Corporate Report for the year ended 30 June 2022
Introduction and overview
Business performance
Governance and risk
Directors’ report
Remuneration report
Financial statements
Sustainability supplement
Security holder information
Risk management
An integrated, proactive, practical approach to identifying and managing risks is essential for an organisation’s resilience, sustainability, and social licence. By anticipating and understanding the current and future uncertainties associated with our operating environment, we can mitigate threats and pursue business opportunities to benefit all of our stakeholders.
annually. To ensure we are operating within our risk appetite thresholds we have linked our Risk Appetite Statement to Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs). Using these KRIs and KPIs, we can measure our business and risk management performance against financial and non-financial risk metrics. Performance is tracked and presented to the Board to provide early insights into our risk exposures. Across the business, teams regularly review the operating environment and their business activities to identify risks with the potential to impact Transurban or our stakeholders. Proactive strategies and contingency plans are then developed and implemented to manage risk exposure. Regular assessment of the risks determines the ongoing effectiveness of the management strategy which can be enhanced where necessary.
Proactive risk management is embedded into our strategic activities and decision- making processes, as well as our daily operations to ensure we deliver upon Transurban’s strategic objectives, as well as continue to create and maintain stakeholder value. Our Enterprise Risk Management (ERM) Framework is a fundamental tool, providing governing principles and guidance to ensure the early identification of risks and proactive implementation of strategies to mitigate or effectively deal with risks should they occur. Overseen by the Board and the Audit and
Risk Committee (ARC), actively managed by the CEO and Executive Committee along with senior managers, the ERM Framework also provides a structured approach so that key risks and issues are escalated appropriately, ensuring we respond to those with the potential to materially impact our business. Our Risk Appetite Statement, which covers both financial and non-financial measures, outlines the level of risk that we are prepared to either accept, tolerate, or avoid in the pursuit of our business strategy. It is critical in guiding our attitudes and behaviours towards risk and is reviewed by the Board
Figure 23: Enterprise Risk Management Framework in action
Annual activity
Quarterly activity
Continuous activity
ARC/Board
Internal Audit Update audit plan based on key risks and themes
Business Resilience Provide assurance of resilience capability and preparedness Reporting on learnings from exercises and incidents
Review material and emerging risks
Review ERM effectiveness and approve changes Review and update Risk Appetite
Review ERM effectiveness and approve changes Review and update Risk Appetite Executive Committee Set risk objectives and priorities in Business Plan Update risks in line with objectives Markets and Business units
Review key business, strategic and emerging risks
Risk and Compliance status reporting
Consider emerging threats and catastrophic risks Exercise and test business response
Annual review of business compliance
Validate key risks and compliance requirements Review key risks and treatments
Consolidate and review key business and operational risks
Internal Audit plan review and update to reflect any emerging risks
Exercise and test response to disruption risks Validate preventative controls
Projects, Development Proposals and Acquisition
Set risk objectives and priorities in Business Plan Update risks in line with objectives
Validate key risks and compliance requirements Review key risks and treatments
Formal review of Risk Registers
Audit Reports issued including assessments of controls and management actions to enhance the control environment
Identification of risks that could disrupt the safe and continuous operations of
our assets or critical business processes
82
Made with FlippingBook Annual report maker