An integral part of ADNOC’s activities and decisions, risk management is fundamental to achieving our organizational objectives. Our enterprise risk management (ERM) framework integrates strategy setting and performance management with the ISO 31000 Risk Management Guidelines and COSO’s ERM framework. Our unified ERM brings together information related to health, safety, environment, climate, financial and operational risks in one management system, driving consistency in our risk management practices across the group. The framework defines a systematic approach to identifying, analyzing, evaluating, prioritizing, monitoring and responding to risks, supported through bespoke processes and enabled by a centralized digital risk management platform. Risk management tools include a corporate risk matrix, defined risk attitude statements and established interfaces across all specialized risk assurance functions. These include: • HSE • Sustainability & ESG • Information & Cyber Security • Business Continuity Management • Emergency Response & Crisis Management • Legal, Governance & Compliance • Financial Risk Management • Project Risk Management • Fraud Risk Management • Asset Integrity & Process Safety Risk governance Our Board of Directors provides ultimate risk oversight. The Audit Committee assists the Board in overseeing the company’s governance, financial reporting, risk management and internal control activities. It reviews the company’s strategies and policies with respect to risk assessment and risk management systems and the effectiveness of controls to mitigating material business risks. The ELT requires completed risk assessments and mitigation plans for each matter it reviews, endorses and approves, which includes matters such as ADNOC’s business continuity plans, HSE policies, strategic objectives, strategies and the disclosure of company information relating to production and emissions. The Investment Committee reviews and endorses the ERM framework and oversees risk data documentation and maintenance. It helps ensure, where appropriate, that risk action plans are implemented according to the processes and workflows defined in the ERM standard and that risk data is communicated effectively to the ADNOC Board of Directors. Enterprise risk management Risk assessments are performed for matters presented to each Business Leadership Committee, including those involving organizational matters, non-procurement commercial matters and significant investment matters. Material risks are identified, documented and communicated, along with risk mitigation plans. The Group Chief Financial Officer, in collaboration with each Group company CEO, is responsible for ensuring adequate support for the implementation of ERM activities and providing periodic updates to ADNOC Internal Controls regarding the most significant risks. The CSO is responsible for ensuring that sustainability-related risks are governed through established processes, controls and procedures. The responsibilities related to sustainability oversight are often delegated to specific management-level positions or committees. The Group ERM function is responsible for the effective implementation of the ERM framework across the group. This involves providing guidance and support to Group company ERM departments, facilitating integrated risk and performance reviews, and monitoring top risks on an ongoing basis. Group companies have risk management committees and ERM departments in place and continuously maintain and update their respective risk registers and monitor risks to identify Group company risks and their impact on strategy and objectives. Risk champions and risk owners are responsible for risk management of specified business functions and for managing action plans. Risk management Recognizing the dynamic nature of our operating environment, we continue to reinforce a proactive risk culture that empowers business leaders to anticipate challenges and respond to change as it emerges. We embed risk intelligence in day to day operations and strategic planning. We identify and assess risks through quarterly exercises and other ongoing actions. We use a corporate risk matrix to assess and prioritize risks based on their potential impact and likelihood against five impact types: HSE, society and reputation, financial, investment value and corporate objectives. For certain risk assurance functions, such as the Sustainability & ESG Executive function, we use bespoke assessment scales calibrated to ERM reporting. We maintain continuous visibility of top risks across the group through regular reporting from Group companies to their respective business directorates. This provides timely insight into changes in the risk profile, the effectiveness of mitigation measures and potential implications on strategic objectives and business plans. 112
Sustainability Report 2025: Delivering Responsibly Page 103 Page 105