Cory’s framework and approach to risk management allows the business to take a well-informed and positive approach to the risks it faces.
Risk management responsibilities
Risk management is ingrained in strategic and operational activities, including business planning, investment analysis, portfolio and project management and day-to-day operations. Cory adopts a managed approach to risk that sets tolerances for appropriate risk taking, acceptance or avoidance, depending upon the consequences and likelihood of risks’ occurrence, and the potential associated benefits or opportunities.
The Board takes overall responsibility for risk management, including the setting of risk appetite and the implementation and operation of policies to manage risk. Risk management is a key priority for the Board. It regularly reviews and challenges the risk profile of the business, its principal risks and management’s response to, and effectiveness in, managing risk.
To improve the control and oversight of risk within the business, the Audit and Risk Committee has been delegated to review the approach to risk management. The Committee makes sure adequate assurance is obtained and confirms that management’s processes and controls for identifying risk work effectively.
Cory’s policies, including the Delegation of Authority Policy, provide a framework for decision making and risk management. Management has day-to-day responsibility for managing and mitigating risk. This includes a Health, Safety, Environment, and Quality Assurance Team that is independent from the operational business.
Cory’s risk management framework allows a coherent analysis of the material risks facing the business and the options available to manage these risks. The framework acknowledges it is not possible or practical to eliminate all risk. Instead, it seeks to manage risk within an envelope established by the Board.
Cory has an exceptionally low appetite for risk in areas impacting the health, safety and wellbeing of its employees, the communities within which it operates and the general public. Cory also has a very low appetite for any risk that could harm the environment, damage its reputation, breach laws and regulations or threaten the future existence of the business.