Risk Management Policy

Similar documents
Risk Management Policy Adopted by:

Kidsafe NSW Risk Management Plan. August 2014

Master Class: Construction Health and Safety: ISO 31000, Risk and Hazard Management - Standards

RISK MANAGEMENT POLICY October 2015

Risk Management Policy. September 2015

DRAFT SAINT LUCIA NATIONAL STANDARD DNS/ISO 31000: 2009 RISK MANAGEMENT PRINCIPLES AND GUIDELINES (ISO 31000: 2009, IDT) Stage 40 Enquiry Stage

ก ก Tools and Techniques for Enterprise Risk Management (ERM)

RISK MANAGEMENT FRAMEWORK

MEMORANDUM. To: From: Metrolinx Board of Directors Robert Siddall Chief Financial Officer Date: September 14, 2017 ERM Policy and Framework

Introduction to ISO Key Points and Benefits

POLICY. Policy Title: Integrated Risk Management. Director, Strategic and Governance Services Centre

Goodman Group. Risk Management Policy. Risk Management Policy

Risk Management Strategy Highland Council Pension Fund

RISK MANAGEMENT FRAMEWORK

Risk Management. Policy No. 14. Document uncontrolled when printed DOCUMENT CONTROL. SSAA Vic

The ISO standard on risk management

B. Definition of Risk A risk is defined by the Australia/New Zealand Standard for Risk Management (AS/NZS 4360:2004) as

RISK MANAGEMENT POLICY

28 July May October 2016

Procedure: Risk management

Enterprise Risk Management Sources. Universe. Tolerance. Appetite

BERGRIVIER MUNICIPALITY. Risk Management Risk Appetite Framework

Risk Management Policy

Risk Management Framework

RISK MANAGEMENT FRAMEWORK OVERVIEW

Perpetual s Risk Management Framework

Risk Management Policy

Assessing the Adequacy of Risk Management Using ISO 31000

An Introductory Presentation for ECU Staff

ENTERPRISE RISK MANAGEMENT (ERM) POLICY Republic Glass Holdings Corporation. Purpose. Goals

Sections of the ORSA Report

RISK MANAGEMENT POLICY

Risk Management Policy (v7.0)

Risk Management Policy

Procedures for Management of Risk

RISK MANAGEMENT POLICY

ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management

An Overview of the Enterprise Risk Management Process

Risk Management Policy

M_o_R (2011) Foundation EN exam prep questions

CITY OF JOHANNESBURG METROPOLITAN MUNICIPALITY GROUP RISK AND ASSURANCE SERVICES GROUP RISK MANAGEMENT POLICY

Policy No. Contact Brian Orpin Version 3.0 Issue Date 28/11/2014 Telephone Review Date IA Date 09/08/2013

Policy Number: 040 Risk Management August 2018

TONGA NATIONAL QUALIFICATIONS AND ACCREDITATION BOARD

BBK3253 Risk Management Prepared by Khairul Anuar

The Global Village. Future of Risk Management. Ferma Risk Management Forum 2009 Prague, 4-7 October

W E L O O K A T T H I N G S D I F F E R E N T L Y. Supervision, Regulation & Risk Management

Version: th November 2010 RISK MANAGEMENT POLICY

Scouting Ireland Risk Management Framework

Operational Date: Review Date: October 2018

Executive Board Annual Session Rome, May 2015 POLICY ISSUES ENTERPRISE RISK For approval MANAGEMENT POLICY WFP/EB.A/2015/5-B

Risk Management Strategy

GOV : Enterprise Risk Management Policy

University of the Sunshine Coast (USC) Risk Appetite Statement

Risk Management Policy

Approved by: Diocesan Council 17 December 2015

West Coast District Municipality. Risk Management Policy

Risk Management Policy Coface Singapore

Risk Management Procedure

ANZ Board Charter. 1.2 ANZ places great importance on the values of honesty, integrity, quality and trust.

