Governance, Risk, and Compliance (GRC) Policy

1. Purpose

Ascend GRC is committed to upholding the highest standards of governance, risk management, and compliance (GRC) to support ethical decision-making, organisational resilience, and regulatory adherence. This policy establishes the principles and framework for integrating GRC practices across all operations.

2. Scope

This policy applies to all employees, board members, contractors, and stakeholders involved in Ascend GRC’s governance, risk, and compliance functions.

3. Definitions

• Governance: The structures, policies, and processes ensuring accountability, integrity, and ethical leadership.

• Risk Management: The identification, assessment, and mitigation of risks that may impact organisational objectives.

• Compliance: Adherence to legal, regulatory, and internal policy requirements.

4. Policy StatementAscend GRC is committed to:

• Strong Corporate Governance – Promoting transparency, accountability, and ethical leadership.

• Proactive Risk Management – Identifying and mitigating risks in alignment with ISO 31000 principles.

• Regulatory Compliance – Ensuring adherence to all applicable laws, regulations, and industry standards.

• Continuous Improvement – Regularly reviewing and enhancing GRC practices to align with best practices.

5. Governance Framework

• The Board of Directors provides strategic oversight and ensures compliance with legal and ethical standards.

• The Executive Team implements governance policies and fosters a culture of integrity and accountability.

• Employees and stakeholders are responsible for adhering to governance principles and reporting concerns.

6. Risk Management Approach

• Risk Identification: Assess risks in financial, operational, reputational, legal, and compliance areas.

• Risk Assessment: Categorise risks based on likelihood and impact.

• Risk Mitigation: Implement controls and strategies to manage identified risks.

• Risk Monitoring & Reporting: Regularly review risk registers and report to the Board.

7. Compliance Management

• Regulatory Adherence: Maintain compliance with Australian laws, international standards, and contractual obligations.

• Internal Policies & Controls: Develop and enforce policies to support compliance objectives.

• Training & Awareness: Conduct ongoing education on governance, risk, and compliance responsibilities.

• Incident Management: Establish reporting and response procedures for compliance breaches.

8. Compliance & Enforcement

• Failure to comply with this policy may result in disciplinary action, regulatory reporting, or contractual penalties.

• Regular audits and reviews will be conducted to ensure compliance and risk management effectiveness.

9. Related Legislation & Standards

• Corporations Act 2001 (Cth).

• Australian Charities and Not-for-profits Commission (ACNC) Governance Standards.

• ISO 31000: Risk Management.

• AS ISO 19600: Compliance Management Systems.

• ASX Corporate Governance Principles.

10. Review & Approval

This policy will be reviewed annually by the Board of Directors to ensure its continued effectiveness and alignment with regulatory changes.

11. Contact Information

For queries regarding this policy, please contact:Ascend GRC Compliance Team

Email: compliance@ascendgrc.org.au