Risk Management

BlueScope adopts a structured and consistent framework to managing risk which is an integral part of key business decisions. The Company considers that a sound framework of risk management policies, procedures and controls is fundamental to good corporate governance.

An illustrative representation of the Company's framework is as follows:

The objective of the Company's risk management policies, procedures and controls is to:

  • link the identification and management of risk to the achievement of business strategy and objectives;
  • systematically identify and proactively manage risk;
  • equip employees to take responsibility for managing risk and be trusted to make risk management decisions;
  • identify the Company's principal market, operational, reputation and financial risks;
  • have in place effective systems to monitor and manage risks; and
  • have in place reporting systems and effective internal controls, including major risks and key mitigation strategies being reported to the Board and relevant Board Committees.

Some of the key policies, processes or controls adopted by the Company for oversight and management of material business risks are:

  • a risk management policy approved by the Board, and risk management processes reviewed annually by the Audit & Risk Committee;
  • regular review of the risk appetitie and risk profile of the Company by the Board, including reviewing risks that are material to the achievement of the Company's objectives and management's assessment of mitigating controls and actions taken in relation to managing those risks;
  • a planning process involving the preparation of business plans and rolling monthly forecasts;
  • analysis of financial performance and significant balance sheet items including comparisons with prior periods;
  • an internal audit function with a reporting line direct to the Chairman of the Audit & Risk Committee;
  • a comprehensive internal audit program designed to review the quality and effectiveness of internal processes, procedures and controls;
  • half year and annual audit performed by the external auditor;
  • management review of the balance sheet and internal control environment;
  • monthly review of financial performance compared to forecast;
  • Business Conduct Panel to monitor and receive reports concerning instances of non-compliance with BlueScope Steel's standards and policies;
  • monitoring of the Company's liquidity and the status of renewals of finance facilities;
  • maintaining an appropriate insurance program;
  • maintaining policies and procedures in relation to treasury operations;
  • issuing and revising standards and procedures in relation to environmental and health and safety matters including a program of safety audits across the Company;
  • implementing and maintaining training programs in relation to issues such as trade practices and business conduct;
  • litigation reporting;
  • capital investment tollgate processes;
  • delegation of authority procedures requiring significant contracts, capital expenditure and other items to be approved at the appropriate levels; and
  • detailed accounting policies and procedures with ongoing monitoring to ensure consistent application across all BlueScope Steel entities.