Principle 7

 

Recognise and manage risk

Each of RE1, RE2 and DIHL have formalised risk management policies. Compliance with these policies is monitored by their respective audit and risk committees.

Risks are managed through the risk management framework in place and include:

  • Investment risk
  • Regulatory and reporting risks
  • Financial risks (such as liquidity, interest rate, currency, investment, credit)
  • Legal risk (such as contract enforceability, covenants, litigation)
  • Compliance risk
  • Operational risks (such as people, processes, infrastructure, technology, systems, outsourcing and geographic coverage)
  • Environmental and social risks
  • Occupational health and safety risks
  • Project risks
  • Business performance risks
  • Reputation risks (such as investor relations, media management)
  • Strategic risks.

As part of its risk monitoring duties each audit and risk committee is required to:

  • Enquire of management and the external auditor about significant risks or exposures and assess the steps management (RE1 or RE2) has taken to minimise such risk to the trusts or company as applicable
  • Consider and review with the external auditor:
    • The adequacy of the trusts'/company's internal controls including computerised information system controls and security
    • Any related significant findings and recommendations of the external auditor on the matter of internal controls together with management's responses thereto
  • Monitor and review (at least annually) the effectiveness of the trusts'/company's operational risk management framework and compliance with key risk management policies
  • Review the scope of any internal audit to be conducted and the independence of internal audit team.

As required by the Corporations Act, a compliance committee and designated compliance staff assist the RE1 and RE2 boards in overseeing the trusts' risk management framework by monitoring compliance plans and ensuring that there is an underlying compliance framework including detailed policies and procedures, staff training and supervision and appropriate compliance reporting.

The compliance committee is currently comprised as follows:

  • Ray Kellerman, Chairman, External
  • Fiona Dixon, External
  • David Bartholomew, DUET CEO.

The external compliance committee members must satisfy the independence criteria set out in s601JB(2) of the Corporations Act. External members are required to certify their compliance with these requirements on an annual basis and otherwise notify RE1 and RE2 if they cease to satisfy the criteria.

RE1 and RE2 are subject to periodic review conducted by Macquarie's internal audit division. Each of DUET's businesses maintains its own risk management framework and supporting infrastructure to manage its own risk. DUET's ability to control or influence this framework and infrastructure differs based on DUET's level of ownership and control. It is DUET's policy to confirm that each business has an appropriate risk management framework in place to assist the business to effectively manage its risks. During the year management reports to the audit and risk committees as to the effectiveness of DUET's management of its material risks. In addition, the RE1, RE2 and DIHL boards receive assurance from the CEO and CFO that their declaration under s295A of the Corporations Act 2001 is founded on a sound system of risk management and internal control and that the system is operating in all material respects in relation to financial reporting risks.