RISK MANAGEMENT AT IGO At IGO, risk management is overseen by the Board through the Sustainability and Risk Committee. The Committee operates in accordance with a Charter approved by the Board. The primary role of the Committee is to assist the Board with overseeing and monitoring the Company’s Risk Management System. It should be noted that specific elements of financial risk management are separately monitored and reviewed by IGO’s Board Audit Committee. The charters of both committee’s are available at aspx?RID=295. IGO’s defined position on risk management is stated in our Risk Policy, which can be viewed at aspx?CategoryId=190&CPID=4266&EID=31719529 &masterpage=3. A description of our risk management system (inclusive of IGO’s Risk Appetite Statement) is provided in IGO’s Common Management System Standard 3 – Risk Management. The system is intended to address risks that may: • impede the Company from achieving its purpose • impact on the Company’s performance • affect the health, safety or welfare of employees, visitors, communities and others in relation to the Company’s operations • impact on the community and the environment in which the Company operates • impact on insurance arrangements • threaten compliance with the Company’s statutory obligations • impact on the Company’s reputation, or that of its people • result in personal liability for Company officers arising from the Company’s operations. IGO’s Risk Management System is a hierarchy of three risk management processes: • Business Critical Risk Management • Operational and Project Risk Management • Personal Risk Management (primarily safety risks) Business Critical Risk Management is the process used by IGO’s senior leadership team and Board to identify and manage those risks that pose the greatest threat to our business. For clarity of communication, each process uses the same central methodology to categorise risk. As an outcome, any given risk will fall into one of five categories (very low risk, minor risk, moderate risk, major risk and catastrophic risk) based on consequential impacts related to health, safety, environment, community and reputation, financial loss or exposure and statutory compliance. As per our IGO Risk Appetite Statement, we will not take action, nor are any of our employees or agents authorised to take action or, through omission, permit circumstances in which IGO assumes or takes a risk that is assessed to fall within the IGO risk category of “catastrophic”. IGO may, subject to proper review and the implementation of appropriate controls, and subject to the appropriate level of authorisation, take risks categorised at a risk level lower than “catastrophic”. It should be noted that IGO imposes a higher standard (i.e. we are less risk tolerant) with regard to managing HSEC risk. Specifically, IGO will not permit or accept circumstances in which the potential HSEC risk is assessed to fall within the IGO risk categories of “major” or “catastrophic”. Any risk that exceeds approved thresholds is deemed a “material risk” and is subject to review by ExCo and the Board. 32 — IGO SUSTAINABILITY REPORT 2018