The Board is ultimately accountable for the risk and opportunities management process and system of internal control within Remgro. The Board has reviewed the comprehensive Risk and Opportunities Management Policy and plan, which has been implemented by management. This plan incorporates continuous risk and opportunity scanning, identification and assessment, and embedding internal control as well as risk reduction and insurance strategies.
Remgro’s Environmental, Social and Governance (ESG) Risk Management Framework which guides responsible investment is also relevant for this purpose as it ensures that the consideration of ESG risks and opportunities, as well as impact and sustainability considerations, are integrated and embedded into the risk and opportunities management practices. Its focus is on realisation of suitable opportunities and the consideration of salient risk aspects in setting sustainable value-generating strategies.
The Audit and Risk Committee is mandated to monitor the effectiveness of the risk and opportunities management process and systems of internal control and is supported in this regard by its subcommittee, the Risk, Opportunities, Technology and Information Governance Operational Subcommittee (ROTIG). The Strategic ESG Committee plays an important role in supporting the Audit and Risk Committee by overseeing and monitoring Remgro’s ESG performance and stewardship through policies, frameworks, standards and guidelines. The Group’s internal and external auditors, along with management and certain external consultants, are tasked to render combined assurance reports to the Audit and Risk Committee.
Ethical leadership and human capital are the cornerstones of Remgro’s risk and opportunities management philosophy as these ensure operational competence, entrepreneurial aptitude, sound corporate reputation and effective governance. The financial, manufactured, intellectual, social and relationship and natural assets furthermore form part of the Six Capitals concept referred to in the King IV Report on Corporate Governance for South Africa (2016) (King IV). These categories of capitals, their interrelations and utilisation, to varying degrees, form an intricate part of the risk and opportunities process within the Company.
The risk and opportunities management process in Remgro comprises the arrangement of resources to ensure the achievement of the Company’s stated objectives along with its purpose, strategy and aligned business plans, including the seizing of available opportunities that meet the risk appetite criteria set by the Board. Risk profiles inherent to existing activities and investments are furthermore maintained within the approved risk tolerance levels, thereby optimising the riskreturn parameters for the creation of sustainable growth and value for shareholders and other stakeholders.
The incorporation of an ESG Investment Framework that intentionally provides for ESG considerations has embedded Remgro’s sustainability ambitions as an integral part of its investment decision-making. Principles and evaluation criteria include ESG risks, impact considerations, value creation opportunities and sustainability for its current and potential investments. To support implementation of this ESG Investment Framework, Remgro has developed Standard Operating Procedures (SOP) to enable the various governance structures and investment teams to apply the Framework consistently and efficiently.
Strategic risk assessment includes the consideration of probable future scenarios taking cognisance of, inter alia, political, environmental, social, technological, economic and legislative developments in both the Remgro environment as well as the global environment and market sectors that it invests in. Given the ongoing escalation in ESG challenges faced locally and globally, the Group is responding with commensurate escalation of ESG structures and initiatives in addition to the sound processes adopted in prior years. The ESG Operational committee will also oversee the continuous enhancement of the ESG risk and opportunities register being designed to underpin purpose driven decision making.
Due to the nature and magnitude of Remgro’s investment portfolio, this report focuses on the activities of the Company and its subsidiaries, save where such entities are separately operated listed subsidiaries with autonomous boards and adequate external reporting, or the materiality of such information is deemed insufficient to warrant detailed disclosure. As a result, this report contains risk and opportunities management information of the Company, Remgro Management Services Limited (Remgro’s service company) and V&R Management Services AG(1). These external reporting parameters are being reviewed to ensure alignment with international developments in this regard.
The structure on the next page has been implemented and maintained to ensure the effective and efficient management of risk and opportunities within the Company.
The function of the Chief Risk Officer is shared amongst the following individuals:
The Risk and Opportunities Management Policy is based on the principles of the international COSO (Committee of Sponsoring Organisations of the Treadway Commission) Enterprise Risk Management – Integrated Framework and complies with the recommendations of King IV. This policy defines the objectives, methodology, processes and responsibilities of the various risk and opportunities management role players in the Company. The Risk and Opportunities Management Policy is subject to annual review and any proposed amendments are submitted to the Audit and Risk Committee for consideration and recommendation to the Board for approval.
