The Board determines the Company’s “risk profile” and is responsible for establishing, overseeing and approving the Company’s risk management framework, strategy and policies, internal compliance and internal control.

The Board has delegated to the audit and risk committee responsibility for implementing the risk management system.

The audit and risk committee will submit particular matters to the Board for its approval or review. Among other things it will:

  1. oversee and periodically review the Company’s risk management framework, systems, practices and procedures to ensure effective risk identification and management and compliance with the risk appetite set by the Board, internal guidelines and external requirements;

  2. assist management to determine whether it has any material exposure to environmental or social risks (as those terms are defined in the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations – 4th Edition (Recommendations):

    1. if it does, how it manages, or intends to manage, those risks; and

    2. if it does not, report the basis for that determination to the Board, and where appropriate benchmark the Company’s environmental or social risk profile against its peers;

  3. consider whether the Company has a material exposure to climate change risk;

  4. assist management to determine the key risks to the businesses and prioritise work to manage those risks;

  5. assess whether the Company is required to publish an integrated report or a sustainability report (as those terms are defined in the Recommendations in accordance with a recognised international standard); and

  6. review reports by management on the efficiency and effectiveness of risk management and associated internal compliance and control procedures.

The Company’s process of risk management and internal compliance and control includes:

  1. identifying and measuring risks that might impact upon the achievement of the Company’s goals and objectives, and monitoring the environment for emerging factors and trends that affect these risks;

  2. formulating risk management strategies to manage identified risks, and designing and implementing appropriate risk management policies and internal controls; and

  3. monitoring the performance of, and improving the effectiveness of, risk management systems and internal compliance and controls, including regular assessment of the effectiveness of risk management and internal compliance and control.

To this end, comprehensive practises are in place that are directed towards achieving the following objectives:

  1. compliance with applicable laws and regulations;

  2. preparation of reliable published financial information;

  3. verifying the integrity of the Company’s periodic reports which are not audited or reviewed by an external auditor, to satisfy the Board that each periodic report is materially accurate, balanced and provides investors with appropriate information to make informed investment decisions; and

  4. implementation of risk transfer strategies where appropriate eg insurance.

The responsibility for undertaking and assessing risk management and internal control effectiveness is delegated to management. Management is required to assess risk management and associated internal compliance and control procedures and report, at least annually, to the audit and risk committee.

The Board will review assessments of the effectiveness of risk management and internal compliance and control at least annually.

The Company must disclose at least annually whether the Board (or a committee of the Board) has completed a review of the Company’s risk management framework to satisfy itself that the framework:

  1. continues to be sound;

  2. ensures that the Company is operating with due regard to the risk appetite set by the Board; and

  3. deals adequately with contemporary and emerging risks such as conduct risk, digital disruption, cyber-security, privacy and data breaches, sustainability and climate change.

The Company will disclose if it has any material exposure to environmental or social risks (as those terms are defined in the Recommendations) and, if it does, how it manages, or intends to manage, those risks.

Return to top