Our risk management framework addresses all significant risks and implements a bottom-up top-down approach.
While our board of directors has delegated its responsibility for risk management to the audit and risk committees, it still retains ultimate accountability for the governance of risks, which potentially impact on Octodec’s ability to achieve its business objectives.
As part of the risk management framework, all internal stakeholders, including the board of directors are consulted and a risk register is prepared. The risks identified are managed in terms of effective control systems and within risk tolerance levels established by the board of directors.
The risk management framework clearly defines Octodec’s risk management philosophy and encourages and inculcates a risk management culture throughout the company and within City Property, which manages these risks on Octodec’s behalf.
This risk management culture involves the identification and monitoring of risks from three different angles. The first resides at business level, where each of City Property’s departments have their own risk registers through which they actively identify, monitor and manage the risks for which they are responsible.
The second is the risk management function, which sets the tone for risk management and provides the framework for the identification and mitigation of risks in everyday processes, and the third comprises of the assurance providers, being our internal auditors (KPMG) and external auditors (Deloitte & Touche), who collect information, evaluate the risks and express an opinion on the effectiveness of the process.
The risk register is presented to the Octodec’s risk and audit committees and to the board of directors.
Our use of a combined risk management assurance model has two important aims: to provide the board of directors and its committees with oversight of Octodec’s risk management activities and to embed the culture and practice of risk management in the day-to-day activities of the business.