Risk Management and Internal Compliance and Control

Management determines the Company’s risk profile and is responsible for overseeing and approving risk management strategy and policies, internal compliance and internal control. The Company’s process of risk management and internal compliance and control includes:

  1. Establishing the Company’s goals and objective, and implementing and monitoring strategies and policies to achieve these goals and objectives;

  2. Continuously identifying and reacting to risks that might impact upon the achievement of the Company’s goals and objectives and monitoring the environment for emerging factors and trends that affect these risks;

  3. Formulating risk management strategies to manage identified risks and designing and implementing appropriate risk management policies and internal controls; and

  4. Monitoring the performance of and continuously improving the effectiveness of, risk management systems and internal compliance and controls, including an ongoing assessment of the effectiveness of risk management and internal compliance and control.

Within the identified risk profile of the Company, comprehensive practices are in place that are directed towards achieving the following objectives:

  1. Effectiveness and efficiency in the use of the Company’s resources;

  2. Compliance with applicable laws and regulations; and

  3. Preparation of reliable published financial information.

The Board oversees an ongoing assessment of the effectiveness of risk management and internal compliance and control.

The responsibility for undertaking and assessing risk management and internal control effectiveness is delegated to management. Management is required by the Board to report back on the efficiency and effectiveness of risk management by benchmarking the Company’s performance against industry standards (among other things).

The risk profile of the Company contains both financial and non-financial factors including material risks arising from price escalations, competitive position, operational efficiency, human resources, fuel prices, product quality, and investments in new projects.

To mitigate these risks, the Company has in place a broad range of risk management policies and procedures, including long term negotiated sales contracts, competent management, a comprehensive management information system, an experienced Board, monthly Board meetings, six monthly financial and internal audits, rigorous appraisal of new investments, advisers familiar with the Company and an internal audit function.

Management is responsible for the ongoing management of risk with standing instructions to appraise the Board of changing circumstances within the Company and within the international business environment.


This policy is reviewed every two years.

Return to Diploma Group Corporate Governance.