15
Corporate Governance Statement | 2023
Telstra 2023 Corporate Governance Statement – 1 September 2023
TELSTRA GROUP LIMITED, ABN 56 650 620 303
The forums provide senior management
with more detailed and timely information
in relation to our key risks and controls,
including current and emerging risks,
compliance, privacy, fraud, customer
experience, responsible business, business
continuity, network resilience, cyber and
data security, supplier governance, health,
safety and wellbeing, climate change and
internal audit activities.
Our risks
We maintain ongoing processes for
identifying emerging and escalating
sources of risk to our business. This
includes undertaking risk assessments on
products and services from design through
to market launch, industry and market
trend analysis, risk workshops with our
partners, and regular risk forums with
senior management.
Identied risks, along with their controls
and treatment plans, are monitored for
changes in their exposure, or
eectiveness, and are reported to the
Board (including its Committees) during
the year.
We consider environmental, social and
governance (ESG) factors as part of our
consideration of our risks. Each year we
apply a double materiality approach where
we consider the inward-facing
sustainability related nancial factors that
may inuence the long-term sustainability
of our business and outward-facing
sustainability impact factors of greatest
signicance to our stakeholders, society
and the environment. For more
information about the sustainability
related nancial risks to our business,
please see our 2023 Annual Report.
Maintaining clear oversight of our climate
related risks and opportunities is one of
our sustainability governance priorities.
We are committed to enhancing our
climate-related disclosures, as provided in
the Understanding our climate risks
section of the 2023 Annual Report, which
are aligned with the recommendations of
the Task Force on Climate-related
Financial Disclosures (TCFD).
FY23 activities and initiatives
We undertake various activities to monitor
and review our risk management
framework to ensure that it is operating as
intended. We conduct reviews and self-
assessments of our framework annually
across the enterprise and report the
results to our senior management risk
forum and the Audit & Risk Committee.
We use the results of those reviews, as
well as recommendations from Group
Internal Audit, to identify and implement
opportunities that improve our framework.
In FY23 we implemented several
improvements in our risk management.
These included a focus on accountability
and responsibility for risk management in
our Agile operating model, the
continuation of our Compliance Uplift
Program, signicant improvements in our
controls and assurance capabilities and
the implementation of our single
Governance, Risk Management and
Compliance technology platform, which is
enabling better monitoring, reporting and
alignment on risks and controls
eectiveness.
Notably, our Compliance Uplift Program
continues to uplift our standards. By the
end of FY24 the program will be
substantially completed. We have made
signicant improvements in our controls
and assurance capabilities to ensure our
processes, policies and behaviours meet
our customers’ expectations, minimise the
risk of non-compliance and manage our
key risks. The introduction of Telstra’s
Controls Assurance Framework in April
2022 marked a crucial milestone, enabling
a consistent approach to identifying,
testing, and reporting control
eectiveness.
Our Audit & Risk Committee
Charter is available on our
governance website at
telstra.com/governance.
A summary of the material risks that
could aect Telstra (including any
material exposure to economic as
well as ESG risks), and how we seek
to manage them is provided in the
Our material risks section of our
2023 Annual Report at telstra.com/
annualreport.
More information about climate
change and other sustainability
risks, our approach to managing
them, and our performance is
available in the Our material risks
section and the Understanding our
climate risk section of our 2023
Annual Report, as well as our 2023
Bigger Picture Sustainability Report
at telstra.com/sustainability/
report.
Internal audit
Our internal audit activities are undertaken
by Group Internal Audit, Telstra’s internal
audit function. The role of Group Internal
Audit is to provide the Board and
management with independent and
objective assurance on the eectiveness
of our governance, risk management and
internal control processes. To maintain the
necessary independence it needs to carry
out its role, Group Internal Audit has no
direct operational responsibility or
authority over any of our business or risk
management activities.
Functional responsibility for Group
Internal Audit resides with the COE
Executive, Group Internal Audit, whose
appointment is approved by the Board.
The COE Executive, Group Internal Audit
reports to the Audit & Risk Committee and
administratively to the CFO. Group
Internal Audit has full and unrestricted
access to all our information systems,
records, physical properties and
employees to carry out its activities. The
work of Group Internal Audit is guided by
The International Professional Practices
Framework provided by the Institute of
Internal Auditors. The Audit & Risk
Committee monitors Group Internal
Audit’s activities and performance,
including its independence.
Our external auditor
Telstra’s external auditor is Ernst
& Young (EY). Our EY lead auditor attends
our AGM and is available to answer
shareholder questions about
the conduct of our audit and the
preparation and content of the
auditor’s report.
The Audit & Risk Committee oversees
our relationship with EY, which includes
reviewing and assessing EY’s performance
and independence, and monitoring
management’s adherence to our policy
on audit and non-audit services provided
by EY.
During FY23, the Audit & Risk Committee
was provided with regular reports outlining
the nature and amount of any non-audit
services rendered by EY and an
explanation of how the provision of those
non-audit services was compatible with
auditor independence.
Details of amounts paid or
payable to EY for non-audit
services provided during the
year are disclosed in Note 7.1 to
our Financial Statements in our
2023 Financial Report (included
in our 2023 Annual Report at
telstra.com/annualreport).