Principle 7

Recognise and manage risk

The Board recognises that effective risk management processes help ensure the business is more likely to achieve its business objectives and that the Board meets its corporate governance responsibilities. In meeting its responsibilities, the Board has ensured that management has put in place comprehensive risk management policies and practices across the Group. The Board conducts annual reviews of the Group’s risk management framework to ensure that it continues to be sound. During FY18, the Audit and Risk Committee conducted a review of the Group’s risk management framework to ensure it is working effectively and within the risk parameters set by the Board.

Such risk management processes include defining the risk oversight responsibilities of the Board and the responsibilities of management in ensuring risks are both identified and effectively managed. Whilst ultimate responsibility for risk oversight rests with the Board, the Audit and Risk Committee is the delegated mechanism for focusing the Group on risk oversight, risk management and internal controls. The Audit and Risk Committee reports to the Board on risk management and internal control matters in accordance with its main responsibilities as outlined in the Audit and Risk Committee Charter.

For further details of the Audit and Risk Committee composition and responsibilities, refer to the Audit and Risk Committee disclosures under Principle 4 – Safeguard integrity in corporate reporting.

The Audit and Risk Committee is supported in managing risk through the combined activities of the following:

  • Executive Risk Committee (ERC) comprising the executive and senior management of the Group which has been established to identify business risks in the organisation and review status and risk mitigation activities. Formal enterprise risk profiles have been prepared for the businesses and these are reviewed, at a minimum, half yearly by the ERC. The major business risks are reported to the Audit and Risk Committee at the May and November meetings together with risk mitigation activities. The ERC reports to the Audit and Risk Committee on its activities as outlined in the ERC charter;
  • Enterprise risk profiles have been developed for the Group and its division which are regularly reviewed and updated as part of the strategic planning process together with mitigation actions. The identified risks are analysed based on their potential impact and likelihood of occurrence and mitigation responses are put in place to manage the risks. Updates to the enterprise risk profiles form part of the agenda for the quarterly business reviews and strategy planning sessions with the Managing Director and Chief Financial Officer. An enterprise risk update for major risks is prepared for the Audit and Risk Committee at the May and November meetings;
  • Finance Risk Committee comprising the executive and senior financial management of the Group meets quarterly to monitor the financial risks in the organisation, oversee the execution of Group policies in relation to finance risk and measure the impact of both the underlying risks and the mitigation strategies employed. Financial risks include liquidity and funding, interest rates, foreign currency, credit and legal risks. The Finance Risk Committee reports to the Audit and Risk Committee on its activities as outlined in the Finance Risk Committee charter;
  • Chief Financial Officer who has primary responsibility for designing, implementing and coordinating the overall Group risk management and internal control practices. The Chief Financial Officer attends the Audit and Risk Committee meetings and presents bi-annually, the Chief Financial Officer’s Report. The Chief Financial Officer has the authority to report directly to the Board or Audit and Risk Committee on any matter at any time;
  • General Manager Supply Chain and National Workplace Health and Safety Manager who have specific responsibilities in respect of operational risks including workplace health and safety, business continuity, environmental, sustainability and industrial relations risks. The National Workplace Health and Safety Manager prepares a workplace health and safety report for the monthly Board meetings and is regularly required to attend and present at Board meetings on Group workplace health and safety strategy and performance;
  • Chief Information Officer and Group IT Risk & Security Manager who have specific responsibilities in respect of the Group’s information technology security and risk environment including cyber security risks. The Chief Information Officer and IT Risk & Security Manager attend and present at Audit and Risk Committee meetings as required;
  • Company Secretary who is responsible for putting in place adequate insurances to cover the major group insurable risks including property and business interruption, public and products liability, product recall and directors and officers liability insurances. The Group’s insurance brokers are AON Risk Services who assist with arranging the insurances and claims management. The insurance policies are placed with reputable insurers with appropriate coverage, limits and deductibles;
  • Internal Audit activities are carried out by a combination of internal and appropriately qualified external resources from PWC based on an annual program of work approved by the Audit and Risk Committee. The internal audit function provides both management and the Board with independent objective assurance in relation to the adequacy of the design, and effectiveness of the implementation of the Group’s governance, risk management, internal control, key business processes and compliance systems and their operational effectiveness. The Internal Audit function has independent access to the Audit and Risk Committee and is independent of the External Audit function;
  • External Audit activities undertaken by the External Auditor, KPMG, to review internal controls as part of their half year review and end year audit procedures. Internal control weaknesses are identified by the External Auditor and communicated to management to address through a formal reporting process. The actions taken by management are reviewed by the Chief Financial Officer and Group Financial Controller as part of the stewardship review process, on a quarterly basis, and for the half and full year accounts.

