The effective management of risk and opportunity is essential to Fortescue’s success and future growth. The challenges of rapid growth, including the future expectations of stakeholders, are evident in all parts of the business. As an emerging major player in the global iron ore market, we have developed a structured approach to the management of risk across the whole business. In essence, our approach means that all material business risks are assigned to the relevant business unit for management and accountability. This means that our central risk management team is focused on working with each part of the business to assist them to better manage their risks and to align efforts across the business as a whole to facilitate the whole of business view of risk.
Our Risk Management Programme (RMP) provides the structure within which we do this. Our RMP is comprised of six standards which are the key drivers for identification, evaluation and rating of risk. In addition, the standards provide the context in which we identify and evaluate risk control activity. The RMP sets a framework which aligns risk management activity at all levels of the business.
The two key forums for risk management at Fortescue are:
- The Audit & Risk Management Committee (ARMC), and
- The Risk Management Steering Group (RMSG)
The ARMC is a Committee of the Board (majority independent members) with its own Charter. The ARMC is responsible for establishing the risk management framework and policy, monitoring risk management activity, changes in the risk profile of the business at a whole of business level and the control environment. More information about the ARMC’s role with regard to risk management is set out under a separate section in this site.
The RMSG is the key management forum for considering risk activity across the business, including compliance with the requirements of the ARMC. RMSG has its own Charter and is comprised of the most senior executives in the business. A key focus for the RMSG is the work plan of the Enterprise Risk Function, such plan being approved annually by the ARMC. The Group Manager Risk is responsible for delivery of the plan and has a reporting responsibility to the RMSG. The RMSG also oversees management of risk within each business unit to ensure that all material business risks are owned and that risk management activity drives down residual risk to acceptable levels.