Risk and compliance committee report

Report to shareholders on the activities of the risk and compliance committee for the 12 months ended 31 March 2017

Introduction

The committee is a committee of the board and its main objective is to ensure sustainable growth in all our businesses and to promote a proactive approach in evaluating, monitoring, resolving and reporting risks associated with our businesses.

This objective is supported by the following underlying policy statement:

“To ensure protection of shareholder value through the establishment of an integrated risk management framework/system for identifying, assessing, mitigating, monitoring, evaluating and reporting risks.”

Terms of reference

The risk and compliance committee has adopted formal terms of reference that were reviewed during the year and approved by the board of directors, and has executed its duties in the past financial year in line with these terms of reference.

Composition

Following the retirement of Bridgette Modise from the board, Timothy Leaf-Wright was appointed as chairman of the committee on 31 October 2016. The members of the committee are:

Membership   Status  
Leaf-Wright (chair) Independent  
Naude Independent  
Ross Independent  
Castle Executive  

Meeting date   Attendance  
3 October 2016 All present  
20 February 2017 All present  
29 May 2017 All present  

Responsibilities

The responsibility for risk in the PPC group is clearly mapped and can be summarised as follows:

  • The board is accountable to shareholders for the governance of risk and to ensure that the company’s strategy and business plans have been properly considered and associated risks evaluated.
  • The board has delegated responsibility to evaluate the risk management process, the effectiveness of the risk management activities, the key risks facing the company and the appropriate responses to address key risks to the risk and compliance committee of the board.

Risk management

The responsibility to design, implement and monitor the risk management plan has been delegated to management. The risk management plan ensures that the risk management policy is implemented and that the risk management processes are embedded in all the organisation’s practices and business processes. The following are some of the key activities for the year under review:

  • The committee reviewed the risk management framework policy and plan
  • A management report on the execution of the risk management plan against targets was tabled for the committee to consider
  • The six-monthly reviews of the group risk registers was conducted and the current group risk register was tabled at the board meeting in March 2017
  • The committee also noted the remedial action plans of management to reduce the inherent risk exposure of the group
  • The committee was satisfied that further progress had been made with embedding the risk management processes as part of the day-to-day management in the group
  • Of significance is the current roll-out of a business continuity management programme in the group. As part of this programme, existing crisis management plans in the group is also under review
  • The risk matrix was also been reviewed with its risk appetite and tolerance indicators

Material risks

During the period under review all the risk registers in the PPC group were reviewed. For detail on the material risk of the group refer to material issues and response strategies on
page 22 of the report.

Group compliance

As a governance principle, the board ensures PPC complies with applicable laws and considers adhering to non-binding rules, codes and standards.

In the group, this responsibility has been delegated to the risk management and compliance committee. This committee’s responsibilities include monitoring compliance issues, approving the compliance policy, ensuring it is observed and that compliance risks are reported.

Management is responsible for implementing the compliance policy and the day-to-day management of compliance risks. This includes responsibility for ensuring appropriate remedial or disciplinary action is taken if breaches are identified. The following issues should be noted:

  • Fraud risk registers have been introduced in the group subsidiaries to limit the risk exposure of the companies
  • In support of the above, a fraud prevention programme has been initiated which includes training, a communication plan and the roll out of new guidelines
  • As part of the annual review programme, the group risk register was reviewed in December 2016
  • Finally it should be noted that the scope of compliance was broadened by the inclusion of group policy management as well as oversight of the “know your business partner” policy of the group

Legislation watch list

The following new legislation is currently high on the PPC group watch list:

Draft carbon tax bill: The draft carbon tax bill was released for comment on 2 November 2015, but the implementation of this tax has been delayed a couple of times.

The broad-based black economic empowerment charter* for the South African mining and minerals industry was published by the Department of Mineral Resources (DMR) in June 2017.

* The Chamber of Mines has since brought an urgent interdict and this legal action is being closely monitored.
Significant fines

During the year there have been a number of significant fines greater than R200 000 for non-compliance with laws and regulations as follows:

  • A legal counter claim to the value of R3 438 526
  • PPC Group Services paid tax penalties in SA in the amount of R1 566 995

Environmental compliance

For more detail we refer to the environmental report on page 122 of this report.

Health and safety

For more detail we refer to the health and safety report on page 104 of this report.

Conclusion

The following strategic focus areas were identified for the 2018 financial year:

Risk assessments

  • Across all levels of PPC (group, functional and operational) efforts will be increased to improve risk calibration and categorisation in all risk registers
  • Fraud and corruption risk registers will be refined

Risk reviews

  • The risk appetite and tolerance matrix will be further refined and a related policy will be implemented
  • Risk mitigation measures will be stress tested to ensure that they are resilient enough

Risk control measures

  • Increased focus will be placed on improving the quality of mitigation measures and on monitoring progress in achieving the desired outcomes
  • Business continuity management programme across PPC which is being reviewed
  • Management will promote the use of policies as a tool to mitigate specific risks
  • There will be an increased focus on insurance underwriting survey recommendation implementation

Risk mitigation monitoring

  • Management will drive the roll out of combined assurance model to the South African business, international business and group finance

The committee will oversee the implementation of these objectives and report on management performance to the board.

With regard to the past financial year, the risk and compliance committee is satisfied that it has complied with its responsibilities as set out in its terms of reference.

On behalf of the risk and compliance committee

Tim Leaf-Wright
Chairman
6 June 2017