Principle 7 - Recognise and Manage Risk
7.1 Board Risk Committee
The Board Risk Committee oversees risk management within Dexus. The Committee oversees the Group’s enterprise risk management practices, as well as work health & safety, environmental management, sustainability initiatives, compliance and internal audit practices. It also oversees the effectiveness of the Group’s Risk Management Framework and Compliance Management Framework.
Dexus’s Risk Management Policy, the Committee’s charter and Compliance Management Framework is available at www.dexus.com/corporatepolicies During the Reporting Period, the members of the Board Risk Committee were:
- Tonianne Dwyer, Chair, Non-Executive Director
- Penny Bingham-Hall, Non-Executive Director
- Richard Sheppard, Non-Executive Director (Chair)
- Peter St George, Non-Executive Director
All members of the Board Risk Committee are independent including the Chair. The Board Risk Committee met four times during the Reporting Period and each member attended all meetings.
While most risks are identified, managed and monitored internally, Dexus has appointed independent experts to undertake monitoring of health and safety, environmental risks and other risks where expert knowledge is essential to ensure Dexus has in place best practice processes and procedures.
The Board Risk Committee is empowered to engage consultants, advisers or other experts independent of management.
7.2 Risk management
The management of risk is an important aspect of Dexus’s activities, and the Group has a segregated risk function reporting to the General Counsel on a day-to-day basis, as well as a Compliance, Risk & Sustainability Committee that supports the Board Risk Committee.
The Head of Risk & Compliance has direct access to the Chief Executive Officer and Non-Executive Directors.
Risks to Dexus arise from both internal and external factors and include:
- Strategic risks
- Market risks
- Health and safety risks
- Operational risks
- Environmental risks
- Financial risks
- Regulatory risks
- Reputational risks
- Fraud risks
Further information relating to the identification and management of risks is available in the Risks section on page 15 of the 2016 Dexus Financial Accounts.
The Risk & Compliance team promotes an effective risk and compliance culture by providing advice, drafting and updating relevant risk and compliance policies and procedures, conducting training and monitoring and reporting adherence to key policies and procedures.
Frameworks have been developed and implemented in accordance with ISO 31000:2009 (Risk Management) and AS 3806:2006 (Compliance Programs).
The functions of the Risk & Compliance team include risk and compliance management and internal audit. The ongoing effectiveness of the risk management, compliance management and internal control systems is reported by the Head of Risk & Compliance to the Board Risk Committee.
Dexus’s internal control procedures are also subject to annual independent verification as part of the GS007 (Audit Implications of the Use of Service Organisations for Investment Management Services) audit.
During 2016, the Board Risk Committee also focused on:
- Enhancements to the Risk Appetite Statement
- Security risk management at head office and across the portfolio as a result of the heightened terrorist alert announced by Australian National Security
- Work health and safety acknowledging both physical and mental health
- Identification and management of conflicts of interest
- Enhanced monitoring of Dexus Sydney CBD assets following a Legionella outbreak in May 2016
7.3 Internal audit
The internal audit program has a three year cycle, the results of which are reported quarterly to the Compliance, Risk & Sustainability Committee and to the Board Risk Committee.
Dexus has appointed Ernst & Young to perform the internal audit program. An Ernst & Young partner attends each Board Risk Committee to present findings of internal audits undertaken during the quarter.
7.4 Material exposures
Dexus does not have any material exposure to economic, environmental and social sustainability risks. Dexus is committed to managing any risks on an ongoing basis as part of the Risk Management Framework. Please refer to the Risks section on page 15 of the 2016 Dexus Financial Accounts for further information.