Skip to main content

Corporate Governance Risk Management

PRINCIPLE 7:  Recognise and manage risk

Audit & Risk Committee
The Board, through the Audit & Risk Committee, is responsible for ensuring the adequacy of the Company's risk management and compliance framework, and its system of internal controls and for regularly reviewing its effectiveness.  See Principle 4 above for an overview of the Committee composition and meetings throughout the period.

Risk Management Framework
The Company has a Risk Management Policy that provides risk management processes based around the following activities:

  • Risk Identification: Identify all significant foreseeable risks associated with its activities;
  • Risk Evaluation: Evaluate those risks;
  • Risk Treatment/Mitigation: Develop mitigation plans for risk areas where the residual risk is greater than tolerable risk levels; and
  • Risk Monitoring and Reporting: Report risk management activities and risk specific information.

The Board, through the Audit & Risk Committee, is responsible for reviewing the Company's Risk Management Framework and satisfying itself that the Risk Management Framework continues to be sound and that management has in place appropriate systems for managing risk and maintaining internal controls. The Audit & Risk Committee considered the Risk Management Framework during the financial year ended 30 June 2017 and intends to undertake such a review at least annually. The Audit & Risk Committee also supported management's recommendation to engage external consultants to undertake a detailed risk review with a focus on risk controls, project risk and cyber risk. That risk review is ongoing and will be completed during 2017-18.

More broadly, the CEO and executive leadership team are responsible for identifying, evaluating and monitoring risk. The executive leadership team is responsible for the accuracy and validity of risk information reported to the Board and also for ensuring clear communication of the Board and executive leadership's position on risk throughout the Company. In particular, at the Board and executive leadership strategy planning sessions held throughout the year, the CEO and executive leadership team review and identify key business and financial risks that could prevent the Company from achieving its objectives.

A copy of the Risk Management Policy is available on the Company's corporate website.


Internal Audit
The Company does not have a global internal audit function, but has historically engaged various professional firms to assess certain financial control environments and to perform independent assessments of key project plans. During the 2016-17 financial year, the Company has continued to focus on the areas identified by those professional firms and improve the consistency of accounting practices and control environments.

Material Risk Exposures
The Company's operating and financial review in the Directors' Report from pages 8-10 sets out the main internal and external risk sources that could adversely affect the Company's prospects for future financial years, including those relating to economic, environmental and social sustainability risks.

Related Documents
Download Corporate Governance DocumentationRisk Management Policy