Corporate Governance
Risk Identification and Management SaskEnergy has a formal Enterprise Risk Management Policy that was developed by management and approved by the Board of Directors. SaskEnergy’s risk management process is designed to identify potential events that may impact SaskEnergy and manage the risk presented within accepted tolerance levels. Senior management holds primary responsibility for identifying inherent risks, and for designing and implementing mitigation initiatives. The Board expects management to use appropriate controls to manage risk and delegate responsibility and authority as required. Introduction of key risk assessment and disclosure reporting changes on processes related to climate change risks, and oversight afforded to these risks, are expected through additional governance guidance and training. Each year, the Board and senior management independently follow a process led by Internal Audit to identify and prioritize significant risks. The Director of Audit Services prepares a report summarizing the independent risk assessments completed by the Board and management. This report is discussed at a Board meeting where senior management and the Board align on corporate risks and the plans to mitigate or manage the residual risks. Through the Corporate Plan, the Corporation implements plans to address key risks. The Board monitors the risk management programs and oversees the implementation of appropriate systems to manage identified risks either directly, or through the Audit and Finance Committee. The Audit and Finance Committee regularly reviews Audit Services’ reports and discusses significant risk areas with the internal and external auditors. The sale of a variety of ‘non-core’ assets to streamline and focus corporate activity has also led to the transfer of environmental liabilities and risk mitigation. Cyber Security Risk SaskEnergy relies on its information and operations technology systems to safely and efficiently operate corporate assets, and to protect corporate data and personal information. These systems are subject to cyber security risks. Cyber security risks include, but are not limited to, targeted attacks, exposure to computer viruses, and breaches of corporate and personal information within technology systems managed by internal and external parties. A cyber security event could expose the Corporation to loss or misuse of critical data and information leading to property damage, disruptions to its operations, privacy breaches, loss of confidentiality and financial or reputational losses.
has a Whistleblower Policy in place, which sets out a formal process for the reporting, investigation and appropriate follow-up for actual or potential wrongdoing. The Public Interest Disclosure Act provides employees with an additional mechanism to disclose wrongdoing. In addition, SaskEnergy’s Owner requires disclosure to the police and to the Board, CIC Board, and Minister of all losses greater than $500, pursuant to the Reporting of Losses Policy and processes. Compliance with the Code is reinforced through mandatory training of all employees, and confirmed through the use of an online tool. The Code and the Whistleblower and Reporting of Losses policies are posted on the SaskEnergy intranet site for employees, and the Code and Whistleblower policies are on SaskEnergy’s website for public access. A process is also posted on the website for members of the public to contact the Chair of the Environmental, Social and Governance Committee of the Board, in confidence, to report any potential violation of the Code or Whistleblower Policy. Management monitors and reports on any issues arising under the Code annually, the Whistleblower Policy semi- annually, and the Reporting of Losses Policy quarterly, to the Environmental, Social and Governance and Human Resources and Safety committees, which are charged with oversight of compliance with these policies. In addition to the Code, SaskEnergy’s Directors are required to abide by CIC’s Directors’ Code of Conduct. The Environmental, Social and Governance Committee, appointed as Ethics Advisor for this purpose, is required to administer, monitor and enforce the Directors’ Code of Conduct, which includes reporting annually to the Board concerning compliance. It is also standard procedure to commence all Board and Committee meetings with an in-camera agenda item providing Directors with an opportunity to declare any conflicts of interest or any changes to outside employment or directorships they hold that may create a potential or perceived conflict of interest. Upon appointment, Directors declare directorships on, and material interests in, other business and any material contract entered into with SaskEnergy or its subsidiaries to the Environmental, Social and Governance Committee, which works proactively to address any potential conflicts of interest. Agenda items are monitored by management, and those containing any item that a Director has disclosed a material interest in are not distributed to the Director. Likewise, any Director subject to CIC’s Protocol Regarding Lawyers Serving on Subsidiary Crown Corporation Boards of Directors will recuse themselves from consideration of any item creating a potential conflict of interest. This reporting period there were no waivers granted by the Board to any Directors or Officers authorizing non-compliance with these policies.
p.6
Made with FlippingBook Ebook Creator