CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY



Similar documents
Risk Management Policy Adopted by:

Risk Management: Coordinated activities to direct and control an organisation with regard to risk.

Risk Management Policy

POL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:

RISK MANAGEMENT TOOLKIT

Risk Management Policy and Framework

Core Infrastructure Risk Management Plan

RISK MANAGEMENT FOR INFRASTRUCTURE

Removal of Gender Restrictions on Australian Defence Force Combat Role Employment Categories

Risk Management & Internal Compliance and Control System

Risk Management Policy. Corporate Governance Risk Management Policy

Risk Management Policy and Process Guide

Corporate Governance Statement

RISK MANAGEMENT STRATEGY

Version: 3.0. Effective From: 19/06/2014

Risk Management Within an Organisation

ERM Program. Enterprise Risk Management Guideline

Managing Risk in Procurement Guideline

POLICY. Number: Title: Enterprise Risk Management. Authorization

APPENDIX 50. Enterprise risk management - Risk management overview

Risk Methodology. Contents. Introduction The Risk Management Structure The Risk Management Cycle Methodology...

Guidance for Industry: Quality Risk Management

SAMPLE RISK MANAGEMENT PLAN

Risk Management Policy

Council Meeting Agenda 27/07/15

Risk Management - Board & Management Responsibilities Murray Short, MBA, CPA CA Not-for-Profit Partner RLB LLP

Business Planning, Risk Management and Quality. Mike Harris Immediate Past Chairman, AOQ-QLD Manager Business Systems, AECOM

Eclipx Group Limited Risk Management Policy

Hazard Identification, Risk Assessment and Control Management

RISK MANAGEMENT POLICY

Compliance Management Framework. Managing Compliance at the University

Risk Management Framework

Analyzing Risks in Healthcare. February 12, 2014

The Risk Management strategy sets out the framework that the Council has established.

The Lowitja Institute Risk Management Plan

CORPORATE GOVERNANCE STATEMENT

A Risk Management Standard

Risk Management. Policy

Integration of Risk Management and Internal Audit. Chartered Institute of Management Accountants, New Zealand

IMPLEMENTATION DETAILS

Quality and Engagement Sub Committee

RISK ASSESSMENT. Australian Risk Management Standard AS/NZS 4360:200 defines a risk as;

NEPTUNE MARINE SERVICES LTD ACN Charter of the Risk Management Committee

Risk Management Strategy and Policy. The policy provides the framework for the management and control of risk within the GOC

Communication Policy

Policy : Enterprise Risk Management Policy

Bridgend County Borough Council. Corporate Risk Management Policy

SAI GLOBAL LIMITED Risk Management Policy

Corporate Governance Statement

Title: OHS Risk Management Procedure

Healthcare risk assessment made easy

RISK MANAGEMENT POLICY

RISK MANAGEMENT PLAN APRIL M:\MAPPS\RiskManagementPlanApr10.doc Page 1 of 5

Group Risk Management Policy

Northern Ireland Blood Transfusion Service

Risk Management Statement, Strategy and Policy. Index. Risk Management Statement page 2. Risk Management Strategy page 2

Business Continuity Management Group Policy

Enterprise Risk Management

TASSAL GROUP LIMITED ABN

Annual Governance Statement 2013/14

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Datasheet

RISK MANAGEMENT IN THE NATIONAL SYSTEM A PRACTICAL GUIDE

Key to Disclosures Corporate Governance Council Principles and Recommendations

Risk Assessment Tool and Guidance (Including guidance on application)

RISK MANAGEMENT POLICY

RISK MANAGEMENT POLICY. Version 3

Coventry Resources Inc. Corporate Governance Statement (current as at 30 June 2015)

Risk Management Strategy and Guidelines

Hazard Identification, Risk Assessment and Management Procedure. Documentation Control

Progen Pharmaceuticals Limited ABN

Managing Risk Control Environment and Responsibilities

An Introduction to Risk Management. For Event Holders in Western Australia. May 2014

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Commonwealth Financial Accountability Review (CFAR) Paper Is Less More?

