the importance of risk analysis and management, and corporate governance

1 © Atul Kuver 2011

Commercial Accountability Challenges in a Global Environment

The Nature and Relevance of Risk

The Importance of Risk Analysis and Management, and

Corporate Governance

Atul Kuver

February 2011


Executive Summary

Qantas operates in an industry that focuses on high availability, safety, has low

margins, intense competition and is vulnerable to external and internal business

shocks. Reputation and branding, and safety can be considered to be part of Qantas’

strategic and operational objectives. Failure in either area can have serious

consequences for Qantas.

This report examines the nature and relevance of risk, the importance of risk analysis

and management and corporate governance within the context of accountability

frameworks. Risk management, the implementation of risk analysis and risk

management systems with reference to the COSO ERM Framework are discussed.

Qantas’ risk management systems are compared with the COSO ERM Framework to

assess how Qantas manages reputation and branding, and safety risks. The

comparison indicates that the Qantas risk management structure closely follows the

COSO ERM Framework that support its strategic, operational, reporting and

compliance objectives.

The Qantas approach to Corporate Governance as documented in their Corporate

Governance Statement (Qantas 2010) is compared and contrasted with the approach

recommended in the ASX Corporate Governance Principles and Recommendations

(ASX 2007) and the Kiel and Nicholson model (Kiel & Nicholson 2002). The review

shows the Qantas approach is aligned with the ASX Corporate Governance Principles

and Recommendations (ASX 2007). The Qantas approach also satisfies the structure

and process of the Kiel and Nicholson model. Alignment of the ASX (2007) principles

as approached by Qantas with the Kiel and Nicholson model shows that the Qantas

Board accepts responsibility for the key functions regarding Corporate Governance.


Table of Contents

Executive Summary ................................................................................................... 2

1 Introduction ...................................................................................................... 4

2 Nature and relevance of risk to corporate accountability................................... 4

3 Risk Management .............................................................................................. 5

3.1 ‘Risk-Silo’ Mentality versus the Holistic Approach to Risk ............................ 5

3.2 Drivers of Risk Management ....................................................................... 6

3.3 Deficiencies in Risk Management ................................................................ 7

4 Implementation of Risk Analysis and Risk Management Systems ....................... 8

4.1 COSO Enterprise Risk Management Framework .......................................... 8

4.2 Managing Reputation and Branding Risk, and Safety Risk at Qantas .......... 12

4.2.1 Internal Environment ......................................................................... 13

4.2.2 Objective Setting ................................................................................ 13

4.2.3 Event Identification ............................................................................ 13

4.2.4 Risk Assessment ................................................................................. 13

4.2.5 Risk Response .................................................................................... 14

4.2.6 Control Activities ................................................................................ 14

4.2.7 Information and Communication ....................................................... 14

4.2.8 Monitoring ......................................................................................... 14

5 Corporate Governance .................................................................................... 14

5.1 Kiel and Nicholson Model .......................................................................... 14

5.2 ASX Principles of Good Corporate Governance .......................................... 16

5.3 Qantas Corporate Governance Statement ................................................. 16

5.3.1 Alignment with ASX Principles 2007 ................................................... 16

5.3.2 Alignment with the Kiel and Nicholson Model .................................... 17

5.4 Corporate Governance within the Context of Accountability Frameworks . 20

6 Conclusion ....................................................................................................... 21

References .............................................................................................................. 23


1 Introduction

This report examines the nature and relevance of risk, the importance of risk analysis

and management and corporate governance within the context of accountability

frameworks.

The report outline is as follows. Section 2 explores the nature and relevance of risk

to corporate accountability. Section 3 examines the practice of risk management.

The ‘risk-silo’ mentality versus a holistic approach to risk management is discussed,

followed by the drivers of risk management and deficiencies in risk management.

The implementation of risk analysis and risk management systems is discussed in

Section 4. The Committee of Sponsoring Organizations of the Treadway

Commission’s (COSO) Enterprise Risk Management-Integrated Framework (COSO

ERM Framework) is described first. Then Qantas’ risk management systems are

compared with the COSO ERM Framework to assess how Qantas manages

reputation and branding, and safety risks. Section 5 discusses the alignment of the

Qantas approach to Corporate Governance as documented in their Corporate

Governance Statement (Qantas 2010) with the approach recommended in the ASX

Corporate Governance Principles and Recommendations (ASX 2007) and with the

Kiel and Nicholson model (Kiel & Nicholson 2002). The report concludes with Section

6.

