Management Systems

Our board of directors and its committees oversee corporate risk management, while Marathon Oil executive and senior management is responsible for day-to-day risk management at the enterprise level. Each board committee has specific risk oversight responsibilities:

• The Audit and Finance Committee annually reviews our Enterprise Risk Management (ERM) process, the latest assessment of risks and key mitigation strategies. It regularly reviews risks associated with financial and accounting matters and reporting; financial strategies and capital structure; and operational risks, including cybersecurity. The committee also monitors compliance with legal and regulatory requirements and internal control systems.
• The Corporate Governance and Nominating Committee reviews the board’s and company’s governance policies and procedures to ensure adherence to best practices and legal requirements. This committee also reviews director succession planning and committee assignments to leverage the directors’ skills and backgrounds in the best interests of the company.
• The Compensation Committee reviews the executive compensation program to prevent excessive risk-taking, along with our incentive compensation program and succession plans to promote best practices for talent retention and development.
• The Health, Environmental, Safety and Corporate Responsibility (HES&CR) Committee regularly reviews and oversees operational risks, including those relating to climate change, HES and security. It reviews risks associated with global social, political and environmental trends, issues and concerns that affect, or could affect, our business activities, performance or reputation.

Our board receives regular updates from these committees and reviews additional strategic risks not specifically within the purview of any particular committee. Key risks associated with the strategic plan are reviewed annually at our board’s strategy meeting and periodically throughout the year.

Marathon Oil employs an ERM process to identify and manage the most significant risks to our business. Led by treasury and internal audit, the rigorous process includes group interviews with senior leaders and key personnel in their organizations, biannual internal risk assessments and risk-owner meetings, in addition to an annual board update and discussion. Feedback from the board and senior managers serves as an input into strategy discussions. Enterprise risks are managed through existing and new mitigations and controls supported by the Marathon Oil business plan. ERM ensures accountability by validating risk controls and mitigations, and includes metrics where useful and practicable. ERM roles and responsibilities are identified for clear oversight and accountability.

ERM identifies and evaluates risk based on the impact to the organization from an enterprise value perspective and from the perspective of our employees, customers, suppliers, communities where we operate and other stakeholders. Each identified enterprise risk has an owner and an assessor to ensure ownership, accountability and transparency. The ERM risks identified for 2021 are below:

Marathon Oil describes our material risks in our forward-looking statement disclosures, in our Annual Report on Form 10-K, our Quarterly Reports on Form 10-Q, other public filings and press releases. These resources are available at www.marathonoil.com.

The Responsible Operations Management System (ROMS) is the framework we use to drive continuous improvement and regulatory compliance and reduce operational risk across Marathon Oil. Business units must meet the minimum standards for HES&S performance set within ROMS.

The ROMS ownership structure assures accountability and transparency and promotes knowledge sharing across the enterprise. An executive steering committee oversees ROMS implementation, with business unit-level ROMS committees further driving accountability. Each ROMS element, as set forth below, has an executive owner, technical advisors and subject-matter experts who drive progress.

Mandatory health, environmental, safety and security (HES&S) policies, standards and procedures drive consistency, communicate expectations and set performance requirements across Marathon Oil. Our policies and standards cover a range of activities including: Stop Work Authority, Event Management, Control of Hazardous Energy and Hot Work. We update our standards to reflect changes in laws or regulations, incorporate recommendations arising from audits and incident investigations, and share lessons learned to drive continuous improvement in HES&S performance.

Through sharing of lessons learned and contractor engagement, we raise awareness of our requirements among employees, contractors and suppliers.

The ROMS Audit and Improvement element promotes adherence to our standards and regulatory requirements that focus on:

• Tier I: Physical checks of facilities and equipment to ensure conditions are satisfactory.
• Tier II: Risk-based audit to monitor effectiveness of processes, procedures and systems.
• Tier III: Management system audit to determine conformance and effectiveness of management system expectations.

Business units develop plans to address audit findings, track the plans through completion of corrective actions and share lessons learned. Key audit findings and trends are communicated to HES&S leadership and executive management, who then set priorities to seek solutions for gaps or issues that are identified.