Risk Management & Mitigation

Rationale

Risk influences every aspect of Investa Property Group's (IPG) business. Understanding the risks we face and managing them appropriately will enhance our ability to make better decisions, deliver on objectives and subsequently improve performance.

Each of our stakeholders has made an investment in our business and by doing so accept that, in order to be successful, we must take risks. In return they expect us to manage risk to an acceptable level and to take risks knowingly.

IPG views the management of risks to its people, assets and all aspects of its operations as a fundamental responsibility. It is committed to upholding its corporate and legal obligations by implementing and maintaining a level of risk management that protects and supports these responsibilities. IPG will instil a culture of risk management throughout the organisation by ensuring that it is a top priority in all day-to-day operations and investment decisions, by the actions of the Managing Director and other Senior Managers in reinforcing its importance and by incorporating it into the personal objectives of each employee.

Objective

IPG's objective is to be the best among its peer organisations at identifying and managing risk. IPG will:

  • Take informed and considered risks; and
  • Take a strategic and consistent approach to managing risk across IPG through the introduction of a risk management framework and associated activities that will assist in the creation and protection of value.

Policy

To realise our risk management objective, IPG will:

  • Identify and assess risks to our business objectives and understand how such risks influence performance;
  • Ensure that an appropriate risk management framework is in place, that it is aligned to our business strategy and that it evolves with our business;
  • Support the framework and strategy with an appropriate organisational structure and ensure that associated responsibilities are clearly defined and communicated at all levels;
  • Ensure that risk information is communicated through a clear and robust reporting structure; and
  • Integrate ongoing risk management activities within the business.

The proper administration of this policy will contribute to sustaining value for stakeholders, including security holders, tenants, managed funds and employees.

Scope

This policy is applicable to all areas of IPG operations without exclusion and all IPG personnel and associates.

We recognise that risk management is a process that extends to our business partners. Whilst it is difficult to enforce our risk management principles on our suppliers, customers and other stakeholders, we will always seek to influence their activities where possible.

Programs

Risk management programs will exist to address both corporate governance and financial/operational risk management issues. These are outlined in IPG's Risk Management Guide.

Responsibility

  • The IPG Board
    The IPG Board is ultimately responsible for risk management in IPG and for communicating the requirements of this policy. The IPG Board must satisfy itself that significant risks faced by the Group are being managed appropriately and that the system of risk management within IPG is robust enough to respond to changes in our business environment. The IPG Board will also ensure that there is an appropriate organisation and reporting structure in place to support the delivery of this policy on an ongoing basis. The IPG Board will, amongst other things, rely on assessments and reports of the Audit & Risk Management Committee in discharging these responsibilities.

  • The Risk Management Committee (RMC)
    The RMC is responsible for the oversight of the continuous development of risk management policy in IPG and for reviewing the implementation of risk management in compliance with the principles established. The Committee reviews the adequacy and effectiveness of risk management at IPG, reviews and approves internal and external audit plans and monitors risk reporting. The Committee will provide regular reports to the Board on its activities in monitoring the risk management framework and will make recommendations on amendments and improvements to the system of risk management.

  • The Managing Director (MD)
    The MD is responsible for overall risk management leadership, policy and program implementation. The Company Secretary will support the MD in discharging these responsibilities and is responsible for providing appropriate risk management resources to guide and support all IPG personnel in maintaining the risk management framework and the risk register. The Company Secretary is also responsible for coordinating the regular reporting to the RMC.

  • Management
    Senior Managers and the Chief Financial Officer are responsible for the implementation of the risk management process across their respective groups. This includes identifying and evaluating risks within their area of responsibility, implementing agreed actions to manage risks, reporting any activity or circumstances that may give rise to new or changed risks and monitoring the effectiveness of mitigation strategies. Senior Managers are also responsible for communicating the intent of the risk management policy and all other related policies to all staff under their control, and for ensuring their staff actively participate in the identification and management of risk.

  • Employees
    All employees have a general duty of care and are responsible for complying with requests from management in connection with the application of this policy. Through appropriate preventative action, all reasonable care should be taken to prevent loss and to make sure that IPG operations, reputation and assets are not adversely affected.

  • The Due Diligence (DD) Committee
    The DD Committee is responsible for reviewing all risks associated with business acquisition proposals, proposals to purchase real property or investment properties, post acquisition performance of assets, assumptions adopted in conjunction with acquisition analyses, policies where a conflict of interest may exist and offer documents such as prospectuses. The DD Committee reports to and makes recommendation to the Board on these activities prior to the Board making investment decisions.

  • Internal Audit
    Internal Audit provides assurance to the IPG RMC on the effectiveness of the internal control procedures and mechanisms in place to mitigate risks across the Group, that risks are being adequately/appropriately identified and that the principles and requirements of managing risk are consistently adopted throughout IPG. Internal Audit also recommends improvements to the system of risk management.