2 Nature and relevance of risk to corporate

accountability

Organisations are facing increasing pressure from regulators, investors and other

stakeholders to increase transparency and disclosure. Principle 7 of the ASX

Corporate Governance Principles and Recommendations (ASX 2007, p. 32) states

that ‘companies should establish a sound system of risk oversight and management

and internal control’. ASX (2007, p. 32) emphasises that the responsibility for

reviewing the company’s policies on risk oversight and management lies with the

board. The board must satisfy itself that management has developed and


implemented a reliable system of risk management and internal controls. While

traditional risks such as credit, market and foreign exchange risk remain the primary

considerations, businesses are acknowledging the need to determine and assess risk

in areas such as human capital, reputation and climate change (Economics

Intelligence Unit 2007, p. 2). ASX (2007, p. 32) considers material business risks to

include but not limited to: ‘operational, environmental, sustainability, compliance,

strategic, ethical conduct, reputation or brand, technological, product or service

quality, human capital, financial reporting and market related risks.

3 Risk Management

Organisational objectives cover a range of areas including corporate strategy,

operations, processes and projects. Organisations can encounter a variety of risks

that can have an impact on these objectives. Risk management is how risks are

managed. The ASX Corporate Governance Council’s Corporate Governance Principles

and Recommendations (ASX 2007, p. 32) defines risk management as ‘the culture,

processes and structures that are directed towards taking advantage of potential

opportunities while managing potential side effects’.

3.1 ‘Risk-Silo’ Mentality versus the Holistic Approach to Risk

Risk management in the past has mostly been driven from the bottom up and been

fragmented across different divisions within an organisation (Bowling & Rieger

2005). This method sets up a series of ‘risk-silos’ managed by different groups within

the organisation. The different silos may have different risk tolerances, which can

lead to one group with low to no risk, while another group may take on significant

risks (Bowling & Rieger 2005, p. 32).

In contrast, Enterprise Risk Management (ERM) is a framework that takes all risk

areas into account. Risks are no longer considered in isolation. ERM looks at the

activities of the business as a whole and analyses how different areas of risk affect

each other (Bowling & Rieger 2005).


3.2 Drivers of Risk Management

There are many drivers that increase the rationale for risk management. Economics

Intelligence Unit (2007, p. 6) identifies risk management drivers that are both

internal and external to organisations.

Internal drivers include:

greater commitment from the board;

greater complexity experienced by organisations in the value chain due to

advanced business practices, globalised markets and rapid technological

change. The increase in the level of competition and rapid pace of change is

destroying predictability for businesses (Stevenson, cited in Rao 2009, p. 87);

specific risk events such as product recalls or fraud.

External drivers of risk management are those that arise from outside the

organisation. These include:

increased focus on regulation of business practices and investor demands for

greater disclosure and accountability. The consequence of recognition of

corporate accountability to stakeholders is that an organisation’s governance

system needs to consider the importance of satisfying the concerns of

stakeholders (Brooks & Dunn 2010, p. 462). According to Brooks and Dunn

(2010, p. 462-463), a focus on ethics risks and opportunities is necessary to

‘avoid potential loss of support for a corporations objectives, and to discover

opportunities of greater support’ and a much broader risk assessment

framework is required.

changes in competitive, technological, social, and political circumstances

have amplified the likely impact of operations-related failure (Lewis, cited in

Rao, p. 87).

The regulatory environment in Australia includes (Bissett 2010, p. 81):

the AS/NZS ISO 31000: 2009 Standard which provides a practical framework

for risk management;


ASX Corporate Governance Council’s Corporate Governance Principles and

Recommendations;

Australian Prudential Regulation Authority (APRA) and Basel II Accord for the

financial services industry;

Civil Aviation Safety Authority (CASA), International Civil Aviation

Organisation (ICAO) and the Australian Transport Safety Bureau (ATSB) for

the aviation industry.

3.3 Deficiencies in Risk Management

According to Bisset (2010, p.80), the Global Financial Crisis (GFC) has highlighted

shortcomings in the risk management process of many organisations. The causes and

consequences of the deficiencies is summarised in Table 1.

Table 1 Causes and consequences of risk management deficiencies. (Bisset

2010, p.80)

Deficiency Cause of Deficiency Consequence

Risk culture Organisation’s failure to define a risk culture or appetite

Inconsistent communication about risk within the organisation

Risk/return trade-off

Level of risk not considered

Uncertainty about the return on investment as higher returns are usually associated with higher risk

Incentive schemes

Incentive schemes do not sufficiently represent the organisation’s risk appetite

Reward structure not consistent with key performance indicators

Complexity and lack of integration

Over-complicated risk structures and procedures

Risk management procedures avoided or not used.

