"Ensuring that there are the structures and processes in place to identify and evaluate risks, and that appropriate controls and mitigation techniques are developed to address those risks. Ensuring that key risks, and the performance in managing those risks, are reported on a timely basis to the relevant parties."

 


The Risk and Compliance Management Department has responsibility for risk and compliance management systems across the Group. It maintains the Group’s risk register, which specifies the strategic risks that represent the most significant threats to the Group’s performance and achievement of its strategy, along with any necessary mitigation activities. The risk register is continuously updated and annual strategic risk workshops are held at which senior management from across the business review the Group’s key strategic risks and related mitigation activities. The Risk and Compliance Management Department reports quarterly to the Audit and Risk Committee on the overall risk management process, including a detailed update of key risks, mitigation activities and the actions being taken.

The General Managers of each of the operations have overall responsibility for leading and supporting risk management. Risk Champions within each operation have direct responsibility for risk management processes in their operations and for the continuous update of individual business risk registers, including relevant mitigation activities. The owners of the risks and controls at each business unit are identified, providing an effective and direct management of risk. As part of this process, each operation holds its own annual risk workshop in which the business unit’s risks and mitigation activities are reviewed in detail and updated if necessary. Workshops are also used to assess key risks that may affect relationships with stakeholders, limit resources, interrupt operations and/or negatively affect potential future growth. Mitigation techniques for the significant strategic and business unit risks are annually reviewed by the risk management department.

The Board regularly reviews Group compliance with all relevant laws and regulations, internal policies, procedures and control activities. A formal risk assessment is conducted at least once a year at all of the Group’s operations, and all risks are reported and reviewed quarterly by the Audit and Risk Committee.

 

"Ensuring that there are the structures and processes in place to identify and evaluate risks, and that appropriate controls and mitigation techniques are developed to address those risks. Ensuring that key risks, and the performance in managing those risks, are reported on a timely basis to the relevant parties."