Management Systems

Marathon Oil employs the Enterprise Risk Management (ERM) process to identify and effectively manage our most significant risks. Oversight and management of identified risks is continuous throughout the year as business units conduct risk assessments, and risk champions review and monitor the assessments. ERM ensures accountability by validating risk controls, with metrics where possible. The ERM process works in concert with the Responsible Operations Management System (ROMS), which drives continuous improvement and reduces operational risk across the enterprise.

ERM identifies and evaluates risk based on likelihood and consequence. The 10 sub-risks identified for 2019 fall into three categories.

Our board of directors and its committees oversee risk management, while Marathon Oil management is responsible for day-to-day risk management. Board members have skills that enhance their ability to assess risk, including chief executive experience, financial oversight/accounting, engineering expertise, public policy and regulations, health, environmental and safety (HES), international experience, information technology and risk management. Our CEO, CFO, and a committee of executive officers and senior managers work across the business to manage each enterprise-level risk.

Each board committee has specific risk oversight responsibilities:

• The Audit and Finance Committee annually reviews our ERM process and the latest assessment of risks and key mitigation strategies. It regularly reviews risks associated with financial and accounting matters and reporting. It reviews operational risks, including cybersecurity, monitors compliance with legal and regulatory requirements and internal control systems, and reviews risks associated with financial strategies and the company’s capital structure.
• The Compensation Committee reviews the executive compensation program to ensure it doesn’t encourage excessive risk-taking. It also reviews our executive compensation, incentive compensation and succession plans to ensure we have appropriate practices in place to support the retention and development of the talent necessary to achieve our business goals and objectives.
• The Health, Environmental, Safety and Corporate Responsibility (HES&CR) Committee regularly reviews and oversees operational risks, including those relating to HES, security and climate change. It reviews risks associated with social, political and environmental trends, issues and concerns, domestic and international, which affect or could affect our business activities, performance and reputation.

Our board receives regular updates from these committees about their activities, and reviews additional risks not specifically within the purview of any particular committee, including risks of a more strategic nature. Key risks associated with the strategic plan are reviewed annually at our board’s strategy meeting and periodically throughout the year.

ERM roles and responsibilities are identified for clear oversight and accountability.

During the ERM process, business units assess and monitor risks via ROMS, business risk assessments and biannual ERM risk assessments. The process includes internal audit interviews with senior leaders, biannual internal risk champion meetings, and an annual board update and discussion. Feedback from the board and senior managers serves as an input into strategy discussions. Enterprise risks are managed through existing and new mitigations and controls supported by the Marathon Oil business plan.

Marathon Oil describes our material risks in our forward-looking statement, and challenges and uncertainties in our Quarterly Reports on Form 10-Q, other public filings and press releases, available at www.marathonoil.com. Based on shareholder feedback, Marathon Oil will undertake an analysis of risks related to climate change. We expect to release a report on our analysis by year-end 2019.

The Responsible Operations Management System (ROMS) is the framework to drive continuous improvement, ensure regulatory compliance and reduce operational risk across Marathon Oil. Business units must meet the minimum standards set within ROMS to support our commitment to high expectations of HES&S performance.

The ROMS ownership structure assures accountability and transparency, and promotes knowledge sharing across the enterprise for continuous improvement. An executive steering committee oversees ROMS implementation, with business unit-level ROMS committees further driving accountability. Each of the 14 elements has an executive owner, technical advisors and subject-matter experts who drive progress.

In 2018, assets focused on compliance by completing the gap actions identified in response to new standards issued in 2016-2017. Transitioning to continuous improvement in the form of annual health reviews of each element was a primary achievement of the year. These element health reviews collected valuable feedback from each business unit to mature the enterprise-wide management system. One notable output from this process was a project to refresh our Life Critical Expectations & HES Beliefs. We also began a strategic initiative to standardize resource play documentation to assist asset personnel in supporting safe, clean and responsible operations.

As part of our continuous improvement program, the North Dakota Bakken and New Mexico Permian Basin assets will undergo a Tier III audit incorporating learnings from the 2018 audits of Equatorial Guinea and our Oklahoma asset.