Governance and Sustainability


The Board is ultimately accountable for the risk management process and system of internal control within Remgro. The Board has documented a comprehensive Risk Management Policy and plan which has been implemented by manage­ment. This incorporates continuous risk identification and assessment and internal control embedment as well as risk reduction and insurance strategies.

The Audit and Risk Committee is mandated to monitor the effectiveness of the risk management process and systems of internal control and is supported in this regard by its subcommittee, the Risk and IT Governance Committee. The Group’s internal and external auditors, along with management and certain external consultants, are tasked to render combined assurance reports to the Audit and Risk Committee.

Ethical leadership and human capital are the corner­stones of Remgro’s risk management philosophy as these ensure entrepreneurial flair, sound corporate reputation and effective governance.

The risk management process in Remgro comprises the arrangement of resources to ensure the achievement of strategy and business plans, including the exploitation of available opportunities that meet the risk appetite criteria set by the Board. Risk profiles inherent to existing activities and investments are furthermore maintained within the approved risk tolerance levels, thereby optimising the risk return parameters for the creation of sustainable growth and value for shareholders and other stakeholders.


Due to the nature and magnitude of Remgro’s investment portfolio, this report focuses on the activities of the Company and its subsidiaries, save where such entities are JSE-listed entities and the relevant information is readily available to stakeholders, or the materiality of such information is deemed insufficient to warrant detailed disclosure. As a result, this report contains risk manage­ment information of the Company, Remgro Management Services Limited (Remgro’s service company) and V&R Management Services AG*.

*  A wholly owned subsidiary, registered and managed in Switzerland, rendering bookkeeping and treasury services for Remgro’s foreign subsidiaries and third parties.


The Risk Management Policy is based on the principles of the international COSO (Committee of Sponsoring Organisations of the Treadway Commission) Enterprise Risk Management – Integrated Framework and complies with the recommendations of King III. This policy defines the objectives, methodology, process and responsibilities of the various risk management role players in the Company. The Risk Management policy is subject to annual review and any proposed amendments are submitted to the Audit and Risk Committee for consideration and recommendation to the Board for approval.

Remgro is an investment holding company and as such the risk management process takes cognisance of risks and opportunities within the Company as well as the risks and opportunities inherent to its investment portfolio.

The following table sets out the key control objectives and related controls of the Company.


The appointment and retention of suitably skilled and experienced directors and officers possessing the required values and drive.

Ethical and visible leadership via governance structures and related processes.

Adoption and implementation of appropriate long-term strategy within approved risk appetite duly communicated and delegated to the executive.

Maintaining the significance of Remgro’s corporate presence in the investment environment as this enables it to acquire meaningful stakes in selected investment opportunities.

Ensuring that opportunity risks are managed to avoid lost investment opportunities that meet Remgro’s stringent investment criteria.

Available liquidity to fund new investments and further support successful investments.

Effective group structuring to house existing and new investments.

Effective management of underlying investments and ensuring that Remgro’s investment criteria are maintained and the Group’s rights are protected.*

Effective internal operations, including secretarial, financial, human resources and all other departmental activities in the service company and wholly owned subsidiaries under the control of the management of the service company.

Given the significance of treasury, the following salient objectives are integrated into the Treasury Committee’s (a management committee chaired by the CFO, also comprising the CEO and other senior managers) mandate:

  • Liquidity requirements and risk appetite are formalised and linked to realised returns on treasury funds
  • Terms of trade with banks are reviewed to ensure adequate risk sharing
  • Payment systems are secured
  • Information is secured
  • FAIS (Financial Advisory and Intermediary Services Act, 2002) and FICA (Financial Intelligence Centre Act, 2001) legislation is complied with
  • The following treasury risks are specifically managed:
    • Liquidity risk
    • Instrument risk (derivatives)
    • Investment credit risk (credit limits and spread of cash between approved institutions)
    • Foreign currency risk (spread and composition of approved currency exposures)
    • Interest rate risk

Accurate, transparent and reliable reporting and inter­action with stakeholders.

Full compliance with taxation and other relevant legislation and industry practices.

Reliable and secure information systems to support business objectives and requirements.

Due consideration and support to sustainability matters such as BBBEE, environmental management and social corporate support.


Effective functioning of the Remuneration and Nomination Committee.

Performance assessments and committee evaluations.

Strong ethical leadership.

Embedded system of values and ethics and maintenance thereof via visible leadership.

Formalised ethics policies and codes of conduct.

Corporate culture focused on excellence in execution and fairness in dealing.

Comprehensive and King III compliant corporate govern­ance structures and systems.

Effective Management Board supported by executive management and an experienced investment division.

A conservative business approach with long-term investment criteria focused on growth, sustainability and liquidity.

