Currently viewing: Methodology and approach to enterprise risk management
Methodology and approach to enterprise risk management
Framework and model: the Group has in place an Enterprise Risk Management framework which is based on a combined assurance model comprising: management, external auditors and internal audit. This model and its related activities are structured to ensure that the Group's risks are adequately managed by formulating the Group's strategic imperatives on such.
Identification of risks
Identification of risks is based on:
- The Group's risk bearing capacity (the capacity to
absorb losses arising from risks without an immediate threat to the Group's continued existence based on its current business model);
- Risk appetite (the amount and type of risk the Group is willing to accept in pursuit of its business objectives); and
- Risk tolerance (the acceptable levels of variation
relative to the achievement of the Group's objectives).
Quantification of risks
Certain financial measures form the basis on which
these risks are quantified.
Categorisation of risks
Identified risks are categorised according to:
- Inherent risk (a function of their potential impact and probability); and
- Residual risk (based on the effectiveness of mitigating
controls or responses to address the inherent risk).
The identified risks are encompassed in the following risk categories:
- IT infrastructure and network vulnerability;
- Supply chain disruptions;
- Loss of quality earnings/revenue/profitability/future growth;
- Talent attraction/development/retention;
- Brand identity and corporate image; and
- Regulatory compliance.
Here is a summary of the Group's top risks and/or material issues based on their residual risk ratings. A summary of the strategic imperatives related to each risk is provided.
|Date:||16 November 2018|
|Venue:||The Italtile Building,
Corner William Nicol Drive and Peter Place,
20 August 2018
FY18 Year-End Results
16 November 2018
Annual General Meeting