RISK MANAGEMENT AND OVERSIGHTThe Perpetual Board (the Board) has the responsibility and commitment to monitor that the organisation has a framework in place to manage risk. The Board’s commitment is reflected through the establishment of, and investment in the Perpetual Group Risk, Group Compliance and Internal Audit functions, led by the Chief Financial Officer. The Chief Financial Officer has the mandate to design and implement this Risk Management Framework (RMF). This commitment is further demonstrated by the role of the Audit, Risk & Compliance Committee (ARCC), a Board Committee which has responsibility for overseeing the design and effectiveness of the RMF.
Perpetual's approach to risk management is integrated across business functions and processes with all executives accountable for managing risk within their area of responsibility as part of their business objectives.
The Board is responsible for monitoring that management has an appropriate framework in place to ensure compliance with regulatory, prudential, legal and ethical standards. The Board reviews Perpetual’s key risks, mitigants, action plans and risk ratings as part of its annual strategic planning process in March and the Board undertakes a further review of key risks during the course of the year. The Board’s review of key risks is underpinned by facilitated workshops coordinated by Group Risk. The workshops promote open discussion between management and Group Risk enabling key risks, controls and any weaknesses or gaps to be identified and managed.
The Board’s expectations regarding the consideration of risk in decision making processes and expected behaviours are outlined in Perpetual’s Risk Appetite Statement (RAS).
The ARCC oversees the implementation and maintenance of the RMF. Regular reports are received by both the Board and the ARCC from management on risk matters throughout the year.
Perpetual's RMF also includes an Internal Audit function which reports to the Chair of the ARCC, and for administrative purposes, the Chief Risk Officer and is independent from the external auditor. Each of the Chief Risk Officer, Chief Financial Officer and the Head of Internal Audit has the right to meet with the ARCC in the absence of management. The ARCC reviews the annual Internal Audit Plan and also reviews reports issued by the Head of Internal Audit.
Perpetual has specific policies and processes which deal with the key areas of business risk, financial risk and compliance risk. These policies cover areas such as information security, business continuity, compliance and regulatory obligations, business operations, human resources requirements and occupational health and safety. View details of Perpetual’s risk management framework.
AUDIT PROCESSThe Group's financial accounts are subject to an annual audit by an independent, professional external auditor, who also reviews the Group's half-yearly financial statements. The Audit, Risk and Compliance Committee (ARCC) oversees this process on behalf of the Board.
The auditor attends each meetings of the ARCC, and it is the ARCC's policy to meet with the auditor for most of these meetings in the absence of all management executives. The ARCC Chair meets with our audit partner usually once every quarter also in the absence of executives. The auditor has a standing invitation to meet with the ARCC, its Chair or with the Chair of the Group Board in the absence of management.
The auditor attends board meetings at which annual and half-yearly accounts are adopted. For part of these meetings, the Board has discussions with the auditor in the absence of executives. In addition, the auditor attends the annual general meeting for the purpose of answering shareholder questions about the audit report and audit process.
The Board has in place processes to help ensure independence of the Group's external auditor. These processes include the following:
- a formal review of the appointed auditor every 5 years, to be timed during the middle of the lead partner’s tenure. The results of the review are reported to the Audit Risk and Compliance Committee (ARCC) and the Board;
- an annual review of the external audit firm’s fees and performance, the results of which are reported to the ARCC and the Board;
- the lead audit partner on each Perpetual audit must be rotated at least every five years, with a two year gap before a partner may be reappointed; and
- former audit partners and audit firm employees involved in our audit cannot become directors or employees of Perpetual Group companies for at least two years.
In addition, our policies prohibit our external audit firm being engaged to provide non-audit services that may materially conflict with its ability to exercise objective and impartial judgment on issues that may arise within our audit, such as services related to mergers and acquisitions, tax planning and strategy, senior management recruitment, significant valuations and appraisals, and design and implementation of financial information systems.
The current external auditor is KPMG.