Petra is exposed to a number of risks and uncertainties which could have a material impact on its performance and long-term viability. The effective identification, evaluation, management and mitigation of these risks and uncertainties is a core focus of management and the Board, as this is key to the Company’s strategy and objectives being achieved.
Identifying and managing risks
The Board has ultimate responsibility for risk management and receives reports and updates from the Board Committees on the key risks facing the business and the steps taken to manage them. The Board delegates responsibility to the Audit and Risk Committee which is responsible for monitoring and assessing Petra’s risk management and internal control systems. The ARC receives quarterly updates from the Risk, Assurance and Compliance function on Petra’s principal risks, including tracking Petra’s risk appetite and tolerance thresholds and risk mitigation action plans. The Safety, Health and Sustainability Committee also monitors developments related to safety, health, environment, climate and social performance, providing strategic direction, oversight and risk assurance.
Exco receives monthly updates on Petra’s principal risks, including Petra’s risk appetite and tolerance thresholds and risk mitigation action plans and monitors and facilitates the implementation of effective risk management through the organisation, including driving a culture of individual risk owner and employee accountability. Petra’s Risk, Assurance and Compliance function continuously reviews, analyses and reports on risks, which includes monitoring emerging risks and consolidating key risks. Internal Audit provides assurance, in conjunction with external assurance providers and the Risk, Assurance and Compliance function, on the effective functioning of the internal control systems.
Petra deploys the four lines of defence model to enable better risk governance. A summary of how this model works is set out below. Petra’s risk governance applies the principles of good governance to the identification, assessment, management and communication of risks.
Petra has an Enterprise Risk Management (ERM) Framework which outlines the process for identifying, analysing, evaluating, treating and managing the impact of Petra’s risks, which is based on ISO 31000. Management within each function and operation is responsible for using this ERM Framework to identify the key risks in their area and for establishing appropriate and effective management processes to control and mitigate the impact of such risks, including assigning risk owners who are accountable for managing these risks. Once assessed, risks are aggregated and integrated into the Group’s risk register and ultimately the Group’s principal risks. Members of the Exco are assigned ownership of and are accountable for stewardship of each of the principal risks.
Updates to baseline risk assessments are conducted at least annually to re-evaluate existing risks and identify emerging risks, including the effectiveness of mitigating actions resulting from process changes, significant incidents, or disasters, or by instruction from regulatory bodies, amongst others. The relative significance of all identified risks is determined by using the ERM Framework to apply consequence and likelihood criteria, with management evaluating risks prior to internal controls to determine inherent risk levels and also assessing the effectiveness of internal controls to determine residual risk levels.
Risk appetite and tolerance
During FY 2024, management developed and implemented a Risk Appetite and Tolerance Framework which was reviewed and approved by the Audit and Risk Committee. Petra accepts there are risks associated with its business activities that cannot be fully eliminated and which must be accepted if we are to deliver our strategy. The initial purpose of the Risk Appetite and Tolerance Framework is to determine Petra’s levels of risk appetite and tolerance. Petra has done this by reference to a set of Risk Appetite Statements and Key Risk Indicators (KRIs) that are aligned to Petra’s principal risks. Petra then actively monitors these KRIs to prompt management to take necessary action(s) where appetite and tolerance thresholds are exceeded.
Petra’s KRIs are kept under review by management and the Audit and Risk Committee to ensure that they align with the Company’s Purpose, Values and Strategy and evolving risk profile. Any changes to the KRIs that are used to measure risk appetite and tolerance require the approval of the Audit and Risk Committee.
Risk Governance – Four lines of defense model
- Board and sub-committees
Perform oversight and set tone
- Approves Enterprise Risk Management (ERM) Framework
- Establishes risk appetite/tolerance and strategy
- Leverages risk information into decision making
- Evaluates the strategy and business’ performance on a risk-adjusted basis
4th LineExternal assurers
For example:
- Regulatory audits (DMRE)
- ISO certificaction audits
- Technical audits (mineral resources and reserves)
3rd LineInternal audit (test and verify)
Planning and execution informed by ERM; aims to identify control weaknesses
2nd LineRegulatory/Legal compliance & Enterprise Risk Management (ERM)
Regulatory/Legal compliance
- Monitors compliance with regulations
- Informed by ERM
- Risk-based compliance testing
Enterprise Risk Management (ERM)
- Designs Group’s ERM framework
- Monitors compliance with framework and reports on aggregated risks
1st LineBusiness units
- Management: identifies, owns, mitigates and reports on risks for ERM
Principal Risks and uncertainties
For a more detailed description of Petra’s principal risks in the last financial year, including an outline of (i) the description and the impact of each principal risk, (ii) the mitigating actions taken and (iii) how such risks have developed and been managed in the preceding financial year, please follow the links below:
