Risk is an event that could inhibit an organisation's ability to achieve its strategic objectives. The manner in which the Board and Executive management choose to respond, establishes the organisation's risk management philosophy and culture.
The Board has overall responsibility for the adoption, oversight and reporting of our risk management framework. Growthpoint's Enterprise Risk Management framework encompasses four categories:
• Strategic risk
• Operations risk
• Reporting risk
• Compliance risk
Growthpoint has adopted the COSO ERM Integrated Framework as a means of managing its risks.
The Risk Management Committee currently comprises four non-executive directors and the Board's Chairman attends all meetings by standing invitation. Growthpoint has adopted the Committee of Sponsoring Organisations' "Enterprise Risk Management (ERM) – Integrated Framework", to manage our strategic risk.
Through this approach, the ERM process is effected by the Board of Directors, management and other personnel. Applied in strategy setting and across the enterprise, it is designed to identify potential events that may affect us, to manage risks to be within our risk appetite and to provide reasonable assurance regarding the achievement of our objectives. The Board has overall responsibility for the adoption, oversight and reporting of our risk management framework and is assisted by the Risk Management Committee. Our ERM framework encompasses four categories:
The risk philosophy and culture adopted by Growthpoint is influenced by its vision, mission, objectives and values. The extent of risk that the Board and Executive management are willing to accept and the level of deviation from that risk determine the company's risk appetite and risk tolerance.
Potential strategic risks are identified annually by management. The Risk Management Committee can however, add additional risks, reassess existing risks or removes risks during the financial year.
These risks are assessed in terms of their probability and impact, and an appropriate response determined to mitigate the risk if and when it arises. The Risk Management Committee is appraised quarterly of the metrics used to monitor those risks that management have opted to control.
Executive and operational management are responsible for establishing and maintain systems of internal control within the various business processes.
Internal Audit assists management in assessing whether or not the systems of internal control are adequate and effective by performing reviews. The results of these reviews are reported quarterly to the Audit Committee.