Risk measures

Effect of risk on the drivers of value and associated indicators of risk not well understood within the organisation

Limited holistic indicators of risk

Risk information Lack of a robust data analysis capability.

Over-reliance on financial models and data where the underlying


Deficiency Cause of Deficiency Consequence fundamentals may not be understood and assumptions are not verified or challenged.

Worst case scenarios No scenario planning. No stress testing of worst

possible case scenarios.

Empowerment of the risk function

Risk function not empowered.

Risk function seen merely as a compliance function or a roadblock function

4 Implementation of Risk Analysis and Risk

Management Systems

4.1 COSO Enterprise Risk Management Framework

The Committee of Sponsoring Organizations of the Treadway Commission’s (COSO)

Enterprise Risk Management-Integrated Framework (COSO ERM Framework)

describes the fundamental elements of risk-management principles for organisations

regardless of size (Bowling & Rieger 2005, p. 29). Enterprise Risk Management is

defined as follows:

Enterprise risk management is a process, effected by an entity’s board of

directors, management and other personnel, applied in strategy setting and

across the enterprise, designed to identify potential events that may affect

the entity, and manage risk to be within its risk appetite, to provide

reasonable assurance regarding the achievement of entity objectives.

(COSO 2004)

This definition is broad and complex, but probably necessarily so, because it tries to

be an all inclusive definition that can be used by all organisations. Bowling and

Rieger (2005, p. 30) provides a breakdown of the keywords and associated

meanings. This is shown in Table 2.


Table 2 Understanding the keywords in COSO's ERM definition (Bowling &

Rieger 2005, p. 30)

Keyword Meaning A process a means to an end.

Effected by people as opposed to sole reliance on policies, standard procedures, surveys or forms.

Applied in a strategy setting the ‘big-picture’ view

Across the enterprise view an aggregate or portfolio of risks rather than a narrow view of isolated risks.

Identifying events consider in the context of the entity’s appetite for risk

Reasonable assurance cannot have absolute guarantees.

Achievement of organizational objectives

can take place in one or more overlapping categories

The COSO ERM Framework is illustrated as the cube shown in Figure 1.

Figure 1 The COSO ERM Framework (COSO 2004, p.5).

The top of the cube corresponds to four objectives: strategic, operations, reporting

and compliance. The ERM Framework consists of eight components. These represent


what is needed to achieve each of the four objectives. A summary of the each of the

components is given in Table 3. Possible deficiencies (Bisset 2010, p. 80) in risk

management practices that could affect the significance of the component for an

organisation are given in Column 3 of Table 3. For example:

deficiencies in risk culture may be indicative of how risk is viewed or lack of

Board commitment;

a risk function that is not empowered may result in an inadequate response

to risk due to a lack of alignment between risks and the organisation’s

appetite or tolerance for risk.

Table 3 Significance of the eight components in COSO's ERM Framework

Component Significance Possible

Deficiencies (Table 1)

Internal Environment

encompasses the tone of an organisation;

sets the basis for how risk is viewed and addressed by people in the organisation including:

risk management philosophy;

risk appetite;

integrity and ethical values;

operational environment.

Risk Culture

Objective Setting

objectives are necessary before the potential events affecting their achievement can be identified by management;

ensures that a objective setting process is in place;

ensures that the chose objectives align with the organisation’s mission and risk appetite.

Incentive schemes

Risk/return trade-off

Event Identification

internal and external events that could affect the achievement of any of the organisation’s objectives must be identified;

Worst case scenario planning

Risk information


Component Significance Possible

Deficiencies (Table 1)

risks and opportunities must be distinguished;

channel opportunities back into strategy or objective-setting process.

Risk Assessment

analyse risks by assessing their likelihood and impact;

analysis determines the risk management approach;

assess risks on an inherent and residual basis.

Risk measures

Risk Response

select the appropriate response to the risk:

avoid;

accept;

reduce; or

share;

develop actions to align the risks with the organisation’s tolerance and appetite for risk;

Risk information

Empowering the risk function

Control Activities

establish and implement policies and procedures to assist in ensuring that risk responses are carried out effectively.


Information and Communication

identify, capture and communicate relevant information in a form and timeframe that enables people to carry out their responsibilities;

Complexity and lack of information

Monitoring

monitor entire ERM and modify as necessary;

accomplish monitoring through ongoing management activities, separate evaluations or both.



