The Risk and Compliance Management Department is responsible for risk and compliance management systems across the Group. It maintains the Group’s risk register, which specifies the strategic risks that represent the most significant threats to the Group’s performance and achievement of its strategy, along with any necessary mitigation activities. The risk register is regularly updated and annual strategic risk workshops are held at which senior management from across the business review the Group’s key strategic risks and related mitigation activities. The Risk and Compliance Management Department reports quarterly to the Audit and Risk Committee on the overall risk management process, giving a detailed update of key risks, mitigation activities and actions being taken.
The General Managers of each of the operations have overall responsibility for leading and supporting risk management. “Risk Champions” within each operation have direct responsibility for the risk management processes in their operations and for the continuous update of individual business risk registers, including relevant mitigation activities. The owners of the risks and controls at each business unit are identified, providing effective and direct management of risk. Each operation holds its own annual risk workshop in which the business unit’s risks and mitigation activities are reviewed in detail and updated if necessary. Workshops are also used to assess key risks that may affect relationships with stakeholders, limit resources, interrupt operations and/or negatively affect potential future growth. Mitigation techniques for significant strategic and business unit risks are annually reviewed by the Risk and Compliance Management Department.
The Board regularly reviews Group compliance with all relevant laws and regulations, internal policies, procedures and control activities. A formal risk assessment is conducted at least once a year at all the Group’s operations, and all risks are reported and reviewed quarterly by the Audit and Risk Committee.
Approach to Risk & Leadership Team