SaskEnergy 2018-19 Annual Report

MANAGEMENT’S DISCUSSION AND ANALYSIS

RISK MANAGEMENT AND DISCLOSURE SaskEnergy is subject to a number of risks in the transmission, storage, distribution and sale of natural gas. The Corporation’s effectiveness at managing risk directly affects its performance. The nature of natural gas, and the operation of high pressure gas lines, means that risk management is a critical operational focus for all employees at SaskEnergy. SaskEnergy’s approach to risk management is to thoroughly examine its operating activities to identify existing and emerging risks, effectively communicate those risks throughout the organization and actively manage them through its Enterprise Risk Management (ERM) process. SaskEnergy undertakes annual risk assessments that are used as inputs to the strategic and business planning process. The ERM process establishes roles and responsibilities as well as a general strategy for the Corporation to manage its risks. While risk management is the responsibility of all levels of management, the Board of Directors and Executive Committee set the tone and provide leadership direction for the ERM process. The Executive Committee is responsible for formally identifying strategic risks that impact the Corporation’s goals, participating in the risk assessment process and developing strategic risk management plans. As many of the risks facing the organization evolve, the Corporation’s risk management plans remain adaptive and flexible in addressing risks. The Board of Directors is responsible for the risk management policy and framework. The Board oversees risk management efforts by reviewing annual reports on risk management processes and controls, and ensuring that key corporate initiatives appropriately address the identified risks. At the beginning of the fiscal year, the following risks were identified as requiring strategic focus: Natural Gas Line, Facility or Operational Failure Natural gas line, facility or operational failure could disrupt the effective operation of SaskEnergy’s infrastructure, and have potentially negative effects on employee and public safety, the environment and customers. Operational hazards include severe weather conditions, fire, human error, mechanical failures, third-party gas line encroachment, hazardous materials, and acts of civil disobedience and sabotage.

The occurrence of any of these events, many of which are not within control of the Corporation, could increase operating costs or reduce revenues. Some of the primary processes used to mitigate the Corporation’s facility and operational risks include system integrity programs, public awareness and safety programs, employee and operator training, as well as environmental policies and procedures. The financial impacts of these risks are also mitigated, where possible and appropriate, through insurance. Cyber, Physical and Operational Security Cyber security comprises technologies, processes and controls that are designed to protect systems, networks and data from cyber-attacks. Effective cyber security reduces the risk of cyber-attacks, and protects corporate data and personal information from the unauthorized exploitation of systems, networks and technologies managed by internal and external parties. Cyber-attacks can disrupt and cause considerable financial and reputational damage to even the most resilient organization. A cyber-attack could have a cascading effect on the Corporation, including a loss or misuse of critical data and information leading to asset or revenue losses, damage to reputation and personal data breaches, which leads to further complications such as regulatory fines, litigation and significant costs of remediation. Physical security measures are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm. Physical security is the protection of personnel, hardware, software, networks and data from physical actions and events that could cause serious loss or damage to the Corporation. This includes protection from fire, flood, natural disasters, burglary, theft, vandalism and terrorism. Operational security is a risk management process that encourages managers to view operations from the perspective of an adversary in order to protect sensitive information from falling into the wrong hands. Strategic initiatives undertaken to mitigate cyber, physical and operational risks include business continuity and disaster recovery plans, information technology security processes and a security threat response plan.

34

Made with FlippingBook Ebook Creator