4.2 Managing Reputation and Branding Risk, and Safety Risk at

Qantas

Qantas operates in an industry that focuses on high availability, safety, has low

margins, intense competition and is vulnerable to external and internal business

shocks (Bisset 2010, p. 82). The organisation faces risks in all four objectives areas

recognised in the COSO ERM Framework.

Being one of the world’s safest airlines has long been Qantas’ key brand value,

having never lost an aircraft. However, two recent safety incidents on two separate

models of aircraft have threatened Qantas’ reputation. Industrial safety regulations

that apply to the aviation industry will have extremely serious consequences for

Qantas if any of the safety risks are realised. According to Bisset (2010, p. 82–83),

risks ‘can’t be managed from 10,000 feet in the corporate head office. Effective risk

management needs to be embedded within the operations of the organisation’.

On July 25th, 2008, Qantas Flight 30 (QF30) was on a flight from London Heathrow

Airport to Melbourne Airport with a scheduled stop-over at Hong Kong International

Airport. Shortly after leaving Hong Kong an oxygen tank exploded, rupturing the

fuselage just forward of the starboard wind root. There were no injuries and the

aircraft made an emergency decent to 10,000 feet.

In November 2010, a Rolls Royce Trent-900 engine failed on a Qantas Airbus A380

while flying over Indonesia. This event force Qantas to ground its entire A380 fleet.

These events have raised questions about operations risk management (Washington

2010). The A380 issue created a complicated situation for Qantas in trying to

preserve its reputation. Dr Ulysses Chioatta from SSAMM Management Consulting

has commented that Qantas, by being ‘overly cautious and grounding more planes

sends out a less than confident message to customers’ (Washington 2010).


Reputation and branding, and safety can be considered to be part of Qantas’

strategic and operational objectives. Safety will also fall under the regulatory

framework for the aviation industry. Failure in either area can have serious

consequences for Qantas.

Qantas states that its risk management and internal control system aligns to the

principles in the AS/NZS ISO 31000: 2009 Standard and the COSO ERM Framework

(Qantas 2010, p. 23). Qantas’ risk management and the COSO ERM Framework are

compared below. The comparison illustrates how the strategic, operational,

reporting and compliance objectives are managed.

4.2.1 Internal Environment

The Qantas Corporate Governance Statement (Qantas 2010, p. 23) states that the

‘Board is responsible for reviewing and overseeing the risk management strategy’.

This shows commitment from the Board a top-down approach to risk management.

The Chief Risk Officer is also a member of the executive team.

4.2.2 Objective Setting

The Qantas Group Risk Management Framework is supported by three interrelated

elements: governance, risk management and assurance (Qantas 2010, p. 23).

4.2.3 Event Identification

A common standard for identifying, assessing and managing business risks across the

group — The Qantas Management System (QMS) — provides business units with

guidance regarding risk management. (Qantas 2010, p. 23).

4.2.4 Risk Assessment

Material risks and effectiveness of risk management plans are escalated to Executive

Management or relevant Board Committees. Assessments against different QMS

elements are undertaken (Qantas 2010, p. 24).


4.2.5 Risk Response

A Safety, Health, Environment & Security Committee (SHESC) is responsible for

assisting the Board in its corporate governance activities including risk management.

(Qantas 2010, p. 24).

4.2.6 Control Activities

The Qantas Group Risk Management Policy (Policy) sets the minimum requirements

and roles and responsibilities for managing risks across the organisation. The Board

reviews and approves this Policy (Qantas 2010, p. 23).

4.2.7 Information and Communication

A detailed risk register is prepared and reported every quarter by each business unit

(Qantas 2010, p. 24).

4.2.8 Monitoring

Independent, objective assurance and consulting services on the risk management

system is provided through an Internal Audit function (Qantas 2010, p. 24).

5 Corporate Governance

This section compares and contrasts the Qantas approach to Corporate Governance

as documented in their Corporate Governance Statement (Qantas 2010) with the

approach recommended in the ‘ASX Corporate Governance Principles and

Recommendations’ (ASX 2007) and the Kiel and Nicholson model (Kiel & Nicholson

2002).

5.1 Kiel and Nicholson Model

According to Kiel and Nicholson (2002, p. 18), despite uncertainty, practical solutions

to governance problems can be found. They highlight that the board has two primary

responsibilities:

1. conformance — relates to the past and present behaviour of the business.