The Group has implemented risk management software across the Group for the purpose of identifying and managing workplace health and safety, business continuity and environmental risks. The software is a critical tool for executives and senior management and has enhanced the identification, reporting and monitoring of actions in this important area.

Risk management is embedded in the Group’s policies and procedures which have enabled the Group to pro-actively identify and manage all types of risk within the organisation. The Board aims to continually evaluate and re-assess the risk management and internal control practices of the Group to ensure current good practice is maintained and to preserve and create long-term value within the organisation.

Certification of Risk Management Controls

In conjunction with the certification of financial reports, the Managing Director and Chief Financial Officer state in writing to the Board each reporting period that in their opinion:

  • The financial statements are founded on a sound system of risk management and internal compliance and control which implements the policies adopted by the Board; and
  • The Group’s risk management and internal compliance and control systems are operating efficiently and effectively in all material respects.

The statements from the Managing Director and Chief Financial Officer are based on a formal sign-off framework established throughout the Group and reviewed by the Audit and Risk Committee as part of the financial reporting process.

Economic, Environmental and Social Sustainability Risks

The Group’s keys risks to its future prospects, and measures to mitigate these risks where possible, are outlined in the Managing Director’s Review of Operations in the 2018 Annual Report and comprise the following:

  • a significant deterioration in building activity impacting sales growth and margins;
  • a significant movement in the Australian dollar impacting the price of imported products leading to changes in market pricing in order to maintain margins and competitiveness;
  • unforeseen disruptions impacting product supply from offshore suppliers leading to reputational damage, lower sales and loss of market share;
  • security risks around external threats to the digital network, IT systems and data could potentially result in adverse operational, financial and reputational impacts through possible system failures and security / cyber breaches; and
  • Workplace health and safety risks could potentially result in physical injury to employees, contractors or others, or damage to the Company’s reputation.

The Board is committed to sustainable practices throughout its operations and continues to work with key stakeholders and communities. The Board recognises that a sustainable business is one that provides a safe, rewarding and diverse environment for its people whilst operating in an environmentally and socially responsible manner. The Board also accept the increasingly important role the Group’s products and superior water solutions play in enabling customers and consumers to conserve and use water more efficiently.

GWA has a strong pedigree and history in developing innovative solutions in water. Sustainability in the area of water solutions has been its mantra for over 35 years. Caroma was the first brand in the world to introduce dual flush technology in 1984 which has subsequently been further developed to enable enhanced water conservation. During FY19, GWA will introduce a consolidated sustainability report to provide shareholders and other stakeholders with detailed information on its on-going approach to sustainability.

The Board is committed to reducing energy, carbon emissions, water and waste across the GWA Group operations.  GWA is a low emissions intensity entity but it continues to voluntarily report its carbon emissions on the GWA website under Carbon Reporting. For FY18 total carbon emissions from GWA’s controlled facilities were approximately 5,800 tonnes of carbon dioxide equivalent (CO2e), representing a 15 per cent reduction on the prior year.  This reduction is due to a combination of factors including site closures and the implementation of energy efficiency measures across the Group including the recycling of water and installation of solar panels.

The Board is committed to continuous improvement in workplace health and safety performance through comprehensive safety systems and processes, communication with employees and increased diligence in identifying and removing safety risks. The Group aims to provide a safe and healthy workplace with the objective of an injury free work environment. For further information on workplace health and safety, please refer to the Group’s website at under Health and Safety.

The Board is committed to providing stakeholders with a comprehensive understanding of the Group’s tax activities, and in FY17 signed up to the Board of Taxation’s Voluntary Tax Transparency Code (‘Code’). The Code is designed to encourage greater transparency within the corporate sector and enhance the community’s understanding of the corporate sector’s compliance with Australian tax laws. The Group follows the recommendations outlined in the Code in preparing the Group’s Tax Transparency Report.

Refer to the Group’s website at under Corporate Governance for a copy of the Board Tax Policy and Tax Transparency Reporting.