Governance and Compliance
Management Approach
Evolution is committed to maintaining high standards of ethics, corporate governance, honesty and accountability. These are aligned with our values, in all aspects of our business by enacting robust corporate governance processes and ensuring our employees understand, and consistently meet, the standards formalised in our Corporate Governance Statement.
As per Recommendation 7.4 of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations, the Sustainability Report provides detailed information on the management of Evolution’s material environmental and social risks, with
a specific focus on climate risks and nature, in alignment with the Taskforce on Climate-related Financial Disclosures (TCFD) and Task Force on Nature-related Financial Disclosures (TNFD) V0.4.
We are committed to ensuring that our obligations and responsibilities to various stakeholders are supported through robust and transparent corporate governance practices. Adopting and operating in accordance with high standards of corporate governance enhances our sustainable long-term performance and value creation for all stakeholders.
Our 2023 Corporate Governance Statement reports against the ASX Corporate Governance Council’s Fourth Edition Corporate Governance Principles and Recommendations. Throughout the reporting period that ended 30 June 2023, the Directors believe that our governance arrangements align with the fourth edition of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations. Where the Company’s corporate governance practices do not meet with all the practices recommended by the Council, or the Board does not consider it practicable or necessary to implement, the Board’s reasoning for any departure is explained in the 2023 Corporate Governance Statement.
As per Recommendation 7.4 of the ASX Corporate Governance Council’s Corporate Governance Principles and Recommendations, the Sustainability Report provides detailed information on the management of Evolution’s material environmental and social risks, with a specific focus on climate risks and nature, in alignment with the TCFD and TNFD V0.4.
For further information, please refer to our Sustainability Report.
Board of Directors
The Board is the governing body of Evolution and its role is to represent and serve the interests of shareholders by overseeing and appraising Evolution’s values, strategies, policies and performance. The Board operates a Risk and Sustainability Committee as a Sub Committee of the Board. The role of the Risk and Sustainability Committee is to advise and support the Board of Directors on all matters pertaining to the Risk and Sustainability of the Company including the appropriate management of risk arising from the Company’s activities.
The Board is supported by the following committees:
- Audit Committee
- Risk and Sustainability Committee
- Nomination and Remuneration Committee
The Board is structured to ensure that the Directors’ skills and experience align with the Company’s goals and strategic direction. The functions and responsibilities for the Board and each Committee is set out in the respective Charters. Click here for information on our Board members.
Click the following links below for information on our Charters:
Governance Framework
Risk Mitigation and Management
The effective identification, understanding and mitigation of risks enables the successful execution of our strategic objectives. A rigorous risk management framework and system of internal controls has been established that informs decision making in support of creating
sustainable value.
Evolution’s risk-based decision approach is underpinned by our Sustainability and Strategic Planning Policy, associated Standards, and the Integrated Risk Management Framework. Supporting systems and procedures have been developed and are maintained at Group and Operations to align with these key systems and the principles of international standards and ICMM guidance.
In FY23, the Integrated Risk Management Framework and Group and Site Risk Registers were reviewed in detail with attention to the Group’s enterprise and operational material and critical risks. The intent was to drive further review, oversight and control of risks most material to the business.
Our Integrated Risk Management Framework is based on ISO 31000 Risk Management Guidelines and includes risk identification, analysis, monitoring, mitigation and reporting. The approach and related processes consider a broad spectrum of stakeholders and potential internal and external risk exposures. They assist in identifying and leveraging potential downside and upside, riskrelated opportunities. At Operational and Group levels, we conduct risk assessments to evaluate enterprise and operational risks that may impact people, health and safety, environmental, social, business, assets, finance, and reputational risks and opportunities, among others. Scheduled risk evaluation reviews are conducted by functional risk owners, Group and site-based risk champions, and senior leaders at the business,
functional and operational levels.
The Risk and Sustainability Committee is responsible for overseeing business-wide effectiveness of our risk management program, and for knowing and understanding the details of the material risks of the business. As part of its oversight responsibility, the Board ensures that a proper balance between risks incurred, and potential return to shareholders is maintained, that risk management programs are in place and effective (including internal control frameworks and insurance and loss prevention efforts) and ensures implementation of policies and standards for monitoring and managing risks. A list of material business risks is prepared for review by the Board Risk and Sustainability Committee three times per year, with follow-on reporting and discussion with the Board.