Remgro is an investment holding company and as such, the risk and opportunities management process takes cognisance of risks and opportunities within the Company as well as the risks and opportunities inherent to its investment portfolio.
Material external risks include ongoing and escalated uncertainty on the government’s ability to deliver on its mandate and the sustained global economic downturn intensified by the impacts of the Russia-Ukraine War impacting on market confidence and global, regional and local stability.
Remgro, being a responsible investor, ensures that proper corporate governance is implemented and maintained in all entities it invests in via the above processes.
Remgro deploys dedicated processes to timely identify and effectively mitigate disruption risk and realises opportunities associated with future developments.
Emerging risk and opportunities, integrated with a sound corporate and entrepreneurial culture, inform strategy and investment mandate considerations.
The table below summarises the salient operational objectives and related risk mitigation processes included in the Remgro risk register:
Key control objectives
|The appointment and retention of suitably skilled and experienced directors and officers possessing the required values and drive.
|Ethical and visible leadership via governance structures and related processes maintaining Remgro’s reputation as a good corporate citizen and a socially and environmentally responsible investor.
Development and implementation of an ESG and sustainability strategy to ensure consistency of standards across Remgro and its investee companies.
Alignment with international and local best practice.
|Adoption and implementation of appropriate long-term strategy and business plans within approved risk appetite duly communicated and delegated to the executive.
|Maintaining the significance of Remgro’s corporate presence in the investment holding environment as this enables it to acquire meaningful stakes in selected investment opportunities thereby striving vigorously to meet Remgro’s investment philosophy of investing in businesses that can deliver superior earnings, cash flow generation and dividend growth over the long term.
|Ensuring that opportunity risks are managed to avoid lost investment opportunities that meet Remgro’s stringent investment criteria.
|Available liquidity to fund new investments and further support successful investments.
|Effective Group structuring to house existing and new investments.
|Effective management of underlying investments and ensuring that Remgro’s investment criteria are maintained and the Group’s rights are protected.*
|Effective internal operations, including secretarial, financial, human resources, compliance and all other departmental activities in the service company and wholly owned subsidiaries under the control of the management of the service company.
Given the significance of treasury, the following salient objectives are integrated into the Treasury Committee’s (a management committee chaired by the Chief Financial Officer (CFO), also comprising the Chief Executive Officer (CEO) and other senior managers) mandate:
|Accurate, transparent and reliable reporting and interaction with stakeholders.
|Full compliance with taxation and other relevant legislation and industry practices.
|Reliable and secure information and technology systems to support business objectives and requirements.
Effective functioning of the Remuneration and Nomination Committee.
Performance assessments and evaluations.
Strong ethical leadership.
Continuous skills and attribute development aligned with business developments and corporate values.
“Staying Future Fit” project and initiatives supporting the Management Board.
Effective functioning of the Talent and Remuneration Management Committee.
Anti-corruption and fraud prevention and detection procedures.
Embedded system of values and ethics and maintenance thereof via visible leadership and ethical competence refresher training.
Formalised ethics management policies and codes of conduct.
Formalised tax, environmental and social policies.
Corporate culture focused on excellence in execution, fairness in dealing and transparency in reporting.
Comprehensive and King IV-compliant corporate governance structures and systems.
Effective and credible investor and stakeholder communications.
Effective functioning of the Social and Ethics Committee.
Effective oversight of ESG policies and performance by the Strategic ESG Committee.
Business strategies aligned with corporate mission based on stakeholder-inclusive principles.
Effective functioning of the Audit and Risk Committee.
Effective internal control, combined assurance, risk management and reporting processes.
ESG charter and governance structures that provide strategic direction and oversight in support of Remgro’s sustainability goals.
Stewardship of investee companies in relation to ESG and sustainability issues to influence and drive sustainable behaviour through ESG principles to achieve common and collective sustainability goals.
Board oversight in conjunction with the Strategic ESG Committee.
Board guidelines to the Corporate Social Investment function.
Effective Social and Ethics Committee.
Safety, health and environmental management included under the ambit of the ROTIG Committee with formalised policies.
