The QIC Board places considerable importance on effective risk management and has adopted a framework designed to proactively identify, assess and manage risks.
The QIC Board has ultimate accountability for risks and is responsible for setting QIC’s corporate strategy and risk appetite, identifying and monitoring risks that may affect our ability to achieve strategic objectives and ensuring that the Chief Executive Officer and the Senior Executives are appropriately monitored and incentivised to manage the business effectively.
The QIC Board has put in place Board committees, each of which is responsible for overseeing specific risks facing QIC.
Considerable importance is placed on maintaining a strong control environment. QIC has a corporate structure with clearly drawn lines of accountability and delegations of authority. Adherence to QIC’s policies and standards, including the Code of Conduct and Ethics, is required at all times, and the Board actively promotes a culture of risk awareness, quality and integrity. QIC staff are required to observe a high level of professional conduct when undertaking their business activities and respecting our Standards of Excellence.
The Chief Executive Officer, Chief Finance Officer, Chief Risk Officer, and the Executive Director, Operations and Technology have declared, in writing to the Board, that QIC’s risk management and control system is operating efficiently and effectively in all material respects, based on representations by management.
QIC applies a ‘three lines of accountability’ approach to managing risks and compliance obligations. This includes QIC’s relevant Board committees, executive, investment teams, the Risk, Governance and Tax (RGT) division and audit function.
First line of defence: Executives and staff within our investment teams and supporting business units are accountable for identifying risks within their area of responsibility and for establishing effective controls to manage these risks. Investment team personnel also have a percentage of their remuneration linked to risk and compliance Key Performance Indicators (KPIs). All staff are required to report breaches and incidents to the Risk, Governance & Tax (RGT) division. Management is required, as part of the monthly management reporting process, to report any breaches of our policies, standards, laws, regulations and client mandates. All staff have KPIs that measure risk and compliance which are linked to their remuneration.
Second line of defence: The RGT division, led by David Clarke, Chief Risk Officer who reports directly to the Chief Executive Officer, provides investment teams and supporting business units with tools, training and advice to assist them effectively manage their risks and compliance obligations. It also monitors and challenges the business where appropriate to provide the Chief Executive Officer and the Board with assurance that risks are being managed effectively and in accordance with QIC policies and standards, laws, regulations and client commitments. The RGT division also produces regular risk and compliance reports for the Executive Committee, the sub-committees of the Board and the Boards of QIC Limited and key operating subsidiaries. RGT is reviewed on a regular basis by both internal and external audit. A New York based RGT employee is also QIC’s USA Chief Compliance Officer for our USA Registered Investment Advisor entities. A London-based employee serves as the Compliance Officer and Money Laundering Reporting Officer for the QIC subsidiary authorised by the UK Financial Conduct Authority (FCA).
Third line of defence: QIC has appointed Deloitte to provide internal audit services. Our internal audit function has direct, unfettered access to the Board and reports directly to the Risk Committee. The Board, in consultation with the Risk Committee, approves the annual internal audit program, which adopts a risk-based approach to provide assurance over risk management and control activities across QIC. The results of internal audit reviews are reported to both the Risk Committee and management, who are held accountable for ensuring that recommendations made by our internal auditors are actioned. QIC’s policies and procedures are supplemented by the internal audit program, which provides assurance over the design and implementation of key controls, including controls that have been established to monitor risks and compliance obligations. The internal auditor is independent and acknowledges this independence annually as required by the QIC Auditor Independence Policy. The Auditor-General of Queensland is the external auditor of QIC and its controlled entities in accordance with the Auditor-General Act 2009. KPMG has also been appointed as the external auditor for a number of our investment trusts in accordance with the respective Trust Deed or on a by-arrangement basis.
QIC maintains a comprehensive framework around our risk management and compliance obligations across a broad category of risk types including:
Responsibility for managing and overseeing each risk category is clearly articulated through:
QIC maintains appropriate insurance cover with reliable underwriters to protect us from known quantifiable liabilities and risks where that cover is available. This cover includes asset protection, employee accident compensation, general public liabilities and financial loss.
The Board, senior executives and staff are, to the extent permitted by law, provided with indemnification against: