Clarius Group Risk Management Policy and Framework



Similar documents
THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

RISK MANAGEMENT FRAMEWORK. 2 RESPONSIBLE PERSON: Sarah Price, Chief Officer

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

IRM CERTIFICATE AND DIPLOMA OUTLINE SYLLABUS

International Diploma in Risk Management Syllabus

ENTERPRISE RISK MANAGEMENT POLICY

Saldanha Bay Municipality. Risk Management Strategy. Inclusive of, framework, procedures and methodology

Risk Management Committee (Committee) Terms of Reference

Audit of the Policy on Internal Control Implementation

ENTERPRISE RISK MANAGEMENT FRAMEWORK

Enterprise Risk Management

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Matthew E. Breecher Breecher & Company PC November 12, 2008

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Subject ST9 Enterprise Risk Management Syllabus

Introduction to Enterprise Risk Management at UVM DRAFT

STANDARDS OF SOUND BUSINESS AND FINANCIAL PRACTICES. ENTERPRISE RISK MANAGEMENT Framework

Confident in our Future, Risk Management Policy Statement and Strategy

The New International Standard on the Practice of Risk Management A Comparison of ISO 31000:2009 and the COSO ERM Framework

Enterprise Risk Management

A Risk Management Standard

The Role of the Board in Enterprise Risk Management

Accreditation Application Forms

Understanding and articulating risk appetite

Administrative Guidelines on the Internal Control Framework and Internal Audit Standards

Guidance Note: Corporate Governance - Board of Directors. March Ce document est aussi disponible en français.

Risk Management Strategy EEA & Norway Grants Adopted by the Financial Mechanism Committee on 27 February 2013.

Risk Management Policy

Board oversight of risk: Defining risk appetite in plain English

WFP ENTERPRISE RISK MANAGEMENT POLICY

Fraud Prevention and Deterrence

Operational Risk Management Program Version 1.0 October 2013

Principles for An. Effective Risk Appetite Framework

Enterprise Risk Management

Explanation where the company has partially applied or not applied King III principles

SOL PLAATJE MUNICIPALITY ENTERPRISE RISK MANAGEMENT FRAMEWORK AND POLICY

EQT HOLDINGS LIMITED BOARD CHARTER (ACN )

Risk Management Policy

University Audit and Compliance. Internal Controls Enterprise-Wide Risk Assessment

Guidance on Risk Management, Internal Control and Related Financial and Business Reporting

IT Charter and IT Governance Framework

High level principles for risk management

Risk Management Policy

RISK MANAGEMENT OVERVIEW 2011 RISK CONFERENCE SPONSORED BY THE FEDERAL RESERVE BANK OF CHICAGO AND DEPAUL UNIVERSITY

University of St. Gallen Law School Law and Economics Research Paper Series. Working Paper No June 2007

IFAD Policy on Enterprise Risk Management

Risk Assessment & Enterprise Risk Management

Application of King III Corporate Governance Principles

and Risk Tolerance in an Effective ERM Program

Audit, Risk Management and Compliance Committee Charter

engage ERM ADVISORY Insurer Management Risk Committee Practices

Beyond risk identification Evolving provider ERM programs

Application of King III Corporate Governance Principles

RISK AND COMPLIANCE COMMITTEE CHARTER

Risk Management Policy Adopted by:

APPENDIX 50. Enterprise risk management - Risk management overview

M a r k e t i n g. About managing the doing of marketing for management roles

Eclipx Group Limited Risk Management Policy

COCA-COLA HELLENIC BOTTLING COMPANY RISK MANAGEMENT POLICY

Implementing an Integrated City-wide Risk Management Framework

CONTINUOUS CONTROLS MONITORING

ENTERPRISE RISK MANAGEMENT POLICY

Governance Guideline SEPTEMBER 2013 BC CREDIT UNIONS.

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

Department of Veterans Affairs VA Directive VA Enterprise Risk Management (ERM)

Internal Audit Terms of Reference

RISK MANAGEMENT FRAMEWORK

Chief Risk Officers in the Mutual Fund Industry: Who Are They and What Is Their Role Within the Organization?

