Transurban Corporate Report FY25 Governance and risk
Figure 32 – Below represents Transurban’s three lines of accountability model:
Risk and control
What does this mean?
The first line of accountability consists of operational management, who identify, own and manage risks identified directly through day-to-day operations. They are expected to: • Identify risks in their everyday operation • Manage and escalate risks • Ensure an adequate control environment so that risks are managed to an acceptable level. This includes validating the effectiveness of their treatment plans, and determining if the relevant controls, fallbacks, and any actions are in place and operating effectively. If not, then action is required to remedy the situation. The second line of accountability is performed by the risk, compliance and resilience functions that provide oversight, guidance, and support to make sure ‘first line’ assurance activities are appropriately applied. They are expected to: • Be responsible for risk management development, monitor processes and the implementation of the company’s overall risk management • Monitor and validate the ERM Framework has been effectively applied in each operational area, business unit or project team • Seek to confirm that ‘first line’ assurance activities are appropriately applied, and the management of specific risks is effective • Other parts of the business can also perform oversight functions based on the function's delegations, for example, Finance, Legal, Quality, Health, Safety and Environment and Human Resources. Third line of accountability is an assurance function, performed by our internal audit team, with outcomes from our risk processes used to define internal audit focus areas. These audits provide independent assurance to the Audit and Risk Committee, supporting the Committee in fulfilling its responsibility for overseeing the organisation's risks and controls.
Operations Understand the boundaries and risk appetite
Establish a risk and control environment
Oversight Functions Risk, Compliance and Resilience functions
• Strategic management • Procedure and policy setting • Functional oversight
Independent Assurance Internal Audit, External Audit, other independent audits and reviews
Independent challenge and assurance
70
Made with FlippingBook Digital Publishing Software