ORDINANCE 22 UNIVERSITY OF LONDON RISK MANAGEMENT POLICY

AFTRS Health and Safety Risk Management Policy

Risk Management - Enterprise-Wide Risk Management Policy and Framework NSW Health

Safety Management Systems (SMS) guidance for organisations

Following up recommendations/management actions

Risk Management in the HSE; An Information Handbook

Board of Directors 24 October 2014

Project Risk Analysis toolkit

Infrastructure Risk Management Plan Template

Business Continuity Management Policy

Risk Management Framework

Corporate Governance Guidelines

AfDB New Procurement Policy: Training Program for the Bank s Procurement Staff. Risk-based design of Procurement Arrangements - Introduction

PROCESS FOR RISK ASSESSMENT

THE SOUTH AFRICAN HERITAGE RESOURCES AGENCY ENTERPRISE RISK MANAGEMENT FRAMEWORK

PROCEDURES RISK MANAGEMENT FRAMEWORK AND GUIDELINES PURPOSE INTRODUCTION. 1 What is Risk?

Bedford Group of Drainage Boards

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

For personal use only

How To Ensure That Sovini Is A Successful Business

G8 Education Limited ABN: Risk Management Policy and Risk Management Framework

COMPLIANCE CHARTER 1

Reserve Bank of Fiji Insurance Supervision Policy Statement No. 8 MINIMUM REQUIREMENTS FOR RISK MANAGEMENT FRAMEWORKS OF LICENSED INSURERS IN FIJI

Walk around and identify the area to be assessed and look at what could reasonably be expected to cause harm.

APPENDIX 4G CORPORATE GOVERNANCE

Corporate Governance Statement REA Group Corporate Governance Statement

Transcription:

CORP 600 00 RISK MANAGEMENT POLICY & METHODOLOGY CORP 600 RISK MANAGEMENT POLICY Purpose In March 2003, the Australian Stock Exchange (ASX) Corporate Governance Council released the first version of its Corporate Governance Principles and Recommendations. This document was further revised in March 2007 (2 nd Edition). Under ASX Listing rule 4.10.3, companies are required to provide a statement in their annual report disclosing the extent to which they have followed the Recommendations in the reporting period. Furthermore Where companies have not followed all Recommendations, they must identify the Recommendations that have not been followed and give reasons for not following them. The change in reporting requirements applies from CGL s disclosures for the FY2008-09. This policy is intended to principally address compliance with the ASX Corporate Governance Council: Principle 7 Recognise and manage risk. For a further information regarding the Corporate Governance Principles and Recommendations, it and other associated commentary are available at : www.asx.com.au/supervision/governance/index.htm Scope This document will lay out CGL s Risk Management processes and procedures to comply with Principle 7 Recognise and manage risk of the Corporate Governance Principles and Recommendations. The process is divided into four phases: 1. Identification of material business risks; 2. Assessment and Prioritisation of material business risks; 3. Formulation and implementation of appropriate risk mitigation and management strategies; 4. Reporting of the effectiveness of risk mitigation (management) activities to the Audit and Risk Committee of CGL. Process Owners / Responsibility The Senior Management Team (SMT) as a whole is responsible for the establishment of a sound system of risk oversight and management and internal control. Printed 24/11/2008 Page 1 of 10

