Risk management

In February 2014, in line with APRA requirements, the Audit, Risk Management and Compliance Committee (ARMCC) was replaced by the Audit Committee (AC) and the Risk Committee (RC). In October 2013, IAG appointed a Group Chief Risk Officer (CRO) reporting to the CEO. The CRO oversees risk activities across IAG and is supported by a governance and risk function and divisional risk and compliance functions.  Further details on risk management at IAG are included in the notes to the Financial Statements.

On this page:

• Risk Committee
• Review risk management framework
• Internal audit function 
• Economic, Environmental and social sustainability risk
   

Risk Committee

The RC comprises only Non-Executive Directors and all the Non-Executive Directors are members of the Risk Committee. Individual names are set out in the Risk Committees section of the Board Committees page on this site. 

The RC is supported in its oversight of risk by a series of divisional Executive Risk and Governance forums. The RC assists the Board to discharge its responsibility to exercise due care, skill and diligence regarding:

• effective management of material risks to which IAG is exposed and oversight of risk management and control systems for adequacy and effective function;
• monitoring IAG's compliance with the Group Risk Management Strategy (Group RMS), Group Reinsurance Risk Management Strategy (Group REMS) and other governance and risk related Group Policies identified in the Group RMS;
• effective operation and management of compliance systems and to help ensure compliance with the requirements of applicable laws, regulations, industry codes, listing authorities' rules and organisational policies and standards;
• oversight of the Group's risk management and governance frameworks; and
• safeguarding the independence of the CRO, the Group General Manager Risk and Governance and Chief Actuary.

The RC met five times during the reporting period and member attendance at each meeting can be found in the Directors' Report.  The RC Charter, which provides details of the RC's responsibilities, is available in the Risk Committee area of the Board Committees page on this site.

Review risk management framework

The RC assists the Board in discharging its risk management responsibilities and has oversight of the Group’s risk management and governance frameworks and material risks to which the Group is exposed.  The RC reviews and endorses IAG's risk management policy and is satisfied that the governance frameworks in place are effective, remain appropriate and are operationally sound.  The Board receives information on risk matters of particular significance and regular updates from the Chairman of the RC.

IAG's Group Risk and Governance function provides regular reports to the RC on the operation of IAG's risk management framework, the status of key risks, risk and compliance incidents and risk framework changes.   Divisional risk and compliance functions also report regularly to divisional committees.

The RC considers IAG’s enterprise risk profile, risk appetite and core risk documents on an annual basis.  In addition, business Executives are required to attend and report to the RC on the effectiveness of the risk management frameworks embedded in their respective business divisions.

At an Executive level, risk management is delegated to the Group CEO who is assisted in discharging risk management responsibilities by the IAG Executive Risk Committee (ERCO) and the Asset and Liability Committee (ALCO).  ERCO operates in accordance with its Charter and with delegations from the Group CEO, who is ERCO’s Chairman.  ERCO oversees the development and implementation of IAG’s risk management framework and governance arrangements in respect of operational, insurance and strategic risk.  ERCO comprises the divisional CEOs, the Group CRO and the Group General Manager Risk and Governance.  ALCO oversees financial risks (such as reinsurance and capital) and some aspects of insurance risk.  ALCO operates in accordance with its charter and comprises the Group CEO and Group CFO and Group General Managers involved in the management of financial related risks.

IAG operates a “Three Lines of Defence” approach to risk management.  The First line (risk owners) own their risks and their management.  The Second line (risk advisers) is typically the risk and associated functions and the Third line is the independent audit functions.

As risk owners all Group Executives are responsible for:

• implementation of Board-approved policies;
• overseeing the ongoing implementation of, and compliance with, the Group's RMS, REMS, business insurance licences, internal control system and monitoring IAG's risks;
• authorising capital allocation to major projects within financial delegation limits approved by the CEO and Board;
• conducting periodic financial performance reviews of the business divisions;
• reviewing performance in the areas of health, safety, environment and community;
• reviewing the effectiveness of governance practices established at the business division level;
• reviewing human resource performance and reward strategies;
• promoting and reinforcing IAG's risk management culture;
• reviewing corporate strategies and the performance of IAG and its business divisions compared to budgets and corporate plans;
• formulating recommendations to the Board concerning issues related to capital management and risk management, including reinsurance, credit risk and asset allocation;
• conducting periodic financial performance reviews of IAG's businesses; and
• reviewing the effectiveness of governance practices established at the IAG level.

