Sustainability Report
Change font size
Chapter list


6 minute read
Risk management and corporate governance



Good corporate governance practices are a pillar that supports our business. Our activities are guided by ethics, integrity, and transparency. 

We also believe that integrated and proactive risk management is essential for delivering safe and sustainable results. The fundamental principles of our Corporate Risk Management Policy are respect for life in all its diversity, ethical performance in compliance with legal and regulatory requirements, as well as full alignment and consistency with our strategic plan. Risk management is integrated with the guidance of risk response actions that consider the possible impacts on our stakeholders and aimed at adding or preserving shareholder value and business continuity.

Risk management

Our risk management process is coordinated by a corporate area, allowing the standardization and uniformization of our risk analyses and the management of risk responsibilities, which are structured according to a model with three lines. In this model, each group of managers that make up the lines plays a distinct role in the governance structure. This presupposes a set of continuous and integrated activities, supported by a structure that comprises, in practice, the Board of Directors, the Executive Board, members of the general structure and all employees, service providers, and other involved parties.

The organizational units, in conjunction with the Executive Risk Management Department, are responsible for the identification, assessment and treatment of risks. Strategic risks are reported quarterly to the Executive Committe - Risk, Executive Board, Statutory Audit Committee and to the Board of Directors, and high and very high risks are reported monthly to the Statutory Audit Committee. The effectiveness of the risk management process is assessed by the Internal Auditors, a body directly subordinated to the Board of Directors.


Material topic

Main associated events and risk factors[1]

Economic impacts

Differing interpretations and new requirements from regulatory agencies in the company's industry related to, for example, royalties and government participation

Differing interpretations regarding tax legislation or changes in tax law may have an adverse effect on the company's financial condition and on its results

Business integrity

Failure to prevent, detect in a timely manner, or correct behaviors that are inconsistent with our principles ethics and rules of conduct


Violation of human rights in our operations, whether in our workforce, in the communities where we operate, or in our supply chain

Climate resilience, GHG emissions and other gases

Energy transition: Market, regulatory, legal, reputational, and technological risks


Greater demands regarding the transparency of actions related to the transition to low carbon


Fuel restrictions related to pollutant emission levels

Accident prevention and management

Safety, environmental and health risks in our operations and facilities, such as oil spills, product leakage, fires and explosions


Intentional acts such as clandestine diversion, crime, theft, sabotage, roadblocks, and protests


Fluid/hydrocarbon spills and leaks that impact biodiversity

Water and effluents

Water scarcity events and difficulties in obtaining grants for the right to use water resources


Fluid/hydrocarbon spills and leaks that impact water resources.

Waste management and decommissioning

Increased regulatory requirements and stakeholder expectations related to decommissioning projects

Local and traditional communities

Expectations and dynamics of the communities where we operate

Impacts on the communities where we operate due to our operational activities, such as noise, emissions, limits to circulation spaces, etc.

Labor practices and equality of opportunity

Difficulties in attracting, developing and retaining people with the necessary skills and training could negatively impact the implementation of our strategy


Strikes, labor stoppages or claims by our employees or by employees of our suppliers, contracted companies, or in other sectors


Obligations related to our pension and medical care plan

Safety, health, and well-being

Epidemics and pandemics in public health


Differing interpretations and environmental regulations for health and safety, as well as industry standards that are becoming more stringent

Failures in emergency response and victim rescue service

Safety, environmental and health risks in our operations and facilities, such as oil spills, product leaks, fires and explosions (the occurrence of one of these events, or other related incidents, could result in impacts to the health of the workforce and/or surrounding communities, fatalities and environmental damage)

[1] Emerging risks are highlighted in the following section and are not part of this list.

Emerging risks

Emerging risks are new long-term risks arising from external factors, where we have identified a potential for a significant impact on a large part of our operations and which may require adaptations to our strategy. We highlight below some highly relevant emerging risks:


- Energy transition risk
- Physical risks of climate change
- Geopolitical conflicts

Read the chapter in its entirety
In this chapter