BlueScope is committed to the identification and comprehensive management of risk.
We aim to achieve a culture that seeks to actively manage risk. The Company believes that a sound risk management framework is fundamental to strong governance. Our Risk Management policy is part of that framework
An illustrative representation of the Company's framework is as follows:
The Company's Risk Management Policy describes that;
Risk Appetite statements set the fundamental principles that govern the way we will execute our strategy and the acceptable level of risk. Seven broad categories of risk have risk appetite statements and are used to ensure the comprehensive identification and management of both financial and non-financial risks, these categories are:
Metrics and tolerance measures have been defined for each of these risk categories; performance against these measures is reported by each business unit, and to the Risk & Sustainability Committee, on a quarterly basis. Where performance is outside of tolerance, mitigation strategies are developed and reported to the Board or relevant Board Committees.
Some of the key policies, processes or controls adopted by the Company for oversight and management of material business risks are:
an independent internal audit function, with a reporting line direct to the Chair of the Audit Committee, which has a comprehensive internal audit program designed to review the quality and effectiveness of risk management and internal controls.