138

Notes to the consolidated fnancial statements (continued)

for the year ended 30 June 2011

34. Group risk management (continued)

34.1 Group risk management objectives and structure (continued)

The Three Lines of Defence model of accountability involves:

LINE OF DEFENCE RESPONSIBILITY OF ACCOUNTABLE FOR

First – Manage risk and comply with Suncorp Group frameworks, policies and risk appetite

All Business Areas (and staff)

–– Identifying and managing the risks inherent in their operations

–– Ensuring compliance with all legal and regulatory requirements and Suncorp Group policies; and

–– Promptly escalating any signifcant actual and emerging risks for management attention.

Second – Independent functions own and monitor the application of risk frameworks, and measure and report on risk performance and compliance

All Risk functions (Suncorp Group and Line of Business)

–– Design, implement and manage the ongoing maintenance of Suncorp Group risk frameworks and related policies

–– Advise and partner with the business in design and execution of risk frameworks and practices; develop, apply and execute Line of Business risk frameworks that are consistent with Suncorp Group for the respective business areas; and

–– Facilitate the reporting of the appropriateness and quality of risk management.

Third – Independent assurance over internal controls and risk management practices

Board Audit Committee, internal and external auditors

–– Decides the level and extent of independent testing required to verify the effcacy of internal controls

–– Validates the overall risk framework; and

–– Provides assurance that the risk management practices are functioning as intended.

The Board has delegated authorities and limits to the Group Chief Executive Offcer (Group CEO) to manage the business. Management recommends to the Board, and the Board has approved, various frameworks, policies and limits relating to key categories of risk faced by the Suncorp Group within the Group CEO authorities and limits.

The Senior Leadership Team, comprising the Group CEO, Line of Business CEOs and all Senior Executives, provides executive oversight and direction-setting across the Suncorp Group, taking risk considerations into account. The Group Chief Risk Offcer, a member of the Senior Leadership Team, is charged with the overall accountability for the Risk Management Framework and overall risk management capability.

The Suncorp Group has in place a number of Management Committees, each with its own charter, to execute specifed responsibilities in the risk framework. The Suncorp Group and each operating division (excluding Vero New Zealand) has an Asset and Liability Committee to provide effective governance over aspects of the risk framework designed to optimise the long-term returns achieved by asset portfolios within the risk appetite or parameters established by the Board.

Operating divisions, subject to APRA regulation, prepare Risk Management Strategies (RMS) approved by the Board and submit to APRA annually. The RMS describe the strategy adopted by the Board and management for managing risk within APRA-regulated entities, including risk appetite, policies, procedures, management responsibilities and controls.