountability, the Audit and Finance Committee reviews the financial performance of the Corporation on a quarterly basis. Natural gas purchase transactions and credit risk are reported by management and are actively monitored by the Committee. In addition, the Board and the Audit and Finance Committee receive reports from, and work closely with, internal and external auditors to promote financial transparency and ensure the integrity, effectiveness and adequacy of SaskEnergy’s internal controls and management systems. This includes its Unified Management System (UMS), which aligns corporate pipeline activities, public and worker safety, and environmental protection to promote compliance. The Board sets out limits of authority for expenditures of the Corporation. The expenditures are managed through a series of execution and expenditure authorization policies, which are reviewed regularly by the Board. Some of the limits on authorities are imposed upon both management and the Board through legislation, including Orders in Council, compliance with investment requirements, or changes to The SaskEnergy Act . The Board has also validated and approved a Bright Line Mandate, which is a decision-making matrix that defines the ultimate decision-making body on key matters. According to the directive of CIC, SaskEnergy has a process in place regarding internal controls certification by the CEO and Chief Financial Officer. This process is designed to provide reasonable assurance regarding the effectiveness of SaskEnergy’s internal controls over financial reporting. The Board oversees the annual external audit plan of the appointed external auditor for the audit of the Corporation’s annual financial statements, and the annual internal audit plan carried out by SaskEnergy’s internal audit group. To preserve the independence of the role of the external auditors, the Audit and Finance Committee must pre-approve all non-audit services undertaken by the external auditor following the Corporation’s Non-Audit Services Policy.
8
Made with FlippingBook Ebook Creator