TRC 2017 Sustainability Report TRC 2017 Sustainability Report | Page 24

TRC | 2017 SUSTAINABILITY REPORT CONDUCTING BUSINESS WITH ETHICS AND INTEGRITY Our commitment to strict ethical standards contributes directly to the professional reputation of our company. Our approach to ethical business transactions is guided by our corporate Code of Business Conduct and Ethics. The code is principles-based and assumes the application of professional judgment. The board of directors audit and risk management committee reviews compliance at least annually. The Code is also posted on our internal and external websites. Full compliance is required from all employees in completing required training on our code. The TRC ethics hotline and Ethicspoint reporting website are resources for all employees. An ethics officer is in place and is accessible to all employees. We have a fundamental commitment to treating our employees with the highest dignity and respect as communicated in our employee handbook. Discrimination against or harassment of employees for any reason will not be tolerated. MANAGING RISK TRC’s Chief Risk Officer oversees risk management processes and practices that directly impact the strategic direction of the Company. Our enterprise risk management program is a comprehensive and consistent method of identifying sources of risk, establishing the desired level of risk and mitigating the risk in alignment with our strategic objectives. We strive for a defensively-biased blend of risk and opportunity to ensure that the appropriate risk-reward outcome is balanced and that our internal culture fully understands how managing risk is a strategic tool at all levels of the organization. We believe that emphasizing communication and clear accountability for risk across the organiza- tion has served to significantly improve our risk management effectiveness, particularly the high level of focus and resources we employ throughout the corporate Safety, Cyber/IT, Sustainability and Legal functions. THE POWER OF A STRONG RISK CULTURE Our use of a defensive bias for our risk management strategy is intentional. We “ believe that assessing and accepting risks has to be accompanied by risk mitigation principles that are strong. Our conduct of work is accompanied by highly structured health and safety planning dedicated to hazard assessment and consistent employment of forward looking tools like our “safe-catch” program. Simply put, our culture is tuned to the shared belief that we can’t accept safety risk as something that is just part of the job; rather, we intentionally integrate planning, assessment and management observation as the type of diligence necessary to establish a culture where safety is imperative and we are unwilling to settle for anything less. Our approach to cyber risk management is similar -- we cannot wait and react when things go wrong or a weakness emerges, rather, we have to intensively plan and act to build strength and resiliency while being able to act as early as possible to challenges. ” Thomas Bennet, Chief Risk Officer 22