Risk Management Policy

Introduction

This Risk Management Policy is the overarching policy statement about the role of risk management within Flight Centre and the associated responsibilities of management and staff.

Risk is defined as the chance of something occurring which will adversely (or otherwise) impact an objective. Risk management is identifying, evaluating, analysing, treating, monitoring and reviewing the risk.

Scope

The policy applies to Flight Centre and any of its subsidiaries or related bodies corporate.

Overview

Risk management is the responsibility of all employees.

Flight Centre is committed to a comprehensive and systematic approach to the effective management of potential opportunities and adverse effects.  Flight Centre’s risk management decisions and practices are made in accordance with Flight Centre’s Philosophies, which set out Flight Centre’s vision, purpose, and values.

Risk management at Flight Centre is also referred to as operating in a no-surprises environment and about making informed decisions when considering risk and reward appropriately.

Objective

This policy is a key element of Flight Centre’s Risk Management Framework, which supports an integrated and systematic approach to managing risk, in order to:

• ensure that risks faced by Flight Centre are understood and managed;
• promote a One Flight Centre approach to risk management, including a common risk language;
• instil in all staff an awareness of risk and ensure that risk is considered in decision making;
• create an environment where all Flight Centre staff assume responsibility for managing risk;
• ensure that risks to Flight Centre are appropriately monitored through documentation and review and that key treatment actions are reported to the Board on a regular basis; and
• ensure transparency in decision-making and ongoing risk management processes.

Risk Initiatives

The framework is based around the following risk initiatives:

• Risk identification – identifying significant, foreseeable risks associated with the business
• Risk evaluation – evaluating risks in terms of impact and likelihood
• Risk treatment/mitigation – developing appropriate mitigation to keep the risk within an acceptable level (risk appetite); and
• Risk monitoring and reporting – ongoing reporting, usually on an exception basis on the status of the risk in line with whether it remains within the risk appetite.

Risks are identified and evaluated against achievement of strategic objectives, as well as more operational activities.

Responsibilities

Effective risk management is a core requirement of all Flight Centre staff.

• The Board is responsible for setting and approving the risk management policy and setting the tone for risk management of the Flight Centre group.
• The task force team, EGMs and leadership teams are responsible for applying Flight Centre’s risk management policy and practices in their areas of responsibility and providing an update to the status of different risks in the group. In practice, this includes ensuring accountability and transparency of risk management.
• The Audit and Risk Committee is responsible for reporting to the Board on the effectiveness of Flight Centre’s risk, control and compliance framework and providing assurance on the preparation and review of Flight Centre’s financial statements.
• Management and staff need to be familiar with, and competent in, the application of the Flight Centre Risk Management Framework. Managers and Flight Centre staff are also responsible for Flight Centre’s compliance activities (for example, OH&S, fraud, IT security etc.) and are accountable for ensuring effective management of risks and compliance with agreed standards.
• All staff are responsible for sharing and escalating when risks are outside the agreed appetite. This is to support the no-surprises culture and ensure decisions around managing the risk are made in a risk-aware manner.
• Enterprise Risk is responsible for providing the Board and Audit & Risk Committee with advice on whether Flight Centre is operating efficiently, effectively and in accordance with relevant laws and regulations. Enterprise Risk also plays an integral role in deploying and monitoring this self assessment, in addition to using the results from this assessment in designing its internal audit plan and testing key control areas. The Enterprise Risk team reports independently on the status of these key controls to the Audit and Risk Committee.

Management and reporting

Flight Centre’s risk management capability is measured and reported on in a variety of ways, including:

Reporting on key risks by risk owners to the Board;

Scrutiny of financial and other risks by the Audit and Risk Committee;

Internal and external audits; and

A broader risk assessment also takes place over significant capital injections, joint venture or business initiatives.

Review of the Flight Centre risk management framework

Flight Centre is committed to periodic review of its risk management framework.  This commonly occurs in line with amendments to the Australian/New Zealand Standard for Risk Management.  Reviews are held no less frequently than once every year.

Flight Centre uses its risk management framework to monitor and assess entity risk.  The Audit and Risk Committee review the framework at each of its scheduled meetings (at least 3 times annually). Flight Centre will make disclosure confirming the completion of the review at half and full year releases. 

This policy is also reviewed in light of any requirements imposed by the ASX Corporate Governance Principles and Recommendations and by section 295 of the Corporations Act.

Definitions

In this policy:

Interpretation

Concepts not defined in this policy which are given a meaning in the Corporations Act have the same meaning as in the Corporations Act.

This policy was adopted by the Board at the meeting of 17 October 2014

Policy Title:

Risk Management Policy

Date:

17 October 2014

Approved:

Graham Turner, Managing Director

David Smith, Company Secretary