To facilitate this, Risk Management will be included as an agenda item at every monthly SMT meeting. In addition, divisional Senior Leadership Team meetings will have Risk Management included in their meeting agendas to address specific risk management items relevant to their divisions. The Chief Financial Officer (CFO) and Company Secretary will be responsible for the co-ordination and administration of the risk management process. They shall in addition be responsible for reporting to the Audit and Risk committee on the effectiveness of CGL s risk management processes. Objective To document CGL s policies and procedures on the oversight and management of material business risks. Table of Contents Identification of Material Business Risks 2 Definition of Material Business Risk 2 Assessment and Prioritisation 3 Inherent risk ratings 3 Risk Mitigation 3 Discussion at SMT and divisional SLT 3 Monitoring and Reporting 3 Implementation Status 4 Mitigation Effectiveness 4 Internal Audit 4 Residual Risk 4 Reporting to the Audit and Risk committee. 4 Risk Appetite & Acceptance 4 Identification of Material Business Risks On an annual basis, a risk identification exercise (via survey) will be conducted by the CFO and Company Secretary to identify the material business risks of CGL. Once identified the business risks will consolidated and incorporated into CGL s Risk Register. During the monthly discussions on Risk Management (at divisional SLT or SMT), any new material business risks identified shall be raised, and documented into the Risk Register (with the approval of SMT). It should be noted that only material business risks will be documented in the Risk Register according to the definition below. This is to preserve the clarity and effectiveness of the risk management process, and simplify reporting to the Audit and Risk committee. Definition of Material A material business risk is the chance that something material (i.e. Printed 24/11/2008 Page 2 of 10

Business Risk CORP 600 RISK MANAGEMENT POLICY significant) will occur that has an impact upon the goals and objectives of CGL. Risks are measured in terms of likelihood and consequences. Qualitative aspects of materiality include the event s ability to adversely affect group operations and objectives, and influence decisions made by management and internal and external stakeholders. Quantitative measurements of materiality (according AASB 1031 Materiality) refer to between five and ten percent of an applicable base amount. As a guide this equates to amounts over $500,000 AUD using FY2008 EBITA as an applicable base. Assessment and Prioritisation Inherent risk ratings All risks complied from the previous phase on the risk register will have their consequences recorded, and have its level of inherent risk measured. Inherent risk is a function of the likelihood (of the risk occurring) and impact (of the consequences) of the risk. Refer to the Qualitative Risk Matrix for further details regarding the measurement of the levels of risk. Once measured, each risk will be: 1. Assigned a risk rating according to the above risk matrix; 2. Assigned an officer responsible for its management (mitigation); and 3. Prioritised according to its risk rating. Risk Mitigation Each risk will require mitigation strategies / processes to be formulated and implemented. These mitigation strategies are the responsibility of the assigned CGL officer (and their division if applicable). Documentation regarding these strategies & processes are to be retained. This will allow the verification of the existence of these processes, and assist in the measurement of the effectiveness of the strategy. Discussion at SMT and divisional SLT These strategies will be discussed at monthly SMT and divisional SLT meetings to facilitate their formulation and implementation. Once formulated, the strategies will be documented against their applicable risks on the CGL Risk Register. Monitoring and Reporting Once mitigation strategies have been formulated and documented, their Printed 24/11/2008 Page 3 of 10

implementation status will be recorded on the risk register. Implementation Status Implementation status will either be noted as Present & Complete, or as a future date for completion. Present & Complete indicates that the strategies documented are in place in their entirety. This will also indicate that the strategy is ready for verification by Internal Audit. If the strategy is to be implemented, or not completely implemented, a date shall be noted on the risk register as the date of complete implementation. Mitigation Effectiveness Effectiveness of the mitigation strategies implemented will be measured according to the Risk Reference tables, and are a function of mitigation likelihood and reduction of impact. Mitigation effectiveness is measured according to actions and strategies in place or present. They are not measured according to proposed actions, only actions / strategies which are in place. Internal Audit Internal Audit will verify that risk mitigation strategies noted by management as Present and Complete are in place. It should be noted that in the absence of documented indicators / evidence that risk mitigation strategies exist, they shall not be verified as in existence and thus will not have a status of Present & Complete. Internal Audit findings will be communicated to the officers responsible for the risk, and to the Audit and Risk committee if appropriate. Residual Risk Reporting to the Audit and Risk committee. Residual risk is calculated as inherent risk less mitigation effectiveness. This will give a residual risk amount, on which the residual risk rating is based upon. The CFO and the Company Secretary will report to the Audit and Risk committee on the effectiveness of Risk Management on behalf of management. These reports will occur at every meeting of the Audit and Risk committee, which are held four times every calendar year. Risk Appetite & Acceptance Whilst it is impossible to completely mitigate all risk, risk can be reduced via mitigation strategies to acceptable levels. CGL will accept a residual risk rating no higher than Medium as acceptable. If mitigation strategies in place do not reduce residual risk to (or below) this level, additional strategies must be formulated and implemented. Printed 24/11/2008 Page 4 of 10

