Lendlease Annual Report 2022

50 Lendlease Annual Report 2022 Risk governance and management Our approach aims to create a risk intelligent culture that supports strategy by driving value creation through risk based decision making. The Board is responsible for ensuring the effectiveness of the risk management framework. The risk management process outlines the governance, risk appetite, accountability for risk management and operational resilience program. Risk framework Our risk framework, underpinned by a ‘Three Lines of Defence’ model, remains unchanged from a governance perspective. The model provides a structured approach to risk management by defining clear roles and responsibilities across the organisation and the relationship between the different areas. Three Lines of Defence 1 Business Operations Identify, manage and own risks relevant to the project / investment Regional Leadership Team Accountable for achieving regional objectives 2 Group Functions Outline assurance measures to enable appropriate identi cation and management of risks 3 Internal and External Audit Provide assurance independently from the rst and second lines of defence Board and Committees Global Leadership Team Risk Appetite Framework The Risk Appetite Framework articulates the Board’s appetite for taking on risk as we implement our strategy. It provides clarity on the types of projects we target, while providing a method for identifying projects nearing or outside of acceptable risk tolerances. The Risk Appetite Framework, with a lens on continuous improvement, is periodically reviewed to ensure it continues to evolve and remains fit- for-purpose. Any changes, including the addition of new statements and tolerances, are reviewed and approved by the Board Risk Committee. Enterprise risks Our Enterprise Risk Framework is designed to inform and support business strategy. The framework provides an important backdrop in setting our strategic objectives and monitoring operational risk assessment throughout the organisation. The framework provides a harmonised approach with five interlinking pillars. The connectivity between these pillars creates a risk management ecosystem in which their interaction provides clear and measurable linkages. This ecosystem is supported by our underlying risk systems, managing our exposure via insurance, a resilience framework and a risk intelligent culture. Risk Ecosystem Risk Based Internal Audit Plan Root Causes Control Matrix Risk Appetite Framework Enterprise Risks Systems | Insurance | Resilience | Governance & Culture