Corporate Report for the year ended 30 June 2022
Introduction and overview
Business performance
Governance and risk
Directors’ report
Remuneration report
Financial statements
Sustainability supplement
Security holder information
A business- wide integrated approach and practice The ERM Framework is integrated with related processes and policies (including the Code of Conduct, Ethical Business Practices, Compliance Framework, Health, Safety and Environment, Internal Audit, Tax, Treasury, Procurement, Business Resilience, and Insurance) to ensure a business-wide view of our risks and enable us to understand and address their potential consequences. To further support the maturity of risk across the business, a key pillar underpinning Transurban’s FY22 Risk Strategy is the integration of risk information and insights into core management processes. We have linked our Risk Management, Incident, Operational, Compliance, Privacy, Resilience and HSE data and invested in data analytics to enable us to understand our internal and external risk landscape, and test our strategic decision making. This has allowed us to: • holistically consider risk and uncertainty • more effectively use forward-looking risk visualisation to support better decision-making • capitalise on opportunities • identify opportunities to create lasting value. This risk integration has enabled our ERM approach to extend beyond a stand- alone process and provides the Board and the Executive Committee with greater confidence that management strategies, plans and performance reporting are robust. This has enabled risk learnings and insights to be shared and cascaded amongst teams. Additionally, the combination of risk integration with monitoring emerging risks has enhanced strategic planning through increased emphasis on data analytics, scenario analysis and stress testing to anticipate risk, monitor the validity of strategic assumptions and assess the impact of alternative approaches on projected performance. Measuring the effectiveness of our risk management activities We have multiple assurance activities to assess the value and success of our ERM activities. The overall effectiveness of our ERM requires clear expectations and consistent application of controls across the business. So this can happen, the ERM
Figure 24: Integrating business data with our risk assurance process
Reporting and insights
Business data capture
Risk assurance process
the level of risk management practice within the business, and understand the propensity of employees and the business to take considered risk. Additionally, the Board requests that Internal Audit undertakes an annual review of our ERM Framework. This review is to satisfy the Board that the Framework continues to be sound and aligned to the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations. The review involves: • gap analysis of Transurban’s risk management approach alignment to ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations • examining alignment to the ISO 31000:2018 • assessment of our ERM Framework against other leading practice frameworks. The detailed results from both our employee survey and ERM review are used to identify business areas requiring focused risk support and capability development activities. Results and feedback also form the basis for future risk management training, education and ERM Framework improvement activities.
Framework is linked to our assurance and governance processes—with outcomes from our risk processes used to define areas of focus for Internal Audit. These audits provide independent assurance to ARC, supporting them to fulfil their responsibility for overseeing the organisation’s risks and controls, and support management to maintain an effective risk and control environment. To support broader Internal Audit assurance activities we utilise a co-sourced operating model, comprising an external independent Internal Audit Service Provider (EY), and an internal team led by the Head of Internal Audit. This approach enables balance, independence, external subject matter expertise and internal knowledge. Internal Audit operates under a plan approved annually by ARC and has full access to all functions, records, property, and personnel of Transurban Group. Internal Audit administratively reports to the Company Secretary and has a direct reporting line to the Chair of ARC. The results of Internal Audit activities are reported to ARC. We assess our risk culture annually, with questions posed in the Our Voice employee survey. The purpose of these questions is to assess the current understanding of risk,
83
Made with FlippingBook Annual report maker