Management Systems

Identifying and Mitigating Risk

Marathon Oil uses management systems to help identify enterprise, business unit and operational risks, enabling our employees to mitigate issues, leverage opportunities, drive continuous improvement and promote sustainability.

Risk Management: Roles and Responsibilities

Our board of directors and its committees oversee corporate risk management, while Marathon Oil executive and senior management is responsible for day-to-day risk management at the enterprise level.

Each board committee has specific risk oversight responsibilities:

The Audit and Finance Committee annually reviews our Enterprise Risk Management (ERM) process, the latest assessment of risks and key mitigation strategies. It regularly reviews risks associated with financial and accounting matters and reporting; financial strategies and capital structure; and operational risks, including cybersecurity. The committee also monitors compliance with legal and regulatory requirements and internal control systems.
The Corporate Governance and Nominating Committee reviews the board’s and company’s governance policies and procedures to ensure adherence to best practices and legal requirements. This committee also reviews director succession planning and committee assignments to ensure the directors’ skills and backgrounds are utilized to the best interests of the Company.
The Compensation Committee reviews the executive compensation program to prevent excessive risk-taking, along with our incentive compensation program and succession plans to promote best practices for talent retention and development.
The Health, Environmental, Safety and Corporate Responsibility (HES&CR) Committee regularly reviews and oversees operational risks, including those relating to climate change, HES and security. It reviews risks associated with social, political and environmental trends, issues and concerns, domestic and international, which affect or could affect our business activities, performance and reputation.

Our board receives regular updates from these committees and reviews additional strategic risks not specifically within the purview of any particular committee. Key risks associated with the strategic plan are reviewed annually at our board’s strategy meeting and periodically throughout the year.

ERM roles and responsibilities are identified for clear oversight and accountability as follows:

**Driving Continuous Improvement**
Team members learn more about the ROMS framework

ERM Roles and Responsibilities

Role	Responsibility
Board of directors and committees of the board	Oversight of enterprise risks
Audit and Finance Committee	Oversight of ERM process
CEO and Executive Committee	Management of enterprise risks
CFO	Executive sponsor for ERM
VP and Treasurer	ERM process owner
Internal Audit	Incorporates ERM risks and mitigations into the annual Internal Audit Plan
Risk Owners	Ownership and accountability of particular ERM risks

Enterprise Risk Management

Marathon Oil employs the ERM process to identify and effectively manage the most significant risks to our business. Led by treasury, the process includes group interviews with senior leaders and key personnel in their organizations, biannual internal risk assessments and risk owner meetings, and an annual board update and discussion. Feedback from the board and senior managers serves as an input into strategy discussions. Enterprise risks are managed through existing and new mitigations and controls supported by the Marathon Oil business plan. ERM ensures accountability by validating risk controls and mitigations, with metrics where possible.

ERM identifies and evaluates risk based on the impact to the organization from an enterprise value perspective and from the perspective of our employees, customers, suppliers, communities where we operate and other stakeholders. Each identified enterprise risk has an owner and an assessor to ensure ownership, accountability and transparency. The risks identified in February 2020, prior to the COVID-19 pandemic, are below:

Identified ERM Risks

Top Risks	Medium Risks	Low Risks
Climate Change	Compliance	Financial Strength
Commodity Price	Cyber	Reserves
EG Sovereign	HES&S	Talent
Regulatory	Operational Execution
Resources	Portfolio

Marathon Oil describes our material risks in our forward-looking statement, in the Risk Factors section of our Annual Report on Form 10-K, our Quarterly Reports on Form 10-Q, and other public filings and press releases. These resources are available at www.marathonoil.com.

Responsible Operations Management System

The Responsible Operations Management System (ROMS) is the framework to drive continuous improvement, ensure regulatory compliance and reduce operational risk across Marathon Oil. Business units must meet the minimum standards for HES&S performance set within ROMS.

The ROMS ownership structure assures accountability and transparency, and promotes knowledge sharing across the enterprise. An executive steering committee oversees ROMS implementation, with business unit-level ROMS committees further driving accountability. Each of the 14 elements has an executive owner, technical advisors and subject-matter experts who drive progress.

Operational Oversight

ROMS ELEMENT	ELEMENT OWNER¹	TECHNICAL ADVISOR²
Leadership and Accountability	SVP, Operations	VP, HES&S
Regulatory Compliance	Regional VP, Permian	HES Manager
Risk Assessment and Management	VP, Operations (Oklahoma and Land)	Corporate HES Training and Risk Manager
Management of Change	RVP, Equatorial Guinea	Corporate HES Training and Risk Manager
Design and Construction	VP, Operations (Bakken and IPO)	Production Manager
Safe Work Practices	VP, HES&S	Corporate Health and Safety Manager
Training and Competency	VP, HES&S	Corporate HES Training and Risk Manager
Operations, Maintenance and Integrity Management	VP, Operations (Bakken and IPO)	Surface Solutions Manager
Operational Readiness	Operations Director	HES Manager
Emergency Preparedness and Community Awareness	VP, Operations (Oklahoma and Land)	Corporate Security and Emergency Preparedness Manager
Event Management	RVP, Eagle Ford	Corporate Health and Safety Manager
Third-Party Services	Operations Director	HES Manager
Governance and Document Control	Production Manager	ROMS Coordinator
Audit and Improvement	SVP, Operations	HES Manager

¹Sets priorities and expectations, and tracks and reports progress to Steering Committee

²Facilitates element implementation and monitors progress

HES&S Policies, Standards, Practices and Audits

Mandatory health, environmental, safety and security (HES&S) policies, standards and procedures drive consistency across Marathon Oil, communicate expectations and set performance requirements. Our policies and standards cover a range of activities including Stop Work Authority, Event Management, Control of Hazardous Energy and Hot Work. We update the standards to reflect changes in laws or regulations, and incorporate recommendations arising from audits, incident investigations and lessons learned sharing to drive continuous improvement in HES performance.

Through programs such as Lessons Learned Sharing and Contractor Management, we raise awareness of our requirements among employees, contractors and suppliers.

The ROMS Audit and Improvement element promotes adherence to our standards and regulatory requirements that focus on:

Tier I: Physical checks of facilities and equipment to ensure conditions are satisfactory
Tier II: Risk-based audit to monitor effectiveness of processes, procedures and systems
Tier III: Management system audit to determine conformance and effectiveness of management system expectations

Business units develop plans to address audit findings, track the plans through completion of corrective actions and share lessons learned. Key audit findings and trends are communicated to HES&S leadership and executive management, who then set priorities to seek solutions for gaps or issues that are identified.