The Company is committed to the identification, monitoring and management of risks associated with its business activities. The purpose of this Policy is to formalise and communicate the Company’s approach to risk management.
1. Statement on risk
Risk management is the culture, processes and structures that are directed towards taking advantage of opportunities while managing potentially adverse effects. Accepting that risk is an inherent part of doing business, the Company’s risk management systems are designed both to encourage entrepreneurial endeavours and also provide assurance that risk is well understood and managed. Such a system is designed to manage rather than eliminate the risk of failure and can only provide reasonable but not absolute assurance against adverse outcomes.
2. Scope of the Policy
This Policy provides an overview of the Company’s approach towards risk management, which includes a summary of the key internal controls. The Policy does not provide specific details of the internal controls or details of the Company’s risk profile or material business risks.
The Company operates in the mining and mineral exploration industry and has a specific and detailed operational risk management system to manage health, safety and environment risk. This system is briefly outlined in Section 5.3, however a detailed discussion of the system is beyond the scope of this Policy.
3. Roles and responsibilities
The Board is responsible for reviewing the Company’s policies on risk management and satisfying itself that management has developed and implemented a sound system of risk anagement and internal control. Management is responsible for the design, implementation and regular review of the Company’s risk management and internal control system. Employees are responsible for ensuring their own acts and behaviours comply with the Company’s policies and procedures.
The Audit & Risk Management Committee and the Health, Safety, Environment & Security Committee assist the Board in the process of reviewing the Company’s management of risk. The link between the two committees is maintained by requiring the Chairman of the Audit & Risk Management Committee to be a member of the Health, Safety, Environment & Security Committee. Information on key business risks and their management is communicated to the Board through the Committee Chairman and or the Managing Director.
3.1 Audit & Risk Management Committee
The Audit & Risk Management Committee is responsible for overseeing financial and commercial risk. The Committee reports to the Board each half year on its review of the effectiveness of the internal control systems in the preparation and statement of financial results. Management reports to the Committee, as required, about the management of financial and commercial risks. A review of financial risk is conducted each half year by the Committee which assesses, amongst other things, the risk that the Company’s financial reports are misstated due to fraud, error or non-compliance with laws and regulations.
3.2 Health, Safety, Environment & Security Committee
The Health, Safety, Environment & Security Committee is responsible for overseeing key operating risks in relation to health, safety, environment, security and community affairs. Particular attention is applied to assessing key risks, including water inrush, geotechnical conditions, mine fire, vehicle safety, emergency response, site security and licence to operate. Audits are conducted to assess the Company’s compliance with key Health, Safety and Environment legislation.
4. Approach to risk management
The process involved in risk management can be summarised as:
- set corporate objectives (strategies, plans, budgets to establish the risk context)
- identify key risks (strategic reviews, operational reviews, job analysis, etc)
- assess key risks (prioritise by likelihood and consequence of occurrence)
- manage key risks (accept/eliminate/transfer/share or mitigate the risk)
- assess residual risks (likelihood and consequence with controls in place)
- monitor residual/new risks (to counter a changing risk profile or emergence of new risks)
5. Risk management and internal control systems
The Company’s risk management and internal control systems comprise a diverse range of policies and procedures that help to ensure that relevant corporate objectives are met and that any risks involved in achieving those objectives are addressed. The Company’s various policies and procedures can be grouped into three main risk focus areas: Commercial; Financial; and Health, Safety, and Environment (HSE).
5.1 Commercial risk management
The context within which commercial risks are managed is defined by the Company’s corporate strategy, the external environment and the Company’s internal capabilities. The strategic planning process is an important risk management activity as it seeks to maximise commercial benefits and minimise commercial losses. The Company’s strategy is assessed in the context of the external environment (political, economic, social and technological forces) and the Company’s internal capabilities and resources (culture, skills, funds available, capital structure, etc.)
The strategic planning process supports the development of annual operating plans, budgets and forecasts. The reporting system enables the monitoring of these plans, budgets and forecasts against financial and operating targets and the evaluation of trends. The detailed review of performance, at least on a monthly basis, is an important commercial risk management exercise.
An equally important aspect of managing commercial risk is to ensure a strong control environment exists within the Company. Factors which influence the control environment include ethical values and competence (quality) of personnel, direction provided by the Board and effectiveness of management. A strong commitment to integrity and high ethical values is explicitly communicated in the Company’s Values and Code of Conduct Policy. This Policy outlines the Company’s values and behavioural standards expected of employees and it encourages compliance by their actions and examples.
The employee induction training program provides a clear definition of the Company’s purpose and goals, accountabilities and the scope of activities for each department, as well as individual line managers and other employees. This program ensures that all employees understand what is expected of them and that decision-making takes place at the appropriate level.
