Hero - Data Centre

Environmental, Social and Governance (ESG) data centre

Risk Management

Risk Management  

Risk is inherent in every aspect of our Group’s business operations. Our Group recognises that effective risk management is fundamental for sound corporate governance and achieving our business objectives.   

Understanding the risks we face and managing them appropriately enhances our ability to make better decisions, deliver on objectives and subsequently improve our performance. 

Our Group is committed to a proactive and structured approach to risk management. We have established governance forums for risk management and maintain a risk management framework in accordance with AS ISO 31000:2018 Risk Management – Guidelines.   

Our Risk Management Manual provides detailed documentation of our risk management process, principles and practices.  It serves as a guide for systematically identifying and managing risks across our organisation.  

Our reporting and escalation requirements direct risks that have the potential to exceed the Group’s risk appetite to be prioritised for attention at the appropriate governance forums. 

Our governance, risk and compliance system, Omnia, centralises risk data and provides information to support decision-making. 

Our Risk Management Governance Forums 

Our risk management governance forums, such as the Board Risk, Health, Safety and Environment Committee (RHSEC) and Executive Risk Management Committee (ERMC), play important roles in overseeing risk management and supporting decision making: 

  •  RHSEC – assists the Board in fulfilling its oversight responsibilities on risk management and the type and level of Group business risks, including sustainability risk. 

  • ERMC – chaired by the Executive General Manager, People, Safety and Governance, the ERMC supports our Managing Director and the RHSEC in executing their responsibilities.  

Our Risk Management Framework

Our Risk Management Process 

Our risk management process comprises six key steps: 

  1. Scope, Context and Criteria: Risks within their context, and relationship with the organisational environment and dependencies are identified and understood. 

  2. Risk Assessment: Risks are identified, analysed and evaluated to inform decision-making regarding their management.  Our approach includes utilising a Risk Consequence and Likelihood Matrix (below), which guides the prioritisation of risk treatment. 

  3. Risk Treatment: We utilise various risk treatment options including avoidance, reduction, sharing or transfer, and retention or acceptance, depending on the outcomes of risk evaluation.  

  4. Communication and Consultation: Regular and ad-hoc communication, as well as consultation with stakeholders provide a shared understanding of risks, decision-making, and actions taken to manage risks.  

  5. Monitoring and Review: Regular monitoring and review of risks enable us to understand and assess the performance of controls, improve risk treatments, and identify emerging risks in a dynamic business environment. 

  6. Recording and Reporting: We report outcomes of the risk management process to key stakeholders. This enhances risk dialogue and supports stakeholders in their decision-making. 

    Our Risk Consequence and Likelihood Matrix