PautaInternas
Actions
buscador
Actions
Risk Management at Ecopetrol
Actions
Risk Management at Ecopetrol
Mar 11, 2025
At Ecopetrol, risk is understood as the effect of uncertainty on the fulfillment of the company's objectives, considering the effect as the positive or negative deviation, or both, (threats and opportunities) from what was planned.
Ecopetrol has the Integrated Risk Management System (IRS or SRI for its initials in Spanish), to manage uncertainty and avoid, reduce, or mitigate risks, maximize opportunities, help develop strategies, and make decisions.
The IRS is composed of principles, reference framework, and process, and is based on the ISO 31000 standard, grouping the management of all types of company risks pursuant to specific regulations.This system is led by the Corporate Vice-Presidency of Compliance through the Corporate Management of Integrated Risk, and is supervised by the Board of Directors through its Audit and Risk Committee.
Integrated Risk Management System
- The principles of integrated risk management provide guidance on the characteristics of risk management in the Ecopetrol Group.
- The framework contains the provisions for integrating risk management into the company's activities and functions.
- The risk management cycle contains five stages that guide the systematic activities to be conducted.
Planning: Definition of the scope of the activitie and analyses of internal and external context.
Identify: Risk identification based on the opinion of the people involved and the analysis of the information.
Evaluate: Analysis of causes and consequences. Rating according to probability and impact.
Treat: Selection and implementation of options for addressing the risk.
Communication and consultation, monitoring and review and, record and report: Exchange of information, feedback, continuous monitoring, and periodic review of risk exposure through the identification of alerts, verification of implementation of mitigating measures, and assurance of actions against actual materialization to maintain the risks within the defined levels of tolerance and acceptance.
The risk appetite refers to how much risk is the compay willing to assume for achieving it objectives and guides the risk-based decision making.
The expression of risk appetite of Ecopetrol is framed within the 2040 Strategy and the Corporate Governance Code
Tolerance to risk indicates acceptable results or variations in relation with the achievement of objectives. Some zero tolerance risks at Ecopetrol are:
- Fatalities in the course of the company's activities.
- Practices contrary to the Code of Ethics and Conduct of the Ecopetrol Group.
- Practices contrary to regulations related, without limitation, to the environment, integrity of people, communities, and other stakeholders.
Furthermore, there are some parameters that complement the risk appetite of the company:
- Risk strategic parameters: For example, new products that wll be introduced, products that wil be avoided, and focus on investment for capital expenditure.
- Financial risk parameters: For example, the maximum acceptable level of loss or variation in performance, including variabiliity of earnings per share, free cash flow growth/margin, earnings before interest and taxes/margin, return on assets, EBITDA return percentage.
- Operational risk parameters: For example, expected sustainability response, existing/projected environmental requirements, safety objectives, quality objectives, and customer criteria and concentrations.
Ecopetrol applies the Risk Assessment Matrix that contains descriptive scales of probability of occurrence and impacts on dimensions such as people, environment, economic resources, reputation, and customers.
According to the combination of probability and impact, the risk levels are Very High, High, Medium, Low and Very Low.
The Matrix establishes:
- No tolerance zone in which risk must be managed.
- Tolerance zone with controls in which risk is managed through mitigation measures.
- Acceptance zone in which risk is assumed by the company.
Risk assessment considers the magnitude of the consequences and their probability of occurrence, obtaining basic information to prioritize risks and make decisions regarding treatment.
This risk assessment includes the calculation of the level of inherent and residual risk, according to the probability and impact scales, and the tolerance and acceptance levels defined in the Risk Assessment Matrix.
Within the framework of the Integrated Risk Management System, depending on the level at which they are managed, risks are classified as strategic, tactical, and operational.
At each of these levels, risks are managed in accordance with the specific regulations and standards adopted, which includes the management of the risks related to sustainability material elements.
Some examples of the risks managed at operational level are:
- Risks in opportunities for new ventures as for management of new investment and divestment opportunities.
- Commercialization risks as related to national and international markets.
- Project risks.
- Exploration activity risks.
- Financial risks - credit, liquidity, market.
- Risk related to cybersecurity management and information leaks.
- HSE Risks - Occupational health, environmental, safety, process safety.
- Climate risks.
- Biodiversity risks.
- Compliance risks - fraud risks, money laundering risks, terrorist financing, and financing of proliferation of weapons of mass destruction.
Ecopetrol performed the review and update of its strategic risks, which are reflected in the following Business Risks map:
Effective since august 2023
Ecopetrol defines emerging risks as those that could have a long-term impact on the company (3-5 or more years) or, in some cases, it is possible that they may have already begun to have an impact on the company.
Based on the analysis conducted, emerging trends were identified for Ecopetrol, classified in the categories Social, Environmental, Economic, Technological, and Geopolitical. Based on these trends, emerging risks were identified and assessed, as shown below:
Ecopetrol´s radar of emerging risks