Corporate Governance. Approach to Governance. Principle 1 Lay solid foundations for management and oversight. ASX Best Practice Recommendations

11/12/2013. Role of the Board. Risk Appetite. Strategy, Planning and Performance. Risk Governance Framework. Assembling an effective team

Policy (Board Approved)

Terms of Reference - Board Risk Committee

Enterprise risk management: A pragmatic, four-phase implementation plan

RISK MANAGEMENT POLICY AND STRATEGY. Document Status: Draft. Approved by. Appendix 1. Originator: A Struthers. Updated: A Struthers

A structured approach to Enterprise Risk Management (ERM) and the requirements of ISO 31000

Strategic Risk Assessment. A first step for improving risk management and governance. COVER STORY. By Mark L. Frigo and Richard J.

Internal Auditing Guidelines

Operational Risk Management - The Next Frontier The Risk Management Association (RMA)

How To Prepare A Configuration Change Change Request For The Tfnsw Cmaac

LOBLAW COMPANIES LIMITED MANDATE OF THE BOARD OF DIRECTORS

State of the Art: Risk Management. Jeff M. Spivey, CPP President Security Risk Management

Risk, Risk Assessments and Risk Management. Christopher Bowler CPA, CISA August 10, 2015

Sample risk committee charter

Risk Management Within an Organisation

Enterprise Risk Management: From Theory to Practice

FIRST REPUBLIC BANK DIRECTORS ENTERPRISE RISK MANAGEMENT COMMITTEE CHARTER

Risk Management Policy

How To Use Risk It

Developing an Effective Enterprise Risk Management Program

Guidance on Supervisory Interaction with Financial Institutions on Risk Culture. A Framework for Assessing Risk Culture

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI

Board Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

HOW MANAGEMENT ACCOUNTING DRIVES SUSTAINABLE SUCCESS

RISK MANAGEMENT IN A FOR-

Enterprise Risk Management: Concepts & Issues

Transcription:

1. Introduction Clarius Group Risk Management Policy and Framework 1.1 Definition Risk is the chance of something happening that will have an impact on objectives. Risk provides the opportunity (upside) to the organisation as well as the downside. Risk management is a process to identify, assess, manage, and control potential events or situations to provide reasonable assurance regarding the achievement of the organisation's objectives. It is broader than the traditional view of risk assessment, mitigation, monitoring and control. Risk management is about ensuring the culture, policies, processes and structure are directed towards taking advantage of potential opportunities while managing potential adverse effects. Under the constitution of the Clarius Group Limited ( the Clarius Group ), the shareholder s have delegated to the Board the authority to direct the Group to achieve the objectives and to execute business strategies to increase shareholder value and meet other results orientated targets. Risk management process enables the Clarius Group management to effectively deal with uncertainty and associated risk and opportunity, enhancing the capacity to build value. The risk management process is illustrated broadly in the diagram below. It is a continuous process of: Establishing risk management objectives, tolerances and limits for all of the business significant risks; Assessing risks within the context of established tolerances; Developing cost-effective risk management strategies and processes consistent with the overall goals and objectives; Implementing risk management processes; Monitoring and reporting upon the performance of risk management processes; Improving risk management processes continuously; and Ensuring adequate communication and information for decision making 1

Risk Management Process 1.2 Background Clarius Group Board Audit Risk and Compliance Committee (BARCC) and senior management adopted an organisation-wide, systematic approach to risk management in the Clarius Group. The COSO (Committee of Sponsoring Organizations of the Treadway Commission) Enterprise Risk Management Integrated Framework has been adopted and the Clarius Group Risk Management Framework has been established accordingly. 1.3 Scope and purpose This Clarius Group Risk Management Policy and Framework applies to all the businesses and functions across the Clarius Group. 2