ENTERPRISE RISK MANAGEMENT Framework

Risk Management Policy

Risk Management at Central Bank of Nepal

Risk Management Guideline

APPENDIX 1. Transport for the North. Risk Management Strategy

Risk Management Policy

NATIONAL RISK MANAGEMENT SYSTEM

Guide. Risk Management For Community Service Organisations

RISK MANAGEMENT FRAMEWORK

Practical aspects of determining and applying a risk appetite for SMEs

Risk Management Framework Policy (incorporating the Risk Management Policy and Strategy)

RISK MANAGEMENT STANDARDS FOR P5M

The Central Bank of Ireland Risk Appetite: A Discussion Paper

Subject SP9 Enterprise Risk Management Specialist Principles Syllabus

The Country Risk Manager as Chief Risk Officer for the Government. Swiss Re, 3 June 2014

HUBTOWN LIMITED REVISED RISK MANAGEMENT POLICY. (Effective from December 1, 2015)

Enterprise Risk Management Integrated Framework

Understanding Enterprise Risk Management: An Overview

Risk Appetite Statement

Policy (Board Approved) Public Version

JCU Risk Management Framework and Plan

Section Defining Risk Management. 11. Principles of Risk Management

Risk Management Strategy

OCCL S RISK MANAGEMENT POLICY

RISK APPETITE OVERVIEW

NHS North Somerset Clinical Commissioning Group Risk Management Strategy and Framework

Risk Management Framework. Metallica Minerals Ltd

The Components of a Sound Emerging Risk Management Framework

Senior Director, Fire Life Safety & Risk Management

SOL PLAATJE MUNICIPALITY

Pillar 3 Disclosure ICAP Europe Limited

CORPORATE RISK MANAGEMENT POLICY

Specimen coursework assignment

Webinar: Deep Dive into Risk, High Risk and Risk Assessments in the GDPR

Implementing A Risk Management Framework

Business Auditing - Enterprise Risk Management. October, 2018

Risk Management Strategy

Risk Management & FMEAs. By Jay P. Patel, ASQ Fellow CEO & President QPS Institute

Risk Management Policy and Framework

RISK MANAGEMENT GUIDELINES

Transcription:

Risk Management Policy

Contents Executive summary... 3 Aim & introduction... 3 Definitions... 3 Consequence... 3 Event... 3 Likelihood... 3 Risk... 4 Risk Appetite... 4 Risk Management... 4 Risk Management Framework... 4 Risk Management Policy... 4 Risk Management Process... 4 Risk Management Strategy... 4 Principles... 4 Risk management framework... 5 Risk management process... 5 Communication and consultation... 5 Establishing the context... 5 Risk Assessment... 6 Risk Identification... 6 Risk Analysis... 6 Risk Evaluation... 6 Risk Treatment... 6 Monitoring and review... 6 Recording the risk management process... 7 Responsibility for the risk management framework... 8 Figure 1 - The relationships between the risk management principles (policy), framework and process... 9 Page 2 of 9

Risk Management Policy Executive summary Aim & introduction This Policy applies to MyState Limited (MYS and all MyState Limited Group Companies and subsidiaries. The aim of this policy is to safeguard the interests of MYS stakeholders through the implementation of procedures and practices that are consistent with the APRA Prudential Standard CPS 220 Risk Management, Standards Australia Risk Management Standard, AS/NZS ISO 31000:2009 Risk Management Principles and guidelines and the ASX Corporate Governance Council s Corporate Governance Principles and Recommendations (specifically Principle 7). Shareholder value is driven by MyState Limited ( the Group ) taking considered risks. A risk is an effect of uncertainty on the Groups objectives, this effect can be positive or negative. MYS assesses it s risks by identifying potential events and evaluating the combination of the consequences of an event and the associated likelihood of occurrence. Risks are then assessed against MYS s risk appetite to ensure they are within the boundaries of activity that the Board intends for MYS. Managing risk is an integral part of doing business and the better risk is managed, the more likely it is the Group will achieve or exceed its objectives. Risk management therefore involves coordinated activities that direct and control the Group with regards to risk. It is the responsibility of every employee of the Group to appropriately manage risk. The Group places strong emphasis on developing and maintaining a risk-aware culture in decision-making and all its operations. In this regard MYS recognises that risk culture can become a key business driver and will seek to create a workplace where employees have the confidence to ask questions and to challenge assumptions about the way the business is conducted. Definitions MYS has adopted the following definitions as detailed in AS/NZS ISO 31000:2009 Consequence Outcome of an event affecting objectives. Event Occurrence or change of a particular set of circumstances. (Note an event without consequences is referred to as a near miss ) Likelihood Chance of something happening. Page 3 of 9

