Recognise and manage risk
The Board recognises that effective risk management processes help ensure the business is more likely to achieve its business objectives and that the Board meets its corporate governance responsibilities. In meeting its responsibilities, the Board has ensured that management has put in place comprehensive risk management policies and practices across the Group. The Board conducts annual reviews of the Group’s risk management framework to ensure that it continues to be sound. During FY16, the Audit and Risk Committee conducted a review of the Group’s risk management framework to ensure it is working effectively and within the risk parameters set by the Board.
Such risk management processes include defining the risk oversight responsibilities of the Board and the responsibilities of management in ensuring risks are both identified and effectively managed. Whilst ultimate responsibility for risk oversight rests with the Board, the Audit and Risk Committee is the delegated mechanism for focusing the Group on risk oversight, risk management and internal controls. The Audit and Risk Committee reports to the Board on risk management and internal control matters in accordance with its main responsibilities as outlined in the Audit and Risk Committee Charter.
For further details of the Audit and Risk Committee composition and responsibilities, refer to the Audit and Risk Committee disclosures under Principle 4 – Safeguard integrity in corporate reporting.
The Audit and Risk Committee is supported in managing risk through the combined activities of the following:
- Executive Risk Committee (ERC) comprising the executive and senior management of the Group which has been established to identify business risks in the organisation and review status and risk mitigation activities. Formal enterprise risk profiles have been prepared for the businesses and these are reviewed half yearly by the ERC. The major business risks are reported to the Audit and Risk Committee at the May and November meetings together with risk mitigation activities. The ERC reports to the Audit and Risk Committee on its activities as outlined in the ERC charter;
- Enterprise risk profiles have been developed for the Group and its divisions which are regularly reviewed and updated as part of the strategic planning process together with mitigation actions. The identified risks are analysed based on their potential impact and likelihood of occurrence and mitigation responses are put in place to manage the risks. Updates to the enterprise risk profiles form part of the agenda for the quarterly business reviews and strategy planning sessions with the Managing Director and Chief Financial Officer. An enterprise risk update for the major risks is prepared for the Audit and Risk Committee at the May and November meetings.
- Finance Risk Committee comprising the executive and senior management of the Group which has been established to review and monitor the financial risks in the organisation, oversee the execution of Group policies in relation to finance risk and measure the impact of both the underlying risk and the mitigation strategies employed. Financial risks include liquidity and funding, interest rate, foreign currency, credit and legal risks. The Finance Risk Committee reports to the Audit and Risk Committee on its activities as outlined in the Finance Risk Committee charter;
- Chief Financial Officer who has primary responsibility for designing, implementing and coordinating the overall Group risk management and internal control practices. The Chief Financial Officer attends the Audit and Risk Committee meetings to present the Chief Financial Officer’s Report. The Chief Financial Officer has the authority to report directly to the Board or Audit and Risk Committee on any matter;
- National Workplace Health and Safety Manager and Group Risk Manager who have specific responsibilities in respect of operational risks including workplace health and safety, business continuity, environmental, sustainability and industrial relations risks. An Operational Risk Report is prepared for the May and November Audit and Risk Committee meetings and the National Workplace Health and Safety Manager is regularly required to attend and present at Board meetings on Group workplace health and safety performance;
- Group Information Systems Manager who has specific responsibilities in respect of the Group’s information technology security and risk environment. The Group Information Systems Manager attends Audit and Risk Committee meetings as required;
- Company Secretary who is responsible for putting in place adequate insurances to cover the major group insurable risks including property and business interruption, product and public liability, product recall and directors and officers liability insurances. The Group’s insurance brokers are AON Risk Services who assist with arranging the insurances and claims management. The insurance policies are placed with reputable insurers with appropriate coverage, limits and deductibles.
- Internal Audit function under the management of PWC. The Internal Audit activities are carried out by a combination of internal and appropriately qualified external resources from PWC based on an annual program of work approved by the Audit and Risk Committee. The internal audit function provides management and the Board with an independent, objective assurance and consulting activity in relation to the adequacy of the design, and effectiveness of the implementation of the Group’s governance, risk management, internal control, key business processes and compliance systems. The Internal Audit function has independent access to the Audit and Risk Committee and is independent of the External Audit function; and
- External Audit activities undertaken by the External Auditor, KPMG, to review internal controls as part of the year end audit procedures. Internal control weaknesses are identified by the External Auditor and communicated to management to address through a formal reporting process. The actions taken by management are reviewed by the Chief Financial Officer and Group Financial Controller as part of the stewardship review process for the half and full year accounts.
The Group has implemented risk management software across the Group for the purpose of identifying and managing workplace health and safety, business continuity and environmental risks. The software is a critical tool for executives and senior management and has enhanced the identification, reporting and monitoring of actions in this important area in order to support management’s objectives.
Risk management is embedded in the Group’s policies and procedures which have enabled the Group to pro-actively identify and manage all types of risk within the organisation. The Board aims to continually evaluate and re-assess the risk management and internal control practices of the Group to ensure current good practice is maintained and to preserve and create value within the organisation.
Certification of Risk Management Controls
In conjunction with the certification of financial reports, the Managing Director and Chief Financial Officer state in writing to the Board each reporting period that in their opinion:
- The statement is founded on a sound system of risk management and internal compliance and control which implements the policies adopted by the Board; and
- The Group’s risk management and internal compliance and control system is operating efficiently and effectively in all material respects.
The statements from the Managing Director and Chief Financial Officer are based on a formal sign-off framework established throughout the Group and reviewed by the Audit and Risk Committee as part of the financial reporting process.
Economic, Environment and Social Sustainability Risks
The Group does not have any material exposures to environmental and social sustainability risks. The Group’s keys risks to its future prospects are outlined in the Managing Director’s Review of Operations in the 2016 Annual Report and comprise the following:
- A significant slow-down in the renovations and replacements market impacting sales growth;
- A significant deterioration in dwelling commencements flowing through to completions activity;
- A significant reduction in the Australian dollar impacting the price of imported products not able to be recovered through price increases; and
- Unforeseen disruptions impacting product supply from offshore suppliers leading to lower sales and loss of market share.
The Board is committed to reducing energy, carbon emissions, water and waste across the GWA Group operations. GWA has deregistered from reporting the Group’s carbon emissions under the Federal Government’s NGER scheme as its energy and emissions are below reporting thresholds from FY15. GWA is a low emissions intensity entity but will continue to report its carbon emissions on the GWA website at www.gwagroup.com.au under Carbon Reporting. The FY16 total carbon emissions from GWA’s controlled facilities are expected to be approximately 58 per cent below the previous financial year and have been impacted by a combination of factors including business divestments, factory closures and the implementation of energy efficiency measures.
The Board is committed to continuous improvement in workplace health and safety performance through comprehensive safety systems and processes, communication with employees and increased diligence in identifying and removing safety risks. In FY16 the Group delivered on a reduction of total injuries with less lost time and medically treated injuries than the prior year, as well as a reduction of total hours lost due to injury than the prior year. This reflects the Group’s ongoing commitment to creating an injury free work environment. For further information please refer to the Group’s website at www.gwagroup.com.au under Health and Safety.