Corporate Policies - Risk Management

All employees are required to understand, promote and be responsible for ensuring that internal controls are in place to effectively manage risks that apply to activities within their day-to-day responsibility, including risks associated with business decisions, processes, systems or people, and external events. 

Dexus is committed to meeting high standards of risk management in the way it conducts its business. Effective risk management is critical to enable Dexus to deliver high quality services and products to its customers and maximise investor returns. Dexus’s approach to risk management is detailed in its Risk Management Framework which is reviewed and approved by the Board at least annually.

It is essential that all companies, entities and business units within Dexus comply with all applicable laws, statutory and regulatory requirements, industry codes of practice, trust constitutions and deeds, material contracts and any Group policies and procedures.

The following processes should be followed to ensure that Dexus meets those high standards of risk management.

1. Application and Scope

While all legal entities which comprise Dexus are subject to this policy, it also applies, to the maximum extent possible, to agents and contractors that act for or on behalf of Dexus.

All employees receive ongoing training on policies, procedures and internal controls in order to understand the risks they are responsible for managing. Employees are also made aware of their responsibilities for reporting and addressing operational risk incidents and compliance incidents.

The following mechanisms for managing risk are in place:

  • Risk workshops - where managers identify risks and mitigating controls within their business unit
  • Risk & Compliance Policies and Procedures - which set out the minimum acceptable standard of business practice
  • Compliance certification - where each business unit reviews, on a quarterly basis, its compliance with policies, procedures and controls
  • Verification - under which the certifications are tested for supporting evidence and completeness
  • Control monitoring and review - where business processes and internal controls are reviewed and tested by Risk & Compliance and Internal Audit, based on a risk assessment
  • Breach and error reporting - highlighting areas of focus for Risk & Compliance including Internal Audit control monitoring and review
  • Internal audit - where the organisation’s key control processes are reviewed and tested
  • External review – where external specialists are appointed to review the veracity of Dexus’s risk management procedures with a focus on workplace health & safety, security and environmental management, and
  • Education program - which promotes Dexus’s risk management culture, commitment and awareness 

Employees are required to familiarise themselves and comply with all business policies and procedures relevant to their area of responsibility. Policies and procedures are available to all employees via the Group intranet.

Business Unit Heads and Risk & Compliance are responsible for the provision of guidance in this regard.

2. Dealing with Breaches and Incidents

Dexus has procedures in place in relation to breaches and incidents including the requirement for all employees to notify Risk & Compliance once an incident has been identified.

Risk & Compliance reviews the treatment and resolution of incidents including consideration of any underlying control weaknesses.

In line with the precautionary approach, activities that could potentially cause harm to the public or the environment receive heightened focus. Where the risk of human or environmental harm is high, the activity is not undertaken.

3. Risk Management Reporting

The Board bears ultimate responsibility for Dexus’s corporate governance and risk management standards and is assisted in this responsibility by the Board Risk Committee.

The Board Risk Committee and Group Risk Committee receives regular reports addressing risk management issues and practices as they relate to corporate and property operations.

Download the Risk Management Policy PDF