Corporate Policies - Risk Management
Dexus is committed to meeting high standards of risk management in the way it conducts its business. Effective risk management is critical to enable Dexus to deliver high quality services and products to its customers and maximise investor returns. The Board reviews and approves Dexus’s Risk Management Framework at least annually.
It is essential that all companies, entities and business units within Dexus comply with all applicable laws, statutory and regulatory requirements, industry codes of practice, trust constitutions and deeds, material contracts and any Group policies and procedures.
The following processes should be followed to ensure that Dexus meets those high standards of risk management.
1. Application and Scope
While all legal entities which comprise Dexus are subject to this policy, it also applies, to the maximum extent possible, to agents and contractors that act for or on behalf of Dexus.
All employees receive ongoing training on policies, procedures and internal controls in order to understand the risks they are responsible for managing. Employees are also made aware of their responsibilities for reporting and addressing operational risk incidents.
The following mechanisms for managing risk are in place:
- Risk workshops - where managers identify risks and mitigating controls within their business unit
- Risk & Compliance Policies and Procedures - which set out the minimum acceptable standard of business practice
- Compliance certification - where each business unit reviews, on a quarterly basis, its compliance with policies, procedures and controls
- Verification - under which the certifications are tested for supporting evidence and completeness
- Control monitoring and review - where business processes and internal controls are reviewed and tested by Compliance, Risk and Governance including Internal Audit, based on a risk assessment
- Breach and error reporting - highlighting areas of focus for Compliance, Risk & Governance including Internal Audit control monitoring and review
- Internal audit - where the organisation’s key control processes are reviewed and tested
- External review – where external specialists are appointed to review the veracity of Dexus’s risk management procedures with a focus on workplace health & safety, security and environmental management, and
- Education program - which promotes Dexus’s risk management culture, commitment and awareness
Employees are required to familiarise themselves and comply with all business policies and procedures relevant to their area of responsibility. Policies and procedures are available to all employees via the Group intranet.
Business Unit Heads and Compliance, Risk & Governance are responsible for the provision of guidance in this regard.
2. Dealing with Breaches and Incidents
Dexus has procedures in place in relation to breaches and incidents including the requirement for all employees to notify Compliance, Risk & Governance once an incident has been identified.
Compliance, Risk & Governance reviews the treatment and resolution of incidents including consideration of any underlying control weaknesses.
In line with the precautionary approach, activities that could potentially cause harm to the public or the environment receive heightened focus. Where the risk of human or environmental harm is high, the activity is not undertaken.
3. Risk Management Reporting
The Board bears ultimate responsibility for Dexus’s corporate governance and risk management standards and is assisted in this responsibility by the Board Risk Committee.
The Board Risk Committee and Compliance, Risk & Sustainability Committee receives regular reports addressing risk management issues and practices as they relate to corporate and property operations.
Approved by the Compliance, Risk Sustainability Committee on 25 May 2016Download the Risk Management Policy PDF