Risk Management 27-28
Integration with overall risk management
AASB S2 paragraphs 27-28
Company disclosures (7)
Integration with Overall Risk Management
Climate and nature-related considerations are integrated across the business through GPT's Risk Appetite Statement and key policies, linking sustainability factors to operational and strategic risk processes.
Climate and nature-related risks and opportunities identified are evaluated alongside other enterprise risks in accordance with GPT's Risk Management Framework to maintain consistency and integration into business processes.
Asset-specific climate and nature risks and opportunities are reviewed and inform aggregated and entity level risk and opportunity reporting to the Sustainability Steering Committee. Risks and opportunities are escalated to the Executive Team and Board, where appropriate, in accordance with the RMF.
Sustainability risks, including climate, nature and human rights, are considered and managed under the GPT Risk Management Framework.
Integration with overall risk management
Climate change remains a top risk within QBE's enterprise risk framework, with increasing frequency and severity of extreme weather events and evolving regulatory frameworks across jurisdictions.
The Executive Risk Committee (ERC) oversees the integration of ESG risk into the Group's risk management framework. Responsibilities include the review of key enterprise risks and oversight of management strategies and treatment plans.
Management's oversight of the Group's climate-related matters is supported by the use of controls and procedures, including in relation to the identification of risks and opportunities, monitoring of progress against targets, scenario analysis and the measurement of reported metrics such as greenhouse gas (GHG) emissions. Integration of these processes into QBE's business and enabling functions is supported by regular monitoring and reporting coordinated by the Group Sustainability function to the relevant governance committees.
Integration with overall risk management
Enterprise risk management framework integration
Climate-related risks and opportunities are integrated in our enterprise-wide risk management framework. These are identified by product groups and supporting functions, then included in the appropriate risk register. The process is integrated within the Rio Tinto Risk Management Information System.
Three lines of defence model
Under our 3 lines of defence model:
- First line: All employees are empowered to own and manage the risks that arise within their area of responsibility
- Second line: Our Enterprise functions provide deep subject matter expertise and objective challenge
- Third line: Our Internal Audit function provides independent assurance
Principal risk elevation
In 2025, climate change has been elevated to a standalone principal risk to reflect its increasing relevance and potential to materially impact our business. "Preparing our business for climate change" includes both physical risks (such as extreme weather events and long-term environmental changes) and transition risks and opportunities (arising from shifts in policy, technology, and market expectations as the global economy decarbonises).
Recognising climate change as a principal risk reflects the growing complexity and interconnection of climate-related risks and opportunities across our business. It also supports continued integration of climate-related considerations into strategic planning and risk management across the Group.
Risk governance structure
Board level: The Board approves our risk appetite and oversees our principal risks. The Board is supported in monitoring a range of material financial and non-financial current and emerging risks by the Audit & Risk and Sustainability committees.
Management level: These risks are assigned a risk owner and evaluated on the maximum reasonable consequence (non-financial and financial) and likelihood of the risk. Risks are escalated to the appropriate level of management for oversight and action.
Risk Management Committee: Where risks are material to the Group, they are escalated to the Risk Management Committee and, as appropriate, to the Board or its committees. All Group principal risks and uncertainties are reviewed on a quarterly basis by the Enterprise Risk function and the Risk Management Committee (RMC).
Strategic integration
Climate-related risks and opportunities are embedded across multiple business processes:
- Strategic planning: Climate considerations are integrated into our overall strategy
- Capital allocation: Investment decisions consider climate-related factors
- Financial planning: Annual financial planning incorporates climate risks
- Risk management: Portfolio reviews include climate risk assessments
- Government engagement: Climate policy engagement is coordinated with overall risk strategy
Monitoring and reporting
Emerging risks that could materially impact strategic objectives are incorporated within our principal risks and, where possible, we develop responses to mitigate threats and create opportunities for the Group. Climate change and the low-carbon transition remain critical emerging risks, with potential to have a significant impact on our business and the communities where we operate.
Integration with overall risk management
Integration with Enterprise Risk Management Framework
A Climate-Related Risks and Opportunities (CRROs) Management Framework was prepared in alignment with the principles of the Group's broader Enterprise Risk Management Framework (ERMF) in 2024 and applied in 2025. The CRROs Management Framework details the approach to identify, assess, prioritise, mitigate and monitor climate-related risks and manage climate-related opportunities.
