Risk Management Policy
New Talisman Gold Mines Limited ABN 009 474 702 (Company)
1. Purpose
Recognising and managing risk is fundamental to the Company achieving its strategic objectives, and a crucial part of the role of the Board and management. Sound risk management practices can not only help to protect established value, but also can assist in identifying and capitalising on opportunities to create value.
The Company recognises that a failure by it to recognise or manage risk can adversely impact not only on the Company and its shareholders, but also other stakeholders which may include employees, customers, suppliers, creditors, consumers, taxpayers and the broader community in which the Company operates.
The Board is ultimately responsible for deciding the nature and extent of the risks it is prepared to take to meet its strategic objectives. To enable the Board to do this, the Company must have an appropriate risk management framework to identify and manage risk on an ongoing basis.
This policy sets out the Company’s approach to risk management, including its approach to identifying and managing risk, the responsibilities of the Board, management and others within the Company in relation to risk management, and the resources and processes dedicated to risk management. Managing risk is the responsibility of everyone in the Company.
In this policy:
Management refers to the senior management team as distinct from the Board, comprising the Company’s senior executives, being those who have the opportunity to materially influence the integrity, strategy and operation of the Company and its financial performance.
Risk means effect of uncertainty on objectives
Risk Management means co-ordinated activities to direct and control the Company with regard to risk
Risk Management Framework is the set of components that provide the foundations and organisational arrangements for designing, implementing, monitoring, reviewing and continually improving risk management throughout the Company.
2. Who does this policy apply to?
All directors, officers and employees of the Company must comply with this policy.
3. Risk appetite
The Board is responsible for deciding the nature and extent of the risks it is prepared to take to meets its objectives (risk appetite).
The Company has an average tolerance for taking risks, on occasions higher tolerance is acceptable if risks can be justified by greater rewards. Management incorporates risk management into strategic planning and business decision making to understand and prioritise material business risks.
4. Risk management framework
The framework adopted references the Australian/New Zealand Standard AS/NZS ISO 31000:2009 Risk management – Principles and guidelines and involves:
4.1 Risk identification
The risks faced by the Company will be identified and documented in a risk register, as per the example in Appendix A, or equivalent. Risk identification will be undertaken as part of the Company’s strategic planning and budgeting process, and may be carried out through a workshop with management and potentially the board, facilitated by an external service provider or by a member of management.
The Company’s risks will be classified under the following broad categories:
(a) Market-related
(b) Financial reporting
(c) Operational
(d) Environmental
(e) Human capital
(f) Sustainability
(g) Occupational Health & Safety
(h) Strategic
(i) Technological
(j) Ethical conduct
(k) Economic
(l) Reputation
(m) Legal and compliance.
The individual risks which fall within these categories will be included in the Company’s risk register.
4.2 Risk analysis
Once the list of risks is agreed on by management and the Board, the risks will be analysed by determining consequences of the risks eventuating and their likelihood. Existing risk controls and their effectiveness (as perceived by management) should be taken into account when considering how likely the risk event is to occur and the impact/consequences it will have on the business.
Risk prioritisation will be undertaken at the same time as risk identification and will be considered in light of a 5×5 risk matrix, as the per the example in Appendix B, or equivalent.
4.3 Risk evaluation
Prioritised risk should be compared with the risk appetite established by the Board. The output of this process will be a prioritised list of risks for further action.
4.4 Risk treatment
Where the level of risk is above the desired level, management will develop and execute an action plan to address the risk by either: transferring the risk; reducing the risk or accepting the risk or a combination of these approaches. When selecting the way a risk will be treated, the Company will consider the values and perceptions of stakeholders and the most appropriate ways to communicate with them.
4.5 Monitoring and review
The risk register will be reviewed, and if required updated, on at least an bi-annual basis, or more often if required.
Risk is a standing agenda item at each Board meeting.
The risk management framework will be monitored and reviewed through the risk activities outlined in section 5. However, the Board may request independent verification in relation to all or some of the risk management framework or individual controls, via internal or external means.
4.6 Documentation
The risk management framework and processes will be documented.
