The Board is ultimately accountable for the risk and opportunities management process and system of internal control within Remgro. The Board has reviewed the comprehensive Risk and Opportunities Management Policy and plan, which has been implemented by management. This plan incorporates continuous risk and opportunity identification and assessment, internal control embedment as well as risk reduction and insurance strategies.
The Audit and Risk Committee is mandated to monitor the effectiveness of the risk management process and systems of internal control and is supported in this regard by its subcommittee, the Risk, Opportunities, Technology and Information Governance Committee (ROTIG). The Group's internal and external auditors, along with management and certain external consultants, are tasked to render combined assurance reports to the Audit and Risk Committee.
Ethical leadership and human capital are the cornerstones of Remgro's risk and opportunities management philosophy as these ensure entrepreneurial aptitude, sound corporate reputation and effective governance. The financial, manu-factured, intellectual, social and relationship and natural assets furthermore form part of the Six Capitals concept referred to in the King IV Report on Corporate Governance for South Africa (2016) (King IV). These categories of capitals, their interrelations and utilisation, to varying degrees, form an intricate part of the risk and opportunities process within the Company.
The risk and opportunities management process in Remgro comprises the arrangement of resources to ensure the achievement of the Company's stated mission along with its aligned strategy and business plans, including the exploitation of available opportunities that meet the risk appetite criteria set by the Board. Risk profiles inherent to existing activities and investments are furthermore maintained within the approved risk tolerance levels, thereby optimising the risk-return parameters for the creation of sustainable growth and value for shareholders and other stakeholders.
Strategic risk assessment includes the consideration of probable future scenarios taking cognisance of inter alia, political, environmental, social, technological, economic and legislative developments in both the Remgro environment as well as the market sectors that it invests in.
Due to the nature and magnitude of Remgro's investment portfolio, this report focuses on the activities of the Company and its subsidiaries, save where such entities are JSE-listed entities and the relevant information is otherwise readily available to stakeholders, or the materiality of such information is deemed insufficient to warrant detailed disclosure. As a result, this report contains risk and opportunities management information of the Company, Remgro Management Services Limited (Remgro's service company) and V&R Management Services AG*.
|*||A wholly owned subsidiary, registered and managed in Switzerland, rendering administrative, accounting and treasury services for Remgro's foreign subsidiaries and third parties.|
RISK MANAGEMENT PROCESS
The Risk and Opportunities Management Policy is based on the principles of the international COSO (Committee of Sponsoring Organisations of the Treadway Commission) Enterprise Risk Management – Integrated Framework and complies with the recommendations of King IV. This policy defines the objectives, methodology, processes and responsibilities of the various risk and opportunities management role players in the Company. The Risk and Opportunities Management Policy is subject to annual review and any proposed amendments are submitted to the Audit and Risk Committee for consideration and recommendation to the Board for approval. The COSO Risk Management Framework was updated during the current reporting period.
Remgro is an investment holding company and as such the risk and opportunities management process takes cognisance of risks and opportunities within the Company as well as the risks and opportunities inherent to its investment portfolio.
The table below summarises the salient control objectives and related controls included in the Remgro risk register:
|KEY control objectiveS||key controlS|
The appointment and retention of suitably skilled and experienced directors and officers possessing the required values and drive.
Effective functioning of the Remuneration and Nomination Committee.
Performance assessments and evaluations.
Strong ethical leadership.
Continuous skills and attribute development aligned with business developments and corporate values.
Ethical and visible leadership via governance structures and related processes maintaining Remgro's reputation as a good corporate citizen and a socially and environmentally responsible investor.
Anti-corruption and fraud prevention and detection procedures.
Embedded system of values and ethics and maintenance thereof via visible leadership and ethical competence refresher training.
Formalised ethics management policies and codes of conduct.
Corporate culture focused on excellence in execution, fairness in dealing and transparency in reporting.
Comprehensive and King IV compliant corporate governance structures and systems.
Effective and credible investor and stakeholder communications.
Effective functioning of the Social and Ethics Committee.
Business strategies aligned with Corporate mission based on stakeholder-inclusive principles.
Effective functioning of the Audit and Risk Committee.
Effective internal control, combined assurance, risk management and reporting processes.
Adoption and implementation of appropriate long-term strategy within approved risk appetite duly communicated and delegated to the executive.
Effective Management Board supported by executive management and an experienced investment division.
Dedicated focus on external risks and opportunities associated with global and local political, socio-economic and technological developments.
Adequate design and implementation of appropriate risk responses; the establishment and implementation of business continuity arrangements that allow Remgro to operate under conditions of volatility, and to withstand and recover from acute shocks and enhance enterprise resilience.
