Effective risk management is a fundamental part of GNZ’s business strategy.
Responsibility for managing risk lies initially within the business unit concerned, working within the strategy outlined by the Board.
Supporting this responsibility, management has established and implemented an enterprise wide risk management framework for identifying, assessing, monitoring and managing risk for GNZ.
A Regional Risk Manager has been appointed and is responsible for the risk management framework. A core component of the framework is risk profiling, which involves the process of identification, assessment and management of risk for the organisation. All critical business units are involved in the risk profiling process. The results of the risk profiles are updated, consolidated and reported each quarter.
The elements of the risk management framework include the following:
- Roles and responsibilities.
- Governance.
- Risk and control assessment.
- Incident management.
- Change management.
- Business continuity planning.
- Internal audit.
- Compliance.
- Insurance.
The framework is supported by a set of procedures that detail the risk work flow processes for the organisation.
The Audit Committee has, as part of its charter, a formal role in the oversight of risk management practices within MGNZ. The Audit Committee works closely with the Board to ensure that risk management issues are identified and addressed, in accordance with the risk management strategy.
The effectiveness of risk management practices is assessed by the internal audit function and reported to both GNZ Management and the Audit Committee. The annual work programme for the internal audit function is based upon the outcome of the annual risk review and internal control issues identified by both internal and external auditors. The work programme is considered and approved by the Audit Committee.