The development of the Group’s risk management strategy is a priority for the Board, to ensure risk identification and mitigation is entrenched as an on-going practice within the Santova Group so that it is an integral part of the day to day activities of operational management.
The Board’s recognition of the importance of effective risk management processes drives the mind-set of continuous reassessment and improvement of this strategy and the related processes, ensuring they remain effective and appropriate for the Group as it grows and evolves. The Board also plays a key role in the risk management process as it looks to obtain evidence throughout the year that the core objectives are satisfied, namely that:
- the most significant risks inherent in the Group’s business have been identified and are continually reassessed;
- management understands these risks; and
- management are effectively managing and mitigating these risks.
Further to the above, the Board seeks to ensure compliance with the specific risk governance recommendations of the King Code on Corporate Governance for South Africa – 2009 (“King III”) as well as other relevant codes and frameworks and best practice specific to our industries.
Risk Management Structure
The Board is ultimately accountable for the governance of risk within the Group and the following structure has been put in place to ensure that the required highly effective levels of risk management are maintained:
The Board has delegated the responsibility of ensuring that the practical risk management framework and processes are properly implemented to the Audit and Risk Committee. Membership of this committee consists of independent non-executive directors, all of whom have extensive knowledge and experience in the field of risk management.
Two primary management committees are then directly responsible for the day to day implementation of risk management processes throughout the Group and the monitoring thereof. These committees report directly to the Audit and Risk Committee on a quarterly basis.
Risk Management Committee
This committee oversees the daily risk management process for all areas of risk. All risks identified by operational management are reported to this committee on an ongoing basis through a central risk inbox set up exclusively for this purpose. The reported risks are assessed immediately to determine the level of priority and action required, and ultimately the impact and mitigation is further discussed and documented at committee meetings.
The committee is made up as follows:
MD Santova Financial Services
Group Financial Director
Financial Director Santova Logistics
KZN Regional Head Santova Logistics
The Group Chairman is copied on all relevant communication so that he is aware of the ongoing matters of the Risk Management Committee.
IT Risk Management Committee
This committee’s mandate is to oversee the daily IT risk management process and comprises members with the requisite IT skills and experience.
Financial Director of Santova Logistics
Group Financial Director (Chairman)
Divisional Head: Supply Chain Management
Supply Chain Management Systems Specialist – Europe
The two primary risk management committees are in turn supported by two additional risk management sub-committees as set out in the above diagram, along with a number of other informal operational forums.
In addition, the Audit and Risk Committee periodically calls upon the external auditors and certain external consultants to provide additional risk assurance.
Operating management are able to feed information involving day-to-day risk management seamlessly through this structure, ensuring an integrated approach to the practical implementation of risk management across the Santova Group.
Risk Management Process
The key aim of the Group’s risk management process is to identify, quantify and manage the key risks inherent within the Group. Identification and quantification is documented on the Risk Register and through this process management are able to assess the residual risk scores for each risk and ensure that these are maintained within acceptable tolerance levels.
At the regular meetings of the Risk Management Committee and the IT Risk Management Committee, formal agendas are drawn up and detailed minutes of the meetings are recorded. The Chairman of both the Risk Management Committee and IT Risk Management Committee attend every Audit and Risk Committee by invitation and present a formal risk report, minutes of the respective committee meetings and an update on all current key risk issues and initiatives.
The key to the Group’s risk management methodologies and procedures is the formally documented Risk Register, mentioned above, that identifies and measures all risks inherent within the Group. The Risk Register is a “live” document, under constant review and continuously updated by the Risk Management Committee, which evaluates each inherent risk identified in terms of potential impact and probability. Once an inherent risk score has been determined, responsibility for management of the particular risk is allocated and current controls and reports in mitigation of the risk are identified. This enables the control effectiveness to be determined and applied to the inherent risk to ultimately determine the residual risk score. Risks are ranked by the residual score for the purposes of directing planned future actions to be implemented by management.
The Risk Register is periodically reviewed by the Board and on an annual basis the Board performs a high level assessment of the key risks inherent in the Group, whereby each board member assesses and scores the risks. The results of these assessments, a summary of the most recent which is presented below, are combined and utilised by the Board to drive Group risk strategy and risk management.