Integrated Report 2021

 

Currently viewing: Governance and Risk Committee report / Information and Technology Committee report

Governance
report

Governance and Risk Committee report

"The CODE team has continued to entrench the GRC framework throughout the organisation, using technology to strengthen and extend oversight of processes and systems and to mitigate future risk. Good progress is being made in digitising GRC platforms and the committee is satisfied that the risk management function is operating effectively."
Jesmane Boggenpoel Chairperson, Governance and Risk Committee

Jesmane Boggenpoel Chairperson, Governance and Risk Committee

FOCUS FOR 2022

  • Maturing business resilience across all businesses and business units
  • Continued emphasis and maturity of business interruption plans across the Group
  • Solving for the challenges posed by hybrid working arrangements both from a technology and human capital perspective
  • Enhance the control environment by providing input into the new ERP solution
  • Overseeing the roll-out of the new Group ERP system to monitor risk of business interruption
  • Continue implementing innovative tools and technology working towards GRC as a service
  • Enhancing risk quantification metrics and appetite into a tool, to enable early warning indicators
  • Moving from a rules and risk-based approach to a principles and intelligence lead approach
  • Introducing robotic process automation into our compliance controls and processes

COMMITTEE COMPOSITION

  • Jesmane Boggenpoel (Chairperson of the committee)
  • Sipho Ngidi
  • Mike Bosman
  • Nosipho Molope*

* Appointed 1 January 2021

The number of meetings and attendance per committee member are shown in Corporate governance.

Attendees at committee meetings include the Chief Executive Officer, the Chief Financial Officer, the Chief Risk Officer, the Head of Legal, the Head of Risk, the Head of Compliance and Governance and other persons with specific skills and expertise to assist the committee in discharging its functions.

The summaries in Board of directors provide the directors' qualifications and experience.

How we manage governance and risk
How we manage governance and risk

Note: The structure of committees has been updated in line with King IV.

1 Audit Committee responsibilities include oversight of internal audit
* Assets Disposals and Strategic Acquisitions Committee

COMMITTEE PURPOSE

The Governance and Risk Committee ('the committee') ensures the ethical and effective implementation of the EOH Corporate Governance Framework to deliver on the framework's objectives of an ethical leadership culture, sustainability and growth, stakeholder engagement, statutory compliance and responsible citizenship. The committee's responsibilities include championing the vision and strategy of EOH, overseeing of governance structures and accountability, sustainability and resilience, corporate citizenship, enterprise risk management and compliance, transparency and disclosure. Effective oversight of these areas ensures leadership and excellent business decisions that manage risk and take opportunities to create and protect value.

The committee is responsible for:

  • overseeing and leading the process of embedding the EOH Governance Framework;
  • developing and reviewing the EOH risk policies, standards and procedures and overseeing EOH Enterprise Risk Management and Compliance;
  • the effective mitigation of strategic, financial, technology and operational risks to all EOH stakeholders;
  • liaison with the Audit Committee to exchange information and knowledge relating to risk and opportunity;
  • providing opinions and recommendations to the Board on risk assessment, appetite and mitigation approaches; and
  • overseeing the establishment of business continuity arrangements and mitigation strategies to ensure sustainable value creation.

ACTIVITIES DURING THE YEAR

The committee met three times during the year to review the Company's top risks and mitigating actions as well as the progress that has been made in rolling out and embedding the new EOH Governance, Risk and Compliance Framework that was developed in 2019. In the prior year, effort was put into appropriate resourcing of the team; however, this needed to be balanced against the cost saving initiatives and restructuring processes underway. To this end, the relatively small CODE team has leveraged technology to enable the necessary oversight of processes and systems; and to mitigate future risk.

Risk management

The Group Risk Committee reviews the effectiveness of risk mitigation programmes, business continuity and forensic services, and provides feedback to the Governance and Risk Committee through the Chief Risk Officer. The top risks facing the organisation are reported to the committee at each meeting. Additional information as it pertains to the top risks are contained in the risk overview.

The Bid Risk Committee ('BRC') has operated effectively during the year with a total number of 744 bids being reviewed since it was established in January 2019.

The Group Risk Committee renewed the Group insurance programme in difficult market conditions, ensuring sufficient coverage for the Group. In addition, the function also plays an instrumental role in the combined assurance.

As a result of the progression in the risk and governance maturity, the committee is satisfied that the risk management function is operating effectively.

Compliance management

The committee oversees the compliance programme, under which a number of activities took place during the year. These focused on:

  • Digitisation of GRC processes in Cerebro
  • EOH as a whole achieved 100% completion rate on the FY2021 OBI declaration project and compliance actively managed all of the declared OBIs. The OBI tool was then developed and transitions into annual business as usual ('BAU') declarations from FY2022
  • Compliance drove the successful implementation of POPIA across the Group
  • The EOH Ethics League, a well-received and successful learning management project that helped embed the key GRC principles across the organisation, was successfully implemented.

In addition to the committee's key focus areas discussed in the report, key activities for the 2021 financial year included:

Focus areas Response
Continued implementation of innovative tools and technology across the GRC function
  • Case management tool, mime cast tool, know your supplier ('KYS') tool, bank verification tool, CIPC checklist, OBI  tool, breach management tool, travel request tool, insurance claims tool.
Implementation of a contract management system
  • A new legal contract management system is being implemented across the business
Ongoing mitigation of COVID-19 and vaccination roll out
  • As a business we continued to improve and adjust our COVID-19 mitigation measures throughout the year. Assistance provided specifically to our reception and facilities staff included:
    • free transport to the vaccination sites
    • two-day boot camp with all our frontline employees where we emphasised the value and importance of vaccination
    • on-site vaccination days at designated EOH office sites

CONCLUSION

The committee is confident that the CODE team will continue to entrench the risk, compliance and governance framework though the organisation. Based on the work performed and the oversight of governance and risk during the year, we believe that the committee effectively fulfilled the responsibilities set out in its terms of reference.

Jesmane Boggenpoel
Chairperson, Governance and Risk Committee

26 October 2021

Back to top