Our Board-approved enterprise-level risk and compliance management systems follow a holistic, systemic approach to identify and assess risks, design and implement controls and monitor their effectiveness. Development of these systems has been informed by international risk and compliance management standards.
Alinta Energy uses a 3 Lines of Defence model to structural implement risk management and assurance, with Line 1 being risk and control owners, Line 2 being risk management functions and Line 3 being internal audit.
We use an overarching Governance, Risk and Compliance (GRC) platform, which is embedded operationally across the business.
Risks to our IT systems particularly relate to cybersecurity, following several major data security breaches in Australia and elevated threat levels around the world.
Enterprise Risk Management
Alinta Energy’s enterprise risk management framework (ERMF) has been developed in accordance with standards AS/NZS ISO 31000 and the Committee of Sponsoring Organizations’ Enterprise Risk Management – Integrated Framework (COSO II). It governs how we identify, analyse, evaluate, address, monitor and communicate risks to support our risk culture. Risks are classified as financial, strategic, operational or reputational and are assessed against consequence and likelihood rating criteria.
Business units prepare risk reports which include current, new and emerging risks and the progress of mitigating actions. This happens twice a year and follows a bottom-up process to support accountability for risk. It incorporates a divisional risk register review which includes all business leaders. Divisional risks are reported to the Board and its Audit and Risk Committee.
Enterprise compliance
Our enterprise compliance management framework (ECMF) complements the ERMF and aligns with the new international compliance standard: ISO 37301 Compliance Management Systems.
The Board-approved ECMF standardises compliance management across Alinta Energy and serves to:
- Define the key attributes and objectives of our compliance culture.
- Describe the roles and responsibilities to manage compliance.
- Outline the process for ongoing monitoring, reporting and review.
Alinta Energy’s enterprise compliance reporting framework is underpinned by compliance strands, which are defined compliance groupings that reflect key compliance risk exposures. Each compliance strand has an accountability structure, owned by the relevant executive leadership team member.
These compliance strands include sustainability compliance and reporting, health and safety, environment, modern slavery, retail markets, regulatory compliance, power generation and asset management, information security, and privacy and information management. These compliance strands may change over time to reflect changes in our operations or the regulatory and compliance landscape.
A compliance obligations register captures obligations and critical controls for each strand, to maintain visibility at executive and Board level over controls and any changes to the compliance regime. This aligns with the new international standard for compliance management systems.
We use a comprehensive Governance, Risk and Compliance (GRC) platform called ServiceNow to operationalise the management of our obligations and risks and provide enterprise compliance reports to the Board’s Audit and Risk Committee for oversight and monitoring.
Information technology
Alinta Energy’s IT function plays a pivotal role in serving external and internal customers, underpinning regulatory compliance, and developing new solutions to support growth and innovation.
Our digitisation program helps our people work more efficiently. It includes providing new tools, improving existing systems, and automating key business processes across the organisation. In addition to the enCORE and ServiceNow platforms we use for customer management and enterprise risk and compliance management respectively, some of our other initiatives are:
- Wholesale markets and power generation – We have mature digital practices in the power generation and wholesale markets areas of the business. This has delivered reliable systems that support operational efficiency and continue to effectively meet our compliance requirements.
- Future planning – We have enhanced our software development and IT operations culture and invested further in cloud capabilities. This improves our agility while maintaining stable systems and supporting scalability.
- Robotics – We have invested in technologies like robotic process automation which reduce our overall costs across the value chain.
Internal audit
Alinta Energy’s internal audit function provides independent assurance by assessing the effectiveness of our governance, risk management and controls. Internal audit operates with a co-sourced structure, reporting to the Board’s Audit and Risk Committee, with a functional reporting line to the Executive Director – Corporate Services. An independent consultancy conducts our internal audits.
An annual internal audit plan is approved by the Committee, providing coverage of business activities over time and based on their risk profile. Reports are presented to senior management and the Committee, including recommendations for actions to address any weaknesses and enhance our control environment. The Committee oversees management’s progress to complete agreed actions on a timely basis.
Legislation and policy
Alinta Energy is subject to extensive legislation relating to health and safety, competition, environmental compliance, retail practices (including customer communications, rights and protections), renewable energy, energy efficiency, energy trading and tariff setting.
Our whole business is actively involved in complying with these requirements, supported by specialists from our risk management, legal, regulatory, safety, compliance and sustainability teams. Our systems and controls support and monitor our ongoing compliance.
We make investments that streamline our processes, develop our people, and allow us to respond to risks before they result in an incident or cause harm. This is reflected in an uplift in how we conduct business, our people’s understanding that compliance is non-negotiable, and our shared responsibility to meet our ongoing obligations.
We actively monitor legislation, government policy and regulatory expectations to consider the impact of changes and new requirements and make plans to address them. Regulatory developments are monitored by our specialist regulatory team and other functions and business units through third-party alert services, regulatory and departmental websites, industry associations, industry working groups and ongoing stakeholder engagement.
Security of critical infrastructure
The Security Legislation Amendment (Critical Infrastructure) Act 2021 (SLACI Act) and the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act) apply to Alinta Energy as our power generation facilities include critical electricity assets.
We have heightened our cybersecurity maturity at our power generation sites including continuous monitoring for vulnerabilities and automation of critical IT and operational technology practices.
Privacy
Our customers trust us with sensitive personal and commercial information. We take our responsibility to protect this very seriously. Our business has stringent measures in place to comply with the Privacy Act 1988 and the Australian Privacy Principles.
