Governance, risk and corporate responsibility frameworkTullow has a strong framework for governance, risk and corporate responsibility management. It is outlined in the CEO's review on pages 14 and 15 of this report. Each Executive Director has risk management and risk assurance responsibilities. They also have individual operational and corporate responsibilities. Tullow's organisational structure overall is relatively flat with just two levels between the Board and the frontline of business activity. This facilitates integrated and responsive decision-making. In 2011, we strengthened our operational organisation structure through the formation of three regional businesses. We have complemented this with the development of strong exploration, operations and corporate functions at the centre. This is to ensure that our regional businesses are provided with world-class financial, technical and non-technical resources. Risk managementThe oil and gas industry is inherently high risk and dynamic and often operates in a fluid geopolitical and social environment. Risk management is a critical business function and is embedded in our business model. Understanding the risks and opportunities we face shapes our decisions, and our strategic priority in relation to risk management is to ensure safe people, procedures and operations and minimise our environmental impacts. There is a detailed risk management section in our 2011 Annual Report. It explains how risk is integrated in our organisation, how we managed our 2011 risks and the long-term performance risks Tullow faces. As part of our 2012 to 2014 business plans we have identified key risks and uncertainties in relation to our financial and operational performance for the period. These are:????????Delivery of a Lake Albert Rift Basin development plan and timely approvals for this from the Ugandan authorities;????????Exploration associated risks, with approximately 40 high-impact wells planned in our 2012 E&A campaign;????????Achieving plateau production in the Jubilee field, offshore Ghana, and delivery of Group production targets;????????Government relations/stakeholder engagement with particular reference to the 2012 Board objective to significantly improve political and economic risk information and country risk profiling;????????Achieving the appropriate balance between cash flow from operations, equity/debt market opportunities and portfolio management activities; and????????Managing shareholder expectations, specifically with regard to the Group's long-term strategy, production profile and funding.Key corporate responsibility policies and systemsTullow has a full set of management systems, policies, procedures, standards and behaviours designed to ensure we deliver value for our shareholders and operate our business responsibly. These provide a consistent approach across all of our business activities and are complemented by our corporate governance processes and oversight by the Tullow Board and Executive. Key corporate policies and systems are outlined on page 84 of this report. For additional information on these and risk management go online to www.tullowoil.comWhy is compliance strategically important to the business? I think a lot of people believe that compliance is something that is used to exercise control over what people do, but actually, having a consistent set of procedures is good for business. With Tullow's rate of growth, and the number of people joining and moving around the business, it's important that we have consistency across all of our locations, regardless of what stage they are at in their business cycle. Compliance also allows us to demonstrate how we do business to our staff, investors, partners and other stakeholders, which is key to maintaining our reputation. How does compliance help Tullow manage risk? Compliance with established policies and procedures ensures that we consistently do the right thing and that we proactively assess and manage decisions or events in advance. For example, if Tullow did not have a Code of Business Conduct or make staff fully aware of Tullow's Code, a member of staff could inadvertently risk breaching the UK Bribery Act. With our Code of Conduct and the awareness sessions we are running to support it, we are better placed to manage these non-technical risks. How does Tullow ensure a culture of compliance - where people want to do the right thing? It requires sensible, practical policies and guidance in conjunction with an appropriate awareness programme. Everyone needs to understand the importance of compliance and how it protects both the individual and the company. A key aspect is leadership demonstrating commitment via their personal behaviours and encouraging a compliance culture across the organisation.Q&A WITH STEPHEN REES, GROUP COMPLIANCE MANAGERStephen Rees, Group Compliance ManagerMore information PageGovernance performance 512011 Board time 5957www.tullowoil.comMEASURING OUR PERFORMANCE3Read more of Stephen's Q&A: www.tullowoil.com/crr2011/complianceinterview

Investigations The Code is clear in that it expects staff to speak up if they know of, or suspect, a breach of the Code or are concerned about any aspect of Tullow's processes. During 2011, a number of concerns were raised internally by staff. This resulted in 12 investigations which led to a number of process improvements, three staff dismissals and one termination of a supplier contract. 11 people were provided with investigation training in 2011 and we will enhance our investigation capability during 2012. If staff do not feel able to raise a concern internally we have an alternative, confidential reporting line which is operated by Safecall, an independent company. Details of how to contact Safecall have been distributed widely to staff and our industry partners alike. Enhancing the compliance programmeWe are required to implement adequate procedures to prevent bribery as a consequence of the UK Bribery Act which came into force in July 2011. While our adequate procedures are well developed there are still a number of areas where we wish to increase effectiveness and these include:????????Risk management: We have been continuing to formally develop and enhance our understanding of the bribery and corruption risks that we face. We have worked individually with each business unit to identify their specific risks and to identify appropriate mitigation actions. This is an ongoing process. Code of Business Conduct and policy awarenessWe have an increasing headcount, larger geographical presence and staff with varied experience from a diversity of cultures. This, coupled with enhanced scrutiny, means that it is even more important to be able to demonstrate that our decisions and actions have integrity and are based upon sound processes. We recognise that compliance is not a one-off event but requires an ongoing programme to maintain awareness. We run an induction programme for all new staff and since the introduction of the new Code of Business Conduct (the Code) in 2011, we have been rolling out a half-day Code awareness programme across the Group, starting with those considered as being in higher-risk posts. This programme is ongoing and has now been presented to staff in London, Dublin, Bangladesh, Ghana, Kenya and Uganda, covering around 500 people. The interactive programme explains the scope and impact of bribery and corruption worldwide, the UK Bribery Act, application of the Code and related policies, and how to report concerns. It also uses group exercises to resolve real-life dilemmas. Key methods for maintaining awareness include an anti-bribery and corruption e-learning programme which will be introduced in 2012, management briefs, an online quiz and electronic ethics game, formal quarterly compliance status reports and regular updates to Tullow employees and contractors via our intranet.SUPPLIER COMPLIANCE IN MAJOR PROJECTSAn excellent example of robust compliance is being demonstrated by the Ghana deepwater Tweneboa, Enyenra, Ntomme (TEN) FPSO development. The project team built compliance into the DNA of the project from the start by developing and implementing project specific rules covering physical and information security and strict adherence to the requirements of the Code. Everyone involved in the project office in Singapore was required to confirm in writing that they had received formal training on the compliance requirements. We are carrying out a robust due diligence on the potential bidders. This will be followed up with compliance workshops between Tullow and each individual bidder, with both parties presenting their compliance programme to highlight synergies and any gaps. Each bidder will also be audited to ensure that their commitments to compliance are being met. Finally, a formal evaluation of each bidder's compliance programme forms part of the overall technical and commercial bid evaluation. The TEN Project plan to take a similar approach to all its major bidding activity during the project phase. Mariama Issaka, Project Controls Engineer with other members of the TEN Project team, London, UK.58Tullow Oil plc 2011/2012 Corporate Responsibility ReportGovernance continued