RISK AND OPPORTUNITY GOVERNANCE FRAMEWORK NAME DESIGNATION DATE Reviewed Cathie Lewis/Karen Warnock Group Company Secretary/Treasury Finance Manager May 2019 Approved Risk Committee Grindrod Limited Risk Committee May 2019 Approved Risk Committee Grindrod Limited Risk Committee November 2017 Revised Andrew Davies Group Risk Manager September 2017 Reviewed Mandhir Ramruthan Group Risk and Internal Audit September 2017 Reviewed Cathie Lewis Group Company Secretary September 2017 Compiled Andrew Davies Group Risk Manager May 2017 Reviewed Cathie Lewis Group Company Secretary May 2017 Approved Risk Committee Grindrod Limited Risk Committee May 2017 1. DEFINITION A Risk and Opportunity Governance Framework (the Framework) has been reviewed by the risk committee and approved by the Board. The purpose of the Framework is to set out the Risk and Opportunity Governance Strategy of Grindrod and to give an overview of its Risk and Opportunity Governance Policy, risk reporting and risk appetite. It also describes key aspects of the risk governance process implemented by Grindrod to provide reasonable assurance regarding the achievement of its strategic objectives. 2. OBJECTIVE This Framework has been developed based on the principles and provisions of ISO 31 000:2018, the King IV Report on Corporate Governance for South Africa, 2016 (King IV) and the Committee of Sponsoring Organisations of the Treadway Commission Enterprise Risk Management (COSO ERM). This Framework aims to ensure that the activities of Grindrod and its controlled entities are undertaken within the Board approved risk appetite and tolerance levels to ensure the sustained profitability, relevance and reputation of Grindrod. As a general principle, the risk management process is to be undertaken in conjunction with strategic planning and should consider risks and opportunities in an integrated way over the short, medium and long term.
15
Embed
RISK AND OPPORTUNITY GOVERNANCE FRAMEWORK · A Risk and Opportunity Governance Framework (the Framework) has been reviewed by the risk committee and approved by the Board. The purpose
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
RISK AND OPPORTUNITY GOVERNANCE FRAMEWORK
NAME DESIGNATION DATE
Reviewed Cathie Lewis/Karen
Warnock
Group Company Secretary/Treasury
Finance Manager
May 2019
Approved Risk Committee Grindrod Limited Risk Committee May 2019
Approved Risk Committee Grindrod Limited Risk Committee November 2017
Revised Andrew Davies Group Risk Manager September 2017
Reviewed Mandhir Ramruthan Group Risk and Internal Audit September 2017
Reviewed Cathie Lewis Group Company Secretary September 2017
Compiled Andrew Davies Group Risk Manager May 2017
Reviewed Cathie Lewis Group Company Secretary May 2017
Approved Risk Committee Grindrod Limited Risk Committee May 2017
1. DEFINITION
A Risk and Opportunity Governance Framework (the Framework) has been reviewed by the risk committee
and approved by the Board.
The purpose of the Framework is to set out the Risk and Opportunity Governance Strategy of Grindrod and
to give an overview of its Risk and Opportunity Governance Policy, risk reporting and risk appetite. It also
describes key aspects of the risk governance process implemented by Grindrod to provide reasonable
assurance regarding the achievement of its strategic objectives.
2. OBJECTIVE
This Framework has been developed based on the principles and provisions of ISO 31 000:2018, the King
IV Report on Corporate Governance for South Africa, 2016 (King IV) and the Committee of Sponsoring
Organisations of the Treadway Commission Enterprise Risk Management (COSO ERM). This Framework
aims to ensure that the activities of Grindrod and its controlled entities are undertaken within the Board
approved risk appetite and tolerance levels to ensure the sustained profitability, relevance and reputation of
Grindrod. As a general principle, the risk management process is to be undertaken in conjunction with
strategic planning and should consider risks and opportunities in an integrated way over the short, medium
and long term.
In this regard the King IV Report states that risk governance should encompass both the:
• opportunities and associated risks to be considered when developing strategy; and
• potential positive and negative effects of the same risks on the achievement of organizational
objectives.
