1. The risk intelligent CFO: The role of the CFO in being a catalyst for enterprise wide risk managementHarvey ChristophersLead Partner Risk Services - Sydney

2. How is risk and the CFO role linked? Evolution of risk intelligence – limitations of conventional risk management CFO’s risk intelligent skills – 6 key focus areas for CFOs Contents

3. How is Risk and the CFO role linked?

4. Moving from financial risk operator to strategic catalyst for ERMSteward – core financial reporting risksOperator – financial operational risksCatalyst/Strategist – broader ERM role

5. Understanding 3 Lines of Defence and position of ERM Three Lines of Defence Board of Directors Regulators Risks Management 1st Line Corporate - Finance Product Division Subsidiary JV Country Risk Management 2nd Line Operational Risk Compliance Risk Financial Risk Strategic Risk Assurance Providers – IA coordinator role 3rd Line Internal Audit External Audit Safety OHS Other 4

6. Why also important to a CFO Annual report declarations – ASX listing requirement 7.3 and other SEC etc General reporting expectations of the CFO role Part of executive team responsible for oversight

7. Some challenges What is risk management – often a struggle to make relevant to CFOs Very different maturities – what is right for our organisation Link to capital – regulation v good business practice Link to allocation of risk based capital “Handbrake” role

8. 7 Maturity Model Current maturity Industry sector peers Maturity target Maturity assessment

9. The evolution of Risk Intelligence

10. CFO Beware - limitations of conventional risk management We seem to have a once-in-a-lifetime crisis every three or four years. Leslie Rahl, Capital Market Risk Advisors Conventional risk management persisted in viewing crises as rare, unpredictable, and too improbable and expensive to plan for It was predicated on a set of assumptions that described an accepted understanding of how ‘the world’ worked Conventional risk management approaches presented probable events that did not occur and improbable events that did It also habitually failed to present or describe those rare and never seen before risks. Why? Impact and likelihood assessments of risk tend to overshadow the process and thinking Individuals, as well as the collective organisation, tend to automatically reject notions that seem to contradict their assumptions and their understanding rely as of how ‘the world’ works Accepting new assumptions is difficult. Most people follow a process of first rejecting, then considering, and finally accepting a new idea. However, sometimes we never make it past the rejection stage.

11. 6 key roles for the CFO to play in building a risk intelligent organisation

12. Prepare for the expected; expect the unexpected Recommendation: Create comprehensive scenario plans CFOs should be vigilant in monitoring the environment for new risks and opportunities. They should also develop a process that assesses relevant, high-impact events - even if they are improbable - and then determine how quickly an event can happen and how swiftly they need to respond. Make sure bad news gets escalated. And don’t become too comfortable with the status quo. 11

13. Are you a Risk Intelligent strategist? Recommendation: Recognize that your strategy is not iron-clad. Regarding risks “to” the strategy, CFOs should engage executive management in strategic risk conversations around new products and alliances. The majority of executives see their jobs as growth - so it’s vital that others in the C-suite understand that value and risk are inseparable and that opportunity is the other side of risk. Risks that impact value creation and future growth, as well as risks to value preservation and existing assets, should be considered. As for risks “of” the strategy, make a practice of identifying any assumptions that could disrupt your strategy. What’s looming that could upend assumptions about your company, customers, and market environment? How deeply are those assumptions embedded in your strategy? Which changing assumptions might actually turn out to be opportunities? Only by identifying risks both “to” and “of” the strategy can you shape a plan that allows your company to make the most of the risks and the opportunities it chooses to take. 12

14. Distinguish between the “vital few” and the “trivial many” Recommendation: Put signals in place and define thresholds By putting signals in place, CFOs can bring critical events, developments, and opportunities to the organization’s attention - helping them distinguish between, say, 500 risks versus a list of five key areas to focus on. CFOs should also define thresholds and escalate problems if those thresholds are exceeded. 13

15. How big is your risk appetite? Recommendation: Determine acceptable and unacceptable risks To make the most of both rewarded and unrewarded risks, CFOs should discuss the company’s risk appetite with the Board — addressing a range of risk-appetite elements from return on capital employed to selling, general, and administrative expenses. A risk discussion should be placed on the “menu” of every meeting. But this is not to suggest that the CFO should have final say on risk appetite. That discussion should take place across and within the C-suite and Board, and decisions should be reached only after the various viewpoints have been aired. The end result should be a fundamental standard and specific guidelines, developed by management and ratified by the Board, by which all enterprise risks are judged acceptable or unacceptable. 14

16. Avoiding a bad rep Recommendation: Control your reputational risks CFOs need to consider what impacts their actions could have on their reputations. They should take proactive - and, if necessary, corrective - action with respect to such risks, including developing a reliable process that assesses and manages risk throughout the life of contracts and relationships. This is another area, too, where the Board should be involved; a Board that is prepared to deal with a crisis situation is less likely to delay decision making at a time when response time is critical. Many companies have also begun to track social media in order to monitor public sentiment and deal with issues before they get out of hand. 15

17. Compliance and enforcement go global Recommendation: Create a compliance stress test To compete in this enhanced compliance and enforcement environment, CFOs should augment their companies’ existing compliance efforts. Banks in Europe and the United States conduct capital “stress tests”; now is the time for companies to conduct compliance stress tests that cover key areas of reputational risk, major areas of compliance, and the effectiveness and maturity of the compliance and risk-management process. Risks and growth opportunities go hand in hand when companies expand into foreign markets. CFOs should understand and assess geopolitical, country, and corruption risks that exist in emerging markets and develop an effective plan for managing those risks. Failing to do so can prove to be a costly lesson for companies doing business abroad. 16

18. Contact details Harvey Christophers Partner Tel: +61 (0) 2 9322 3477 Email: hachristophers@deloitte.com.au © 2011 CFO Vantage Program-May11

19. About Deloitte Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/au/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms. Deloitte provides audit, tax, consulting, and financial advisory services to public and private clients spanning multiple industries. With a globally connected network of member firms in more than 140 countries, Deloitte brings world-class capabilities and deep local expertise to help clients succeed wherever they operate. Deloitte's approximately 169,000 professionals are committed to becoming the standard of excellence. About Deloitte Australia In Australia, the member firm is the Australian partnership of Deloitte Touche Tohmatsu. As one of Australia’s leading professional services firms. Deloitte Touche Tohmatsu and its affiliates provide audit, tax, consulting, and financial advisory services through approximately 4,500 people across the country. Focused on the creation of value and growth, and known as an employer of choice for innovative human resources programs, we are dedicated to helping our clients and our people excel. For more information, please visit our web site at www.deloitte.com.au. Liability limited by a scheme approved under Professional Standards Legislation. Member of Deloitte Touche Tohmatsu Limited General information only This presentation contains general information only, and none of Deloitte Touche Tohmatsu Limited, Deloitte Global Services Limited, Deloitte Global Services Holdings Limited, the Deloitte Touche Tohmatsu Verein, any of their member firms, or any of the foregoing’s affiliates (collectively the “Deloitte Network”) are, by means of this presentation, rendering accounting, business, financial, investment, legal, tax, or other professional advice or services. This presentation is not a substitute for such professional advice or services, nor should it be used as a basis for any decision or action that may affect your finances or your business. Before making any decision or taking any action that may affect your finances or your business, you should consult a qualified professional adviser. No entity in the Deloitte Network shall be responsible for any loss whatsoever sustained by any person who relies on this publication. Confidential This document and the information contained in it is confidential and should not be used or disclosed in any way without our prior consent. © 2011 Deloitte Touche Tohmatsu CFO Vantage Program-May11 © 2011