Risk committee report
The Risk Committee (the committee) is pleased to present its report for the 12 months ended 30 September 2017.
The board has allocated the oversight of risk governance, technology and information governance and compliance governance to the committee.
Composition and meetings
Members of the committee and its Chairman are appointed by the board, on the recommendation of the Nomination Committee and in consultation with the Chairman of the Risk Committee. During the year under review, the committee comprised three independent non-executive directors, five executive members and the internal audit manager. The members were Messrs CF Wells (Chairman), TD Currie, MW Godfrey, MP Madi, HK Mehta, S Naidoo, KJ O’Brien, GO O’Connor and EP Stelma. Their qualifications and experience are available here.
A King IVTM recommendation is that the committee should comprise a majority of non-executive members of the board. Accordingly, on the recommendation of the Nomination Committee, and approved by the board on 14 November 2017, Messrs TD Currie, S Naidoo, KJ O’Brien and EP Stelma will resign as members of the committee and attend meetings by standing invitation.
The committee meets formally twice a year. The Chairman of the board and the external auditors attend meetings by invitation. Members’ attendance at meetings was as follows:
Terms of reference
The committee operates in accordance with a formal terms of reference and work plan, which was reviewed and amended in line with the King IVTM recommendations and approved by the board on 2 August 2017.
A copy of the committee’s terms of reference is available here.
Role and responsibilities
The committee oversees the company’s risk management, IT and compliance processes to ensure that management identifies potential risks in these areas which may affect the company or its operations. It implements effective policies and plans to mitigate any risks and enhance the company’s ability to achieve its strategic objectives and to support the company in being ethical and a good corporate citizen.
Details of the committee’s duties are contained in its terms of reference, which are available here.
In addition to the key activities below, the committee received feedback from management on the group’s insurance, operational risk matters (logistics risks, human resource risks, food safety risks, climate change risks and financial risks), legal matters and the risk management process undertaken in SPAR Ireland and SPAR Switzerland.
The committee also undertook a self-evaluation of its performance and strongly believes that:
- It is appropriately constituted with clearly defined terms of reference and appropriate reporting lines to the board;
- The frequency and duration of committee meetings were appropriate to enable members to discharge their mandate;
- It has a mix of the required skills to address a range of issues and risks pertaining to the committee;
- The members have a clear understanding of their responsibilities and authority;
- It provides clear and specific guidance to the board as mandated and assists the board in its overall responsibility to ensure the proper governance of the company;
- Members are well prepared for their meeting; and
- The Chairman of the committee is effective.
Mr KJ O’Brien is the Group Risk and Sustainability Executive and is responsible, together with the executive management, for the implementation and execution of the risk management process. An enterprise risk management policy and framework is in place and reviewed annually.
During the year under review, the committee reviewed the risk register containing the top 10 strategic risks facing the company, as well as the strategic imperatives to which these top 10 strategic risks are associated. The committee reviewed the enterprise risk management policy and framework and reviewed the work being done to develop a combined assurance framework and policy for the company. This combined assurance framework will be completed during the coming 2018 financial year.
Work on a new incident management system commenced during the 2017 financial year, and favourable results were recorded during the pilot phase of the system at the KwaZulu-Natal distribution centre. The system will be rolled out to other distribution centres in the new year. Similarly, work commenced on the identification of business processes, operational risks and tactical focus areas in all functions of the business. This work once completed, will combine operational risks, strategic risks and strategic imperatives. This will complete the implementation of an enterprise risk management system, which produces action plans and key risk indicators (KRIs) that are directly related to the company’s implementation of its strategy.
Groundwork for the inclusion of SPAR Ireland and SPAR Switzerland in the enterprise risk management framework of the company commenced during the 2017 financial year and will be progressed during the next 2018 financial year.
Mr EP Stelma is the Group IT Executive and is responsible, together with the executive management, for the implementation and execution of effective technology and information management. An IT strategy and governance framework is in place and is reviewed annually.
The SAP HANA upgrade was completed during the 2017 financial year and preparations for the SAP Phase 2a implementation will take place in the new year.
A cybercrime awareness programme was successfully launched at central office and is being rolled out at all distribution centres.
Downtime reports were considered carefully at every committee meeting. Nothing of significance occurred during the 2017 financial year.
The IT audit report compiled by Deloitte & Touche was reviewed by the committee. No major issues were identified in the report.
KEY FOCUS AREAS
- Complete the identification of operational risks and controls for each business function and incorporate these into the strategic risk review process
- Finalise the combined assurance framework and policy so that internal audit can conduct comprehensive risk based audits.
Ms MJ Hogan is the group Company Secretary and is responsible, together with the executive management, for the implementation and execution of effective compliance management. A compliance policy is in place and is to be reviewed at the February 2018 committee meeting.
During the 2017 financial year, the committee considered reports provided by management that covered the following issues:
- Legal matters including the Competition Tribunal application relating to exclusivity clauses in lease agreements. The second exception application in this matter was heard during early September this year
- Regulatory matters including the Competition Commission Enquiry into, inter alia, supermarket groups. The company presented at a public enquiry in July 2017
- Whistle-blowing hotline matters. All the matters reported were investigated and dealt with by the company. The SPAR’s Code of Ethics and the whistle-blowing hotline were relaunched during the 2017 financial year; and
- Comparisons between King III and King IVTM were made, and all necessary changes to the board charter and subcommittees’ terms of reference and work plans were made and approved. Any outstanding King IVTM compliance issues will be concluded during the next 2018 financial year.
The committee was satisfied that it fulfilled its responsibilities in accordance with its terms of reference for the reporting period.
Thanks go to the members of the committee for their dedicated and constructive contributions to its functioning.
Chairman of the Risk Committee
14 November 2017