Go to top of page

Our risk management framework

The Board has oversight of ARPC’s corporate governance arrangements and is responsible for monitoring ARPC’s Risk Management function under the PGPA Act. The Board is responsible for setting ARPC’s risk appetite and reviews the RATS annually. Administration of the risk framework, including review of risks and controls, preparation of the Board report, and identification of emerging risks lies with management, specifically the Enterprise Risk and Crisis Response team. Oversight of the Risk Management function is provided by management to the Board, through the Risk Report and any changes to the risk register, which are formally presented four times a year for noting.

ARPC’s five strategic priorities provide the basis for the risk framework below, with each risk tolerance statement in the RATS relating to a strategic priority. Underlying the framework are the risk and control registers, which outline financial, strategic and operational risks facing ARPC, as well as the controls and procedures in place to mitigate these risks. The Key Risk Indicator (KRI) Report is used to measure ARPC’s risk exposure and outlines 27 risk indicators mapped to risks in the risk register. In addition, the risk management framework is supported by regular risk review meetings held with senior management, as well as compliance testing performed over key processes at ARPC, designed to address gaps in the strategic internal audit plan.

Overview of ARPC’s Risk framework Overview of ARPC’s Risk framework