Risk Management Framework
NAIF’s approach to risk management is consistent with the International Standard for Risk Management and is designed to support NAIF in the achievement of its vision and strategic objectives. Effective, best practice risk management enables NAIF to address financing challenges unique to its mandate. The figure below illustrates the key elements of NAIF’s Risk Management Framework.
The Board has overarching responsibility for NAIF’s Risk Management Framework. The Board Audit and Risk Committee (BARC) supports the Board with a key role to set a culture across the NAIF that embraces risk management as an essential part of business operations.
The NAIF CEO and Executive are responsible for developing and implementing, under the direction of the BARC, the Risk Appetite Statement and Risk Management Framework, risk policies, systems, processes and controls, and fostering a risk-aware culture. Executive management reports to the BARC on the effectiveness of the Risk Management Framework and the management of NAIF’s key business risks.
The NAIF Board recognises the importance of maintaining a documented Risk Appetite Statement that clearly articulates the amount and type of risk it is willing to seek or retain in pursuit of objectives.
The Risk Appetite Statement provides clear guidance to management on the acceptable risk limits within which they must execute their business plans. On an annual basis, or more frequently if required, the Board reviews the Risk Appetite Statement in conjunction with strategic objectives to ensure continued alignment.
As required by the Investment Mandate, the NAIF Board develops its Risk Appetite Statement in consultation with the Minister and Jurisdictions, to guide its Investment Decisions. The Risk Appetite Statement is required to have regard to a preference for a diversified portfolio, including industry and geographic spread across Jurisdictions. The Risk Appetite Statement may have a high risk tolerance in relation to factors that are unique to investing in Northern Australia economic infrastructure, including distance, remoteness and climate. The annual review of the Risk Appetite Statement must address emerging risks, changes to internal and external environments and changes to Government policy.
An effective risk management framework requires a continuous process of identification, assessment, management and monitoring of all material risks that could adversely affect current and future operations. The figure below illustrates the risk analysis process NAIF adopts.
NAIF’s key risks are measured using a likelihood and impact matrix to determine a risk rating of low, medium, high or very high. Risks are assessed for their inherent risk exposure as well as their residual risk exposure (taking into consideration mitigating controls).
Criteria for measuring likelihood and impact have been tailored to NAIF’s purpose and include financial, reputational, legal/compliance, operational and safety considerations.
Key elements of NAIF’s risk culture are:
- setting the tone from the top through the Board and BARC’s active involvement in the risk management process;
- risk awareness entrenched in day-to-day business processes through recruitment of skilled staff and on-going risk and compliance training;
- appropriate risk-taking behaviours are rewarded and inappropriate behaviours challenged and sanctioned via feedback and performance reviews; and
- adequate disclosure of incidents through ‘no-fault’ incident reporting
Controls are a key part of NAIF’s Risk Management Framework and aim to minimise the chance of a risk event materialising. Mitigating controls are documented for each key risk and are regularly assessed for effectiveness.
Assurance activity provides a positive declaration that NAIF’s Risk Management Framework is operating as designed. Both internal and external reviews are leveraged to provide the Board with confidence that operations are aligned with approved policy.
Our Key Risks
NAIF’s primary focus is making Investment Decisions and has structures in place to manage the risks associated with this function including detailed due diligence and credit approval processes. In addition, NAIF must manage a comprehensive list of governance and operational risks. NAIF’s key risks fall into the following broad categories:
- Strategic – risks related to meeting strategic objectives and expectations of key stakeholders
- Investment Decisions – Project assessment and credit related risks
- Governance, Legal & Regulatory – compliance with relevant obligations such as confidentiality, conduct and AML/CTF
- Operational – risks associated with running a viable and efficient business including resourcing, business continuity, outsourcing and health and safety