The Board acknowledges its responsibility for the Company’s system of internal control and for reviewing its adequacy and effectiveness. The system is designed to manage the risk of failure to achieve business objectives and can only provide reasonable but not absolute assurance against material misstatement or loss.
The risks associated with the Company’s activities are reviewed regularly by the Board, which assesses the Company’s risk appetite/tolerance, and considers major risks and evaluates their impact on the Company. Policies and procedures, which are reviewed and monitored by the Head of Internal Audit, are in place to deal with any matters, which may be considered by the Board to present significant exposure.
The key features of the Company’s risk management process, which serve as measure of its effectiveness, include the following:
- Each significant risk is documented, showing an overview of the risk, how the risk is managed, and any improvement actions or corrective initiatives. Risks are categorized based on the impact to EBITDA.
- The risk profiles ensure that internal audit reviews of the adequacy, application and effectiveness of risk management and internal controls are targeted on the key risks
- Risk management is cascaded from corporate to business operating unit level. Risk assessment meetings are held at least annually, and the standard agenda include discussion of risk and control issues, and review and updating of risk profiles.
- Risk and control self-evaluation exercises are undertaken by each business operating unit level at least twice a year, and updated risk profiles are prepared.