Risk Effect of uncertainty on objectives. Risk Appetite The term risk appetite is not defined in AS/NZS ISO 31000:2009. MYS defines risk appetite as the amount of risk MYS is prepared to pursue or take to achieve its strategic objectives. MYS s risk appetite is articulated via a set of risk appetite statements which are measured against key risk indicators and risk tolerance to ensure all risk taking activity is conducted within the boundaries of activities that the Board intend for MYS and all MYS group subsidiaries. Risk Management Coordinated activities to direct and control an organisation with regard to risk. Risk Management Framework Set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the organization. Risk Management Policy Statement of the overall intentions and direction of an organisation related to risk management. Risk Management Process Systematic application of management policies, procedures and practices to the activities of communicating, consulting, establishing the context, and identifying, analysing, evaluating, treating, monitoring and reviewing risk. Risk Management Strategy A stand alone document describing MyState s strategy for managing risk and the key elements of the risk management framework that give effect to the strategy. Principles MYS has adopted the principles detailed in AS/NZS ISO 31000:2009, to ensure risk management is effective within the MyState Limited Group. As such MYS will, at all levels, comply with these principles: 1. Risk management creates and protects value. 2. Risk management is an integral part of all organizational processes. 3. Risk management is part of decision making. 4. Risk management explicitly addresses uncertainty. 5. Risk management is systematic, structured and timely. 6. Risk management is based on the best available information. 7. Risk management is tailored. 8. Risk management takes human and cultural factors into account. 9. Risk management is transparent and inclusive. Page 4 of 9

10. Risk management is dynamic, iterative and responsive to change. 11. Risk management facilitates continual improvement of the organisation. Risk management framework The overall framework for Risk Management within the Group is designed so that business units must take all reasonable steps in the identification, assessment, monitoring and management of risk to enable the organisation to achieve its strategic and business goals. The relationship between the Groups risk management principles, framework and process is show at Figure 1. The MYS risk management framework is reviewed by the Group Risk Committee, approved by the Board and articulated in a separate document. Risk management process The risk management process at MYS will be an integral part of management, embedded in the Groups culture and practices and tailored to the Groups business processes. MYS s risk management process is reviewed by the Group Risk Committee, approved by the Board and articulated in detail in a separate document. The risk management process comprises the following activities: Communication and consultation Communication and consultation with external and internal stakeholders will take place during all stages of the risk management process. MYS recognises communication and consultation with stakeholders is important as they make judgements about risk based on their perceptions of risk. These perceptions can vary due to differences in values, needs, assumptions, concepts and concerns of stakeholders. As their views can have a significant impact on the decisions made, the stakeholders perceptions should be identified, recorded, and taken into account in the decision making process. Communication and consultation within the Group should facilitate truthful, relevant, accurate and understandable exchanges of information, taking into account confidential and personal integrity aspects. Establishing the context By establishing the context, MYS articulates its objectives, defines the external and internal parameters to be taken into account when managing risk, including defining and reviewing the risk appetite statements and tolerances and sets the scope and risk criteria for the remaining process. Whilst the parameters may be similar to those Page 5 of 9

