• Home
• About BlueScope Steel
  • Our Vision and Values
  • Board of Directors
  • Executive Leadership Team
  • Our Company
  • Our History
  • Student Information
  • Contact Us
• Investors
  • Share Price Data
  • ASX Announcements
  • Investor Calendar
  • Shareholder Services
  • Dividends
  • Annual Reports
  • Financial Reports
  • Financial / Production History
  • Presentations
  • Annual General Meeting
  • Investor FAQs
• Products & Customers
  • Our Brands
  • Australia & New Zealand
  • North Asia
  • South East Asia
  • South Asia
  • Oceania
  • Products in Other Countries
  • Sporting Infrastructure
  • Customer Centre
• News & Media
  • ASX Announcements
  • Company News
  • Publications
  • Advertisements
• Responsibilities
  • Corporate Governance
  • HSEC Policy
  • Health and Safety
  • Environment
  • Community
  • CSE Reports
• Careers

Risk Management Policy and Internal Compliance and Control System - Overview

BlueScope Steel has a number of policies on risk management, as well as a related internal compliance and control system.

Set out below is a summary only of some of the features of the risk management policies and internal compliance and control system.

Risk Management Policy

There are a range of specific risks that have the potential to have an adverse impact on BlueScope Steel's business. 

Financial risk: The Board has adopted a number of financial risk policies which address market price risk, liquidity risk, credit risk and corporate and bank guarantees.

Business risk: A range of policies and procedures deal with specific business risks, including:

• delegation of Authority policy and guiding principles;
• capital investment tollgate processes;
• Guide to Business Conduct; and
• litigation reporting.

Operational risk: Policies for operational risk have been developed, including:

• Health, Safety and Environment;
• asset protection and operational security; and
• insurance.

Procedures exist to monitor risk, with ultimate reporting to the Board, through either the Audit and Risk Committee for financial and business risk and the Managing Director and Chief Executive Officer for operational risk. 

Internal Compliance and Control

The Board ultimately has responsibility for internal compliance and control.  The Audit and Risk Committee has responsibility for ensuring that internal control systems are in place to monitor and manage risk.

In addition to the risk management policies noted above, BlueScope Steel has an internal compliance and control system based on the following:

• a comprehensive internal audit program;
• a financial reporting control system that aims to ensure that financial reporting is both accurate and timely; and
• the Business Conduct Panel. 

Internal Audit

The Audit and Risk Committee is responsible for approving the appointment of the internal auditor and approving the annual internal audit plan.  Additionally, the Audit and Risk Committee meets with internal auditor on a regular basis  without management being present. 

PricewaterhouseCoopers currently provide the internal audit services and are independent from BlueScope Steel's external auditor, Ernst & Young.

Financial reporting control systems

BlueScope Steel has a number of financial control processes to ensure that the information that is presented to senior management and the Board is both accurate and timely.  The control processes include, among other things:

• annual audit and half year review by the external auditor;
• internal audit program to review the quality and effectiveness of internal processes, procedures and controls;
• management review of the balance sheet and internal control environment;
• monthly review of financial performance compared to budget and forecast;
• ongoing monitoring of accounting policy to ensure consistent application across all BlueScope Steel entities; and
• analysis of financial performance and significant balance sheet items to comparative periods.

Compliance with BlueScope Steel Policies and Standards

As part of the compliance and reporting framework described in the Summary of the Guide to Business Conduct, BlueScope Steel has established the Business Conduct Panel to monitor and receive reports concerning instances of non-compliance with BlueScope Steel's standards and policies.

Serious breaches of BlueScope Steel standards and policies are monitored by the Business Conduct Panel and, where necessary, reported to the Audit and Risk Committee (or the Health, Safety and Environment Committee) for further action.

Responsibilities

• Corporate Governance
  • Board Charter - Summary
  • Audit and Risk Committee Charter
  • Nomination Committee Charter - Summary
  • Remuneration and Organisation Committee Charter - Summary
  • Health Safety and Environment Committee Charter - Summary
  • Procedure for Selection and Appointment of New Directors - Summary
  • Guide to Business Conduct - Summary
  • Securities Trading Policy - Summary
  • External Auditor Selection and Rotation Policy - Summary
  • Continuous Disclosure Policy - Summary
  • Shareholder Communication Strategy
  • Risk Management Policy and Internal Compliance and Control System - Overview
  • Performance Evaluation - Overview
  • Delegation of Authority Policy
  • Director Independence Policy
• HSEC Policy
• Health and Safety
• Environment
• Community
• CSE Reports