Successful participation in CDP (formerly Carbon Disclosure Project) and inclusion in FTSE/JSE Responsible Investment Index.
Effective Management Board supported by executive management and an experienced investment division.
Conducted a comprehensive Remgro 2030 workshop to consider emerging risk and opportunity trends across the full strategic and operational spectrum of the Group, including, inter alia, international developments in technology, consumerism, market and business model disruptions, investor, et al to inform medium- to long-term strategic development and investment focus.
Developing, implementing and monitoring various strategic initiatives to effectively respond to salient current aspects, including a comprehensive and timely alignment with future developments.
Investing in the enhancement of human and intellectual capital deployed in the Group.
Dedicated focus on risks and opportunities associated with global and local political, socio-economic, legislative and technological developments.
Adequate design and implementation of appropriate risk responses; the establishment and implementation of business resilience and continuity arrangements that allow Remgro to operate under conditions of volatility, and to withstand and recover from acute shocks and enhance enterprise resilience. Focus areas include, inter alia, concerning trends in infrastructure failing, inconsistent and deteriorating electricity supply, increasing crime, societal grievances associated with service delivery failures and the continuing economic decline.
Effective assessment of risks and opportunities emanating from the triple context in which Remgro operates (i.e. the economy, society and environment) and the capitals that Remgro uses and effects (i.e. financial, manufactured, intellectual, human, social and relationship and natural) to optimise performance and resource deployment.
Workgroups focused at future scanning and key investment strategy objectives and six capital enhancement reporting to the Management Board.
A conservative business approach with long-term investment criteria focused on growth, sustainability and liquidity.
Corporate actions are aligned with the long-term strategy and responsible investment criteria.
Comprehensive networks and robust processes focused on investment opportunity identification, and risk-based due diligence reviews, guided by responsible investment considerations.
Clear guidelines imbedded in the Investment Framework to ensure investment decisions, reviews and capital allocations are in line with ESG and sustainability goals.
Effective functioning of the Investment Committee is supported by ensuring that consideration of ESG risks are integrated into investment and management practices.
Effective investor relations and corporate communications.
Skilled and experienced investment division with efficient operational processes and controls.
Effective support structures and negotiation processes supported by proven due diligence processes.
Robust deal implementation and secretarial and legal support and compliance processes.
Ensuring that the corporate culture of Remgro does not inhibit responsible risk and opportunities taking.
Board oversight and executive monitoring of performance against investment plans and strategies.
Review of processes to ensure enhanced agility in decision-making and execution.
Effective functioning of the Treasury Committee.
Conservative cash administration and well-managed and secure treasury environment whilst seeking return maximisation within risk appetite of cash at the centre.
Maintaining appropriate borrowing facilities.
Maintaining a strong balance sheet.
|Appropriate control structures supported by skilled and experienced legal and corporate tax specialists.
Comprehensive shareholder agreements are concluded at time of investment. This facilitates effective control or significant influence over the executive management teams in the underlying investee companies and ensures that strategies, goals and deliverables, including ESG standards and expectations are met and that salient risks are duly managed. Enhanced focus on human capital development and deployment coupled with detailed attention to investee companies.
Detailed reporting, review and management structures are implemented to ensure timely, accurate and reliable information used in the decision-making processes.
The early identification of abnormal investee risk profiles through internal processes.
Skilled and experienced managers regularly review policies and practices governing internal controls designed to ensure the consistent achievement of relevant objectives.
Focus areas include, inter-alia, cyber and fraud risk mitigation, enhanced effectiveness and efficiency through adoption of technological developments.
A formalised Treasury Policy is maintained and reviewed by the Treasury Committee and amendments are submitted to the Board for approval.
Skilled staff is employed in the treasury department and comprehensive internal controls are deployed and complied with.
The treasury department is subject to quarterly FAIS and FICA reviews from the Financial Sector Conduct Authority (FSCA)-approved external compliance officer. In addition, the treasury department (back and front office) is subject to regular internal audit reviews and a year-end review by the external auditor.
Continuous evaluation of suitable investment products within the ambit of the approved Treasury Policy.
Formalised stakeholder and communication policies.
Effective internal financial controls.
