Investor Presentaiton slide image

Investor Presentaiton

60 60 Our material risks We continue to operate in a challenging macroeconomic environment characterised by elevated inflation, global supply chain disruptions, severe weather events and regulatory reform. A key challenge in F23 was rising cost-of-living pressures which impacted our customers and communities, and resulted in increased levels of theft and violence towards our team. Risk management oversight Below is an overview of Woolworths Group's risk governance and management. This also includes the key responsibilities of the Board and Board Committees, the Group Executive Committee, therisk community, internal audit and business leaders. The Group applies a three lines of accountability model approach to managing risk and compliance obligations. RISK LEADERSHIP The Board of Directors (with input from Audit and Finance Committee, People Committee, Risk Committee, Sustainability Committee and Nomination Committee) 61 Annual Report 2023 Woolworths Group 1 highlights Performance Sets and communicates expectations for risk management Approves Woolworths Group ways-of-working, core values and code of conduct to underpin the desired culture Satisfies itself that Woolworths Group has in place an appropriate risk management framework Sets risk appetite and provides oversight of material risk exposures and risk-taking Monitors the effectiveness of Woolworths Group governance practices 2 Business review Group Executive Committee Provides recommendations to the Board on risk policy, frameworks and Manages material risks and reporting on material risk matters risk practices Implements effective risk management in the business units 3 Directors' Report THREE LINES OF ACCOUNTABILITY As recent events have shown, sophisticated cyber attacks and data breaches have added layers of complexity to our risk landscape and, as a result, there has been a heightening of our data management and privacy risk. We continue to monitor evolving threats and refine our processes and controls as the digital environment grows. Our risks are becoming increasingly interconnected and complex, requiring a practical and straightforward risk management approach that is consistently reviewed, assessed, and where necessary, adjusted through the appropriate governance forums. Our risk management framework guides our approach to managing risks and we continue to refine by listening and learning to our customers, team, and communities. As the shape of our Group continues to change, we have embedded our risk management approach within each of our businesses and throughout the acquisition lifecycle. We are focused on equipping our teams with practical tools and frameworks that allow them to confidently make risk-informed choices, leading to better outcomes for our customers, teams, shareholders, and communities. This year we updated our Board approved risk appetite statements to better align to our strategy, operational environment and our purpose and ways-of-working. Each risk appetite statement has a Group executive sponsor (RAS Lead) who determines whether we are meeting our risk objective. We think about our risks in the following way: • Operational risks we manage as part of our daily business activities Strategic risks that should they materialise could impact our ability to deliver our strategic goals Emerging risks that could materialise over time that we would need to respond to Our most significant risks, those that if not managed effectively would have material consequences, form our material risks. For our material risks, we have taken a consistent approach to how we implement, monitor and test the effectiveness of controls, including response plans. These risks are monitored formally by one of our governance committees. For other risks, our response is determined by our risk appetite posture, taking into consideration the changing shape of the internal and external environment. Our risk approach and material risks reported have not changed compared with our disclosures contained within the 2022 Annual Report; however, there has been a heightening of our outlook with regards to data management and privacy, commensurate with the increasing reliance on technology and the digitisation of our operations. The material risks faced by our Group and the risk management approach to each of them are outlined on pages 62 to 65. Further information in relation to risk management can be found throughout the Annual Report and in the Corporate Governance Statement. Sets business direction and resolves significant enterprise risk issues 1ST LINE OF ACCOUNTABILITY Business 2ND LINE OF ACCOUNTABILITY Oversight functions 3RD LINE OF ACCOUNTABILITY Independent assurance Owns and manages risk Oversees and sets frameworks and standards. Independently monitors and provides analysis and reporting on risks and controls Provides independent assurance of frameworks and controls effectiveness Macro risk factors Climate Macro risk factors are attributes, characteristics or exposures that increase the likelihood of a risk occurring. These are closely monitored as they are a cause of many of our material risks, examples include: Cyber The material risks impacted by climate include: strategy and transformation; customer; legal, regulatory and governance; product safety; supply chain and operational resilience; and sustainability. The material risks impacted by cyber include: technology; customer; supply chain and operational resilience; privacy and data management; financial; legal, regulatory and governance; and safety, health and wellbeing. Group businesses Group platforms Group Risk Enablement People team Group Safety, Health & Wellbeing Group Legal & Compliance Group Finance Group Sustainability Internal Audit External Audit 4 Financial Report LO Other information
View entire presentation