considered in the design of the risk management framework, they need to be considered in greater detail, particularly with regards to how they relate to the scope of the particular risk management process. Risk Assessment The overall process of risk identification, risk analysis and risk evaluation. Risk Identification The identification of the sources of risk, areas of impacts, events (including changes in circumstances) and their causes and potential consequences. Risk Analysis Risk analysis at MYS involves developing an understanding of the risk. It also provides an input to risk evaluation and to decisions on whether risks need to be treated, and on the most appropriate risk treatment strategies and methods. Risk analysis can also provide an input into making decisions where choices must be made and the options involve different types and levels of risk. Consequences and their likelihood will be determined by modelling the outcomes of an event or set of events, or by extrapolation from available data. Consequences will then be expressed in terms of tangible or intangible impacts. Risk Evaluation The purpose of risk evaluation at MYS is to assist in making decisions, based on the outcomes of risk analysis, about which risks need treatment and the priority for treatment implementation. Risk evaluation involves comparing the level of risk found during the analysis process with risk criteria established when the context was considered. Based on this comparison, the need for treatment can be considered. Risk Treatment Risk treatment within MYS involves selecting one or more options for modifying risks, and implementing those options. Once implemented, treatments provide or modify the controls. Risk treatment at MYS involves a cyclical process of: Assessing a risk treatment; Deciding whether residual risk levels are tolerable and within the boundaries of the MYS risk appetite statements; If not tolerable, generating a new risk treatment; and Assessing the effectiveness of that treatment to ensure MYS is not exposed to an unacceptable level of risk. Monitoring and review At MYS monitoring and review is a planned part of the risk management process. Page 6 of 9

The Groups monitoring and review processes encompass all aspects of the risk management process for the purposes of: Ensuring that controls are effective and efficient in both design and operation; Obtaining further information to improve risk assessment; Analyzing and learning lessons from events (including near-misses), changes, trends, successes and failures; Detecting changes in the external and internal context, including changes to risk criteria and the risk itself which can require revision of risk treatments and priorities; Identifying emerging risks; and Ensuring all business activities are operating within the boundaries of the risk appetite statements, risk tolerances and risk limits. Recording the risk management process The Groups risk management activities will be traceable. MYS uses an electronic Enterprise Risk Management (ERM) System to assist with the management and recording of risk management activities throughout the Group. In MYS s risk management process, records provide the foundation for improvement in methods and tools, as well as the overall process. Deliverables include: Risk registers. Risk control self assessments. Risk management incident reporting. Divisional risk management plans. An integrated Risk Management report. Reporting of risks and key risk indicators to each Group Risk Committee meeting. Reporting against key risk indicators to the Board at least quarterly; Risks identified as being outside MYS s risk appetite after treatment will be reported to the Board monthly. Untreated risks identified and rated as high risk will be reported to the Board monthly. Comprehensive annual review of the risk management framework and risk documentation to the Group Risk Committee and the Board. Event recovery plans (Crisis Management Plan,Business Continuity Management Policy, Emergency Response Procedure) An integrated and tailored Insurance Program. Page 7 of 9

Responsibility for the risk management framework The following table details the different responsibilities for the Risk Management process within MYS, in accordance with the principles of this policy. Risk Management Mandate and Commit Design the risk framework Implement the risk framework Monitor and review Continual improvement Risk management process Risk appetite statement Board Group Risk Committee Senior Executive Risk Management Function Business Lines/Units Own Own Contribute Understand Understand Oversee Own Contribute & direct Oversee Review Own & direct Oversee Own Implement & direct Own Own & Contribute & Oversee Direct Own & Set & Own Oversee Implement, operate & direct Own & Monitor & Monitor & Contribute & Monitor & Monitor & Understand Implement & operate Operate & Contribute Operation Operation Page 8 of 9

Figure 1 - The relationships between the risk management principles (policy), framework and process Principles (Policy) Strategy and Framework Process 1. Creates value 2. Integral part of organizational processes Mandate and commitment Establish the context 3. Part of decision making 4. Explicitly addresses uncertainty Risk Appetite Statement 5. Systematic, structured and timely 6. Based on the best available information 7. Tailored 8. Takes human and cultural factors into account 9. Transparent and inclusive Continual improvement of the framework Design of framework for managing risks Implementing risk management Communicate and consult RISK ASSESSMENT Identify risks Analyse risks Evaluate risks Monitor and review 10. Dynamic, iterative and responsive to change 11. Facilitates continual improvement and enhancement of the Group Monitoring and review of the framework Risk treatment Page 9 of 9

2024 © financedocbox.com Privacy Policy | Terms of Service | Feedback