RISK MANAGEMENT
Risk management and internal control is integrated into all activities and levels of Spring Energy.
Internal controls take a variety of forms as appropriate to the circumstances but are designed to detect weaknesses in the system and provide appropriate information to management to allow for proper and timely management action.
Each year, the Company undertakes both a top-down (driven by the Board) and a bottom-up (driven by the business areas and operations) evaluation of the risk environment.
The assessment process is action oriented and designed to identify:
- Material risks the Company is exposed to
- What the Company does to mitigate risks
- Whether additional measures are necessary to reduce the risk to an acceptable level
Risks identified in the process are prioritised, and appropriate actions are formalised and implemented through the business management system.
Key control elements are subjected to independent monitoring.
As the risk environment evolves over time the business management system continuously identifies new and emerging risks, and ensures evaluation, mitigation and reporting to the appropriate level, and if necessary, all the way to the Board.
Risk management and internal control in Spring Energy is based on the Enterprise Risk Management (ERM) framework by the Commission of Sponsoring Organisations of the Treadway Commission (COSO). COSO provides a disciplined and consistent standard against which to implement and assess a company’s ERM programme. The standard is a widely accepted framework for internal control and risk assessment.
RISK MONITORING AND CONTROL - DESIGN AND IMPLEMENTATION OF SYSTEM