Effective assessment of risks and opportunities emanating from the triple context in which Remgro operates (i.e. the economy, society and environment) and the capitals that Remgro uses and effects (i.e. financial, manufactured, intellectual, human, social and relationship and natural) to optimise performance and resource deployment.
Workgroups focused at future scanning and key investment strategy objectives reporting to the Management Board.
Maintaining the significance of Remgro's corporate presence in the investment environment as this enables it to acquire meaningful stakes in selected investment opportunities thereby striving vigorously to meet Remgro's investment philosophy of Remgro investing in businesses that can deliver superior earnings, cash flow generation and dividend growth over the long term.
A conservative business approach with long-term investment criteria focused on growth, sustainability and liquidity.
Corporate actions are aligned with the long-term strategy and responsible investment criteria.
Comprehensive networks and robust processes focused on investment opportunity identification, and risk-based due diligence reviews.
Effective functioning of the Investment Committee.
Effective investor relations and corporate communications.
Ensuring that opportunity risks are managed to avoid lost investment opportunities that meet Remgro's stringent investment criteria.
Skilled and experienced investment division with efficient operational processes and controls.
Effective support structures and negotiation processes supported by proven due diligence processes.
Robust deal implementation and secretarial and legal support processes.
Ensuring that the corporate culture of Remgro does not inhibit responsible risk and opportunities taking.
Executive monitoring of performance against investment plans and strategies.
Available liquidity to fund new investments and further support successful investments.
Effective functioning Treasury Committee.
Conservative cash administration and well-managed and secure treasury environment.
Borrowing facilities in place.
Effective group structuring to house existing and new investments.
Appropriate control structures supported by skilled and experienced legal and corporate tax specialists.
Effective management of underlying investments and ensuring that Remgro's investment criteria are maintained and the Group's rights are protected.*
Comprehensive shareholder agreements are concluded at time of investment. This facilitates effective control or significant influence over the executive management teams in the underlying investee companies and ensures that strategies, goals and deliverables are met and that salient risks are duly managed.
Detailed reporting, review and management structures are implemented to ensure timely, accurate and reliable information used in decision-making processes.
The early identification of abnormal investee risk profiles through internal processes.
Effective internal operations, including secretarial, financial, human resources and all other departmental activities in the service company and wholly owned subsidiaries under the control of the management of the service company.
Skilled and experienced managers regularly review policies and practices governing internal controls designed to ensure the consistent achievement of relevant objectives.
Given the significance of treasury, the following salient objectives are integrated into the Treasury Committee's (a management committee chaired by the Chief Financial Officer (CFO), also comprising the Chief Executive Officer (CEO) and other senior managers) mandate:
A formalised Treasury Policy is maintained by the Treasury Committee and amendments are submitted to the Board for approval.
Skilled staff is employed in the treasury department and comprehensive internal controls are deployed and complied with.
The treasury department is subject to quarterly FAIS and FICA reviews from the FSB (Financial Services Board) approved external compliance officer. In addition, the treasury department (back and front office) is subject to regular internal audit reviews and a year-end review by the external auditor.
|*||As stated in the “Group Profile“ section of this report, Remgro is not involved in the day-to-day management of investee activities but does have non-executive representation on these autonomous boards via shareholder agreements. These bodies are responsible for risk management at investee level.|
|KEY control objectiveS||key controlS|
|Accurate, transparent and reliable reporting and interaction with stakeholders.||
Formalised stakeholder and communication policies.
Effective internal financial controls.
Comprehensive combined assurance plans and processes.
Structured and considered integrated reporting.
Adequate and transparent risk and opportunities disclosure and reporting.
Effective functioning of the Audit and Risk Committee.
|Full compliance with taxation and other relevant legislation and industry practices.||
Employment of tax experts and consultation with independent tax and legal professionals.
Legal Compliance Policy linked to expert legal advice.
|Reliable and secure information systems to support business objectives and requirements.||
Effective outsource agreement with a credible vendor and service levels supporting cost-efficient, secure and available systems and networks.
Technology and Information Governance Policy supported by procedures over key activities such as business continuity, information security, document retention and user acceptable usage policies.
|Due consideration and support to sustainability matters such as BBBEE, environmental management and social corporate support.||
Board guidelines to the Corporate Social Investment function.
Effective Social and Ethics Committee.
BBBEE policies and mandates.
Safety, health and environmental management included under the ambit of the Risk, Opportunities, Technology and Information Governance Committee with formalised policies.
