Risk management

In February 2014, in line with APRA requirements, the Audit, Risk Management and Compliance Committee (ARMCC) was replaced by the Audit Committee (AC) and the Risk Committee (RC). In October 2013, IAG appointed a Group Chief Risk Officer (CRO) reporting to the CEO. The CRO oversees risk activities across IAG and is supported by a governance and risk function and divisional risk and compliance functions.  Further details on risk management at IAG are included in the notes to the Financial Statements.

On this page:

• Risk Committee
• Review risk management framework
• Internal audit function 
• Economic, Environmental and social sustainability risk
   

Risk Committee

The RC comprises only Non-Executive Directors and all the Non-Executive Directors are members of the Risk Committee. Individual names are set out in the Risk Committees section of the Board Committees page on this site. 

The RC is supported in its oversight of risk by a series of divisional Executive Risk and Governance forums. The RC assists the Board to discharge its responsibility to exercise due care, skill and diligence regarding:

• effective management of material risks to which IAG is exposed and oversight of risk management and control systems for adequacy and effective function;
• monitoring IAG's compliance with the Group Risk Management Strategy (Group RMS), Group Reinsurance Risk Management Strategy (Group REMS) and other governance and risk related Group Policies identified in the Group RMS;
• effective operation and management of compliance systems and to help ensure compliance with the requirements of applicable laws, regulations, industry codes, listing authorities' rules and organisational policies and standards;
• oversight of the Group's risk management and governance frameworks; and
• safeguarding the independence of the CRO, the Group General Manager Risk and Governance and Chief Actuary.

The RC met five times during the reporting period and member attendance at each meeting can be found in the Directors' Report.  The RC Charter, which provides details of the RC's responsibilities, is available in the Risk Committee area of the Board Committees page on this site.

Review risk management framework

The RC assists the Board in discharging its risk management responsibilities and has oversight of the Group’s risk management and governance frameworks and material risks to which the Group is exposed.  The RC reviews and endorses IAG's risk management policy and is satisfied that the governance frameworks in place are effective, remain appropriate and are operationally sound.  The Board receives information on risk matters of particular significance and regular updates from the Chairman of the RC.

IAG's Group Risk and Governance function provides regular reports to the RC on the operation of IAG's risk management framework, the status of key risks, risk and compliance incidents and risk framework changes.   Divisional risk and compliance functions also report regularly to divisional committees.

The RC considers IAG’s enterprise risk profile, risk appetite and core risk documents on an annual basis.  In addition, business Executives are required to attend and report to the RC on the effectiveness of the risk management frameworks embedded in their respective business divisions.

At an Executive level, risk management is delegated to the Group CEO who is assisted in discharging risk management responsibilities by the IAG Executive Risk Committee (ERCO) and the Asset and Liability Committee (ALCO).  ERCO operates in accordance with its Charter and with delegations from the Group CEO, who is ERCO’s Chairman.  ERCO oversees the development and implementation of IAG’s risk management framework and governance arrangements in respect of operational, insurance and strategic risk.  ERCO comprises the divisional CEOs, the Group CRO and the Group General Manager Risk and Governance.  ALCO oversees financial risks (such as reinsurance and capital) and some aspects of insurance risk.  ALCO operates in accordance with its charter and comprises the Group CEO and Group CFO and Group General Managers involved in the management of financial related risks.

IAG operates a “Three Lines of Defence” approach to risk management.  The First line (risk owners) own their risks and their management.  The Second line (risk advisers) is typically the risk and associated functions and the Third line is the independent audit functions.

