In managing risk, it is the Company’s practice to take advantage of potential opportunities while managing potential adverse effects. Managing risk is the responsibility of everyone in the Company.
This Policy sets out the Company’s approach to risk, including the responsibilities of the Board, management and others within the Company in relation to risk management.
1. Risk Management Procedure
The Company’s yearly risk management activities are divided into quarters as follows:
Quarter One commencing July
Senior management undertakes the following activities:
- documents and/or reviews the Company’s Risk Management Policy;
- publishes any updates to the Company’s Risk Management Policy on the Company’s website;
- reviews the Company’s Board Charter and role descriptions for management to ensure accountability for all risk management is included;
- identifies or reviews material business risks, develops risk management strategies and presents full company risk profile by completing a risk register. The form of the risk register is included in Appendix A; and
- allocates and/or reviews owners of critical material business risks in the risk register.
The Board determines the Company’s overall risk tolerance levels, approves senior management’s risk management policy and provides input into the Company’s risk profile.
Quarter Two commencing October and Three commencing January
Senior management reviews the status of risk management strategies and reviews and updates the risk register and/or completes an individual risk report for critical material business risks and provides the register and/or the report to the Board.
The Board notes the updated risk register / individual risk reports and questions management as it considers necessary.
Quarter Four commencing April
Senior management undertakes the following activities:
- reviews and updates the risk register and/or completes an individual risk report for critical material business risks and provides the register and/or the report to the Board;
- the Chief Executive Officer and Chief Financial Officer provide a certification that the declaration provided in accordance with section 295A of the Corporations Act is founded on a sound system of risk management and internal control and that the system is operating effectively in all material respects in relation to financial reporting risks, in accordance with the requirements of Recommendation 7.3;
- the Chief Executive Officer provides a summary of the Company’s management of its material business risks and report to the Board on the effectiveness of whether those risks are being managed effectively, in accordance with the requirements of Recommendation 7.2; and
- prepares the annual report disclosure with respect to Recommendation 7.4 for the Board’s approval.
The Board undertakes the following activities:
- notes the updated risk register and/or individual risk reports and questions management if required;
- notes the Chief Executive Officer/Chief Financial Officer certification for the purposes of Recommendation 7.3;
- notes the Chief Executive Officer summary regarding the effectiveness of the Company’s management of material business risks for the purposes of Recommendation 7.2; and
- approves the annual report disclosure with respect to Recommendation 7.4.
2. Role of the Board and Delegated Responsibility
The Board is responsible for approving the Company’s policies on risk oversight and management and satisfying itself that management has developed and implemented a sound system of risk management and internal control. Further details of the Board’s responsibility is set out in section 1 of this document.
Implementation of the risk management system and day-to-day management of risk is the responsibility of the Chief Executive Officer, with the assistance of senior management, as required.
Audit Committee Charter
The Audit Committee Charter sets out the role of the Audit Committee (or its equivalent) which includes, among other things, monitoring and reviewing the integrity of the financial reporting of the Company and any significant financial reporting
judgements; and reviewing the Company’s internal financial control system and, unless expressly addressed by a separate risk committee or by the Board itself, risk management systems.
3. Role of the Chief Executive Officer and Accountabilities
The Chief Executive Officer has responsibility for identifying, assessing, monitoring and managing risks. The Chief Executive Officer is also responsible for identifying any material changes to the Company’s risk profile and ensuring, with approval of the Board, the risk profile of the Company listed in this Policy are updated to reflect any material change.
The Chief Executive Officer is required to report on the progress of, and on all matters associated with, risk management on a quarterly basis. The Chief Executive Officer is to report to the Board as to the effectiveness of the Company’s management of its material business risks, at least annually.
4. Authority of the Chief Executive Officer
In fulfilling the duties of risk management, the Chief Executive Officer may have unrestricted access to Company employees, contractors and records and may obtain independent expert advice on any matter they believe appropriate, with the prior approval of the Board.
5. Role of Managers and Supervisors
Managers and supervisors must:
- monitor material business risks for their areas of responsibilities;
- provide adequate information on implemented risk treatment strategies to senior management to support ongoing reporting to the Board; and
- ensure staff are adopting the Company’s risk management framework as developed and intended.