Corporate actions are aligned with the long-term strategy and responsible investment criteria.

Good corporate reputation and brand as investor of choice.

Skilled and experienced investment division with efficient operational processes and controls.

Effective support structures and negotiation processes supported by proven due diligence processes.

Conservative cash administration and well-managed and secure treasury environment.

Appropriate control structures supported by skilled and experienced legal and corporate tax specialists.

Comprehensive shareholder agreements are concluded at time of investment.

This facilitates effective control or significant influence over the executive management teams in the underlying investee companies and ensures that strategies, goals and deliverables are met and that salient risks are duly managed.

Detailed reporting, review and management structures are implemented to ensure timely, accurate and reliable information used in decision-making processes.

The early identification of abnormal investee risk profiles through internal processes.

Skilled and experienced managers regularly review policies and practices governing internal controls designed to ensure the consistent achievement of relevant objectives.

A formalised Treasury Policy is maintained by the Treasury Committee and amendments are submitted to the Board for approval.

Skilled staff is employed in the treasury department and comprehensive internal controls are deployed and complied with.

The treasury department is subject to quarterly FAIS and FICA reviews from the FSB (Financial Services Board) approved compliance officer. In addition, the treasury department (back and front office) are subject to regular internal audit reviews and a year-end review by the external auditor.

Formalised stakeholder and communication policies.

Effective internal financial controls.

Comprehensive combined assurance plans and processes.

Structured and considered integrated reporting.

Employment of tax experts and consultation with independent tax and legal professionals.

Legal Compliance Policy linked to expert legal advice.

Effective outsource agreement with a credible vendor and service levels supporting cost-efficient and available systems and networks.

IT Governance Policy supported by procedures over key activities such as business continuity, information security, and document retention and user acceptable usage policies.

Formalised Social Support Policy and Process.

Effective Social and Ethics Committee.

BBBEE policies and mandates.

Safety, health and environmental management included under the ambit of the Risk and IT Governance Com­mittee with formalised policies.

Successful participation in JSE Sustainability Index (JSE-SRI) and Carbon Disclosure Project (CDP).

* As stated in the “Group Profile” section of this report, Remgro is not involved in the day-to-day management of investee activities but does have non-executive representation on these autonomous boards via shareholder agreements. These bodies are responsible for risk management at investee level.

Remgro, being a responsible investor, ensures that proper corporate governance is implemented and maintained in all entities it invests in via the above processes.

Risk Management Structure

The following structure has been implemented in the Company to ensure the effective and efficient management of risk within the Company.

In the structure below the function of the Chief Risk Officer is shared amongst the following individuals:

  • The Chief Executive Officer reports directly to the Board on an ongoing basis as regards the risks that may impact the effective and efficient execution of its strategy.
  • The Chief Financial Officer, as chairman of the Risk and IT Governance Committee, is responsible for the induction of risk management into the daily activities of the Company, including the drafting, review and maintenance of the Risk Register and Risk Management Policy and plan.
  • The head of internal audit attends meetings of the Risk and IT Governance Committee and renders independent assurance regarding the effectiveness of this committee’s activities as well as the system of internal control.
Management of risk

Risk Tolerance Levels

The Remgro Board has formalised and approved the risk tolerance levels to define the Board’s risk appetite and to ensure that all risks within the Group are managed within the limits so defined.

Remgro, due to the nature of its core activities, deals with risk tolerance levels in the following three risk categories using dedicated and bespoke methodologies:


Risk tolerance levels are set in accordance with the cost of funding the investments (WACC) as adjusted with a risk weighting (Beta) to ensure a sustainable and positive risk return environment.


Given the liquidity requirements to support performing investments and to seize new investment opportunities, the risk tolerance levels and linked returns for cash held in South Africa and internationally are measured in terms of lending rates achieved by major banks in the money market, including but not limited to STeFI (Short Term Fixed Interest) or LIBOR (London Interbank Offered Rate), as well as compliance with minimum credit ratings set for approved counterparties.

This is continuously monitored and reassessed given prevailing market volatilities, risk and, at times, negative returns on cash in certain international money markets.

Foreign currency risk and capital preservation risk in an adverse economic climate are mitigated by means of conservative policies regarding hedging strategies and counterparty vetting.

The treasury funds are invested as per a Board-approved Treasury Policy which deals with counterparty (credit) risk, liquidity risk, interest rate risk, currency risk, instrument risk and commercial risk (terms of trade), as well as the policies deployed to safeguard cash and liquid assets.


This category includes risks associated with unplanned loss to assets, exposure to liabilities, fidelity, business interruption and other operational risk.

