Enterprise Risk Management Policy

Purpose and Scope

Enterprise Risk Management (“ERM”) helps an entity identify, prioritise and focus on those risks that may prevent value from being created, preserved and realised or that may erode existing value for Valeura and its stakeholders.

This policy establishes responsibilities and reporting requirements for governing ERM activities at Valeura.  ERM activities should be proportionate to the level of risk the organisation faces and aligned with other strategic and operational activities within the Company. ERM activities are embedded within the Company and must be dynamic and responsive to emerging and changing risks and changes to the context in which the Company operates.


The Board is responsible for:

  • ERM overall and providing risk management oversight for the Company.
  • delegating responsibilities to Management and Board committees as appropriate.
  • ensuring this policy is adequate to address ERM activities at the Company.
  • setting risk appetite levels.
  • approving the framework for assessing, evaluating and reporting on risks.
  • reviewing risk assessments, mitigation plans and other reporting.
  • reviewing this Policy, the Framework and risk appetite on an annual basis.

The CEO is the executive sponsor of the ERM program and is responsible for:

  • establishing the Company’s ERM program
  • implementing risk management policies and activities to manage key risks.
  • assigning a Risk Manager and delegating responsibility for managing ERM policies, record keeping and reporting.
  • delegating responsibility for managing individual risks and mitigation activities.

Management is responsible for:

  • identifying and assessing risks for the Company.
  • formulating mitigation plans.
  • management of risks, including mitigation plans and activities, within their function.
  • recommending risk tolerance levels to the Board.
  • reporting on ERM processes and findings.

The Risk Manager is responsible for:

  • monitoring compliance with the Policy and Framework.
  • maintaining the Policy and Framework and making recommendations for necessary updates during the Board’s annual review.
  • Implementing and administering the ERM processes.
  • reporting to the Board on risk management activities.


Management, through the Risk Manager, will report to the board annually on the following items.  Significant risks are those with a mitigated risk score of high or extreme:

  • the Portfolio of risks identified by management
  • the level of risk face be the Company in relation to the defined risk appetite
  • significant risks, and any that exceed risk appetite
  • timeframe and status of mitigation plans for significant risks
  • general risk climate for the Company
  • assessment of the operation of the Policy and Framework and any recommended changes

On a quarterly basis Management will report to the board on:

  • the status of mitigation plans for significant risks
  • any new or emerging significant risks


The Board will review this policy at least annually.

Related Documents

The Risk Framework provides the guidelines and criteria for assessing risk.

The Risk Appetite Statement provides the Board’s guidance on the total exposed amount of risk that the organisation wishes to undertake.