Risk management at BlueScope

BlueScope is committed to an integrated approach to managing risk. We aim to have a proactive risk culture, ensuring a balanced approach to managing uncertainty in how we deliver strategic and commercial outcomes.  

Our risk management framework – an overview

Our framework is directed by Risk Appetite Statements and structured according to seven broad risk categories (pictured below).

Infographic detailing how BlueScope manage risk

Our Group Risk Appetite Statements are set by the Board and describe the fundamental principles that govern the way we will execute our strategy and the acceptable level of risk. Understanding risk, and our appetite for particular types of risk, is a key consideration in our decision-making. 

The seven broad risk categories set the structure in which business risks are to be identified and managed. Our integrated framework of risk management policies, procedures and controls supports decision-making as close as possible to the source of risk. 

Our three lines of accountability model (pictured) aim to ensure clear accountabilities through our global company.

Our business unit management teams are empowered to own and manage risks directly at the first line of accountability, followed by the functions/centres of excellence in the second line. Internal Audit represents the third line of accountability, with oversight by senior management and the Board. Each business unit’s performance against the Group Risk Appetite is monitored quarterly and the consolidated metrics reported to the Risk and Sustainability Committee.

We embed the risk management framework with business leaders through a series of masterclasses. Going beyond traditional training courses, each masterclass uses storytelling and real, BlueScope-specific examples to engage and develop our leaders.