HSE RISK MANAGEMENT STANDARD

DRM Retention Code/ Review

Document Number Ownership group
Date
ALL-A0A-00-000-HST-0051 PRC
CG01-CA / 5 years

CONTROLLED IF VIEWED VIA THE ELECTRONIC DOCUMENT MANAGEMENT SYSTEM (EDMS)

Proprietary Information: This document contains proprietary information belonging to ConocoPhillips

Canada and must not be wholly or partially reproduced nor disclosed without prior written permission
from ConocoPhillips Canada.

1 2023-12-15 Use Barry Throness Shannon Donnelly PRC Member

Rev Date Issued For Owner Reviewer Approver

(YYYY-MM-DD)

REVISIONS APPROVALS
 REVISION CONTROL SHEET

Revision Date Issued Comments

(YYYY-MM-DD)

New document number and template; supersedes ALL-HSE-PGM-

1 2023-12-15 127. To align with corporate issuance of Risk Matrix Standard, Rev
5.0
 Table of Contents
1. PURPOSE .....................................................................................................................................4
2. SCOPE..........................................................................................................................................4
3. HSE RISK MANAGEMENT REQUIREMENTS ....................................................................................5
3.1 Risk Ranking Process ......................................................................................................................................5
3.2 Risk Acceptance Process .................................................................................................................................5
3.3 Risk Acceptance Approval Requirements ......................................................................................................7
3.4 Timelines for Risk Approval ............................................................................................................................9
3.5 Risk Resolution Duration Requirements ........................................................................................................9
3.6 HSE Risk Register Requirements .................................................................................................................10

4. REFERENCES .............................................................................................................................. 11
5. DEFINITIONS .............................................................................................................................. 11
6. ACRONYMS................................................................................................................................ 12
 1. PURPOSE

The purpose of this document is to define the ConocoPhillips Canada (CPC) HSE (Health, Safety &
Environment) risk management requirements, in compliance with ConocoPhillips corporate HSE Risk
Matrix Standard, Section 7 - Risk Management Requirements and HSE Management System Standard,
Section 2.2 - Risk Assessment and Management.

2. SCOPE
The scope of this document includes HSE risk assessment(s) where CPC has operational control. This
includes:
All company activities and assets within Canada from inception through to decommissioning,
abandonment, remediation, and reclamation as applicable.
In instances where the company is precluded or cannot directly apply risk assessments (e.g. non-
operator); it will strive to influence those operations where practicable.
Specifically excluded from the scope are:
• Business Continuity and Emergency Response: addressed separately in the HSE
Management System Standard under section 3.4 Crisis Management and Emergency
Response (CM&ER).
• Sustainable Development risk management: governed by the corporate Sustainable
Development Risk Management Standard.
• Due Diligence risk management: governed by the corporate HSE & Social Issues Due
Diligence Standard.
• Industrial Hygiene exposure assessments: governed by the corporate Occupational Health
Standard.
• Project Risk Management: governed by the corporate Capital Projects Management System
– Project Management Standard (CPMS-PMT-MS-002) and the CPC Risk Management
Procedure (ALL-A0A-00-000-KPR-0001).
• Decision and risk analysis principles applied to exploration, reserves and associated
economic analysis.
• CPC Enterprise Risk Management.
3. HSE RISK MANAGEMENT REQUIREMENTS

3.1 Risk Ranking Process

Refer to The ConocoPhillips corporate HSE Risk Matrix Standard which includes detailed
instruction on the Risk Ranking Processes for:
• Incidents
• Near Misses
• Predictive Assessments (eg. ranking NOT carried out as a direct result of an
event, including PHA and FLHA)
Facility Siting, LOPA and Asset Integrity risks follow a quantitative or semi-quantitative risk
quantification outside of the Risk Matrix standard.

3.2 Risk Acceptance Process

Figure 1: Risk Acceptance Process

Identify Causes / Hazardous Events
Determine the hazardous event / causes as described in ConocoPhillips corporate HSE
Risk Matrix Standard, Sections 4, 5, 6

Assess Risk
Determine the consequence, likelihood and risk rank as described in ConocoPhillips
corporate HSE Risk Matrix Standard, Sections 4, 5, 6

Fill Risk Signoff Form

Use available processes (eg. PHA, Intelex, etc.) to gather information that the approver,
as per Table 1: Approval Guidelines for Risk Acceptance, will need to sign off on the risk.
If needed utilize the CPC Risk Acceptance form ALL-A0A-00-000-HFR-0043

Risk Review Meeting

If necessary, meet with approver to provide necessary details to enable decision on risk
acceptance.

Approver’s Decision
Approver makes the decision to accept or not accept risk. Depending on the process
being utilized, there are various ways this can occur such as:
• Acceptance of PHA risks during PHA or at post-PHA risk acceptance meeting
• Verification of incident report
• Verification of incident ranking within Intelex
• Risk Assessment meeting or discussion

Explore Additional Mitigations to Achieve Lower Risk Level

Risk team determines additional mitigation(s) that can be implemented to achieve a
lower risk level.

Record Risk Acceptance

Record risk acceptance in available process or by utilizing the CPC Risk Acceptance form
ALL-A0A-00-000-HFR-0043

Communicate Decision to Execution Team and Mitigation Owners

Communicate approval decision and risk mitigations to those responsible for
implementing the mitigations and/or the activity.