As risk owners all Group Executives are responsible for:

• implementation of Board-approved policies;
• overseeing the ongoing implementation of, and compliance with, the Group's RMS, REMS, business insurance licences, internal control system and monitoring IAG's risks;
• authorising capital allocation to major projects within financial delegation limits approved by the CEO and Board;
• conducting periodic financial performance reviews of the business divisions;
• reviewing performance in the areas of health, safety, environment and community;
• reviewing the effectiveness of governance practices established at the business division level;
• reviewing human resource performance and reward strategies;
• promoting and reinforcing IAG's risk management culture;
• reviewing corporate strategies and the performance of IAG and its business divisions compared to budgets and corporate plans;
• formulating recommendations to the Board concerning issues related to capital management and risk management, including reinsurance, credit risk and asset allocation;
• conducting periodic financial performance reviews of IAG's businesses; and
• reviewing the effectiveness of governance practices established at the IAG level.

Internal audit function 

The Board has established the Group Internal Audit function as a key component of IAG's governance framework.  The Group Internal Audit function's objective is to evaluate and improve the effectiveness of internal controls, governance processes and overall risk management, via its independent and objective review program and to:

• provide assurance to the Board that IAG's financial and operational controls designed to manage the Group's risks and regulatory obligations, and achieve its objectives, are operating in an efficient, effective and ethical manner; and
• assist management in improving IAG's business performance.

The Group General Manager, Internal Audit reports functionally to the AC and administratively to the Group CRO, with direct access to the CEO and the AC.

Economic, environmental and social sustainability risk

As a general insurer that operates in Australia, New Zealand and throughout Asia, IAG is exposed to economic, environmental and social sustainability risks and opportunities. The IAG Board has overarching responsibility for risk management. This includes overseeing the development and implementation of IAG's approach to the management of risk that drives sustainable outcomes, and how effectively IAG responds to stakeholders.  

Economic, environmental and social sustainability risks are identified and managed as part of the Group’s risk management framework as overseen by the Board. Through risk profiling and ongoing trend analysis, information on these risks is collected and reported to the Group Leadership Team (GLT) and Board, and used to update our strategy at appropriate intervals. 

IAG is a signatory to a number of voluntary principles-based frameworks which inform the identification of risk and guide the integration of environmental, social and governance (ESG) considerations into our business practices. IAG is a member of the United Nations Environment Program Finance Initiative (UNEPFI), with IAG’s Group Executive for People, Performance and Reputation, Jacki Johnson being a member of the Global Steering Committee. IAG is also a signatory to the UNEP Principles for Sustainable Insurance (PSI), with IAG’s Chief Customer Officer, Julie Batch a member of the PSI Board, and the Principles for Responsible Investment (PRI). As a founding member of the Australian Business Roundtable for Disaster Resilience & Safer Communities and the Resilient New Zealand program, IAG is also sharing its risk management expertise with government and communities to influence programs and policies to help make Australia, New Zealand the region more resilient to natural disasters. Learn more about the Australian Business Roundtable and Resilient New Zealand programs.

IAG has in place a shared value framework that guides decision making and ensures value is being created for both the community and our business. IAG believes it has a responsibility to support risk transfer through insurance and share its knowledge about risk to make communities Safer, Stronger and More Confident. It does this by promoting better understanding and reduction of risks, at home, at work, on the road and in the natural environment.  The Group's sustainability performance is managed within this framework and is supported by a number of policies and position statements. 

A cross-functional Shared Value Advisory Council (SVAC) was established in 2014 to fulfill the role of a sustainability committee for IAG and provides advice and input to the organisation's approach to shared value, sustainability and broader community activity. The SVAC meets every 2-3 months, is chaired by the Group Executive Office of the CEO, and is comprised of Senior Leaders from across the business, including the Group Executive for People Performance and Reputation and the Chief Customer Officer.

Annually IAG also undertakes a materiality assessment process to identify and prioritise risks and opportunities. The results of the assessment are used to inform our shared value and sustainability approach and ensure our reporting addresses risks and opportunities that matter most to our stakeholders and our business.

Details of IAG’s material environmental and social sustainability risks, how IAG manages these risks and details of other shared value and sustainability activities can be found in the shared value pages in the 2020 annual review and safer communities report (3.56 MB)  and in the safer communities of our website. Further information on economic and social risk can be found in Note 3 - Risk, 2020 annual report (98.2 KB)