Comprehensive combined assurance plans and processes, including non-financial and ESG information.
Structured and considered integrated reporting, including consideration of international developments on external reporting frameworks on non-financial information.
Adequate and transparent risk and opportunities disclosure and reporting.
Reviewing the effective alignment of external reporting frameworks against international developments and frameworks.
Effective functioning of the Audit and Risk Committee.
Employment of tax experts and consultation with independent tax and legal professionals.
Legal Compliance Policy linked to expert legal advice.
Effective Compliance Policy and procedures.
Effective outsource agreement with a credible vendor and service levels supporting cost-efficient, secure and available systems and networks.
Technology and Information Governance Policy supported by procedures over key activities such as business continuity, information and cyber security, document retention and user acceptable usage policies, including POPIA requirements.
The Remgro Board has formalised and approved the risk tolerance levels to define the Board’s risk appetite and to ensure that all risks within the Group are managed within the limits so defined.
Remgro, due to the nature of its core activities, deals with risk tolerance levels in the following three risk categories using dedicated and bespoke methodologies:
Risk tolerance levels are set in accordance with the cost of funding the investments (WACC) as adjusted with a risk weighting (Beta) to ensure a sustainable and positive risk-return environment, taking cognisance of the investment portfolio.
Given the liquidity requirements to support performing investments and to seize new investment opportunities, the risk tolerance levels and linked returns for cash held in South Africa and internationally are measured in terms of lending rates achieved by major banks in the money market, including but not limited to STeFI (Short Term Fixed Interest) or LIBOR (London Interbank Offered Rate), as well as compliance with required credit ratings set for approved counterparties. This is continuously monitored and reassessed given prevailing market volatilities, risk and, at times, negative returns on cash in certain international money markets. Given the prevailing low interest rate environment during the first quarter of the reporting period, the Treasury Committee was furthermore tasked to recommend suitable investment instruments for cash at the centre to the Investment Committee or Board for consideration. Given the continuing trend in interest rate increases during the remainder of the reporting period consideration was also given to the cost of funding and adjusting the debt at the centre.
Foreign currency risk and capital preservation risk in an adverse economic climate are mitigated by means of conservative policies regarding hedging strategies and counterparty vetting.
The treasury funds are invested as per a Board-approved Treasury Policy which deals with counterparty (credit) risk, liquidity risk, interest rate risk, currency risk, instrument risk and commercial risk (terms of trade), as well as the policies deployed to safeguard cash and liquid assets.
This category includes risks associated with unplanned losses to assets, exposure to liabilities, fidelity, business interruption and other operational risk.
In these instances the Board has, in addition to stringent internal controls, adopted a conservative approach by taking sufficient insurance cover to mitigate the anticipated maximum loss should risk realise in these categories.
Risk appetite is defined as the risk that the Company is prepared or willing to accept without further mitigating action being put in place or the amount and nature of risk the Company is willing to accept in pursuit of objectives. This is also defined as the risk propensity of the Board in pursuing the creation of sustainable wealth.
The following qualitative and quantitative factors are considered by the Board in evaluating risk appetite:
Risk-bearing capacity is defined as a monetary value which is used as a yardstick, measuring the maximum loss the Company can endure without exposing it to the point where its existence and going concern status is under threat, given an equivalent loss.
Given the nature of Remgro’s INAV composition, i.e. equity investments, net excess cash and the conservative size of debt at holding company level, there are no known current exposures that could jeopardise the going concern status of the Group.
The risk and opportunities management process is furthermore also externally focused to ensure the timely identification of new emerging risks and opportunities and the assessment of the effectiveness of timely responses thereto. Scenarios are furthermore used to assess the adequacy of the Company’s business resilience.
The Company reviews its technology policies annually. The Technology and Information Governance Policy defines the scope, roles and responsibilities of technology and information governance to ensure technology and information supports and enables the achievement of Remgro’s business objectives and articulates and gives effect to Remgro’s direction on the employment of technology and information. This policy is further supplemented by governance-based policies such as the Technology and Information Acceptable Use Policy, the Information Security Policy and information confidentiality policies that are defined in alignment with POPIA.
The technology and information risk management process is fully integrated with the combined assurance process of the Company and aligned to COBIT (Control Objectives for Information and Related Technologies).
