- OptiComm Ltd ACN 117 414 776 (Company) considers ongoing risk management to be a core component of the management of the Company and its wholly-owned subsidiaries (Group), and understands that the Company’s ability to identify and address risk is central to achieving its corporate objectives.
- This policy outlines the program implemented by the Company to ensure appropriate risk management within its systems and culture.
Risk management program – overview
- The Company’s risk management program comprises a series of processes, structures and guidelines which assist the Company to identify, assess, monitor and manage its business risk, including any material changes to its risk profile.
- To achieve this, the Company has clearly defined the responsibility and authority of the Company’s board of directors (Board) to oversee and manage the risk management program.
- Regular communication and review of risk management practice provides the Company with important checks and balances to ensure the efficacy of its risk management program.
Risk management program – risk identification
- In order to identify and assess material business risks, the Company defines risks and prepares risk profiles in light of its business plans and strategies. This involves providing an overview of each material risk, making an assessment of the inherent risk level, preparing and implementing action plans to address and manage risks and assessing the residual risk after the impact of action plans. The Company regularly reviews its risk profiles to ensure currency.
- The Company will disclose in its annual report or other public disclosures (as appropriate) whether it has any material exposure to environmental or social risks and, if it does, how it manages or intends to manage those risks.
Oversight and management
- The Board acknowledges that it is responsible for the overall system of internal control but recognises that no cost effective internal control system will preclude all errors and irregularities.
- The Board has delegated responsibility for reviewing the risk profile including material business risks and reporting on the operation of the internal control system to the Audit and Risk Committee. However, the Audit and Risk Committee may also refer particular risk management issues to the Board for final consideration and direction.
- The Board will review the effectiveness of the Company’s risk management and internal control system annually.
Audit and Risk Committee
- The day-to-day oversight of the Company’s risk management program has been conferred upon the Audit and Risk Committee. The Audit and Risk Committee is responsible for ensuring that the Company maintains effective risk management and internal control systems and processes and provides regular reports to the Board on the effectiveness of the risk management program in identifying and addressing material business risks. To achieve this, in addition to the risk management responsibilities in the Audit and Risk Committee Charter, the Audit and Risk Committee is responsible for
(a) monitoring the establishment of an appropriate internal control framework, including information systems, and its operation and considering enhancements;
(b) assessing corporate risk and compliance with internal controls;
(c) assessing occupational health and safety risk, compliance with internal controls and risk mitigation;
(d) overseeing business continuity planning and risk mitigation arrangements;
(e) reviewing reports on any material misappropriation, frauds and thefts from management;
(f) reviewing reports on the adequacy of insurance coverage;
(g) monitoring compliance with relevant legislative and regulatory requirements (including continuous disclosure obligations) and declarations by the Secretary in relation to those requirements;
(h) reviewing material transactions which are not a normal part of the Company’s business;
(i) reviewing the nomination, performance and independence of the external auditors, including recommendations to the Board for the appointment or removal of any external auditor;
(j) liaising with the internal and external auditors and monitoring the conduct of the annual audit;
(k) overseeing the processes of management that support external reporting;
(l) reviewing financial statements and other financial information distributed externally; and
(m) reviewing external audit reports and monitoring, where major deficiencies or breakdowns in controls or procedures have been identified, remedial action taken by management.
Review of risk management program
- The Company regularly evaluates the effectiveness of its risk management program to ensure that its internal control systems and processes are monitored and updated on an ongoing basis and may disclose the results of such review in its annual reports.
- The division of responsibility between the Board, management and the Audit and Risk Committee aims to ensure that specific responsibilities for risk management are clearly communicated and understood. The reporting obligations of the Audit and Risk Committee ensure that the Board is regularly informed of material risk management issues and actions. This is supplemented by ongoing evaluation of the performance of the risk management program by management and the Board.
6. Approval, reviews and changes
- This policy was approved and adopted by the Board on 1 July 2019.
- The Board will review this policy and related procedures annually or as often as it considers necessary to ensure this policy remains effective and relevant to the current needs of the Company.
- The Board may amend this policy from time to time by resolution.