Principle 7 - Recognise and Manage Risk

Related key governance documents:

7.1 Board Risk Committee

The Board Risk Committee oversees risk management within Dexus. The Committee oversees the Group’s enterprise risk management practices, as well as work, health & safety, environmental management, sustainability initiatives, compliance and internal audit practices. It also oversees the effectiveness of the Group’s Risk Management Framework, Compliance Management Framework and Risk Appetite Statement.

Dexus’s Risk Management Policy and the Committee’s Terms of Reference are available at

From 1 July to 31 December 2016, the members of the Board Risk Committee were:

  • Tonianne Dwyer, Chair, Non-Executive Director
  • Penny Bingham-Hall, Non-Executive Director
  • Richard Sheppard, Non-Executive Director
  • Peter St George, Non-Executive Director

From 1 January 2017, Mark Ford joined as a member replacing Richard Sheppard and the Board Risk Committee now consists of the following members:

  • Tonianne Dwyer, Chair, Non-Executive Director
  • Penny Bingham-Hall, Non-Executive Director
  • Peter St George, Non-Executive Director
  • Mark Ford, Non-Executive Director

All members of the Board Risk Committee are independent including the Chair. The Board Risk Committee met four times during the Reporting Period and each member attended all meetings.

While most risks are identified, managed and monitored internally, Dexus has appointed independent experts to undertake monitoring of work, health & safety, environmental risks and other risks where expert knowledge is essential to ensure Dexus has in place best practice processes and procedures.

The Board Risk Committee is empowered to engage consultants, advisers or other experts independent of management.

7.2 Risk management

The management of risk is an important aspect of Dexus’s activities, and the Group has a segregated risk function reporting to the General Counsel on a day-to-day basis, as well as a Group Risk Committee comprise of senior executives that supports the Board Risk Committee.

The Head of Risk & Compliance has direct access to the Chief Executive Officer and Non-Executive Directors.

Risks to Dexus arise from both internal and external factors and include:

  • Strategic risk
  • Market risk
  • Work, health & safety risk
  • Operational risk
  • Environmental risk
  • Financial risk
  • Regulatory risk
  • Reputational risk
  • Climate risk
  • Cyber risk
  • Fraud risk
  • Security risk

Further information relating to the identification and management of risks is available in the Risks section on page 28 of the 2017 Dexus Annual Report.

The Risk & Compliance team promotes an effective risk and compliance culture by providing advice, drafting and updating relevant risk and compliance policies and procedures, conducting training and monitoring and reporting adherence to key policies and procedures.

Frameworks have been developed and implemented in accordance with ISO 31000:2009 (Risk Management) and AS 3806:2006 (Compliance Programs).

The functions of the Risk & Compliance team include risk and compliance management and internal audit. The ongoing effectiveness of the risk management, compliance management and internal control systems is reported by the Head of Risk & Compliance to the Group Risk Committee and Board Risk Committee.

Dexus’s internal control procedures are also subject to annual independent verification as part of the GS007 (Audit Implications of the Use of Service Organisations for Investment Management Services) audit.

During 2017, the Board Risk Committee also focused on:

  • Enhancements to the Risk Appetite Statement
  • Security risk management at head office and across the portfolio as a result of the heightened terrorist alert announced by Australian National Security
  • Work health and safety acknowledging both physical and mental health
  • Identification and management of conflicts of interest
  • Cyber risk and ongoing resilience
  • The effect of climate change on Dexus’s operations
  • Identification and management of façade risk
  • Control effectiveness for corporate and property operations

7.3 Internal audit

The Internal Audit Program has a three year cycle, the results of which are reported quarterly to the Group Risk Committee and to the Board Risk Committee.

Dexus has appointed EY to perform the internal audit program. An EY partner attends each Board Risk Committee to present findings of internal audits undertaken during the quarter.

7.4 Material exposures

Dexus does not have any material exposure to economic, environmental and social sustainability risks. Dexus is committed to managing any risks on an ongoing basis as part of the Risk Management Framework. Please refer to the Risks section on page 28 of the 2017 Dexus Annual Report for further information.