Identifying and managing business risks
Sonic recognises that risk management is an integral part of good management and corporate governance practice and is fundamental to driving shareholder value across the business.
Sonic views the management of risk as a core managerial capability. Risk management is strongly promoted internally and forms part of the performance evaluation of key executives.
Sonic's material business risks are described in the Annual Report.
The Board determines the overall risk profile of the business and is responsible for monitoring and ensuring the maintenance of adequate risk management policies, controls and reporting mechanisms.
To assist the Board in fulfilling its duties, it is aided by the Audit Committee and the Risk Management Committee. The Board has delegated to these Committees responsibility for ensuring the Company’s material business risks, including strategic, financial, operational, compliance, environmental and social sustainability risks, are identified, systems are in place to assess, manage, monitor and report on those risks, and that those systems are operating effectively, management compliance with Board approved policies, internal controls are operating effectively across the business, and all Group companies are in compliance with laws and regulations relating to their activities.
The Audit Committee and Risk Management Committee update the Board on all relevant matters.
Management is responsible for the identification, assessment and management of business risks. Management reports on these matters, including the effectiveness of the management of Sonic’s material business risks, to the Audit Committee and Risk Management Committee, who then report these matters to the Board.
(b) Risk management policies, systems and processes
Sonic’s activities across all of its operating entities are subject to regular review and continuous oversight by executive management and the Board Committees. The Chief Executive Officers of the individual operating companies are responsible for the identification and management of risk within their business. To assist in this, executive management has developed an effective control environment to help manage the significant risks to its operations, both locally and overseas. This environment includes the following components:
- clearly defined management responsibilities, management accountabilities and organisational structures,
- established policies and procedures that are widely disseminated to, and understood by, employees,
- regular internal review of policy compliance and the effectiveness of systems and controls,
- comprehensive training programs for staff in relation to operational practices and compliance requirements,
- strong management reporting framework for both financial and operational information,
- creation of an open culture to share risk management information and to continuously improve the effectiveness of Sonic’s risk management approach,
- benchmarking across operations to share best practice and further reduce the operational risk profile,
- Sonic Core Values, a uniting code of conduct embraced by Sonic employees,
- centrally administered Group insurance program ensuring a consistent and adequate approach across all operating areas, and
- the ongoing engagement of a professional Risk Manager to coordinate the company’s approach to material business risk management.
Control systems and policy complicance are reviewed by Sonic's Business Assurance Program, an internal audit function. The Head of Business Assurance reports to the Audit Committee, and to the Company Secretary for administrative purposes. The Business Assurance Program liaises with, but is independent of, the external auditor, and has full access to the Audit Committee and Risk Management Committee, Sonic management and staff, and records. The Audit Committee determines the scope for the Business Assurance Program each year and monitors management's response to recommended system enhancements.
(c) Regulatory compliance
Sonic’s pathology, imaging and medical centre activities are subject to Commonwealth and State law in Australia, and similar regulatory control in offshore locations. These laws cover such areas as laboratory and collection centre operations, workplace health and safety, radiation safety, privacy of information and waste management.
Sonic’s network of pathology laboratories, collection centres and diagnostic imaging centres are required to meet and remain compliant with set performance criteria determined by government and industry bodies.
To support this, Sonic’s operating policies and procedures are overseen by internal quality assurance and workplace health and safety managers who review operational compliance.
In addition, practising pathologists and radiologists are required to be registered and licensed in accordance with Medical Board and Government regulations. The accreditation and licensing of locations, equipment and personnel is subject to regular, random audits by Government experts and medical peer groups. Sonic also undertakes internal reviews to ensure continued best practice and compliance.
Sonic’s established procedures, focus on best practice, Medical Leadership model, structured staff training and the external review activities serve to mitigate operational risk and support regulatory compliance.
(d) Managing Director and Finance Director certification
Sonic has adopted a policy requiring the Managing Director and the Finance Director to provide the Board with written certification in relation to its financial reporting processes. The Managing Director and Finance Director make the following certifications on an annual basis:
- that the financial records of the company have been properly maintained,
- that the financial statements and notes comply in all material respects with the relevant accounting standards,
- that the financial statements and notes give a true and fair view, in all material respects, of the Company's financial condition and operational results, and
- that the statements above are founded on a sound system of risk management and internal control which operates effectively in all material respects in relation to financial reporting risks.