Risk Management

Risk Management

Wesfarmers believes that good risk management practice is crucial to effectively managing operations, driving commercial outcomes and ultimately supporting the company’s objective of delivering shareholder value over the long term.

Robust, integrated and effective risk management is central to Wesfarmers’ broader governance framework and is fully supported by the Board and the Wesfarmers Leadership Team, as demonstrated through its commitment outlined in the Wesfarmers Board approved Risk Management Policy which is available in the corporate governance section of the company’s website at www.wesfarmers.com.au/cg.

The Board recognises that a values-based culture is fundamental to an effective risk management framework. Wesfarmers, through the Board, instills and promotes a culture which is underpinned by the Wesfarmers Way, including Wesfarmers’ core values of integrity, openness, accountability and entrepreneurial spirit.

Wesfarmers’ approach to risk management is aligned with the principles and requirements of International Standard ISO 31000:2018 – Risk Management Guidelines. These elements are necessary to support effective risk identification and awareness, and to support appropriate behaviours and judgements about risk-taking within the parameters and risk appetite set by the Board.

Wesfarmers has adopted a three-lines approach to risk management whereby all team members have an important role in the operation of the risk framework. The three-lines approach:

  • promotes accountable decision-making; and
  • reinforces the responsibility of divisional management and Group management in:
  • identifying, understanding and managing the risks within their respective realms of responsibility; and
  • ensuring that business operations and risk-taking remains within the risk appetite set by the Board, or that appropriate action is taken should they fall outside the risk appetite.


Risk management framework

The Wesfarmers Risk Management Framework is reviewed on an annual basis by the Board to satisfy itself that it is sound, continues to operate effectively, and that the Group is operating with due regard to the risk appetite set by the Board, or that appropriate action is taken should performance fall outside the risk appetite.

The framework was last comprehensively reviewed in December 2020 following the appointment of the Group Chief Risk Officer. The Group Risk Appetite Statement was reviewed and updated in May 2021 to reflect new and emerging risks and changing circumstances.

The framework is comprised of the following elements:

  • Group Risk Management Policy (Policy) - the Policy outlines Wesfarmers’ approach to risk management, confirms the Group’s commitment to maintaining a risk-aware culture and embedding risk management practice within operations and outlines risk management roles and responsibilities. The Policy was approved by the Board in December 2020.
  • Group Risk Appetite Statement (RAS) - the RAS outlines the Board’s appetite for risk within various categories, as well as the behaviours and mindsets it expects to be embedded in decision-making and operational practice. The RAS for the 2021 financial year was approved in June 2020, with guidance being further reviewed in December 2020.
  • An independent Board, consisting of directors possessing the required values and bringing a suitable mix of skills, experience and diversity to Board oversight and decision-making.
  • Board committees, including an Audit and Risk Committee, a Nomination Committee and a Remuneration Committee, established by the Board as standing committees, each with its own charter, to assist with the discharge of the Board’s responsibilities.
  • Divisional audit and risk committees at Bunnings, Kmart Group, Officeworks, WesCEF, and Industrial and Safety to strengthen the divisional risk management processes.
  • The Group Code of Conduct which sets out the standard of conduct expected by the Board of all persons employed by or working for the Wesfarmers Group built on the principles of honesty, integrity, fairness, respect and ethical behaviour.
  • Dedicated, suitable qualified, personnel in the second and third lines who support the design of the risk management framework and are directly responsible for risk management activities.
  • Group and divisional structures, reporting lines, immediate reporting requirements and appropriate authorities built upon Group policies which focus on three pillars of governance, operations and oversight (review and approvals) detailing specific processes and responsibilities and setting out guidelines for conduct to mitigate and manage risk.
  • Group-wide risk assessment criteria designed to consistently guide materiality assessment, reporting and risk acceptance delegations, aligned with Wesfarmers’ values and reflective of risk appetite.
  • A formal corporate planning process as part of setting strategy, which requires each division to assess the environment for trends that are likely to affect and shape relevant industries, perform scenario planning and prepare a SWOT analysis.
  • A Group-wide risk review process, aligned with the corporate planning process, that identifies, assesses and prioritises risks as well as mitigation actions to be implemented and monitored.
  • Wesfarmers’ Operating Framework that clearly sets out the Board, Board committees, divisional board and divisional audit and risk committee activities and reports, including the process of reporting risks that are outside of risk appetite through the divisional and Group audit and risk committees.
  • Talent management and succession planning processes aligned to Wesfarmers’ objective to be an employer of choice and attract outstanding people with the right values to utilise their individual talents to achieve sustainable success.
  • A Group compliance program, (aligned with ISO 19600:2014 Compliance Management Systems), supported by approved guidelines and standards covering all material compliance programs including corporate governance, health safety and wellbeing, the environment, legal liability, information technology, data privacy, cyber security, sustainability and human rights.
  • A comprehensive Group insurance program, including a risk financing and transfer strategy across multiple risk classes.
  • Annual budgeting and monthly reporting systems for all businesses, which enable the monitoring of progress against performance targets and the evaluation of trends.
  • Appropriate due diligence for acquisitions and divestments.
  • Appropriate business continuity management frameworks, inclusive of comprehensive and tested crisis management response plans.
  • External and internal audit programs.