In these instances the Board has, in addition to stringent internal controls, adopted a conservative approach by taking sufficient insurance cover to mitigate the anticipated maximum loss should risk realise in these categories.


Risk appetite is defined as the risk that the Company is prepared or willing to accept without further mitigating action being put in place or the amount of risk the Com­pany is willing to accept in pursuit of objectives. This is
also defined as the risk propensity of the Board in pursuing the creation of wealth.

The following qualitative and quantitative factors are considered by the Board in evaluating risk appetite:

  • risk and return profile of the current investment portfolio;
  • availability of cash resources and other liquid (available for sale) assets;
  • available funding opportunities;
  • risk return profile of prospective opportunities;
  • financial ratios relevant to measuring performance, including inter alia:
    • Intrinsic Net Asset Value (IAV)
    • return on IAV relative to comparable risk investments
    • dividend policy;
  • international and local economic cycles and trends;
  • foreign currency rates and trends; and
  • materiality of risks with reference to the IAV of the Group.


Risk-bearing capacity is defined as a monetary value which is used as a yardstick, measuring the maximum loss the Company can endure without exposing it to the point where its existence and going concern status is under threat, given an equivalent loss.

Given the nature of Remgro’s intrinsic net asset value composition, i.e. equity investments, net excess cash and no debt at the holding company level, there are no known current exposures that could jeopardise the going concern status of the Group.


The risk management process is furthermore also externally focused to ensure the timely identification of new emerging risks and the assessment of the effectiveness of risk responses thereto.


The Company reviews its IT Governance Policy annually, which is aligned with the limited technology needs of an investment holding company. This policy is further supplemented by governance-based policies such as the Acceptable IT Use policy and information confidentiality policies.

The head of IT reports to the Group Financial Manager and IT-related matters are addressed by an IT Steering Committee comprising of senior management. The IT risk register is considered by the Risk and IT Governance Committee and progress on IT- and control-related projects are monitored via the Risk and IT Governance Committee by the Audit and Risk Committee.

The Company has outsourced its IT operations to a credible service provider via a comprehensive Service Level Agree­ment. The Service Level Agreement of the operator, which deals with, inter alia, key deliverables such as system and user support, system availability, logical security, virus protection, telephony and other general controls, is reviewed annually and compliance monitored.

The IT risk management process is included into the combined assurance process of the Company. A business continuity plan has been formalised and successful tests performed on the back-up and disaster recovery process.


The Board, as part of its ethical leadership commitment, approved a Legal Compliance Policy and confirmed that there are sufficient management capacity and controls in place to ensure that all relevant laws and salient industry practices are complied with.

The administration of the Legal Compliance System is vested in an official with the appropriate legal qualifications. Members of senior management of the Company are informed on a regular basis of all relevant new legislation and amendments. Compliance controls also vest with senior management who are required to report to the Risk and IT Governance Committee on a regular basis regarding their compliance using a control self-assessment methodology. This process is incorporated into the annual combined assurance plan.


The Group has implemented and maintained a compre­hensive system of internal controls to mitigate the risks in the enterprise and to ensure that the Group’s objectives are consistently achieved. Internal controls are based on the principle of acceptable risk being inherent to the design and implementation of a cost-effective system of internal control. The system includes monitoring mechanisms and mitigation processes to augment deficiencies when they are detected. This system is benchmarked against the COSO (Committee of Sponsoring Organisations of the Tread­way Commission) Internal Control – Integrated Framework.

The internal audit function is employed by Remgro Management Services Limited and the head of internal audit, Mr Deon Annandale, reports to the chairman of the Audit and Risk Committee and functionally to the CFO. The department complies with the requirements of King III and the International Standards for the Professional Practice of Internal Auditing.

The department has a three-tier quality assurance system comprising internal review processes, file and report sharing with the Group’s external auditor and a three-yearly quality assessment by an international external audit firm other than the Group’s external auditors.

The internal audit plans, as approved by the Audit and Risk Committee, are designed following a risk-based assurance approach and are focused on adding value to the control environment whilst rendering independent assurance to the Audit and Risk Committee and to the Board on, inter alia: the effectiveness of internal financial control; the effectiveness of internal control over operational and compliance activities; the adequacy of governance systems, including the “tone at the top”; the effectiveness of the combined assurance process and risk management process.

The internal audit department also renders independent internal audit and risk management services to certain Group companies who elect to outsource the function.

When required, specialist skills are insourced to assist with information technology and forensic services.


The Board, via the Audit and Risk Committee, has considered the documented policies, procedures and independent assurance reports and is satisfied that the internal control process and risk management process implemented in the Group are effective.

The Board is not aware of any exposure or position that could culminate in the residual risk profile of the Group exceeding the risk-bearing capacity limits set by the Board.