Background
CSR’s business activities present a range of risks that cannot be eliminated but can be managed. CSR’s policy is to strive to balance the risks and rewards in conducting business to optimise returns – in accordance with our goals of delivering shareholder value, and commitments to customers, employees, the community and other stakeholders.
Purpose
The primary purpose of this policy is to promote an integrated and holistic approach to risk management and to ensure that risks that could affect the achievement of our strategic objectives are identified, assessed and treated to a level deemed acceptable to the Board and Management.
The embedding of the Risk Management Framework into our strategic and operational decision-making process helps us to make informed decisions for the benefit or CSR, its shareholders and other relevant stakeholders.Responsibilities
The Board determines the Company’s appetite for various risks/opportunities and monitors the company’s operations to ensure the Company is operating within those appetites. The Board is responsible for overseeing the establishment and implementation of risk management systems and reviewing their effectiveness. The Board has assigned responsibility to the following:
- Executive Leadership Team, (ELT) – On a monthly basis reviews the status of identified key risks for currency and risk rating. Including the review and risk assessment of new and emerging risks.
- Risk & Audit Committee – reviews and reports to the Board in relation to the Company's financial reporting, internal control structure, risk management systems, compliance with the Company’s code of business conduct and ethics and the internal and external audit functions.
- Safety & Sustainability Committee – reviews and reports to the Board on the management of the Company’s workplace health, safety and sustainability risks and liabilities and associated legal responsibilities.
- Remuneration & Human Resources Committee – reviews and reports to the Board on the Company’s Key Management Personnel risk profile and the adequacy of talent pools for senior management succession.
- Management – responsible for identifying, managing, and reporting to the Board on risks in accordance with the policy through a formal organisation-wide risk management framework and other formal and informal risk-specific frameworks and approaches and the effective operation of internal control within the group; and
- Risk Manager – responsible for ensuring CSR’s risk management framework reflects and best supports the objectives of the company, as well as providing assurance to management and the Risk & Audit Committee about the effectiveness of risk management processes in accordance with an agreed plan.
Internal Audit
CSR undertakes an annual review to evaluate the effectiveness of its compliance, control and risk management systems using the ISO:19600 framework as a guide.
External Audit
An independent, external audit is performed on the annual financial report of CSR. In addition, the auditor undertakes a review of CSR’s half year financials. This provides reasonable assurance as to whether the financial reports are free of material misstatement and provides an independent opinion whether the financial reports are presented fairly in accordance with accounting standards and other applicable professional reporting requirements.
Review of Policy
This policy will be reviewed every two years, or when there is a material change to the Risk framework or governance requirements to ensure its effectiveness, continued application and relevance.
Reviewed & Updated: September 2022
Next review date: September 2024