Dynamic Risk Assessment 2021 – Key Risk Groups Sub optimal Data Governance Member Outcomes IT Operations Member outcomes group Brand and Reputation Technology group Growth group Number of connections Growth from other material risks Leadership Information &Talent Security (including Cyber Risk) Relative impact The reliance on systems and networks means that How are we managing this group? the impact of even simple cyber-attacks can disrupt – our growth strategy is focused on responding to operations. InformationSecurity risk is the highest these three risks including our merger with Media Super, velocity risk in our network which means that should ensuring it will deliver additional scale and benefits a cyber risk event occur it has the ability to impact our strategic objectives the quickest out of any other risk. to both Cbus and Media Super members We invest in responsive controls to ensure should a cyber – continuing to evolve our frameworks and processes event occur it is promptly identified, responded to and to drive ongoing efficiencies and cost benefits resolved without impacting our strategic objectives. to our members How are we managing this group? – embedding and maturing our member outcomes framework. – preventative controls including firewalls, antivirus • ‘growth group’ includes brand and reputation, growth and anti-malware, user access controls, training, and leadership and talent material risks. The connections third party security risk assessments and monitoring between brand and reputation and growth are discussed – detective controls including data quality controls, system above, however the additional linkages to leadership monitoring, penetration testing, data leakage protection and talent is identified in thisgroup. This highlights the – responsive controls including security incident response importance of ensuring we attract and retain the right plans and controls to respond to business disruptions. capability, capacity and leadership to improve inorganic • a ‘Member outcomes group’ includes brand and growth opportunities and our growth strategy more broadly. reputation, growth and sub optimal member outcomes Without appropriate leadership and talent there is risk material risks. We are operating in an increasingly of significant impact to our ability to execute on our strategy competitive and regulated environment where maintaining and deliver scale. In addition, without a strong brand and scale and achieving growth is essential to continue to deliver reputation in the market this can impact on our ability the best outcomes forall ourmembers. In order to grow, to attract and retain the leadership and talent required. maintaining our strong brand and reputation is critical; How are we managing this group? and in order to maintain our strong brand and reputation – l eadership programs being rolled out to current we need to continue to deliver member outcomes. and aspiring leaders In addition, the prudential regulation is becoming more outcome focused, providing closer scrutiny on those funds – recruitment process and controls who don’t continue to deliver outcomes for their members. – performance management framework All other risks in our network can trigger this group of – talent development and succession planning. risks therefore wefocus our efforts on mitigation through monitoring and remediation controls including both lead and lag indicators. Annual Integrated Report 2021 37