The board oversees a comprehensive risk management policy framework covering all significant business risks and strategic considerations. The underpinning processes, which seek to identify, analyse, assess and treat these risks, are consistent with the principles of the relevant Australian Standard (AS/NZS 4360).

As part of the risk management framework all business units report quarterly and provide a presentation annually to an internal Risk Management Committee on their existing and emerging risks, associated mitigation strategies and progress against their implementation. Outcomes are reported to the board Audit & Risk Committee each quarter. The most significant risks and mitigating strategies are included in the corporate plan submitted annually to shareholder ministers.

Risk identification, measurement and mitigation strategies are included in business-related proposals considered by the board. There are also a number of programs in place to manage risk in specific areas such as fraud, the environment, injury prevention and management, legislative compliance, fire-safety and emergency procedures and business continuity planning.

The potentially adverse financial impacts associated with catastrophic risk exposures are limited by the purchase of appropriate insurance cover.

The ongoing effectiveness of the corporation’s risk management framework is reviewed annually by the board. Also, to ensure best practice, independent external reviews of risk management across the corporation are commissioned periodically. The most recent such review was completed in December 2004 by Deloitte.

The corporation’s internal control framework covers multifaceted components that span intersecting control categories, control objectives, control activities and business units and processes. The framework is consistent with the model defined by the Committee of Sponsoring Organisations (COSO) of the Treadway Commission, with strategic, financial, operational and compliance elements established across the COSO internal control layers. These include financial planning and reporting, capital expenditure appraisal procedures, authority delegation, due diligence examination and procurement contract tendering, senior management review forums, extensive polices and procedures, expenditure gating, external performance reporting and corporation-wide risk management practices. Financial reporting and business systems integrity are assured through the application of detailed information technology and operating procedure manuals.

Consistent with the ASX Corporate Governance Council’s best practice recommendations (Principle 7), before adopting the 2005/06 financial statements the board received written confirmation from the managing director and the chief finance officer that the integrity of the statements was founded on a sound system of risk management and internal compliance and control.