The Clarius Group Risk Management Policy and Framework aims to act as the focal point for any risk management activity throughout the Clarius Group. It coordinates and supports particularly the management effort associated with organisation-wide risks. It is incorporated and integrated within the existing business management framework. The Clarius Group Risk Management Policy and Framework provides the conditions for an improved decision-making process related to any activity and at any level in the Clarius Group. Not applying risk management is equivalent to decision-making not based on solid facts and reasoning, including a careful consideration of all risks involved. The Clarius Group Risk Management Policy and Framework provides for and obligates all Clarius Group personnel to implement risk management. 2. Clarius Risk Management Framework Structure The Clarius Group Risk Management Framework consists of: Risk Management Policy and Framework; Risk guidelines; Risk Management Implementation Process; Annual risk assessment ; Risk monitoring and reporting process; Risk and control optimisation; and A support mechanism with corresponding resource, e.g. funding, training and information systems across the Clarius Group. 2.1 Risk Management Policy and Framework This Clarius Group Risk Management Policy and Framework outlines the commitment and the objectives of the Clarius Group regarding risk management and integrates risk management accountability with group performance management. It is aligned with the Clarius Group strategic goals, operational environment, and nature of activities and interests of stakeholders. 2.2 Risk Guidelines Risk guidelines include the Balanced Scorecard, Risk Register, Risk Appetite and Risk Tolerance. Balanced Scorecard provides guidance on the current focus of strategic goals and the associated risks at group level. Risk Register provides guidance on the current focus of operational goals and the associated risks at business level. 3

Risk appetite and risk tolerance are the quantitative and qualitative standard for strategic risks and operational risks across the Clarius Group. Risk appetite is established by the Board. Risk tolerance is set up with management input and approved by the Board. The group aggregated risk tolerance is no more than the associated group risk appetite. All the above risk guidelines are to be reviewed and updated on a regular basis to ensure that they provide proper guidance assurance to the Clarius Group risk management. 2.3 Risk Management Implementation Process The Risk Management Implementation Process is a document which demonstrates how risk management be implemented across all the businesses and functions across the Clarius Group. 2.4 Annual Risk Assessment Risk Assessment is to be performed on an annual basis of all the businesses across the Clarius Group. The documented annual risk assessment supports the BARCC and senior management justification on the risk management group wide. 2.5 Risk Monitoring and Reporting Process Risks are monitored by management via daily operation, reported to the Risk Committee on a quarterly basis and reported to the BARCC whenever any significant risks arise and are noted. The Risk Committee addresses Board concerns with management and reports the follow up status to the Board until the risk is controlled within the risk tolerance. 2.6 Risk and Control Optimization Acknowledging that risks can be positive or negative, optimising risks means finding a balance between negative risk and the benefit of the operation or activity; and between risk reduction and effort applied. This process involves risk strategy, performance evaluation and capital allocation if required. With risk and control optimisation the organisation can provide greater stakeholder confidence and improved risk mitigation strategies. 2.7 Support Mechanism Adequate resources and trained personnel are committed and provided for the risk management activities, which includes the Board, BARCC, Risk Committee, Management and Risk Owners/Control Owners. Detailed information regarding each function please refer to Part 3 Clarius Risk Management Process. 4

3. Clarius Group Risk Management Process Clarius Group risk management delegation flow and information flow is tabled as below. Board Board Audit Risk and Compliance Committee Risk Committee Risk Management Committee Risk Management Owner/ Control Owner Risk management delegation flow Risk management information flow Board / BARCC reviews Balanced Scorecard and sets up associated risk appetite on an annual basis and communicates the result with the Risk Committee. The Risk Committee meet each quarter to assess risks, monitor risks, to mitigate control status, and report risks across all the business and functions of the Clarius Group. The Risk Committee also assists the businesses and functions with measuring risk tolerance quantitatively or qualitatively. On an annual basis the Risk Committee conduct annual risk assessments of all the businesses and functions across the group and report the result to the Board / BARCC and senior mangement to justify risk management. The Risk Committee address the Board s concerns with management and report the follow up status to the Board. Management work with the Risk Committee to implement risk management and controls required and provide input on measurable risk tolerance. Management identify the risk owner / control owner if different and communicate daily responsibility to ensure that the risk owner/control owner have a clear picture on their duties and reporting responsibilities. 5