The risks identified and evaluated as part of the annual strategic planning process will be the risks that will
affect Grindrod’s ability to achieve its strategic objectives. Although the risk committee meets bi-annually to
formally review risk governance, risk management is an on-going part of strategic planning, management and
day-to-day activities of the organisation. New risks affecting the achievement of objectives may arise at any
time.
An integrated approach to risk management will provide Grindrod with a complete and coherent picture of the
risk universe. This will be achieved by adopting the 6 Resources of the Value Creation Model approach which
provides guidance on a broad, integrated value creation process which takes externalities and intangibles into
consideration. The Company creates value by identifying and managing risks and opportunities through
considering the 6 Resources, viz, Our Money; Our Assets; Our Skills’ Our Relationships; Our People and Our
Environment within the context of the three environments in which the Company operates and impacts, i.e.
economic, social and natural..
A structured and integrated Framework provides a number of beneficial outcomes by:
• enhancing strategic planning through the identification of risks that may pose as threats to Grindrod’s
strategic objectives and opportunities that may strengthen the prospects of Grindrod achieving its
strategic objectives.
• encouraging a proactive approach to issues likely to negatively and positively impact Grindrod’s the
strategic objectives.
• improving the quality of decision-making by providing structured methods for the exploration of risks and
opportunities, and allocating resources.
• supporting consistent behaviours and decision-making with respect to risks and opportunities across the
Group.
• richer risk assessment by identifying recurring/strong themes and developing a comprehensive
understanding of causes, effects and consequence leading to a complete risk response.
• alignment of the risk appetite and organisational strategy of the Group
• improving the organisation’s agility to anticipate, identify, adapt and respond to change.
3. RISK GOVERNANCE POLICY
Grindrod has adopted a Risk Governance Policy (Policy) (Annexure A of this document) designed to protect
and enhance resources and enable the achievement of its strategic objectives. The Policy emphasises that
risk management is an integral part of Grindrod’s business processes.
The risk governance policy is based on the following principles. Risk management is:
• the responsibility of the Board, executives, managers and employees;
• integrated into all business activities and systems;
• based on the South African Risk Management Standard SANS ISO 31000:2018;
• based on the provisions of the COSO ERM
• compliant with the King IV Code; and
• embracive of the 6 Resources of the Value Creation Model.
The Risk Governance Policy is supported by existing related policies.
4. GOVERNANCE STRUCTURE
An effective risk and opportunity governance framework is dependent on a governance structure that has:
• defined roles and responsibilities;
• formal policies, objectives and strategies in place
• adequate separation of duties;
• good relationships with internal stakeholders;
• proper systems of supervision and monitoring of activities and transactions;
• formal information systems, information flows and decision-making processes;
• proper understanding of resources and knowledge capabilities;
• risk consciousness and a proactive approach to managing risks and opportunities across the structure
and.
• risks being viewed in an integrated manner within the context of the external environment
Grindrod risk and opportunity governance structure
An organogram setting out Grindrod’s committee structure with specific reference to their risk functions is
annexed as Annexure B of this document.
5. ROLES AND RESPONSIBILITIES
Set out below is summary of the responsibilities of the various roles within Grindrod in relation to risk governance
and management.
Role Responsibilities
Board The Board retains the ultimate responsibility for risk governance and for determining
the appropriate level of risks and opportunities that Grindrod is willing to accept. The
role of the Board with respect to risk governance encompasses both compliance and
performance related aspects.
Risk Committee The Risk Committee assists the Board in carrying out its risk oversight responsibilities.
Audit Committee Ensure the integrity of internal financial controls and identify and manage financial
risks by means of a combined assurance model integrating internal and external
assurance providers.
Social and Ethics Committee Assist the board to fulfil its corporate governance responsibilities relating to social and
economic development, good corporate citizenship including ethics, the environment,
health and public safety, legal compliance, stakeholder relations, labour and
employment and transformation
Nomination Committee Continually reviews the skill and experience base of the Board and its committees,
conducts search and selection processes for new directors and recommend new
appointments to the Board. In addition, the Committee oversees executive succession
planning to ensure continuity of senior management at and below Board level.