Internal audit function 

The Board has established the Group Internal Audit function as a key component of IAG's governance framework.  The Group Internal Audit function's objective is to evaluate and improve the effectiveness of internal controls, governance processes and overall risk management, via its independent and objective review program and to:

• provide assurance to the Board that IAG's financial and operational controls designed to manage the Group's risks and regulatory obligations, and achieve its objectives, are operating in an efficient, effective and ethical manner; and
• assist management in improving IAG's business performance.

The Group General Manager, Internal Audit reports functionally to the AC and administratively to the Group CRO, with direct access to the CEO and the AC.

Economic, environmental and social sustainability risk

Economic, environmental and social sustainability risks are identified and managed as part of IAG’s enterprise‑wide risk management framework and are overseen by the Board.  Through risk profiling and ongoing trend analysis, information on these risks is collected and reported to the Group Leadership Team (GLT) and Board and used to update IAG's strategy at appropriate intervals.  This is supported by IAG's annual materiality process and engagement with IAG's Safer Communities Steering Committee to identify and develop mitigation approaches to these risks.

IAG’s exposure to economic, environmental and social sustainability risks and opportunities is managed by relevant parts of the business and supported by IAG's Safer Communities team, a team of shared value and sustainability subject matter experts.  Sustainability performance is formally reported to the Board annually, with ad hoc updates as required.

The Consumer Advisory Board and Ethics Committee include external stakeholders, such as consumer groups, and provide an important external input into the understanding and management of economic, environmental and social sustainability risk.  The Safer Communities Steering Committee is an internal governance body that supports the Group Executive, People, Performance and Reputation to shape IAG's response to risks through its approach to shared value, sustainability and broader community activity.  The Safer Communities Steering Committee fulfils the role of a sustainability committee for IAG.  It meets at least quarterly, is chaired by the Group Executive, People, Performance and Reputation, and comprises senior leaders from across the business, including the Chief Strategy and Innovation Officer.

Each year a materiality assessment is undertaken to help guide IAG's shared value and sustainability approach and ensure its reporting addresses risks and opportunities with the greatest importance to IAG's stakeholders and business.  An extensive assessment and stakeholder engagement process supports IAG in the finalisation of the material issues, which are signed off by the Group Executive, People, Performance and Reputation and included in the IAG Annual Review and Safer Communities Report.

IAG has a safer communities business plan that guides decision‑making and ensures value is being created for both the community and IAG. This IAG‑wide business plan defines focus areas and outcomes that support IAG's commitment to help communities and people to be more resilient and increasingly feel they are ready for anything.  IAG's sustainability performance is managed within this business plan and supported by a number of policies and position statements including IAG’s Public Policy Position on Climate Change, Customer Equity Framework and the Social and Environmental Framework. 

IAG is a signatory to several voluntary principles‑based frameworks which guide the integration of environmental, social and governance (ESG) considerations into its business practices.  These include the United Nations Environment Programme ‑ Finance Initiative (UNEP FI) Principles for Sustainable Insurance and the Principles for Responsible Investment.  IAG is a signatory to the Geneva Association's Climate Risk Statement and a founding member of the Australian Sustainable Finance Initiative, which is a cross‑industry collaboration established to enable the financial services sector to contribute more systematically to the transition to a more resilient and sustainable economy, consistent with global goals such as the United Nations Sustainable Development Goals, the Sendai Framework for Disaster Risk Reduction and the Paris Agreement on climate change.

Climate change has been identified as a key enterprise risk and work has been done on implementation and monitoring of business controls and their effectiveness overseen by the Climate Risks and Opportunities Steering Committee (see Climate Risk section for more details).

Respect for human rights underpins IAG’s purpose and its conduct as an ethical and responsible business.  IAG respects and supports the UN Guiding Principles on Business and Human Rights and all internationally recognised human rights standards – understood, at a minimum, as the International Bill of Human Rights and the International Labour Organization (ILO) Declaration on Fundamental Principles and Rights at Work.

IAG addresses Human Rights and Modern Slavery legislative requirements across its business, including in its procurement, asset management and human resources business units.  IAG’s Procurement Policy and Supplier Code of Conduct, which was launched this year, addresses Human Rights and Modern Slavery, and supports practical management of these important issues across IAG’s business.  IAG’s first Modern Slavery Statement will be published during the 2021 financial year, in line with relevant regulatory frameworks.