Risk management | Contents
Risk management practice Our integrated approach to risk management spans our operational, project, business and strategic activities, linking our risk activities to our internal processes such as health, safety, sustainability and environment, internal audit and compliance. This helps to dismantle barriers and silos between risk management activities and related functions, maximising insights. By integrating these functional areas, we ensure a more cohesive and comprehensive risk management process. It also facilitates the identification of a wide range of potential risks, both internal and external, including emerging risks, like social or supply chain disruptions. It has the additional benefit of involving a wide range of internal stakeholders in risk discussions, diverse perspectives, and comprehensive and forward-looking risk management. Once identified, each risk is analysed and evaluated to understand the potential it has to impact Transurban’s projects, functions, assets, customers and/or other stakeholders if it were to occur. These risk assessments consider the potential financial, health and safety, environmental, business disruption, legal and reputational consequences of a risk from both an unmanaged to managed perspective. The risk assessment then helps define the priority of management responses and the subsequent development of proactive treatment plans, to address the likelihood and consequences of each risk, and to also identify a way to mitigate any negative outcomes should a threat occur or if an opportunity is missed. Ongoing monitoring, reporting and escalation is then undertaken to provide assurance that the risks are being addressed and that appropriate risk treatment plans are in place. All risks are recorded and managed in our common enterprise system, so that risk knowledge and insights can be shared across the business. For more, see Figure 33 on page 71.
Business wide insights Risk intelligence dashboards can be used to disseminate risk management insights across the business, and support Transurban’s decision making and strategic planning activities. This approach drives consistent risk communications and understanding at all levels of our business. It also helps promote a culture of transparency and enhances risk performance understanding and maturity across our operations and projects. Three lines of accountability model Transurban is committed to best practice corporate governance, transparency and accountability, supported by a focus on effective proactive risk management across our internal and external operational control environments. It is therefore essential that Transurban has effective governance and assurance processes to validate that we are managing our risks to an acceptable level. Transurban uses a three lines of accountability model (see Figure 32 on page 70) to define different teams’ roles and accountabilities in managing risk across the business. This model provides a structured and systemic approach to managing and overseeing risks, as well as ensuring key controls and management processes are operating effectively. The model enhances assurance by offering multiple layers of checks and balances, making it a key process in safeguarding Transurban’s resilience, supporting governance and growth, as well as contributing to the value we deliver to our stakeholders.
Measuring risk management effectiveness and continuous improvement We have multiple assurance activities to assess the value and success of our ERM activities. Our Board monitors and reviews our ERM Framework’s effectiveness. At the Board’s request, our internal audit team conducts annual reviews of the framework, to demonstrate that the framework remains sound and that it aligns with ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations. Review activities comprise: • conducting a gap analysis of Transurban’s risk management approach alignment with ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations. • examining alignment to ISO 31000:2018 – Risk management standard • assessing our ERM Framework against other leading practice frameworks. We also assess our risk culture via risk- specific questions in our annual employee ‘Our Voice’ survey. These questions assess employee’s understanding of risk, the level of risk management practice within the business, and the propensity of employees and the business to take considered risk and report where this is outside of our risk appetite. ERM Framework review and employee survey results help us identify business areas requiring focused risk support and drive capability development activities. Results and feedback also inform future risk management training, education and improvement activities. As a result of these activities, in FY25 we further enhanced our risk appetite statements to reflect the revised strategic focus areas and implementation of revised risk tolerance levels. Additionally, we incorporated behavioural statements to support a culture of accountability and continuous improvement. These enhancements are designed to ensure that our risk management framework is robust, forward-looking, and aligned with our strategic objectives, ultimately fostering a resilient and proactive organisational environment. The updated ERM Framework also provides additional guidance associated with three lines of accountability to address the risks faced by the business and to enhance the overall control environment.
69
Made with FlippingBook Digital Publishing Software