We analyse our context and manage both risks and opportunities. This helps us prevent possible impacts, improve our planning systems, and achieve sustainable profitability that balances corporate growth with better quality of life for the communities where we operate and with environmental protection.

The Board of Directors and Canacol’s leadership team constantly monitor the risk matrix. They establish comprehensive action plans to avoid and mitigate possible impacts from internal, strategic, and emerging risks. The Board is responsible for balancing risks with potential returns for the Company’s shareholders. Management ensures systems are working to effectively monitor and manage risks from the perspective of our long-term viability and in the context of an annual review of associated risks. 33

Our risk matrix is aligned with the ISO 31000 Risk Management Principles and Guidelines of the International Organization for Standardization. We organize regular workshops with the areas to disseminate and document work plans and record new risks identified.

Our ESG goals


By 2021:

• Define and communicate a company-wide Global Security Policy

• Train 100% of staff and the most critical contractors in IT culture, including cybersecurity issues

• Include ESG criteria in the evaluation and selection of ERP software

By 2022:

• Achieve ISO 27001 certification for the Information Security Management System

By 2025:

• Business decision-making must include analysis of ESG externalities for 100% of the Company’s operation