Board monitors and supervises management and is accountable to


stakeholders. Achieved through reporting financial and non-financial

information about the business;

2. performance — is less developed. Board needs to focus on the future as

directors are held accountable for firm performance.

Kiel and Nicholson’s (2002) Corporate Governance Charter model aims to develop

more effective boards by providing both a structure and a process. When the model

is used as a process, it provides a forum to discuss ‘unmentioned’ issues that are

often not addressed and lead to poor governance. An updated version of the

Framework is shown in Figure 2.

Figure 2 Kiel and Nicholson's Corporate Governance Charter model (Effective

Governance Board Charter website).

The model’s focus is to assist the board in directing business success through a

process that aligns a company’s governance system to its organisational needs (Kiel


& Nicholson 2002, p. 23). The authors cite two primary benefits of the model. They

state that the model:

1. creates a major policy document that can assist in the corporation’s

leadership to deliver good governance;

2. guides strategic conversations at board level to move members to the

‘performing’ stage of group process.

(Kiel & Nicholson 2002, p. 23)

5.2 ASX Principles of Good Corporate Governance

The ASX Corporate Governance Council provides the following eight principles and

recommendations:

1. Lay solid foundations for management and oversight.

2. Structure the board to add value.

3. Promote ethical and responsible decision-making.

4. Safeguard integrity in financial reporting.

5. Make timely and balanced disclosure.

6. Respect the rights of shareholders.

7. Recognise and manage risk.

8. Remunerate fairly and responsibly.

(ASX 2007)

5.3 Qantas Corporate Governance Statement

5.3.1 Alignment with ASX Principles 2007

This comparison is fairly simple to establish from the Corporate Governance

Statement (Qantas 2010). According to Qantas’ Corporate Governance Statement

(Qantas 2010, p. 20), the ‘Board endorses the ASX Corporate Governance Council’s

Corporate Governance Principles and Recommendations’. Review of Qantas’

Corporate Governance Statement confirms that ASX Principles 1 to 7 is addressed.

Surprisingly though, Principle 8 — Remunerate fairly and responsibly — unlike the

first seven principles, is not specifically mentioned in the Statement. The


remuneration function is incorporated under the declaration of Principle 1. The

report states that it is the Boards responsibility to ensure that ‘a clear relationship

between performance and executive remuneration’ exists (Qantas 2010, p. 20). This

seems to satisfy the requirements of Principle 8.

5.3.2 Alignment with the Kiel and Nicholson Model

The details of the Corporate Governance Statement (Qantas 2010) have been

examined to compare and contrast the content of the Corporate Governance

Statement with Kiel and Nicholson’s model and the corresponding ASX principles.

The results are shown in Table 4 on the following page.


Table 4 Qantas Corporate Governance compared and contrasted with the

Kiel and Nicholson model and corresponding ASX principles.

Kiel and Nicholson Model Top Level Governance

Statement ASX

Principle

Defining Governance

Roles

Board Structure

The Board is structured to add value

2

Role of the Board

The Board lays solid foundations for management oversight

1

Role of Individual Directors


2

Role of the Chairman


2

Role of the Company Secretary


2

Role of the CEO


1

Key Board Functions

Strategy



1

2

CEO The Board lays solid

foundations for management oversight

1

Monitoring


The Board safeguards the integrity of financial reporting

1

4

Risk Management

The Board recognises and manages risk

7

Compliance


1

Policy Framework


1

Networking The Board makes times 5



Statement ASX

Principle and balanced disclosure

The Board respects the rights of shareholders

6

Stakeholder Communication

The Board makes times and balanced disclosure

The Board respects the rights of shareholders

5

6

Decision Making

The Board lays solid foundations for management oversight.

The Board promotes ethical and responsible decision making

1

3

Effective Governance

Director Protection


The Board promotes ethical and responsible decision making

2

3

Board Evaluation


2

Director Remuneration


2, 8

Director Development


2

Director Selection and Induction


2

Improving Board Processes

Board Meetings


1

Board Meeting Agenda


1

Board Papers The Board lays solid


1

Board Minutes The Board lays solid


1

The Board Calendar


1

Committees The Board lays solid 1



Statement ASX

Principle foundations for management oversight


2

5.4 Corporate Governance within the Context of Accountability

Frameworks

The objectives of the Kiel and Nicholson model are to create a major policy

document to assist the organisation’s leadership deliver good performance and to

guide strategic conversations at that board level to move members to the

‘performing’ stage of the group process (Kiel & Nicholson 2002, p. 23).