Successful participation in Carbon Disclosure Project (CDP) and inclusion in FTSE/JSE Responsible Investment Index.
Material external risks include uncertainty on the government's ability to deliver on its mandate and the sustained global economic downturn impacting on market confidence and global, regional and local stability.
Remgro, being a responsible investor, ensures that proper corporate governance is implemented and maintained in all entities it invests in via the above processes.
Remgro timely identifies and comprehensively mitigates disruption risk and realises opportunities associated with the next industrial revolution.
Risk AND OPPORTUNITIES Management Structure
The following structure has been implemented and maintained to ensure the effective and efficient management of risk and opportunities within the Company.
In the structure below the function of the Chief Risk Officer is shared amongst the following individuals:
- The CEO reports directly to the Board on an ongoing basis as regards the risks that may impact the effective and efficient execution of its strategy.
- The CFO, as chairman of the ROTIG Committee, is responsible for the induction of risk and opportunities management into the daily activities of the Company, including the drafting, review and maintenance of the Company risk register and Risk and Opportunities Management Policy and plan.
- The Chief Audit Executive (CAE) attends meetings of the ROTIG Committee and renders independent assurance regarding the effectiveness of this committee's activities as well as the system of internal control.
Risk Tolerance Levels
The Remgro Board has formalised and approved the risk tolerance levels to define the Board's risk appetite and to ensure that all risks within the Group are managed within the limits so defined.
Remgro, due to the nature of its core activities, deals with risk tolerance levels in the following three risk categories using dedicated and bespoke methodologies:
Risk tolerance levels are set in accordance with the cost of funding the investments (WACC) as adjusted with a risk weighting (Beta) to ensure a sustainable and positive risk-return environment.
Given the liquidity requirements to support performing investments and to seize new investment opportunities, the risk tolerance levels and linked returns for cash held in South Africa and internationally are measured in terms of lending rates achieved by major banks in the money market, including but not limited to STeFI (Short Term Fixed Interest) or LIBOR (London Interbank Offered Rate), as well as compliance with minimum credit ratings set for approved counterparties. This is continuously monitored and reassessed given prevailing market volatilities, risk and, at times, negative returns on cash in certain international money markets.
Foreign currency risk and capital preservation risk in an adverse economic climate are mitigated by means of conservative policies regarding hedging strategies and counterparty vetting.
The treasury funds are invested as per a Board-approved Treasury Policy which deals with counterparty (credit) risk, liquidity risk, interest rate risk, currency risk, instrument risk and commercial risk (terms of trade), as well as the policies deployed to safeguard cash and liquid assets.
The Treasury Committee is furthermore tasked to assess liquidity requirements, considering the identified investment opportunities, and to recommend funding instruments to the Board if so required.
This category includes risks associated with unplanned loss to assets, exposure to liabilities, fidelity, business interruption and other operational risk.
In these instances the Board has, in addition to stringent internal controls, adopted a conservative approach by taking sufficient insurance cover to mitigate the anticipated maximum loss should risk realise in these categories.
Risk appetite is defined as the risk that the Company is prepared or willing to accept without further mitigating action being put in place or the amount and nature of risk the Company is willing to accept in pursuit of objectives. This is also defined as the risk propensity of the Board in pursuing the creation of sustainable wealth.
The following qualitative and quantitative factors are considered by the Board in evaluating risk appetite:
- risk-return profile of the current investment portfolio;
- availability of cash resources and other liquid (available-for-sale) assets;
- available funding opportunities;
- risk-return profile of prospective opportunities;
- financial ratios relevant to measuring performance, including inter alia:
- Intrinsic net asset value (INAV)
- return on INAV relative to comparable risk investments
- dividend policy;
- international and local economic cycles and trends;
- foreign currency rates and trends;
- materiality of risks with reference to the INAV of the Group;
- risk management capability and maturity; and
- resource allocation and strategy.
Risk-bearing capacity is defined as a monetary value which is used as a yardstick, measuring the maximum loss the Company can endure without exposing it to the point where its existence and going concern status is under threat, given an equivalent loss.
Given the nature of Remgro's INAV composition, i.e. equity investments, net excess cash and the size of debt at holding company level, there are no known current exposures that could jeopardise the going concern status of the Group.
UNEXPECTED OR UNUSUAL RISK EXPERIENCES
The risk and opportunities management process is furthermore externally focused to ensure the timely identification of new emerging risks and opportunities and the assessment of the effectiveness of risk responses thereto.
