PRINCIPLE 7 €“ RECOGNISE AND MANAGE RISK

The Board recognises that effective risk management processes help ensure the business is more likely to achieve its business objectives, and that the Board meets its corporate governance responsibilities. In meeting its responsibilities, the Board has ensured that management has put in place comprehensive risk management policies and practices across the Company which addresses each of the key elements and requirements of AS/NZS Standard 4360: 2004 – Risk Management.

Such processes include defining the risk oversight responsibilities of the Board and the responsibilities of management in ensuring risks are both identified and effectively managed. The agreed policies and practices are made effective through the combined activities of:

• an Audit Committee that reports to the Board on risk management and internal control matters in accordance with its main responsibilities as outlined in the Audit Committee Charter. Whilst ultimate responsibility for risk oversight rests with the Board, the Audit Committee is an efficient mechanism for focusing the Company on risk oversight, risk management and internal control;
• an Executive Risk Committee (ERC), comprising the executive and senior management of the Company, which has been established to identify business risks in the organisation and review status and risk mitigation activities. Formal enterprise risk profiles have been prepared for the businesses and these are reviewed quarterly by the ERC. The major business risks are reported to the Audit Committee at the June and December meetings together with risk mitigation activities. The ERC reports to the Audit Committee on its activities as outlined in the ERC Charter;
• a Finance Committee, comprising the executive and senior management of the Company, which has been established to review and monitor the financial risks in the organisation and oversee the execution of finance policies and risk mitigation activities. The Finance Committee reports to the Audit Committee on its activities as outlined in the Finance Committee charter;
• a Group Commercial Manager who has primary responsibility for designing, implementing and coordinating the overall risk management and internal control practices of the Company. The Group Commercial Manager attends the Audit Committee meetings to present the Internal Audit Report. Whilst reporting to the Chief Financial Officer on a day to day basis, the Group Commercial Manager has the authority to report directly to the Board on any matter;
• a Group Risk Manager, who has specific responsibilities in respect of operational risks including occupational health and safety, business continuity, environmental and sustainability risks. The Group Risk Manager prepares a monthly Group Risk Report for the Board and attends the June and December Audit Committee meetings to present the Operational Risk Report; and
• Internal Audit activities, undertaken by a combination of internal and appropriately qualified external resources, based on an Audit Committee approved programme of work. Such activities link to the risk management practices of the Company by ensuring risks are being adequately identified and managed through the effective and efficient operation of control procedures.

The Company has implemented risk management software across the Group for the purpose of identifying and managing occupational health and safety, business continuity and environmental risks. The software is a critical tool for senior management and has enhanced the identification, reporting and monitoring of actions in this important area, in order to support management’s objectives.

Risk management is embedded in the Company’s policies and procedures which have enabled the Company to pro-actively identify and manage all types of risk within the organisation. The Board aims to continually evaluate and re-assess the risk management and internal control practices of the Company to ensure current good practice is maintained, and to preserve and create value within the organisation.

Certification of Risk Management Controls

In conjunction with the certification of financial reports, the Managing Director and Chief Financial Officer state in writing to the Board each reporting period that in their opinion:

• the statement is founded on a sound system of risk management and internal compliance and control which implements the policies adopted by the Board; and
• the Company’s risk management and internal compliance and control system is operating efficiently and effectively in all material respects.

The statements from the Managing Director and Chief Financial Officer are based on a formal sign-off framework established throughout the Company and reviewed by the Audit Committee as part of the financial reporting process.