6. Role of Individual Staff
All staff within the Company should:
- recognise, communicate and respond to expected, emerging or changing material business risks;
- contribute to the process of developing the Company’s risk profile; and
- implement risk management strategies within their area of responsibility.
7. Risk Profile
The Company considers that any risk that could have a material impact on its business should be included in its risk profile. The risk profile of the Company as at the date this policy was adopted by the Board can be categorised as follows:
- Financial reporting
- Occupational Health & Safety
- Ethical conduct
- Economic cycle/marketing
- Legal and compliance.
The individual risks which fall within these categories are included in the Company’s risk register.
8. Risk Management Strategies
The Company maintains a number of policies and practices designed to manage specific business risks. These include:
- Insurance ProgramThe Company maintains the following insurances, which are reviewed annually:Directors and Officers Liability
- Regular budgeting and financial reporting
The Company has regular budgeting in place. It is the role of the Audit Committee (or its equivalent) to review the integrity of the financial reporting of the Company.
- Clear limits and authorities for expenditure levels
The Company’s Board Charter sets out Materiality Thresholds. These include quantitative and qualitative thresholds as well as triggers for the materiality of contracts.
- Procedures/controls to manage environmental and occupational health and safety matters, established and maintained by Atlas Partners Pty Ltd, a service provider to the Company.
- Procedures for compliance with continuous disclosure obligations under the ASX Listing Rules and the Corporations Act
The Company’s Compliance Procedures have been designed for the purpose of ensuring the Company complies with its continuous disclosure obligations.
- Procedures to assist with establishing and administering corporate governance systems and disclosure requirements
The Company has adopted a Corporate Governance Manual which contains policies and procedures to assist the Company establish and maintain its governance practices.
9. Responsibility to Stakeholders
The Company considers the reasonable expectations of stakeholders particularly with a view to preserving the Company’s reputation and success of its business. Factors which affect the Company’s continued good standing are included in the Company’s Risk Profile.
10. Continuous Improvement
The Company’s risk management system is evolving. It is an on-going process and it is recognised that the level and extent of the risk management system will evolve commensurate with the development and growth of the Company’s activities.
Summary of Risk Management Policy
The Board has adopted a Risk Management Policy. Under the Policy, the Board delegates day-to-day management of risk to the Chief Executive Officer (or equivalent). The Policy sets out the role of the Chief Executive Officer (or equivalent) and accountability. It also contains the Company’s risk profile and describes some of the policies and practices the Company has in place o manage specific business risks.
The Chief Executive Officer is required to report on the progress of, and on all matters associated with, risk management on a quarterly basis. The Chief Executive Officer is to report ot he Board as to the effectiveness of the Company’s management of its material business risks at least annually.
The Board is responsible for approving the Company’s policies on risk oversight and management and satisfying itself at least annually that management has developed and implemented a sound system of risk management internal control.
In 2011 the Company formalised its approach to risk management by documenting all material business risks in a risk register and allocating ownership for material business risks to the Chief Executive Officer and management of individual material business risks to senior management and individuals within the organisation. The risk register is reviewed by management and updated on a quarterly basis and presented to the Board. All risks identified in the risk register will be reviewed and assessed by management and the Board at least annually.]
The Board also receives a written assurance from the Chief Executive Officer and the Chief Financial Officer that the best of their knowledge and belief, the declaration provided by them in accordance with section 295A of the Corporations Act is founded on a sound system of risk management and internal control and that the system is operating effectively in relation to financial reporting risks.
The Policy incorporates some material from “Principle 7: Recognise and Manage Risk – Guide for Small-Mid Market Capitalised Companies” produced by ASX Markets Supervision Pty Ltd (ASXMS), Deloitte Touche Tohmatsu and Blakiston & Crabb.
“Principle 7: Recognise and Manage Risk Guide for small-mid market capitalised companies” was provided as general information only and does not consider specific objectives, situations or needs. The Guide was not intended to be relied upon or disclosed or referred to in any document. ASXMS accepts no duty of care of liability to you or anyone else regarding the application of the Guide in the document and we are not responsible to you or anyone else for any loss suffered in connection with use of the Guide in this document or any of the content contained in this document.
Appendix A: Template Risk Register