Our information and compliance framework is the foundation of our approach to privacy. This is supported by our privacy policy, credit policy and cybersecurity policy. We have an information classification and handling standard and a privacy impact assessment process that set out how we manage information and privacy risks and protect confidential data. An internal management committee specifically oversees how we manage privacy and the effectiveness of controls. All employees receive mandatory privacy training as part of their induction, and annual refresher training.
Foreign Investment Review Board
Alinta Energy must meet conditions set during 2017 by the Foreign Investment Review Board (FIRB conditions) when the business was acquired by Hong Kong based Chow Tai Fook Enterprises Limited.
The FIRB conditions relate to a range of governance and operational matters. They include the composition of our Board, data security and protecting information about our network and operation technology. This affects how we manage data, and how we operate and maintain our systems and infrastructure.
Alinta Energy’s compliance with the FIRB conditions is independently audited annually and reported to Commonwealth Treasury.
Ethical behaviour
Code of Conduct
Our Code of Conduct provides the framework for our people to behave ethically and is the basis of our policies and procedures.
All employees must complete online training on the Code of Conduct every two years, including a competency test to check they understand their obligations. New employees complete this training as part of our induction process. The Code of Conduct is available to all employees on the intranet.
Anti-corruption
Alinta Energy has zero tolerance for bribery and corruption. We expect all our people to act with honesty and integrity across all aspects of their work and adhere to our high ethical standards.
This is reflected in our values and incorporated in our Code of Conduct and our Anti-Corruption and Bribery Policy, which are available to all employees. Behaving in accordance with our values is part of our employee review process and people who do not meet this core expectation face disciplinary action, which can include dismissal.
Alinta Energy did not have any suspected or confirmed incidents of corruption or any legal cases regarding corruption brought against the business or our employees during FY23.
Whistleblowing
Alinta Energy is committed to ethical behaviour at all levels of our business.
Our people are strongly encouraged to immediately report any illegal or inappropriate acts to their manager, a member of the executive leadership team, or to an independent whistleblower hotline. This includes actual or suspected theft, fraud, dishonesty, harassment, unethical behaviour and workplace safety hazards. Investigations into any reports are led by the General Counsel and the Chief Risk Officer.
Our reporting channels enable people to raise concerns without fear of harassment or discrimination. This includes an independent whistleblower notification service operated by Deloitte.
Modern slavery
We are committed to fair business practices and protecting human rights. Alinta Energy strongly opposes modern slavery in all its forms including child labour, forced labour, involuntary labour and people trafficking. We expect everybody we work with, internally and at every level of our supply chain, to do the same.
Alinta Energy is a reporting entity under the Modern Slavery Act (Cth) 2018 and reports jointly with our parent entity, Pioneer Sail Holdings, and its other Australian subsidiaries. Our Modern Slavery Statement explains how we address modern slavery risks across our supply chain, including the governance framework, due diligence, training and awareness campaigns and resources we have implemented.
Insurance
Alinta Energy has a comprehensive insurance program that includes policies for property damage, business interruption, workers compensation, combined liability, directors and officers liability, corporate travel, motor vehicle, marine transit and group journey injury cover. We maintain insurance policy deductibles and limits at levels we believe are adequate, reasonable, consistent with our risk profile and aligned with industry practice.
Business continuity
We have planned carefully to eliminate or minimise interruptions from events that could affect our ability to operate. These might include accidents, natural disasters or malicious attacks targeting our business or other events in the physical or digital environments where we operate.
Our facilities all have site-specific emergency response plans which include details such as contact numbers, how to raise the alarm, how to notify authorities, initial response procedures, roles and responsibilities, emergency equipment, communication protocols, drills and training and post incident recovery. We also have a corporate crisis management plan for emergency situations.
Three key issues that could impact our business are considered below, along with our approach to minimise their impact and strengthen our risk management practices.
- Supply security and energy prices - Our capacity agreement with Loy Yang B power station and our long-term gas supply agreements on the west coast have significantly reduced our exposure to the recent sharp increases in international coal and gas prices.
- Cybersecurity - Cybersecurity is a growing global concern and organisations with significant infrastructure and large customer databases are primary targets. New legislation to increase the security of critical infrastructure has been introduced during the year. There are also upcoming energy sector reforms focused on consumer data rights. Alinta Energy is investing significantly in leading edge capabilities to protect our physical and digital assets and building ongoing cyber resilience. We are committed to improving our cybersecurity practices through a dedicated professional team and collaboration with industry partners. We apply the Australian Energy Market Operator’s (AEMO) voluntary assessment program and the Australian Energy Sector Cyber Security Framework. This includes regularly assessing ourselves against the framework and implementing improvements, partnering closely with AEMO. We continuously assure customer information throughout its lifecycle and delete it when it is no longer required.
- Climate-related risks - We recognise that climate-related risks pose a threat to business continuity. This includes physical risks posed by acute and chronic changes to weather patterns and natural disasters such as bushfires, cyclones, and increasing temperatures; and transition risks associated with the shift to a lower-carbon economy such as insurability, access to finance and changes to the legal landscape. We have recently prepared our first TCFD report covering FY23.
Employment arrangements
Labour management relations
Our employee relations reflect our values of People Matter and Respect & Integrity. This includes acting fairly and supporting equal opportunity, diversity and inclusion. We base appointment and promotion decisions on merit and have processes to challenge and reduce unconscious bias. Alinta Energy’s employment practices are governed by legislation, regulations and industrial instruments. We comply with minimum notice periods regarding operational changes in accordance with Australian and New Zealand legislation.
Freedom of association and enterprise bargaining
Our employees and contractors have the right to associate freely and join industrial associations such as trade unions. Employees also have the right to engage in enterprise bargaining, where they and their representative (such as a union) negotiate with us for an enterprise agreement.