Jump to main content

Audit and Risk

Risk management and oversight

The Board is committed to effective risk management and all executives are accountable for managing risk within their area of responsibility. They are also required to manage risk as part of their business objectives and Perpetual's approach to risk management is integrated across business processes.

Perpetual’s Chief Risk Officer leads a centralised group of risk management professionals. The Risk Group provides the framework, tools, advice and assistance which enables business units and management to effectively identify, assess and manage risk, and through monitoring, provides the board and its committees with assurance of the effectiveness and efficiency of risk management.

The board is responsible for monitoring that management has an appropriate risk framework in place and compliance with regulatory, prudential, legal and ethical standards. The board reviews Perpetual’s key risks, mitigants, action plans and risk ratings as part of its annual strategic planning process in March and the board undertakes a further review of key risks during the course of the year. The board review of key risks is underpinned by facilitated workshops coordinated by the Risk Group. The workshops promote open discussion between management and the Risk Group enabling key risks, controls and any weaknesses or gaps to be identified and managed.

The Audit Risk and Compliance Committee oversees the implementation and maintenance of Perpetual’s risk management program. Regular reports are received by both the board and the Audit Risk and Compliance Committee from management on risk matters throughout the year.

Perpetual's risk framework also includes an internal audit function which reports to the Chief Risk Officer and is independent from the external auditor. Each of the Chief Risk Officer, Chief Financial Officer and the Head of Internal Audit has the right to meet with the Audit Risk and Compliance Committee in the absence of management. The Audit Risk and Compliance Committee reviews the annual Internal Audit Plan and also reviews reports issued by the Head of Internal Audit.

Perpetual has specific policies and processes which deal with the key areas of business risk, financial risk and compliance risk. These policies cover areas such as information security, business continuity, compliance and regulatory obligations, business operations, human resources requirements and occupational health and safety. View details of Perpetual’s risk management framework.

Audit process

The group's financial accounts are subject to an annual audit by an independent, professional auditor, who also reviews the group's half-yearly financial statements. The Audit Risk and Compliance Committee oversees this process on behalf of the board.

The auditor attends each meeting of the committee, and it is the committee's policy to meet with the auditor for part of these meetings in the absence of all management executives. The committee chairman meets with our audit partner usually once every quarter also in the absence of executives. The auditor has a standing invitation to meet with the committee, its chairman or with the group's chairman in the absence of management.

The auditor attends board meetings at which annual and half-yearly accounts are adopted. For part of these meetings, the board has discussions with the auditor in the absence of executives. In addition, the auditor attends the annual general meeting for the purpose of answering shareholder questions about the audit report and audit process.

Auditor independence

The board has in place processes to help ensure independence of the group's external auditor. Those processes include the following:

The group's audit is tendered at least every seven years and after the fifth year, the board must make a positive decision each year to retain existing arrangements;
The audit partner is rotated at least every five years, with a two year gap before a partner may be reappointed; and
Former audit partners and audit firm employees involved in our audit cannot become directors or employees of group companies for at least two years.

In addition, our policies prohibit our external audit firm being engaged to provide non-audit services that may materially conflict with its ability to exercise objective and impartial judgment on issues that may arise within our audit, such as services related to mergers and acquisitions, tax planning and strategy, senior management recruitment, significant valuations and appraisals, design and implementation of financial information systems.

The current external auditor is KPMG.