This Corporate Risk Framework gives direction as to the use of strategic risk management processes and procedures to reduce exposure to risks associated with these activities, and identify opportunities while ensuring compliance to all relevant national legislation and regulations.
The prescribed processes of this Framework shall be carried out in accordance with the principles of fiduciary duties, regardless of where the locations of operational activities, or proposed operational activities may be located.
Nothing in this Framework shall relieve any individual of Elk of the duties and responsibilities required of a corporation under the third edition of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations (the Recommendations).
This Framework will specify:
• The Governance structure of risk management and duties of persons directly involved with these processes
• The duties and responsibilities of the Risk Committee
• Risk Management Methodology to be adopted
• Any required templates to be adopted
An ASX Company, Elk Petroleum is overseen by a Board consisting of a Chairman and three Members. In addition, there are two Executive Management level positions, namely the Chief Financial Officer and the Chief Operating Officer.
As a Committee of the Board, the Risk Committee will comprise:
• Two Board Members
• Either the CFO or the CEO
All Risk Committee Members are to be appointed in writing by the Chairman of the Board, with the Chairman of the Risk Committee coming from any of the three positions nominated above. A quorum will be considered achieved only when all three members or their nominated proxies are present. There may be a limit of one proxy at each meeting.
Duties and Responsibilities of the Risk Committee
As the lead organisation within Elk Petroleum for identifying risk and opportunity, the Risk Committee will meet to consider risk:
• At least quarterly
• When the Company proposes to undertake new activities or significantly enhance existing activities
• When external stakeholders or the market indicates the Company’s risk profile has changed
• If legislative or regulatory change requires it
• When the Company’s capitalisation is changed
• When in doubt as to the Company’s risk profile
• As directed by the Chairman
In accord with the processes of ISO31000: 2018 Risk Management Guidelines, the Risk Committee at each meeting have the responsibility for:
• Ensuring the Risk Matrix and its associated values are in accord with the Company’s existing capitalisation and exposures
• Identifying existing and future risks to the stated aims of the Company
• Identifying existing and future risks to the operations of the Company
• Proposing where possible mitigations to the above
• Reporting their findings formally to the Chairman of the board and the Company Secretary
• Preparing minutes of all constituted meeting and forwarding the same to the Company Secretary for appropriate distribution
Elk's Risk Wheel
All Risk Committee meetings are to be minuted and after the minutes are agreed to by the members or their proxy, forwarded without delay to the Company Secretary.
Annually, prior to the Company Annual General meeting, the Risk Committee shall produce an Annual Risk Report containing at a minimum:
• A brief report of proceedings of the Risk Committee for the previous twelve months
• Confirmation the Risk Matrix is appropriate for the Company’s capitalisation and exposures
• The Company strategic level Risk Register
• Details of all high risks (greater than 12 as per the Risk Matrix) and associated mitigations (existing or proposed)
• The Risk Committee’s assessment of the ability of the Company in the previous 12 months to mitigate its risk exposure
• The Risk Committee’s assessment of the ability of the Company in the succeeding 12 months to mitigate its risk exposure as well as an outlook over a longer period perhaps to a 1, 3 or 5-year planning schedule
The above report is to be raised and submitted in accordance with existing Board practices.
Risk Management Methodology and Process
A summary of ISO31000: 2018 and Broadleaf Introductory guide: Preparing for a risk assessment is given below.
ISO 31000 - Risk Management
Risks affecting organizations can have consequences in terms of economic performance and professional reputation, as well as environmental, safety and societal outcomes. Therefore, managing risk effectively helps organizations to perform well in an environment full of uncertainty.
ISO 31000:2018, Risk management - Guidelines, provides principles, framework and a process for managing risk. It can be used by any organization regardless of its size, activity or sector. Using ISO 31000 can help organizations increase the likelihood of achieving objectives, improve the identification of opportunities and threats and effectively allocate and use resources for risk treatment.
However, ISO 31000 cannot be used for certification purposes, but does provide guidance for internal or external audit programmes. Organizations using it can compare their risk management practices for effective management and corporate governance.
A number of other standards also relate to risk management.
- ISO/IEC Guide 73:2009, Risk management - Vocabulary complements ISO 31000 by providing a collection of terms and definitions relating to the management of risks. ISO/IEC 3100:2018, Risk management - Guidelines cancels and replaces ISO 3100:2009 and has been technically revised.
- The main changes compared to the previous edition are as follows:
- review of the principals of risk management, which are the key criteria for its success;
- highlighting of the leadership by top management and the integration of risk management, starting with the governance of the organization;
- greater emphasis on the iterative nature of risk management, noting that new experiences, knowledge and analysis can lead to a revision of process elements, actions and controls at each stage of the process;
- streamlining of the content with greater focus on sustaining an open systems model to fit multiple needs and contexts.