Risk Management Program
INTRODUCTION
Objective
The primary objective of risk management is to ensure that the risks facing the business are appropriately managed. This gives stakeholders confidence to deal with or invest in the business.
Commitment
The Board of Aussie Q Resources Limited (“the Company”) and its senior management is committed to managing its risks in order to both minimise uncertainty and to maximise its business opportunities. Pursuant to this commitment the Board has approved and adopted this document.
Risk Definition
The definition that is applied across the Company of what constitutes “risk” is:-
“An event or activity which may have an impact on the achievement of Aussie Q Resources Limited’s objectives, strategies and its key business tasks.”
RISK MANAGEMENT FRAMEWORK
The framework upon which the Company’s approach to risk management is based is Australian Standard AS/NSS4360:1999.
Risk Identification
The risks have been identified by the Board, having considered what risks are, why they happen and how they occur. New risks will be identified as each new initiative/project is considered and also at a bi-annual review workshop with directors/managers, who will review all existing risks and identify any new risks.
Risk Analysis
Risks will be analysed by management by using the following ratings:
- Probability of the risk occurring;
- Impact of the risk if it did occur;
- Ascertaining what level of controls and maintenance are currently being employed; and
- How effective these controls are.
Risk Evaluation
Each risk is evaluated through a process of allocating an appropriate rating of probability impact, risk and effectiveness controls. This evaluation process determines whether the current management of each risk is within a predetermined acceptable level or whether action needs to be taken to treat the risk. It further identifies what monitoring is required i.e. active or periodic and whether review by Board or management.
Risk Treatment
The following risk treatment has been allocated to each risk:
- Tolerate the risk
- Avoid the risk
- Reduce the risk
This treatment is designed to reduce the probability or impact or increase the risk controls. As there will normally be a cost associated with risk reduction, the objective is to reduce the risk to an acceptable level consistent with established risk criteria. Any one of several decision points that may be taken include:-
- A satisfactory solution
- The most cost effective solution
- The accepted practice (industry norm, best practice etc.)
- The best achievable result
- The absolute minimum to satisfy corporate legislative or project needs
The risk can be reduced by transferring the risk. This may involve the transfer of risk in part or in full to a contractor, a supplier or to a product buyer for example.
Insurance is a common way of transferring risk. Insurance is normally taken for low probability, high impact events. When a risk treatment action is undertaken, it may not result in elimination or prevention of a risk, but will often result in reduction of the risk.
A residual risk will remain that should be less than the company’s level of tolerable risk.
RISK REPORTING
Risks will be separated into Strategic, Operational and New Initiative risks. Each risk is then rated according to inherent risk (probability and impact of the risk) and control rating (risk controls present and the evaluation of those controls).
Risk Monitoring and Review
Monitoring the status of each risk and any necessary action plans relating to their treatment takes place on a regular basis by controlled self assessment as well as by management’s quarterly review of risk action plans. Risks are also reviewed by the Audit Committee at each of its meetings but at least bi-annually.
The high level strategic and new initiative risks are reviewed annually by the Board at their annual strategic planning meeting. Identification of any new initiative risks or new strategic risks also takes place at this meeting. Any action or recommendations arising out of these review processes are implemented by management and then checked by the reporting system to the Company Secretary.
Ratings
Probability Parameters
Factor | Rating | Probability |
5 | High | High likelihood of it happening several times in the next 5 years; or chronic risk with history of occurrence |
4 | Substantial | Could occur more than once in the next 5 years; or can be difficult to control due to some external influences; or has a history of having occurred |
3 | Medium | Could occur in the next 10 years; or would not be surprised if this occurred |
2 | Low | Could occur, but not expected |
1 | Negligible | Possible but very unlikely that it will occur |
Impact Measures
Factor | Rating | Financial | Reputation and Public Confidence | Customer Satisfaction |
5 | High | Losses incurred; or unable to pay staff; or unable to pay suppliers | Major loss or confidence; or share price less than 5 cents; or dividend payout reduced to nil | Inability to supply product for sustained period |
4 | Substantial | Profit reduced by 100%; or major delays in paying staff; or major delays in paying suppliers | Significant loss of confidence or; share price less than 10 cents; | Substantial delays or interruptions in supply of product causing significant inconvenience |
3 | Medium | Profit reduced by 50%; or moderate delays in paying staff; or moderate delays in paying suppliers | Moderate loss of confidence; or share price less than 15 cents | Delays or interruptions causing moderate inconvenience |
2 | Low | Profit reduced by 10%; or minimal delays in paying staff; or minimal delays in paying suppliers | Mild loss of confidence; or share price down by 5 cents | Transitory problems causing minor inconvenience |
1 | Negligible | Profit unchanged; or no delays in paying staff; or no delays in paying suppliers | Minimal loss of confidence; or share price unchanged; or dividend payout not affected | Minimal or undetectable disruption |
Risk Controls
Control Rating | Description |
5 | Very low level of internal controls and maintenance |
4 | Below average level of internal controls and maintenance |
3 | Average level of controls and maintenance |
2 | Above average level of controls and maintenance |
1 | Excellent controls maintained in all areas at all times |
Risk Treatment
Risk Rating | Description |
1 | Tolerate the risk |
2 | Avoid the risk |
3 | Reduce/Manage the risk |
