Controlling and managing risks
Through its risk management framework, Telecom identifies, assesses and manages risks that affect its business, including specific pan-Telecom risks arising from the business direction and strategic environment. Telecom's risk management framework is implemented through business processes such as business planning, investment analysis, project management and operations management. Telecom's Managing Risk Policy (PDF 89KB) requires Telecom's business and support groups to:
- Identify risks that relate to the achievement of their business objectives;
- Assess those risks and determine whether they are acceptable under existing controls or whether additional Treatment is required;
- Respond appropriately to the risks, based on that assessment; and
- Monitor and report on the current status of risks and the effectiveness of their controls.
This systematic approach to managing risk is performed on a planned or embedded basis and is implemented throughout Telecom.
Management regularly reports to the board on the effectiveness of Telecom's management of its material business risks.
Risk management roles and responsibilities
Risk management takes place in the context of normal business processes such as business planning, investment analysis, project management and operations management. In addition, risk is managed through the delegation of authority framework and other Telecom policies that provide a framework for managing specific pan-Telecom risks arising from the company's business direction and strategic environment.
To manage financial risks around treasury transactions, the board has approved principles and policies that specify who may authorise transactions and segregate the duties of those carrying them out.
The Audit and Risk Management Committee is responsible for ensuring that management has established a risk management framework that includes policies and procedures to effectively identify, treat and monitor principal business risks. The committee also regularly reviews Telecom's risk profile.
Telecom's Audit and Risk Management Committee receives reports on the effectiveness of the implementation of policies and processes designed to manage risk. The Audit and Risk Management Committee receives reports from internal audit on the adequacy and effectiveness of Telecom's internal controls. The committee regularly reports this information to the board.
Although Telecom is not required to comply with all of the provisions of the Australian Corporations Act 2001, Telecom requires that its CEO and CFO make an annual declaration in relation to Telecom's financial statements in the form set out in s295A of the Australian Corporations Act. Section 295A requires the CEO and CFO to declare that: (a) Telecom's financial records have been properly maintained; (b) the financial statements comply with the accounting standards; and (c) the financial statements give a true and fair view. The board receives a written assurance from the CEO and the CFO that, to the best of their knowledge and belief, the declaration provided by them in the form set out in s295A of the Australian Corporations Act is founded on a sound system of risk management and internal control and that the system is operating effectively in all material respects in relation to financial reporting risks.
Telecom has an internal audit group based in New Zealand and Australia. The internal audit charter defines the internal audit group's objectives, scope, independence, responsibilities and authority. The internal audit group's primary objective is to assist the board and CEO in exercising good governance by providing independent assurance on Telecom's control and risk management processes. The Audit and Risk Management Committee approves the appointment and replacement of the general manager, group risk and audit who reports to the board through the committee.
The internal audit group is independent from the activities and operations it audits, including risk management systems and has unrestricted access to Telecom's records and employees. The internal audit group regularly performs audits across Telecom business units in New Zealand, Australia and elsewhere. The internal audit team works to an internal audit plan approved by the Audit and Risk Management Committee. The Audit and Risk Management Committee ensures that the internal audit group is appropriately staffed and that its scope of work is adequate in light of the key risks facing Telecom.
|This page contains PDF documents. Most computers can read these but if yours can't, please download the free Adobe Reader.|