Control activities which support a strong control environment include:
- Top-level reviews: reviews of financial and operating performance versus budgets and forecasts conducted by executive management.
- Direct functional or activity management: reviews of performance conducted by operational managers.
- Verification: performing a variety of controls to check accuracy, completeness and authorisation of transactions.
- Physical controls: ensuring equipment, inventories, safes and other assets are safeguarded by physically restricting individual access.
- Detailed review: analysis of data, both operational and financial, and the relationships between them, and investigate and/or undertake corrective actions. Unexpected results or unusual trends are also investigated to identify risk.
- Segregation of duties: dividing and segregating duties amongst different employees, to strengthen checks and minimise the risk of errors or abuses.
The commercial risks associated with operating a public company are managed by controls which are designed to ensure compliance with the Corporations Act and ASX listing rules. These internal controls relate primarily to ASX announcements, Share Trading, Continuous Disclosure, Responding to External Enquiries and Investor Relations.
5.2 Financial risk management
The Company maintains a Key Financial Risk Assessment Register. The register assesses the risk of the Company’s financial reports being misstated due to fraud, error or noncompliance with laws and regulations. The key hazards are identified, including their consequence and likelihood as well as the controls and procedures implemented to mitigate risks. The residual risk is identified with corrective actions highlighted if required. The Financial Risk Assessment Register is reviewed by senior management and the Audit & Risk Management Committee.
There are a diverse range of controls in place which mitigate financial risk, some of the key controls involve:
- Guidelines and limits for approval of operating and capital expenditures;
- Policies and procedures for the management of treasury operations;
- Accounts payable procedures;
- Electronic payments procedures;
- Payroll processing procedures; and
- Purchase order procedures.
5.3 Health, Safety and Environment (HSE) risk management
The Company has a management system which provides a documented, comprehensive and fully integrated system to manage HSE risk. The system provides a means for the identification, assessment and control of all material HSE hazards. An extensive hazard analysis and risk control process exists and all employees are actively engaged in this process.
The key elements of the system are:
- Safe People (Training, fitness for work, fatigue monitoring, etc)
- Controlled Working Environment (Ground control standards, water control, etc)
- Supporting Systems and Processes (Incident reporting, Policies, hazard ID, etc)
- Fit for Purpose Plant & Equipment (Specifications, maintenance, pre-starts, etc)
- Informed Community and Managed Natural Environment (Community affairs program, monitoring, etc)
A risk register has been developed identifying all material operational risks as well as the control measures in place to manage those risks. A register of major mining hazards has also been established through the site risk assessment process.
A compliance register has also been established to ensure compliance with applicable laws, regulations, standards codes, and other commitments with which the Company must comply, including: Regulatory approvals (Work Plans and licences), Federal and State Legislation (Acts and Regulations), and Standards and Codes (Australian Standards and Industry Codes).
The Board oversees the monitoring function and has set specific responsibilities for itself and various Committees. The minutes of the Audit & Risk Management Committee and the Health,
Safety, Environment & Security Committee are distributed to the Board, and each Committee Chairman is asked to submit a verbal report to the Board on Committee activity and answer any questions from the Board. This provides assurance that the Company is operating legally, ethically and in accordance with approved financial and operating policies.
In addition, the external auditor plays a key role in the monitoring process, and provides a further independent perspective on certain aspects of the internal financial control system arising from its work, and reports to both the Board and the Audit & Risk Management Committee.
The engagement and independence of external auditors is considered annually by the Audit & Risk Management Committee which seeks confirmation of independence from the auditor before it recommends its findings to the Board. The Audit & Risk Management Committee satisfies itself that the Auditor is independent and there are adequate controls in place to safeguard its objectivity.
The Audit & Risk Management Committee requests an annual sign-off from the Managing Director & CEO and the Chief Financial Officer & Company Secretary to confirm that they are satisfied that the Company’s risk management and internal control system is appropriate and effective in managing the Company’s material business risks. The Board will also ask for written confirmation each year that the material business risks are being managed appropriately. This sign-off prompts a thorough annual review of the risk management and internal control system.
When undertaking its review, the Audit & Risk Management Committee will consider:
- The significant risks identified and how they have been assessed and managed;
- Assess the effectiveness of risk management and internal controls in managing the material risks;
- Consider whether necessary actions are being taken promptly to remedy any significant failings or weaknesses; and
- Consider whether the findings indicate a need for more extensive monitoring of the system of internal control.
The Managing Director & CEO and the Chief Financial Officer & Company Secretary request from the relevant operational managers an annual sign-off that HSE risks are being identified, assessed and mitigated and that there are no major deficiencies in the risk management system.