containing any item that a Director has disclosed a material interest in are not distributed to the Director. Likewise, any Director subject to CIC’s Protocol Regarding Lawyers Serving on Subsidiary Crown Corporation Boards of Directors will recuse themselves from consideration of any item creating a potential conflict of interest. This reporting period there were no waivers granted by the Board to any Directors or Officers authorizing non-compliance with these policies. Risk Identification and Management SaskEnergy has a formal Enterprise Risk Management Policy that was developed by management and approved by the Board of Directors. SaskEnergy’s risk management process is designed to identify potential events that may impact SaskEnergy and manage the risk presented within accepted tolerance levels. Senior management holds primary responsibility for identifying inherent risks, and for designing and implementing mitigation initiatives. The Board expects management to use appropriate controls to manage risk and delegate responsibility and authority as required. Each year, the Board and senior management independently follow a process led by Internal Audit to identify and prioritize significant risks. The Director of Audit Services prepares a report summarizing the independent risk assessments completed by the Board and management. This report is discussed at a Board meeting where senior management and the Board align on corporate risks and the plans to mitigate or manage the residual risks. Through the Business Plan, the Corporation implements plans to address the key risks. The Board monitors the risk management programs and oversees the implementation of appropriate systems to manage identified risks either directly, or through the Audit and Finance Committee. The Audit and Finance Committee regularly reviews the Audit Services reports and discusses significant risk areas with the internal and external auditors. Cyber Security Risk SaskEnergy relies on its information and operations technology systems to safely operate corporate assets. These systems are subject to cyber security risks. Cyber security risks include but are not limited to targeted attacks, exposure to computer viruses and breaches of Corporate information and technology systems by internal or external parties. A cyber security event could expose the Corporation to loss or misuse of critical data and information leading to property damage, disruptions to its operations, loss of confidentiality and financial or reputational losses. In order to manage cyber risk, SaskEnergy has developed a cyber security strategy whereby the Corporation tests its systems, build controls and conducts investigations. SaskEnergy has proactive continuous monitoring of its systems in order to identify and address malicious activity, as well as potential or emerging threats.
Integrity and Ethics SaskEnergy promotes a strong culture of ethical business conduct at all levels of the Corporation. The Board has approved and adopted a written Code of Business Conduct and Ethics (the Code) that applies to employees, officers and Directors of SaskEnergy. The Code, designed to promote integrity and deter wrongdoing, is based on values of fairness and honesty, equal treatment and accountability. It provides guidelines on handling information and protecting or using corporate assets, confidentiality, conduct with suppliers and customers, business hosting, international business, conflicts of interest, compliance with laws and policies, and reporting. To further promote public confidence in the integrity of SaskEnergy and its employees, a Whistleblower Policy was adopted, which sets out a formal process for the reporting, investigation and appropriate follow-up for actual or potential wrongdoing. The Public Interest Disclosure Act provides employees with an additional mechanism to disclose wrongdoing. In addition, SaskEnergy’s Owner requires disclosure to the police of all losses in excess of $200, and disclosure to the Board, CIC Board, and Minister of all losses over $500, pursuant to the Reporting of Losses Policy and processes. Compliance with the Code is reinforced through mandatory training of all employees, and confirmed through the use of an online tool. The Code and the Whistleblower and Reporting of Losses Policies are posted on the SaskEnergy intranet site for employees, and the Code and Whistleblower Policies are on SaskEnergy’s website for public access. A process is also posted on the website for members of the public to contact the Chair of the Governance and Social Responsibility Committee of the Board, in confidence, to report any potential violation of the Code or Whistleblower Policy. Management monitors and reports on any issues arising under the Code annually, the Whistleblower Policy semi-annually, and the Reporting of Losses Policy quarterly, to the Governance and Social Responsibility and Human Resources and Safety Committees, which are charged with oversight of compliance with these policies. In addition to the Code, SaskEnergy’s Directors are required to abide by CIC’s Directors’ Code of Conduct. The Governance and Social Responsibility Committee, appointed as Ethics Advisor for this purpose, is required to administer, monitor and enforce the Directors’ Code of Conduct, which includes reporting annually to the Board concerning compliance. It is also standard procedure to commence all Board and Committee meetings with an in-camera agenda item providing Directors with an opportunity to declare any conflicts of interest or any changes to outside employment or directorships they hold that may create a potential or perceived conflict of interest. Upon appointment, Directors declare directorships on, and material interests in, other business and any material contract entered into with SaskEnergy or its subsidiaries to the Governance and Social Responsibility Committee, which works proactively to address any potential conflicts of interest. Agenda items are monitored by management, and those
81
2016-17 ANNUAL REPORT SASKENERGY
Made with FlippingBook Ebook Creator