Crisis Response (including pandemic)
There is an established risk-based Crisis Management and Business Continuity approach to identify incidents that have the potential to significantly disrupt the operation and the relevant controls are checked for effectiveness to mitigate the risk likelihood and consequence of any potential event.
The control measures outlined incorporate the organisational responsibilities, the available internal and external resources, the communication, escalation and training requirements, supported by clear processes, guidelines and procedures to effectively manage the
crisis. In FY23, Evolution’s crisis management was ongoing given the frequency and nature of flood, fire and water events that impacted the various operations and communities. Management of COVID-19 was considered to have moved to business-as-usual. These live events
provided real life experience and exercises in crisis management, involving operational and Group teams.
Extreme weather and health events
The Evolution Climate Risk Position Statement was reviewed in FY23 and reflects that extreme weather was identified as one of four material climate-related risks to the business, along with water security, energy and emissions, and extreme health events.
Each operation is located in geographically unique parts of Australia and Canada, often adjacent to landholders and regional communities, where support for the communities and other nearby mines is part of our overall first response effort. During annual risk assessments and
the TCFD initial alignment review conducted in FY20, short-, medium- and long-term risks including cyclones, flood, long-term drought, bush and forest fires, late snow cover, food and water borne illness and broader health events, were identified, risk assessed, and had mitigating controls prepared. These mitigating actions at each operation include:
• Preparing for cyclone
• Rain and wind proof infrastructure and shelter
• Certified water storage and drainage network
• Secured buildings and infrastructure
• Telemetry weather detection systems including lightning
• Emergency response equipment including fire tenders and ambulance and personnel, training, scenario and competition
• Defined communication channels
• First responder and Crisis support and response for communities and nearby mines
Operations’ response plans are formally recorded in TARPS, Emergency Response Plans and Business Continuity Plans. Robust and proactive strategic planning remain integral to ensuring business continuity and the health and safety of the communities where we operate.
Case Study
Crisis management of extreme weather at Cowal and Mt Rawdon flood relief project
Business Ethics
The Code of Conduct sets the standards for our people to act ethically, responsibly and lawfully. It applies to Directors, all employees, contractors and consultants employed to undertake work on behalf of, or for Evolution and its subsidiaries. It guides us in meeting ethical standards and legal requirements, and all Evolution employees complete a training program to understand its requirements, including regarding anti-discrimination. We encourage employees to report known or suspected breaches of the Code of Conduct and any other policies and directives, and to raise any other serious concerns they may have. Any such report is responded to immediately and investigated accordingly.
We have established broad-based communication and training programs to ensure that all workers can step back and be aware of how they conduct their duties, and we ensure that the Code of Conduct is included as part of contractual agreements with consultants, advisors
and contractors. The Values and Leadership Behaviours within the Code of Conduct are assessed in regular Performance Reviews, and the resulting ratings factor into remuneration and performance recommendations.
The Code of Conduct is regularly reviewed to ensure that it remains on par with industry standards, regulatory amendments and the operating environment. During the reporting period, work also commenced on reviewing the supplier and vendor onboarding processes to ensure alignment with international and industry best practice standards and frameworks.
All new employees in FY23 received Code of Conduct training as part of the onboarding process.
Anti-bribery and Corruption policy
Evolution views any bribery or corruption behaviour as unacceptable. We have an Anti-Bribery and Corruption Policy which extends across all our businesses and activities, and applies to Evolution Directors, officers, employees, labour hire contractors and consultants employed to undertake work on behalf of, or for Evolution and its subsidiaries. Anti-bribery and corruption training is provided to all employees.
We expect contractors, suppliers and business partners to comply and monitor training compliance with the Anti-Bribery and Corruption Policy, which is included in the Supplier Code of Conduct.
In addition, we have an anti-bribery and anti-corruption clause in all our supplier contracts and undertake vendor due diligence as part of the supplier onboarding and contract renewal process.
All reported incidents of non-compliance or potential non-compliance are taken seriously, reviewed, and investigated. In FY23, there were no reported incidents of corruption.
