Establish policies on risk oversight and management and internal control
The Board is responsible for satisfying itself annually, or more frequently as required, that management has developed and implemented a sound system of risk management and internal control. Detailed work on this task is delegated to the Audit and Risk Committee and reviewed by the full Board. The Audit and Risk Committee is responsible for ensuring there are adequate policies in relation to risk management, compliance and internal control systems. They monitor the Group’s risk management by overseeing management’s actions in the evaluation, management, monitoring and reporting of material operational, financial, compliance and strategic risks. In providing this oversight, the committee:
- reviews the framework and methodology for risk identification, the degree of risk the Company is willing to accept, the management of risk and the processes for auditing and evaluating the Group’s risk management system;
- reviews Group‐wide objectives in the context of the abovementioned categories of corporate risk;
- reviews and, where necessary, approves guidelines and policies governing the identification, assessment and management of the Group’s exposure to risk;
- reviews and approves the delegations of financial authorities and addresses any need to update these authorities on an annual basis; and
- reviews compliance with agreed policies.
The committee recommends any actions it deems appropriate to the Board for its consideration.
Management is responsible for designing, implementing and reporting on the adequacy of the Group’s risk management and internal control system and has to report to the Audit and Risk Committee on the effectiveness of:
- the risk management and internal control system during the year; and
- the Group’s management of its material business risks.
Risk management group
The operation of the Group’s risk management and compliance system is managed by the risk management group, which consists of senior executives. This group has recently engaged an external consultant to update its risk matrix which will enable the risk management and internal control system to be updated.
Corporate reporting
The CEO and the CFO have made the following certifications to the Board:
- the financial records of the Company for the financial year have been properly maintained in accordance with section 286 of the Corporations Act 2001;
- the financial statements, and the notes referred to in section 295(3)(b), of the Corporations Act 2001, for the financial year comply with the accounting standards; and
- the financial statements and notes for the financial year give a true and fair view.
A copy of the Risk Management policy will be available for download here shortly.