TECHNOLOGY AND INFORMATION GOVERNANCE
The Company reviews its Technology and Information Governance Policy annually, which is aligned with the limited technology needs of an investment holding company. This policy is further supplemented by governance-based policies such as the Acceptable Technology and Information Use Policy and information confidentiality policies.
The head of Technology and Information reports to the Group Financial Manager and technology and information related matters are addressed by a Technology and Information Steering Committee comprising senior management. The Technology and Information risk register is considered by the ROTIG Committee and progress on technology and information and control-related projects is monitored via the ROTIG Committee by the Audit and Risk Committee.
The Company has outsourced its technology and information operations to a credible service provider via a comprehensive Service Level Agreement. The Service Level Agreement of the operator, which deals with, inter alia, key deliverables such as system and user support, system availability, cyber-risk management, virus protection, telephony and other general controls, is reviewed annually and compliance monitored. Technology and information service management is based on the international ITIL (Information Technology Infrastructure Library) framework.
The technology and information risk management process is included in the combined assurance process of the Company and aligned to COBIT (Control Objectives for Information and Related Technologies). A business continuity plan has been formalised and successful tests performed on the back-up and disaster recovery process.
The Board, as part of its ethical leadership commitment, approved a Legal Compliance Policy and confirmed that there are sufficient management capacity and controls in place to ensure compliance with all relevant laws and salient industry practices.
The administration of the Legal Compliance System is vested in an official with the appropriate legal qualifications. Members of senior management of the Company are informed on a regular basis of all relevant new legislation and amendments. Compliance controls also vest with senior management who are required to report to the Social and Ethics Committee on a regular basis regarding their compliance using a control self-assessment methodology. This process is incorporated into the annual combined assurance plan.
INTERNAL CONTROL AND INTERNAL AUDIT
The Group has implemented and maintained a comprehensive system of internal controls to mitigate the risks in the enterprise and to ensure that the Group's objectives are consistently achieved. Internal controls are based on the principle of acceptable risk being inherent to the design and implementation of a cost-effective system of internal control. The system includes monitoring mechanisms and mitigation processes to augment deficiencies when they are detected. This system is benchmarked against the COSO Internal Control – Integrated Framework.
The internal audit function is employed by Remgro Management Services Limited and the head of internal audit, Mr Deon Annandale, reports to the chairman of the Audit and Risk Committee and functionally to the CFO. The department complies with the requirements of King IV and the International Standards for the Professional Practice of Internal Auditing. The department maintains a three-tier Quality Assurance and Improvement Programme as prescribed by the Institute of Internal Auditors. This comprises a self-assessment process with Independent External Validation being performed by an international external audit firm, other than the Group's external auditors, every three years.
The internal audit plans, as approved by the Audit and Risk Committee, are designed following a risk-based assurance approach and are focused on adding value to the control environment while rendering independent assurance to the Audit and Risk Committee and to the Board on, inter alia: the effectiveness of internal financial control; the effectiveness of internal control over operational and compliance activities; the adequacy of governance systems, including the “tone at the top“; the effectiveness of the combined assurance process and risk management process.
The function is furthermore strategically aligned to the creation and preservation of value.
The internal audit department also renders independent internal audit and risk and opportunities management services to certain Group companies who elect to outsource the function. In these instances dedicated processes are maintained to ensure the independent functioning of the department, including its fiduciary duty to the respective Group companies and the safeguarding of their proprietary information.
When required, specialist skills are insourced to assist with information technology and forensic services.
EFFECTIVENESS OF RISK and opportunities MANAGEMENT PROCESS AND SYSTEM OF INTERNAL CONTROL
The Board, via the Audit and Risk Committee, has considered the documented policies, procedures and independent assurance reports and is satisfied that the internal control process and risk and opportunities management process implemented in the Group are effective.
The Board is not aware of any exposure or position that could culminate in the residual risk profile of the Group exceeding the risk-bearing capacity limits set by the Board.
OVERVIEW OF FOCUS AREAS
The following comprised focus areas during the year under review:
- Robustness of fraud prevention and detection processes given the magnitude and prevalence of reported irregularities;
- Changes to Governance and Risk Management Frameworks and Standards;
- Developments in international financial reporting standards;
- Auditor rotation developments and reputation damage suffered by certain audit firms;
- Material transactions in the financial year;
- Effectiveness of the risk and opportunities and combined assurance processes;
- Opinions on the effectiveness of the control environment;
- The reported allegations of listeriosis at RCL Foods;
- Terms and assurance plans of both internal and external audit;
- External reporting, both financial and non-financial; and
- Technology and information governance.
The above aspects will be repeated in the agenda as regards focus areas given the Group's Governance Standards and aligned Committee Mandate.