The Risk owner and the control owner are responsible for daily operation with risk management integrated. Any significant risks identified by the risk owner and control owner will be communicated to management immediately and management will report to the Risk Committee and Board / BARCC if required. With the above Clarius Group Risk Management Process all the operational risks are monitored at an acceptable level and all of the controls in place optimised to increase stakeholder and shareholder s confidence. This structured Clarius Group Risk Management Framework will stimulate continuous improvement and innovative thinking. 4. Roles and Responsibilities of each party in Clarius Group Risk Management Process 4.1 Board The Board plays a critical role in overseeing how management approaches Clarius Group organization-wide risk management. Because management is accountable to the Board of directors, the Board s focus on effective risk oversight is critical to set the tone and culture towards effective risk management through strategy setting, formulating high-level objectives, and approving broad-based resource allocation. The Board delegate the responsibility of enterprise risk management to the BARCC. Management reports significant exceptions in the monthly Board meeting, if any. The chair of the Risk Committee attends the Board Meeting if required. 4.2 Board Audit Risk and Compliance Committee (BARCC) The BARCC oversees the Clarius Group risk management at group level and delegates the daily operation and monitoring of risk management to the Risk Committee. The BARCC report the significant risks identified to the Board, if any. 4.3 Risk Committee The Risk Committee has the responsibility to set up and maintain the risk management system. The Risk Committee reports and reviews the risk management system s performance. The Risk Committee define and document the status, responsibilities, authority and interrelationships of the risk management personnel. The Risk Committee comprises the Chief Executive Officer, Chief Financial Officer, and Executive General Managers from the businesses across the Clarius Group, shared service 6

managers, Group Quality and Compliance & System Manager, Group Legal Adviser and Group Internal Audit and Compliance Manager. The Risk Committee communicates and monitors the risk management of each business and function with input from executive general managers and shared service managers who attend the Risk Committee meeting. Any significant risks identified in the Risk Committee meeting are addressed to the BARCC and Board in a timely manner, either in the monthly Board Meeting or via separate communication. The Risk Committee meeting is chaired by the Chief Executive Officer or a delegate such as the group legal adviser on a quarterly basis. It is the view of the Board that preparation and participation by all members of the committee is regarded as very important in the process of managing risk across the Clarius Group. Shared service managers attendance at the meeting depends on the topics to be discussed. Meeting minutes are circulated after the meeting and execution of action plans are monitored and communicated by the Chair of the Risk Committee. 4.4 Management Management has the responsibility to ensure that: risk owners are identified for all the risks on the Risk Register; control owners are identified to ensure mitigating controls are in place; risk owners and control owners have a clear understanding on their responsibility, risks to be addressed and mitigating controls to be implemented; and risk owners and control owners have a clear picture on the reporting process if any significant risks are identified or any risks are changed with the change of any business/information system. 4.5 Risk Owner / Control Owner Risk owners and control owners form the base of Clarius Group s Risk Management Framework. Risk owners are responsible for the risks and accountable for the controls required. That is, risk owners have the responsibility to address the risks that they are responsible for, to implement the mitigating controls that are agreed with management and the Risk Committee monitor risk management via daily operation, reporting exceptions to the management, if any. Risk owners need to report to management any business process changes or business/finance system changes. Control owners have the responsibility to perform control actions to mitigate or eliminate the risks identified. On an annual basis risk owners are responsible for helping management complete the risk assessment. 7

5. Implementation recommendation and review This Clarius Group Risk Management Policy and Framework should be approved by the Chief Executive Officer prior to initial adoption by the Board. After initial adoption, this document should be reviewed and updated by the Risk Committee and approved by the CEO on a regular basis to ensure the accuracy and presented to the BARCC approval. 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information