- The Company considers ongoing risk management to be a core component of the management of the Company. The Company’s ability to identify and address risk is central to achieving its corporate objectives.
- This Policy outlines the program implemented by the Company to ensure appropriate risk management within its systems and culture.
The Risk Management Program
- The Company’s risk management program comprises a series of processes, structures and guidelines which assist the Company to identify, assess, monitor and manage its business risk, including any material changes to its risk profile.
- To achieve this, the Company has clearly defined the responsibility and authority of the Board to oversee and manage the risk management program, while conferring responsibility and authority on the Audit and Risk Management Committee to develop and maintain the risk management program in light of the day-to-day needs of the Company. The Audit and Risk Management Committee is governed by the Audit and Risk Management Committee Charter, a copy of which is available on the Company’s website.
- Regular communication and review of risk management practice provides the Company with important checks and balances to ensure the efficacy of its risk management program.
- The key elements of the Company’s risk management program are detailed below.
- In order to identify and assess material business risks, the Company defines risks and prepares risk profiles in light of its business plans and strategies. This involves applying a disciplined process to risk identification, risk assessment and analysis, risk treatment and monitoring and reporting.
- The Company presently focusses on the following types of material risks:
- regulatory and compliance risks;
- reputational risks;
- risks relating to conduct of business; and
- risks relating to intellectual property.
Responsibilities of the Board
- The Board acknowledges that it is responsible for the overall system of internal control but recognises that no cost effective internal control system will preclude all errors and irregularities.
- The Board has delegated responsibility for reviewing the risk profile including material business risks and reporting on the operation of the internal control system to the Audit and Risk Management Committee. However, the Audit and Risk Management Committee and management may also refer particular risk management issues to the Board for final consideration and direction.
- The Board will review the effectiveness of the Company’s risk management framework and internal control system annually to satisfy itself that it continues to be sound and that the entity is operating within the risk appetite set by the Board.
Responsibilities of the Audit and Risk Management Committee
- The day-to-day oversight and management of the Company’s risk management program has been conferred upon the Audit and Risk Management Committee in accordance with the Audit and Risk Management Committee Charter. The Committee is responsible for ensuring that the Company maintains effective risk management and internal control systems and processes and provides regular reports to the Board on these matters. In addition to the risk management responsibilities in its Charter, the role of the Committee is to:
- assist the Board to fulfil its oversight responsibilities for the financial reporting process, the system of internal control relating to all matters affecting the Company’s financial performance, the audit process;
- assist the Board in monitoring compliance with laws and regulations;
- assist the Board to adopt and apply appropriate ethical standards in relation to the management of the Company and the conduct of its business;
- implement, review and supervise the Company’s risk management program; and
- review the adequacy of the Company’s insurance policies.
Responsibilities of Management
- The Company’s management will be responsible for designing and implementing risk management and internal control systems which identify material risks for the Company and aim to provide the Company with warnings of risks before they escalate. Management must implement the action plans developed to address material business risks across the Company.
- Management should regularly monitor and evaluate the effectiveness of the action plans. In addition, management should promote and monitor the culture of risk management within the Company and compliance with the internal risk control systems and processes. Management should report regularly to the Board regarding the status and effectiveness of the risk management program. Such reporting by Management should include regular exception reporting to the Board as well as to the Audit and Risk Committee regarding instances of control weaknesses or failures resulting in elevated exposure for the Company.
Review of Risk Management Program
- The Company regularly evaluates the effectiveness of its risk management program to ensure that its internal control systems and processes are monitored and updated on an ongoing basis.
- The division of responsibility between the Board, Audit and Risk Management Committee and management aims to ensure that specific responsibilities for risk management are clearly communicated and understood. The reporting obligations of Audit and Risk Management Committee ensure that the Board is regularly informed of material risk management issues and actions. This is supplemented by the evaluation of the performance of the risk management program.