Whistleblower policy
A framework has been established for individuals to raise concerns that relate to potential or actual unacceptable conduct. This framework is detailed in the Whistleblower Policy and Whistleblower Standard which includes the defined elements of independent reporting and
investigation procedures, disclosure protection, along with the associated corporate governance. They are communicated regularly to employees and contractors via onboarding processes, the Code of Conduct, the People and Culture department, and the intranet. The process is managed by an external third party in conjunction with the People and Culture department. Whistleblowing events and any actions are reported to the Audit Committee and the Risk and Sustainability Committee.
Evolution is committed to disclosing reports, areas of concern, and investigation and remediation outcomes. There was one Whistleblower case reported in FY23 via the FairCall (KPMG) service in Australia and Canada. It was related to an allegation of a physical assault and
upon investigation was found to be unsubstantiated.
Political parties and public organisations
In line with our policies, we uphold ethical and value-driven business conduct, including conduct in alignment with our climate targets and agreements. We do not undertake any political activity or sponsor any political parties, movements or public non-governmental organisations, nor make any contributions to support any such parties, movements or organisations. We are committed to disclosing political payments.
In FY23, no donations or payments were made to political organisations.
Transparency and disclosure
We are committed to open and transparent dealings with all stakeholders. Information is published on our operational, financial and Sustainability performance in a timely manner through several communication channels, including media releases, stock exchange announcements, social media, newsletters and community and investor meetings. We respond to stakeholder enquiries and requests for information as required.
Tax transparency code
Payment of tax is an important element of our contribution to the economic development of Australia and Canada. At a minimum, we comply with the Australian Government’s Voluntary Tax Transparency Code. Payments to government, including taxes and royalties, is provided separately in the 2022 Tax Governance Statement and ESG Performance Data document. Evolution has a publicly available Board approved Tax Governance Policy that complies with the guidance set out by the Australian Taxation Office.
Cyber Security
Like many businesses and organisations, we face constant and evolving cyber threats. The operating and control systems at the operations increasingly use digital platforms and technology-based solutions. As such, the security of these systems is crucial for the safe and efficient operation of our assets, making cyber security one of our material and emerging (long-term 3-5+ years) business risks. The risks of accidental or illegal access, corruption, disruption to business operations, theft of intellectual and other property, and damage pose significant financial, reputational, and psychosocial future impacts to Evolution. We remain vigilant regarding any cyber risks, and the workforce receives regular awareness training and communications on identifying and managing potential cyber threats.
A risk-based approach is applied to manage cyberrelated security risks applying good practice across standard processes. Evolution leverages leading frameworks such as National Institute of Standards and Technology (NIST) and guidance from the Australian Government’s Cyber Security Centre which are supported by independent and internal expertise. There are a range of measures implemented to manage cyber risk including:
- A cyber security policy applicable to all employees
- A cyber security strategy program as part of Evolution’s overall IT strategy
- Clear responsibilities with a centralised IT function and dedicated capability
- Mandatory cyber awareness training for all employees (92% compliance against target of 90%) supported by ongoing awareness alerts and education
- Defined Disaster Recovery scenarios with Disaster Recovery testing on six-monthly cycles
- Governance reporting and regular assurance including external audits, Incident Response exercises, penetration testing, and maturity
assessments against standards - Regular cyber security risk assessments to ensure new technology is appraised for security risks before implementation
- Encryption of laptops and mobile devices to ensure that information is inaccessible when these devices are lost or stolen
- Independent review and testing
As a result of these measures, independent assessors have indicated a strong uplift in the cyber maturity of our organisation.
In FY23 we:
• Conducted cyber security risk assessments against our information technology and operating technology environments
• Performed cyber security internal and external penetration testing and remediation activities
• Implemented new solutions to manage Third Party Vulnerabilities, and monitored our environment, supported by external verification
• Conducted cyber supply chain risk assessments
• Continued the audit program for OT (operational technology) controls assessments
• Conducted desktop incident response simulations and updated the response plans
• Reviewed and updated cyber security policies
Management and the Board have identified cyber security as a material risk and receive regular reports on cyber security preparedness. Cyber security is a standing agenda item on the Board Risk and Sustainability Committee agenda, with reporting occurring at each Committee meeting which includes detail on Management’s efforts and initiatives to monitor and prevent cyber incursions, incidents
and any emerging threats. Significant investment in a comprehensive end-to-end IT system is driven by a recognition that Evolution needs to continually invest in cyber security.