5. Risk management activities
The Company’s annual risk management activities are divided into semesters as follows:
5.1 Semester One commencing 1 April
Management:
(a) reviews the status of risk management strategies, reviews and updates the risk register and/or completes an individual risk report for critical material business risks and presents the register and/or the report to the Board;
(b) the Chief Executive Officer and Chief Financial Officer provide the Board with a declaration in accordance with Recommendation 4.2 and section 295A of the Corporations Act 2001 (Cth) (Corporations Act);
(c) the Chief Executive Officer provides a summary of the Company’s annual risk management effort, including a report to the Board on whether the Company’s material business risks are being managed effectively; and
(d) prepares the disclosure for inclusion in the Company’s corporate governance statement in relation to Recommendations 7.1 to 7.4.
The Board:
(a) reviews of the risk management framework
(b) notes the updated risk register and/or individual risk reports and questions management if required;
(c) notes the Chief Executive Officer and Chief Financial Officer declaration for the purposes of Recommendation 4.2 and a declaration equivalent to section 295A of the Corporations Act;
(d) notes the Chief Executive Officer summary regarding the Company’s annual risk management effort (including the effectiveness report); and
(e) approves the disclosure for inclusion in the Company’s corporate governance statement in relation to Recommendations 7.1 to 7.4.
5.2 Semester commencing 1 October
Management:
(a) reviews this Risk Management Policy and make recommendations to the Board about any proposed changes;
(b) unless reviewed by a specific committee of the Board, reviews the Company’s risk management framework to satisfy itself that it continues to be sound;
(c) the Chief Executive Officer and Chief Financial Officer provide the Board with a declaration in accordance with Recommendation 4.2 and section 295A of the Corporations Act 2001 (Cth) (Corporations Act);
(d) reviews the Company’s Board Charter and Audit Committee Charter and role descriptions for management to ensure accountability for all risk management is included;
(e) identifies or reviews risks, develops risk management strategies and presents full Company risk profile by completing the risk register; and
(f) allocates and/or review owners of risks in the risk register.
The Board determines the Company’s overall risk appetite, approves the Risk Management Policy and provides input into the Company’s risk profile.
6. Risk management roles and responsibilities
6.1 Board
The Board is responsible for setting the Company’s risk appetite, for overseeing the risk management framework designed and implemented by management and to satisfy itself that the risk management framework is sound. The Board is also responsible for monitoring and reviewing the Company’s risk profile.
6.2 Audit Committee
The Board has established a separate Audit Committee, which is responsible for, among other things, the adequacy of the Company’s corporate reporting processes and the appropriateness of managements accounting judgements or choices. It also reviews the Company’s internal financial control system and, unless expressly addressed by a separate Risk Committee or by the Board itself, overseas the Company’s risk management framework. The role of the Audit Committee is set out in the Company’ Audit Committee Charter.
However, ultimate responsibility for the Company’s risk management framework rests with the Board.
6.3 Chief Executive Officer
The Chief Executive Officer has responsibility for identifying, assessing, monitoring and managing risks. The Chief Executive Officer is also responsible for identifying any material changes to the Company’s risk profile and ensuring, with approval of the Board, the risk profile of the Company is updated to reflect any material change.
The Chief Executive Officer is required to report on the progress of, and on all matters associated with, risk management. The Chief Executive Officer is to report to the Board as to the effectiveness of the Company’s management of its material business risks, at least annually.
In fulfilling the duties of risk management, the Chief Executive Officer may have unrestricted access to Company employees, contractors and records and may obtain independent expert advice on any matter they believe appropriate, with the prior approval of the Board.
6.4 Management
Senior executives are responsible for assisting the Chief Executive Officer identify, assess, monitor and manage risks.
6.5 Managers and supervisors
Managers and supervisors must:
(a) monitor material business risks for their areas of responsibilities;
(b) provide adequate information on implemented risk treatment strategies to management to support ongoing reporting to the Board; and
(c) ensure staff are adopting the Company’s risk management framework as developed and intended.
6.6 Individual staff
All staff within the Company should:
(a) recognise, communicate and respond to expected, emerging or changing material business risks;
(b) contribute to the process of developing the Company’s risk profile; and
(c) implement risk management strategies within their area of responsibility.
7. Review
The Company’s risk management framework is evolving. It is an on-going process and it is recognised that the level and extent of the risk management framework will evolve commensurate with the development and growth of the Company’s activities. This will include an annual review of this policy by the Audit Committee.