Our Group-wide approach to managing risk 

The identification and management of risks is central to achieving our strategic objectives. It helps to protect us against potential negative impacts, enables us to take risk for strategic reward and improves our resilience against emerging risks. BHP believes effective risk management requires a single, consolidated view of risks across the business to understand the Group’s full risk exposure and to prioritise risk management and governance activity. As such, we apply a single framework (known as the Risk Framework) for all risks.  

There are four pillars in our Risk Framework: risk strategy, risk governance, risk process and risk intelligence.  

For more information refer to BHP Annual Report 2025, Operating and Financial Review – 7 How we manage risk. 

How our approach applies to sustainability-related risks 

Our Risk Framework requires the identification and management of risk (threats and opportunities) to be embedded in business activities. We aim to identify all risks associated with our business, including those that relate to sustainability, to support us to prioritise and manage the risks that matter most.  

When we assess the materiality of a risk, our Risk Framework requires us to consider all potential impacts, including to health and safety, the environment, communities, human rights and social value. This means potential sustainability impacts are required to be considered in the context of all identified risks – even risks that may not initially appear to be linked to sustainability.  

Once assessed, risks are required to be treated through appropriate controls, monitored and reviewed in accordance with the requirements of our Risk Framework. Current material risks are required to be evaluated once a year at a minimum by the risk owner or accountable individual. 

We classify all risks to which BHP is exposed using our Group Risk Architecture. This is a tool designed to provide a platform to understand risk exposure and manage identified risks. Similar risks are considered together in groups and categories, which supports us to manage risks associated with sustainability-related matters. For example, we consider similar risks in categories (such as ‘people and culture’), while risk groups that sit under those categories include ‘human rights’ and ‘diversity, inclusion and equal opportunity’. The Group Risk Architecture is designed to support Board and management visibility over the aggregate exposure to risks on a Group-wide basis and support performance monitoring and reporting against BHP’s risk appetite, including in areas related to sustainability.  

Further mandatory minimum performance requirements may also apply to the management of some sustainability-related risks. Refer to the following pages for information on how we manage risks related to tailings storage facilities, biodiversity, ethics and business conduct, safety, sexual harassment, and water.  

The Risk team provides the Board, Risk and Audit Committee, Sustainability Committee and senior management with insights on risk management across BHP. Risk reports may include trends, aggregate exposure and performance for our most significant risks (including sustainability-related risks), updates on the Risk Framework and risk management priorities, an overview of (and material changes in) BHP’s material risk profile and updates on strategic and emerging risk themes and signals.