Figure 3 illustrates the analysis given in Table 4. The numbers next to each quadrant

represent the corresponding ASX principles. The significant result here is the loading

of the ASX principles as the Key Board Functions. This may not be a generic result but

a consequence of where Qantas places its governance responsibilities. The content

in Table 4 was generated by examining the details of each Board function and

Qantas could have chosen to arrange the Board’s responsibilities slightly differently.

This would have changed the distribution of the ASX principles slightly. However,

while redistribution may have been possible, it is not entirely flexible. Many ASX

principles fall in particular quadrants and some associations seem rigid. For example,

ASX Principle 7 — Risk Management — will always fall in the Key Board Functions

quadrant.


Figure 3 Kiel and Nicholson model and ASX principles overlap for Qantas corporate

governance.

Figure 3 highlights the areas of the ASX guidelines that the Board needs to focus on

during each of the four phases. It is also important to keep in mind that while the

Kiel and Nicholson model suggests structure and process, it is probably not intended

to be normative. Compliance with the ASX guidelines already provides a satisfactory

starting point.

6 Conclusion

This report examined the nature and relevance of risk, the importance of risk

analysis and management and corporate governance within the context of

accountability frameworks. Risk management, the implementation of risk analysis

and risk management systems with reference to the COSO ERM Framework were

discussed. Qantas’ risk management systems were compared with COSO ERM

Framework to assess how Qantas may manage reputation and branding, and safety


risks. Reputation and branding, and safety are of critical importance to Qantas. The

comparison indicated that the Qantas risk management structure closely follows the

COSO ERM Framework that support its strategic, operational, reporting and

compliance objectives.

The Qantas approach to Corporate Governance as documented in their Corporate

Governance Statement (Qantas 2010) was compared and contrasted with the

approach recommended in the ASX Corporate Governance Principles and

Recommendations (ASX 2007) and the Kiel and Nicholson model (Kiel & Nicholson

2002). The review shows the Qantas approach is aligned with the ASX Corporate

Governance Principles and Recommendations (ASX 2007). The Qantas approach also

satisfies the structure and process of the Kiel and Nicholson model. This alignment

demonstrates that the Qantas Board accepts responsibility for the key functions

regarding the Corporate Governance.


References

ASX 2007, ASX Corporate Governance Council, Principles of Good Corporate

Governance and Best Practice Recommendations 2nd edition

Bissett, A 2010, 'Enterprise risk management -- is it achievable?', Keeping Good

Companies (14447614), 2, pp. 80-83.

Bowling, D, & Rieger, L 2005, 'Making Sense of COSO's New Framework for

Enterprise Risk Management', Bank Accounting & Finance (08943958), 18, 2, pp. 29-

34.

Brooks, L. & Dunn, P. (2008) Business & Professional Ethics for Directors, Executives &

Accountants, Mason, South-western Cengage Learning.

COSO 2004, Enterprise Risk Management — Integrated Framework. Available at

http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf [Accessed

February 15, 2011].

Effective Governance Board Charter website. Available at:

http://www.effectivegovernance.com.au/Board-Charter.html [Accessed February

15, 2011].

Economics Intelligence Unit 2007, Best practice in risk management | BUSINESS

RESEARCH. Available at: http://businessresearch.eiu.com/best-practice-risk-

management.html [Accessed February 16, 2011].

Kiel, G & Nicholson, G 2002, Real world governance: driving business success through

effective corporate governance, Mt Eliza Business Review vol. 5, no. 1, pp. 17 – 28

Qantas 2010, Annual Report 2009 - 2010.

http://www.coso.org/documents/COSO_ERM_ExecutiveSummary.pdf

http://www.effectivegovernance.com.au/Board-Charter.html

http://businessresearch.eiu.com/best-practice-risk-management.html

http://businessresearch.eiu.com/best-practice-risk-management.html


Rao, A 2009, 'IMPLEMENTATION OF ENTERPRISE RISK MANAGEMENT (ERM) TOOLS -

A CASE STUDY', Academy of Accounting & Financial Studies Journal, 13, 2, pp. 87-

103.

Washington, T 2010, Qantas engine troubles raise risk questions. Available at:

http://www.riskmanagementmagazine.com.au/articles/66/0c06d866.asp [Accessed

February 15, 2011].

http://www.riskmanagementmagazine.com.au/articles/66/0c06d866.asp

the importance of risk analysis and management, and corporate governance

Business

branding risk

risk assessment

risk response

qantas risk management

practice of risk management

drivers of risk management

risksilo mentality

qantas approach