The Enterprise Risk Management Framework (ERMF) outlines how the Group identifies, assesses, manages and monitors risks and controls. It references globally recognised standards including ISO 31000:2018 as well as regulatory guidance from the Australian Securities and Investments Commission and the Australian Securities Exchange. The ERMF applies to all teams and identified risks, including climate-related risks.
Integration into annual risk processes
Annual risk analysis processes include developing team and specific risk profiles that outline key controls and mitigation plans for managing identified risks, including climate-related risks. This in turn informs the review and update of the enterprise risk profile.
Risk assessment matrix integration
The Group risk assessment matrix considers categories including life safety, earnings and distribution, operational efficiency, environmental impact and reputation. This matrix was used to assess and prioritise the climate-related risks in a low and high-emissions scenario and within the Group's defined time horizons.
Governance integration
Material risks receive oversight from the Executive Risk Management Committee (ERMC), the Risk and Sustainability Committee (RSC) and the Board.
The Board and executive leadership team set the Group approach to risk management, which is promoted and role-modelled throughout the business. A strong risk culture and effective risk management are fundamental to achieving the Group's Purpose and Ambition.
Control and mitigation integration
Controls and mitigation plans for climate-related risks are integrated in destination Climate Change Adaptation Plans (CCAPs), Destination Environmental Action Plans (DEAPs) and destination risk registers.
Framework review and updates
The ERMF and CRROs Management Framework will be reviewed at a minimum on an annual basis, with relevant enterprise policies and standards, as they relate to CRROs rated medium or above, to be updated where relevant.
Integration with overall enterprise risk management
Climate-related risks and opportunities are embedded within the Company's strategic plan and Enterprise Risk Management (ERM) Framework.
The ARC is responsible for overseeing and reviewing the Company's ERM Framework, including its strategies, policies, procedures and systems for managing risk and their effectiveness.
The ARC oversees the implementation and effectiveness of the ERM Framework and related Group risk registers. The ARC performs a formal six-monthly review of the Group risk registers, which incorporate climate-related risks.
A standing Risk and Assurance Report was tabled at five ARC meetings during 2025. This report included updates on emerging climate-related government policy and regulatory risks. During the second half of 2025, the ARC received regular updates on progress towards mandatory climate-related disclosures, including a formal readiness assessment.
Controls and procedures for measuring the Group's GHG emissions and tracking progress against climate strategies are embedded with the ERM Framework and integrated across the business.
Over the medium and long term horizons, impacts under both low and high warming scenarios did not result in any immediate re-rating of existing risk ratings established through our broader risk management processes.
Integration with overall risk management
Sustainability risks are incorporated into this process. Woodside's strategic risks align with several of its material sustainability topics. Risks categorised as "strategic" are reviewed by the Board, its Audit & Risk Committee and the Executive Leadership Team at least twice a year, and the Board confirms its risk appetite in relation to each strategic risk. Management actions that need to be taken in order to address the risks are incorporated into Woodside's internal risk management system.
The Audit & Risk Committee assists the Board to meet its oversight responsibilities in relation to the company's corporate reporting, compliance with legal and regulatory requirements, accounting and sustainability standards, tax matters, internal control structure, risk management procedures, cybersecurity matters and the internal and external audit functions. Given the importance of material sustainability-related risks and opportunities to Woodside, and potential implications relating to financial reporting, the Audit & Risk Committee reviews the Company's risk management framework, with input from management, other committees and external experts as appropriate, to ensure that it adequately deals with contemporary and emerging risks, including material sustainability-related risks (including climate-related risks and opportunities).
The Audit and Risk Management Committee (ARMC) annually reviews Yancoal's risk management framework to satisfy itself that it continues to be sound and that the entity is operating with due regard to the risk appetite set by the Board.
CRROs are managed through our Enterprise Risk and Opportunity Management Framework (EROMF), which integrates climate considerations into the broader enterprise approach to identifying, assessing and responding to risk.
Environment and community related risks are incorporated into each site's broader risk assessments, with significant risks captured in the Corporate Enterprise Risk Management Register.
The ARMC meets at least four times annually with duties and responsibilities that include reviewing and evaluating whether Yancoal has any material exposure to business risks, including financial and non-financial risks (including climate-related risks), environmental risks, social risks and, if it does, how Yancoal manages or intends to manage those risks.