|
Risk Management Committee
Charter
The Board's Risk Management Committee is charged with the responsibility of monitoring that established procedures at board and management level are in place to identify, monitor and mitigate risk; and checking that those procedures are designed to maintain the company's operational viability and to safeguard its assets and interests. It is also charged with the responsibility of monitoring the integrity of the company’s reporting on its management, operations, staffing, marketing and internal control procedures and limits, all of which are subject to audit review.
The Committee is responsible for determining the company's risk management policy and overall strategies and for clearly communicating that policy and those strategies to management.
Risk Management Plan
The Committee has the responsibility for the maintenance of the company’s risk management plan. This provides the framework for monitoring risk management activities. The plan currently includes the following elements:
- Identification of possible risks
- Measurement of risk by analysis in terms of probability and impact in the context of current controls and strategies
- Evaluation and prioritisation of risks
- Development and implementation of risk control strategies and
- Monitoring and reviewing the performance of the risk management system.
Risk Management System
Within each area of risk, the Committee has the responsibility of determining the severity of the risks identified and evaluating each risk in terms of:
- the probability of its occurring and
- the impact of the risk occurring.
From this evaluation, the Committee is required to rate the severity of each risk ranging from "severe" to "trivial" and to review whether appropriate risk management strategies have been developed and implemented that are commensurate with the assessed severity. The Committee is also required to assess whether adequate risk management policies and procedures are in place to deal with the high priority risks, and the effectiveness of those policies and procedures. If necessary, the Committee is required to ensure that new policies and procedures are implemented.
Identified Risk Areas
The Board's Risk Management Committee has identified the company’s investment and specific business risks, and these are set out in Part 9 of the company’s prospectus.
External risks include (but are not limited to):
- Possible volatility of share price
- Regulation and publicity
- Macro-economic risks
- Taxation risks
- Sovereign risk (international operations)
- The state of the economy in the countries of operations.
- International hostilities and disasters
- Changes in Australian Federal Government policies.
Internal risks specific to the company's industry include:
- Corporate Governance
- Corporations Act 2001
- ASX listing rules
- Income Tax Assessment Act
- Information Technology Governance.
- Management
- Strategy and organization
- Integration of mergers and acquisitions
- Ability to manage growth
- Certification
- Quality of reporting systems.
- Operations
- OH&S issues
- Professional negligence
- Environmental issues
- Information technology
- Supply of materials and services
- Quality management
- Dependence on key personnel and recruitment
- Competition in the company's industry
- Cyclical nature of the company’s business
- Disaster recovery
- Security
- Public liability.
- Marketing
- Services life cycle
- Services diversification
- Trade Practices Act.
- Financial
- Insurance
- Fraud.
- Human Resources
- Competency of, and dependency on, staff
- Sexual harassment and equal opportunity
- Wrongful dismissal
- Industrial disputation
- Pandemic effects
- Training needs.
- Innovation
- Intellectual property protection
- Research and development.
Board Responsibility
The entire Board, in consultation with executive management, is responsible for identifying relevant risks and notifying the risk committee. The committee shall then consider the appropriate control procedures needed to adequately manage the risks.
|