In addition, risks with an unacceptable residual risk rating will be highlighted to the Audit & Risk committee. Policy History Description Reference # Date Original Policy CORP 600 00 28 November 2008 Revision # 1 Revision # 2 Next Review Due 30 November 2009 Printed 24/11/2008 Page 5 of 10

Appendix One Qualitative Risk Matrix and supporting descriptions Qualitative Risk Analysis Matrix Level of Risk Consequences Insignificant Minor Moderate Major Catastrophic Likelihood 1 2 3 4 5 1 L L M H H 2 L L M H E 3 L M H E E 4 M H H E E 5 H H E E E Legend: Extreme risk detailed research and management planning required at senior levels High risk senior management attention needed Moderate risk management responsibility must be specified Low risk manage by routine procedures Printed 24/11/2008 Page 6 of 10

LIKELIHOOD DESCRIPTIONS Descriptor Description Frequency 1 Rare The event may occur only in exceptional circumstances Will occur in exceptional circumstances 2 Unlikely The event could occur at some time Will occur once every 10 years 3 Possible The event should occur at some time Will occur once every three years 4 Likely The event will probably occur in most circumstances Will occur once per year 5 Almost Certain The event is expected to occur in most circumstances This event could also be currently occurring. Will occur more than once per year Printed 24/11/2008 Page 7 of 10

Descriptor IMPACT DESCRIPTIONS Examples 5 Catastrophic Multiple deaths and/or significant asset destruction greater than $10 million and/or national TV news headlines and/or government investigation and/or catastrophic, long term environmental harm and/or total service cessation for a number of months. 4 Major Single death and/or multiple injuries and/or loss of asset $1 million - $10 million and/or local TV news and/or departmental investigation and/or significant long term environmental harm and/or total service cessation for a month and disruption over subsequent disruption 3 Moderate Individual injury and/or loss of asset $200,000 - $1 million and/or local newspaper (not front page) and/or regional inquiry and/or significant release of pollutants with mid term recovery and/or total service cessation for a week and subsequent disruption 2 Minor First Aid and/or loss of asset $20,000 - $200,000 and/or suburban newspaper and/or minor transient environmental harm and/or minor disruption 1 Insignificant No injuries and/or minor loss of asset less than $20,000 and/or reporting (not front page) suburban newspapers and/or brief pollution but no environmental harm and/or no disruption Printed 24/11/2008 Page 8 of 10

DETECTION / PREVENTION DESCRIPTIONS Descriptor Description 1 Insignificant The detection and/or prevention of the risk event may occur only in exceptional circumstances 2 Unlikely The detection and/or prevention of the risk event could occur at some time 3 Possible The detection and/or prevention of the risk event should occur at some time or Detection and/or prevention of the risk event should occur, but may not occur in a timely manner. 4 Likely The detection and/or prevention of the risk event will probably occur in most circumstances in a timely manner 5 Almost Certain The detection and/or prevention of the risk event is expected to occur in most circumstances in a timely manner Printed 24/11/2008 Page 9 of 10

IMPACT REDUCTION DESCRIPTIONS Descriptor Examples The impact reduction of the risk as a result of the mitigation strategy process is measured as difference between the inherent impact and the impact prior to the mitigation strategy. 1 to 4 An example is that the strategy will reduce the injury or loss from $1 million (4 - Major) to $20,000 (2 - Minor), thus the difference is a 2. Printed 24/11/2008 Page 10 of 10

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information