Principle 7 - Recognise and manage risk

Related key governance documents:

7.1 Board Risk Committee

The Board Risk Committee oversees risk management at Dexus. The Committee oversees the Group’s enterprise risk management practices, as well as work, health & safety, environmental management, sustainability initiatives, compliance and internal audit practices. It also oversees the effectiveness and annual review of the Group’s Risk Management Framework, Compliance Management Framework and Risk Appetite Statement.

Dexus’s Risk Management Policy and the Committee’s Terms of Reference are available at www.dexus.com/corporatepolicies.

From 1 July to 24 October 2017, the members of the Board Risk Committee were:

  • Tonianne Dwyer, Chair, Non-Executive Director
  • Penny Bingham-Hall, Non-Executive Director
  • Peter St George, Non-Executive Director
  • Mark Ford, Non-Executive Director

From 25 October 2017, Nicola Roxon joined as a member and the Board Risk Committee now consists of the following members:

  • Tonianne Dwyer, Chair, Non-Executive Director
  • Penny Bingham-Hall, Non-Executive Director
  • Peter St George, Non-Executive Director
  • Mark Ford, Non-Executive Director
  • Nicola Roxon, Non-Executive Director

All members of the Board Risk Committee are independent including the Chair. The Board Risk Committee met four times during the Reporting Period and each member attended all meetings.

While most risks are identified, managed and monitored internally, Dexus has appointed independent experts to undertake monitoring of work, health & safety, environmental risks, risk culture and other risks where expert knowledge is essential to ensure Dexus has in place best practice processes and procedures.

The Board Risk Committee is empowered to engage consultants, advisers or other experts independent of management.

7.2 Risk management

The management of risk is an important aspect of Dexus’s activities, and the Group has a segregated risk function reporting to the General Counsel on a day-to-day basis, as well as a Group Risk Committee comprised of senior executives that supports the Board Risk Committee.

The Head of Risk & Compliance has overall operational responsibility for risk management and is provided direct access to the Chief Executive Officer and Non-Executive Directors.

Risks to Dexus arise from both internal and external factors and include:

  • Performance risk
  • Corporate Culture risk
  • Capital Markets risk
  • Key Clients risk
  • Compliance and Regulatory risk
  • Building and Workplace Health and Safety risk
  • Climate change/Environment risk
  • Cyber/Data Governance risk
  • Talent and Capability risk
  • Security & Emergency Management risk

In line with a precautionary approach to decision making, activities that could potentially cause harm to the public or the environment receive heightened focus. Where the risk of human or environmental harm is high, the activity is not undertaken.

Various mega-trends may potentially impact Dexus’s strategy and outlook and further information relating to these in addition to the identification and management of risks is available in the Risks section on page 51 of the 2018 Dexus Annual Report and within 2018 Corporate Responsibility Sustainability reporting.

The Risk & Compliance team promotes an effective risk and compliance culture by providing advice, drafting and updating relevant risk and compliance policies and procedures, conducting training and monitoring and reporting adherence to key policies and procedures.

Frameworks have been developed and implemented in accordance with ISO 31000:2009 (Risk Management) and AS 3806:2006 (Compliance Programs).

The functions of the Risk & Compliance team include risk and compliance management and internal audit. The ongoing effectiveness of the risk management, compliance management and internal control systems is reported by the Head of Risk & Compliance to the Group Risk Committee and Board Risk Committee.

Dexus’s internal control procedures are also subject to annual independent verification as part of the GS007 (Audit Implications of the Use of Service Organisations for Investment Management Services) audit.

During 2018, the Board Risk Committee also focused on:

  • Enhancements to the Risk Appetite Statement
  • Security risk management at head office and across the portfolio as a result of the heightened terrorist alert announced by Australian National Security
  • Work health and safety for Dexus employees, contractors, tenants and visitors to Dexus properties
  • Identification and management of conflicts of interest
  • Building health and safety including identification and management of facade risk
  • Control effectiveness for corporate and property operations
  • 2030 Sustainability targets and commitments and climate change resilience
  • Discussions on risk culture and measurement of risk culture
  • Oversight (with Board Audit Committee) of a project led by Management to review and enhance key business controls

7.3 Internal audit

The Internal Audit Plan has a three year cycle, the results of which are reported quarterly to the Group Risk Committee and to the Board Risk Committee.

Dexus has appointed EY to perform the internal audit function. An EY partner attends each Board Risk Committee to present findings of internal audits undertaken during the quarter and the progress on remediation plans.

7.4 Material exposures

Dexus does not have any material exposure to economic, environmental and social sustainability risks. Dexus is committed to managing any risks on an ongoing basis as part of the Risk Management Framework. Please refer to the Risks section on page 51 of the 2018 Dexus Annual Report for further information.