NOTE 3. RISK MANAGEMENT
A. RISK MANAGEMENT FRAMEWORK
The Group Chief Risk Officer oversees risk management across the Group. IAG has a Group Risk and Governance function responsible
for setting risk strategy, the development of IAG's risk management framework, policies and standards and providing advice to the IAG
Executives and Board. Divisional Risk & Compliance teams deploy the risk management framework within their division. Application
of the risk management framework provides reasonable assurance the Group’s material risks are prudently and soundly managed.
IAG acknowledges all business activity entails risk. The Group mitigates this by focusing on the management of risk, not the avoidance
of risk. The framework is outlined in IAG's written Risk Management Strategy (RMS), which is in accordance with the Australian
Prudential Regulation Authority (APRA) prudential standards.
The RMS:
is a high level, strategic document that articulates the risk management framework;
references other key documents and elements of the risk management framework; and
may be a key input into how regulators understand and assess the approach to risk management.
Compliance with the RMS is incorporated into the twice yearly declarations provided by Executives and senior management to the
Board.
The RMS includes clearly defined roles and responsibilities, details of the Group level risk management-related policies and the key
processes to identify, assess, monitor, report on and mitigate material risk. Group policies for the management of risk are to be
applied by all controlled entities consistently across the Group and take into consideration local circumstances in non-Australian
jurisdictions. These policies are supported by associated Group frameworks and processes and Divisional processes.
The risk management framework is regularly reviewed so it remains appropriate and effective. The Group has an internal audit
function which reviews various aspects of the risk management framework application in the business divisions.
The RMS is updated annually, or as required, and is approved by the Board, and resubmitted to APRA subsequent to material change.
A Corporate Plan is also submitted to APRA after each annual review or following material change.
In addition to the RMS, the Group's risk framework includes the following documents:
Reinsurance Management Strategy (REMS) - comprises key elements of the reinsurance management framework, processes for
setting and monitoring the insurance concentration risk charge (ICRC), processes for selecting, implementing, monitoring and
reviewing reinsurance arrangements and identification of roles and responsibilities of those charged with managerial
responsibility for the reinsurance management framework. The REMS is in accordance with the prudential standards issued by
APRA. The REMS is updated annually and approved by the Board.
Group Risk Appetite Statement (RAS) – the Group RAS, together with the associated metrics, articulates the levels, boundaries
and nature of risk the Board is willing to accept in pursuit of IAG’s strategic objectives.
Internal Capital Adequacy Assessment Process (ICAAP) – the ICAAP Summary Statement is a component of IAG’s risk
management framework summarising the Group’s risk assessment and processes for capital management, describing the
strategy for maintaining adequate capital over time. The ICAAP Annual Report is an annual report to the Board on the operation of
the ICAAP over the prior 12 months and a forward looking view. IAG’s risk management framework includes a range of capital
management initiatives and documents. Refer to the capital management note for further details.
B. RISK MANAGEMENT OVERVIEW
The risk management arrangements outlined above apply to all controlled entities within the Group. An overview of IAG's risk
management arrangements is included in the Directors' Report, with the governance arrangements and forums used to manage risk
detailed further in the Corporate Governance section of the IAG website. Refer to
for
further details.
IAG's risk model covers all three lines of defence: risk owners, risk advisers and Internal Audit. IAG adopts an enterprise approach to
risk arrangements, with five risk categories identified as follows:
RISK CATEGORIES
DEFINITION OF RISK
Strategic risk
Strategic risk may arise from the following sub-categories:
Strategic objectives: flawed strategy or the failure to meet strategic initiatives due to capital
constraints, divisional strategic misalignment, technology and other resource inhibitors;
Poor business decisions: failure to complete an appropriately detailed due diligence of the
reasonably available information before making business decisions, or failing to take the
reasonably available information into account;
Business environment changes: a lack of responsiveness to changes in the business
environment; and
Group contagion risk: the potential impact of risk events, of any nature, arising in or from
membership of the Group.
52 IAG ANNUAL REPORT 2015