Manage as per Mitigation Plan

Manage the risk as detailed in the mitigation plan.
 3.3 Risk Acceptance Approval Requirements
Table 1: Risk Acceptance Approval Requirements

Risk Level Approval Requirements

High Risk (RR4)
High risks require using additional or improved risk-reducing measures, which are proportionate
to the identified risk, in order to perform the planned work or continue operation of
plant/equipment.
Safety, Environmental and Stakeholder consequence category risks must be approved by the
President and VP HSE and SD, with interim mitigations put in place to lower risk to RR3 or lower.
Financial consequence category risks must be approved by the President and may be considered
tolerable where cost of risk reduction exceeds improvement gained.
Significant Risk (RR3)
Significant risks must be approved by the applicable Vice-President. They require using
additional or improved risk-reducing measures, which are proportionate to the identified risk, in
order to perform the planned work or continue operation of plant/equipment.
Financial consequence category risks may be considered tolerable where cost of risk reduction
exceeds improvement gained.

Medium (RR2) 9-10 Risk

Medium risks ranked 9-10 are acceptable when the controls in place are verified and effective,
and the risk is considered tolerable. Approver is as designated in Table 1.

Medium (RR2) 8 Risk

Medium risks ranked 8 are acceptable when the controls in place are verified and effective.
Approver is as designated in Table 1.

Medium (RR2) 5-6 Risk

Medium risks ranked 5-6 are acceptable when the controls in place are verified and effective.
Approval is by Designated Supervisor (Shift Supervisor, Chief Steam, Chief Inspector, Designated
Technical Specialist, Wells Field Superintendent, Construction Supervisor, OSO Supervisor).

Low (RR1) Risk

Low risks that have a Consequence Severity of 4 are acceptable when the controls in place are
verified and effective. Other low risks are considered broadly acceptable. Low risks do not
require approval.

General Requirements
1. If the team/group is not using a tool which documents the approval of the risk assessment,
the CPC Risk Acceptance form ALL-A0A-00-000-HFR-0043 shall be used.
2. High and significant risks approved by a Delegate of Authority (DOA) require approval by
approver position upon their return to duty.
3. Some procedures exist that outline how certain risk-based activities are approved based on
a different qualifier than Table 1 (eg. Bypassing Safety Devices, Temporary Hose
Management, Permit to Work). This is acceptable.
Notes:
• Approval should be obtained at lower management levels before a risk can be
submitted for acceptance at the required level.
• An inform to the next approval level should be considered.
3.4 Timelines for Risk Approval
It is imperative that upon completion of a risk assessment, the risk is brought forward in
a timely manner for risk approval and subsequent implementation of necessary
mitigations. Table 2, Risk Assessment Timelines to Approval, outlines the required
timeline for risk approval for those risks that are most impactful to CPC. An
acknowledged inform to the risk approver must be done promptly, with approval to
follow when the risk assessment details can be discussed.
Lower-level risks not detailed in Table 2 should also be communicated and approved in a
manner commensurate with the risk implications.
Table 2: Risk Assessment Timelines to Approval

3.5 Risk Resolution Duration Requirements

Risk resolution durations based on risk level shall be as per Table 3 Risk Resolution
Duration Requirements.
Table 3: Risk Resolution Duration Requirements

1. Identified significant and high risks shall have interim measures assigned when risks
cannot be immediately mitigated to an acceptable level.
Note: Un-resolved risks shall be revalidated after 12 months or on an annual basis.
3.6 HSE Risk Register Requirements
• HSE owns the HSE Risk Register
• Significant and high HSE risks, as determined through the HSE Risk Management
process, are forwarded to the Human Performance HSE Coordinator for inclusion in
the HSE Risk Register.
• The HSE Risk Register includes significant and high HSE risks as defined in CPC HSE
Management System Standard, ALL-A0A-00-000-HST-0022, element 2.
• HSE Risk Register is presented annually to the Senior Leadership Team, including
review of mitigations.
 4. REFERENCES

# Reference
1 ConocoPhillips corporate HSE Management System Standard, Rev5.0

2 ConocoPhillips corporate HSE Risk Matrix Standard, Rev 5.0

3 ConocoPhillips corporate Onshore Facility Siting Standard

3 HSE Management System Standard ALL-A0A-00-000-HST-0022, Rev 2021

4 Risk Matrix Card ALL-A0A-00-000-HFR-0022

5 Process Hazard Analysis ALL-A0A-00-000-NGL-0002, Rev 2

6 Layer of Protection Analysis (LOPA) ALL-A0A-00-000-NGL-0003 (LOPA)

7 Risk Acceptance Form ALL-A0A-00-000-HFR-0043

8 Risk Based Inspection Program ALL-A0A-00-AOI-RPN-0001

9 Pressure Equipment Integrity Management Program ALL-A0A-00-000-FST-0001

5. DEFINITIONS

Term Definition
HSE risks are defined by CPC as the negative effects of uncertain events on CPC’s
health, safety, and environmental objectives1.
HSE Risks In addition to HSE impacts, HSE risks often negatively affect other performance
objectives such as financials (e.g. clean-up costs, production downtime and/or
material damage), reputation and public perception, and regulatory compliance.

When the cost of risk reduction exceeds improvement gained.

Tolerable Risk Considers the cost and benefits of action/inaction. This requires that effective
safeguards that could be implemented without undue cost or risk are
implemented.
[1]
Adapted from ISO Guide 73 – Definition of risk: “effect of uncertainty on objectives.”
6. ACRONYMS

CPC ConocoPhillips Canada

FLHA Field Level Hazard Assessment

HSE Health, Safety & Environment

LOPA Layer of Protection Analysis

OSO Operations Support Organization

PHA Process Hazards Analysis

RR Risk Rank

VP Vice President