corporate governance - woolworths holdings limited
corporate governance - woolworths holdings limited
corporate governance - woolworths holdings limited
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
isk committee<br />
The risk committee consists of three executive<br />
directors and three non-executive directors<br />
including the chair Mike Leeming. The presence<br />
of the executive directors on this committee is<br />
deemed important in ensuring that effective risk<br />
management is in place and part of the day-today<br />
operation of the company.<br />
The responsibilities of the committee are set<br />
out in its terms of reference which is reviewed<br />
and updated on an annual basis. The main<br />
responsibilities include:<br />
■ assisting the directors in fulfilling their<br />
responsibility of ensuring that there is an<br />
effective and embedded risk management<br />
process in place throughout the group;<br />
■ assessing whether there are appropriate<br />
processes/controls in place to manage the key<br />
risks down to an acceptable level, in line with<br />
the board's risk appetite;<br />
■ assessing if the risk management process will<br />
ensure that emerging risks are identified and<br />
managed;<br />
■ assessing whether all new business<br />
opportunities have been appropriately<br />
considered from a risk perspective;<br />
■ assessing if appropriate processes/controls are<br />
in place to ensure regulatory compliance; and<br />
■ reviewing the adequacy of the group’s<br />
insurance portfolios.<br />
Based on a review of management reports and<br />
appropriate discussion and enquiry by the<br />
members, the committee believes that it<br />
performed the functions set out in its terms of<br />
reference and continues to identify and<br />
prioritise the risks relevant to the business.<br />
The committee met a total of four times during<br />
the year. The details of individual attendance at<br />
the risk committee meetings are set out on<br />
page 31.<br />
The Chairman attends the meetings in February<br />
and August following the group’s financial half<br />
year and year end.<br />
risk management<br />
The board recognises risk management as a key<br />
business tool, which is designed to:<br />
■ balance risk and reward within both existing<br />
and new businesses; and<br />
■ protect the group against uncertainties and<br />
hazards, which could prevent the achievement<br />
of business objectives.<br />
The board is responsible for the risk<br />
management process and is assisted in its<br />
responsibilities by the risk committee. The dayto-day<br />
responsibility for risk management and<br />
the design and implementation of appropriate<br />
processes to manage the risks resides with<br />
management.<br />
The risk management process is effective and<br />
adds value to the group by:<br />
■ improving the quality of business decisions,<br />
through a more formal identification and<br />
assessment of risk before new business ventures<br />
and/or projects are presented for approval; and<br />
■ contributing to an improvement in the<br />
processes and controls in place to manage the<br />
key risks.<br />
The risk management process applied is<br />
designed to ensure that:<br />
■ all relevant risks are identified and<br />
appropriately evaluated, based on their impact if<br />
they were to occur and their likelihood of<br />
occurrence;<br />
■ risks and the required processes and controls<br />
to manage these risks are assessed in line with<br />
the board’s risk appetite; and<br />
■ appropriate management information and<br />
monitoring processes are in place to manage<br />
the exposure to each of the key risks, so that<br />
where required appropriate corrective action<br />
can be taken.<br />
The focus for the year was to integrate risk<br />
management with the strategic and business<br />
planning process. This has further embedded<br />
risk management into our established business<br />
disciplines, as has the definition and<br />
measurement of objective metrics, to assess our<br />
exposure to the key risks. During the year:<br />
■ each business unit updated their business risk<br />
profile during their strategic and business<br />
planning. The purpose was to identify key risks<br />
linked to the strategy and our business model<br />
and the required processes and controls to<br />
manage these risks over the next three years;<br />
■ the key inherent risks for the group were reevaluated,<br />
based on the revised business unit<br />
profiles and a reassessment of the prior year<br />
key inherent risks; and<br />
■ the required management information and<br />
metrics to objectively assess our exposure to<br />
the key risks were clearly defined.<br />
The key inherent risks and their status are<br />
reported to the risk committee on a quarterly<br />
basis. This report is complemented by risk<br />
reports on specific focus areas including, crisis<br />
management, business continuity planning,<br />
disaster recovery, food safety and quality,<br />
occupational health and safety, legal risk<br />
management and insurance.<br />
21