06 Risk management

Directors should have a sound understanding of the key risks faced by the business.

The Board should regularly verify that the entity has appropriate processes to identify and manage potential and relevant risks.

The board should require the entity to have rigorous processes for risk management and internal controls.
The board should receive and review regular reports on the operation of the risk management framework and internal control processes, including any developments in relation to key risks. Reports should include oversight of the company’s risk register and highlight the main risks to the company’s performance and the steps being taken to manage these.
Boards of issuers should report at least annually to investors and stakeholders on risk identification, risk management and relevant internal controls.

The board is responsible for determining the nature and extent of the principal risks it is willing to take in achieving its strategic objectives.
The board should lead by example and foster an effective risk culture that encourages openness and constructive challenge of judgements and assumptions.
The board should adopt a comprehensive enterprise risk management approach, including financial, strategic and environmental, social and governance risks.