Preventative technologies and practices are in place across the respective layers of technology and information security, including physical intrusion prevention, infrastructure intrusion prevention and monitoring, platform controls, applicationlayer security, and process controls. The Security Operations Centre (SOC) service provider monitors and alerts against cyber activity and patterns. Weekly vulnerability assessments are included in the Standard Operating Procedures on top of which independent vulnerability scanning and penetration tests are conducted periodically. Security controls are also extensively scrutinised during the annual NIST-based (National Institute of Standards and Technology) cyber insurance reviews and our cyber security strategy is extended through the cyber insurance support processes.
There were no incidents of information security or cyber protocol breaches recorded during the year under review and continuous strengthening of the cyber security posture remains a high priority.
A business continuity plan has been formalised and successful tests performed on the back-up and disaster recovery process.
All technology-related incidents, including potential security incidents, are reported through the service desk from where the appropriate escalation process is triggered.
Third-party risk assessments are aligned with industry-related exposures and developments. Opportunity assessment forms part of the annual technology and information strategy review. Emerging technologies and innovations are monitored, selected and deployed as appropriate to improve performance of the organisation through information, communication, and digital technologies.
The Board, as part of its ethical leadership commitment, approved a Legal Compliance Policy and confirmed that there are sufficient management capacity and controls in place to ensure compliance with all relevant laws and salient industry practices.
The administration of the Legal Compliance System is vested in an official with the appropriate legal qualifications. Members of senior management of the Company are informed on a regular basis of all relevant new legislation and amendments.
Compliance controls also vest with senior management who are required to report to the Social and Ethics Committee on a regular basis regarding their compliance using a control self-assessment methodology. This process is incorporated into the annual combined assurance plan. The outcomes of compliance assessments are reported to the Board, via the ROTIG Committee and no incidents of non-compliance or fines incurred due to non-compliance were recorded.
The Group has implemented and maintained a sound control environment, including a comprehensive system of internal controls to mitigate the risks in the enterprise and to ensure that the Group’s objectives are consistently achieved. Internal controls are based on the principle of acceptable risk being inherent to the design and implementation of a cost-effective system of internal control. The system includes monitoring mechanisms and mitigation processes to timely augment deficiencies when they are detected. This system is benchmarked against the COSO Internal Control – Integrated Framework.
The internal audit function is employed by Remgro Management Services Limited and the CAE, Mr Deon Annandale, reports to the chairman of the Audit and Risk Committee and functionally to the CFO. The department complies with the requirements of King IV and the International Standards for the Professional Practice of Internal Auditing. The department maintains a three-tier Quality Assurance and Improvement Programme as prescribed by the Institute of Internal Auditors. This comprises a continuous self-assessment process with Independent External Assessments being performed by an international external audit firm, other than the Group’s external auditors, every three years.
The internal audit plans, as approved by the Audit and Risk Committee, are designed following a risk-based assurance approach and are focused on adding value to the control environment while rendering independent assurance to the Audit and Risk Committee and to the Board on, inter alia: the effectiveness of internal financial control; the effectiveness of internal control over operational and compliance activities; the adequacy of governance systems, including the “tone at the top“; the effectiveness of the combined assurance process and risk and opportunities management process.
The function is furthermore strategically aligned to the creation and preservation of value and rendering insight into emerging risk.
The internal audit department also renders independent internal audit and risk and opportunities management services to certain Group companies who elect to outsource the function. In these instances dedicated processes are maintained to ensure the independent functioning of the department, including its fiduciary duty to the respective Group companies and the safeguarding of their proprietary information.
When required, specialist skills are insourced to assist with information technology and forensic services.
The Board, via the Audit and Risk Committee, has considered the documented policies, procedures and independent assurance reports and is satisfied that the control environment along with the internal control and risk and opportunities management processes implemented in the Group are effective.
The Board is not aware of any exposure or position that could culminate in the residual risk profile of the Group exceeding the risk-bearing capacity limits set by the Board.
The following comprised focus areas during the year under review:
The above aspects will be repeated in the agenda as regards focus areas given the Group’s Governance Standards and aligned committee mandate.