Executive Management
Management is accountable to the Board for designing, implementing and monitoring
the process of risk management and integrating it into the day-to-day activities of the
company.
Management has a mandate to ensure risks are contained within approved risk
tolerance levels and opportunities are identified and developed as may be appropriate.
Divisional Chief Executives Divisional Chief Executives are responsible for the development and implementation of
all risk management processes and methodologies within their divisions.
Group Risk Management Group Risk Manager is responsible for the facilitation of the risk and opportunity
governance of the Company and reporting on the status of key business risks and
opportunities within the Group.
Employees All Grindrod employees are responsible for the reporting of risks and opportunities they
become aware of.
Internal Audit Internal Audit performs an objective assessment of the effectiveness of risk
governance.
6. RISK APPETITE AND RISK TOLERANCES
Risk Appetite is the amount of risk a business is willing to accept in pursuit of specific return on the
assumption of sustainable business operations. An approved risk appetite level will improve the ability of the
Board, other sub-committees and management to evaluate action plans by providing a benchmark of the
level of risk considered acceptable. Risk tolerances are specific boundaries/parameters relative to the
residual risk on the specific risk identified. The risk tolerance reflects an organisation’s ability or readiness
to accept residual risk after all mitigating controls have been put in place The Risk Committee is responsible
for assisting the Board in determining the risk appetite and risk tolerances for Grindrod.
7. RISK GOVERNANCE PROCESS
Set out below is Grindrod’s risk governance process which is based on the South African Risk Management
Standard SANS ISO 31000:2018.
7.1 IDENTIFY AND UNDERSTAND OBJECTIVES
The starting point to establish the risk context for Grindrod is the overall environment in which the Company
operates. The environment that will be considered in risk management activities include global, strategic,
operational, compliance and financial. Risks and opportunities are identified and governed through the
lenses of the 6 Resources, which include Our Money; Our Assets; Our Skills; Our Relationships; Our
People and Our Environment, whereby the interests of stakeholders are considered. Objectives are set
with regard to the risk appetite, which may change, depending on changes in the internal and external
environment of the Company. A level of variation is accepted for objectives (risk tolerance).
7.2 RIKS ASSESMENT
The following risk identification processes is relied upon within Grindrod to ensure risks are identified and
reported. Key risks and opportunities are identified and governed, considering the 6 Resources of the Value
Creation Model (Our Money; Our Assets; Our Skills; Our Relationships; Our People and Our Environment)
and how these Resources are interlinked and interdependent on one another, affecting the risk tolerance
levels and ultimately the residual risk of the Company.
Risk identification group Examples
Formal risk assessments Business strategic planning
reviews Risk workshops
Normal organisation activities Monthly Management meetings
Business and operational managers forums
Capital expenditure risk assessments
Routine data collection and business data analysis
Assessment against
standards/audits
Financial reviews and external audits
Six monthly Letters of Assurance
Internal Audit and peer reviews
Third Party Accreditation reviews
Corporate Compliance and Risk Audits
SHERQ audits
Incident or event logging Internal incident reporting incorporating health, safety, environment and
property incidents Tip - Offs hotline
7.3 CONSIDER CONTROLS
A control is any measure or action that treats risk. Controls include any policy, procedure, practice,
process, technology, technique, method, or device that modifies or manages risk. Risk treatments
become controls, or modify existing controls, once they have been implemented. Management must
identify the controls in place to mitigate each risk identified and consider the adequacy and effectiveness
of such controls in reducing the likelihood of the risk event arising or mitigating the consequences should
the risk event occur.
7.4 RESIDIUAL RISK EVALUATION
Residual risks are those risks that are expected to remain after implementing the planned risk mitigation
strategies, as well as those that have been deliberately accepted (risk tolerance).
Residual risk evaluation is the process of calculating the likelihood of an event and consequence if it were
to occur, after consideration of the influence of controls in place to reduce the likelihood and/or