Risk committee report

The Risk Committee (the committee) presents the following report for the 2018 financial year.

Committee governance


The members of the committee for the 2018 financial year were independent non-executive directors, Chris Wells (Chairman), Phinda Madi, Harish Mehta and Andrew Waller and executive directors Graham O’Connor and Mark Godfrey. Their qualifications and experience are available here.

Andrew Waller was appointed to the committee on the recommendation of the Nomination Committee on 7 February 2018.


Permanent invitees at committee meetings are the Group Risk and Sustainability Executive, the Group Logistics Executive, the Group IT Executive, the Group Internal Audit Manager, the external auditor and the Company Secretary (who acts as the secretary of the committee).

The committee met twice during the 2018 financial year. Members’ attendance was as follows:

Member Status 6 Feb 2018 6 Aug 2018
Chris Wells (Chairman) Independent non-executive
Mark Godfrey Group Financial Director
Phinda Madi Independent non-executive ✓^
Harish Mehta Independent non-executive
Graham O’Connor Group Chief Executive Officer
Andrew Waller Independent non-executive n/a

Members’ attendance was 100%.

^ via teleconference

Terms of reference

The committee executes its responsibilities in accordance with a formal terms of reference, which is reviewed annually and is aligned with the King IV™ recommendations. No changes were made to the terms of reference since its last review in 2017.

The committee received assurance on all relevant matters in its terms of reference from the following committees during the 2018 financial year:

  • Audit Committee
  • Social and Ethics Committee

The committee is satisfied that it has fulfilled its responsibilities in accordance with its terms of reference.

A copy of the committee’s terms of reference and work plan can be found here.

Role and responsibilities

The board has allocated the oversight of risk governance, technology and information governance and compliance governance to the committee.

The committee oversees the company’s risk management, IT and compliance processes to ensure that management identifies potential risks in these areas which may affect the company or its operations. It implements effective policies and plans to mitigate any risks, enhance the company’s ability to achieve its strategic objectives, and support the company in being ethical and a good corporate citizen.

Details of the committee’s duties are contained in its terms of reference.

The effectiveness of the committee is assessed by way of a self-evaluation review every two years and will be performed again in 2019.

Key focus areas

In addition to the key activities detailed below, the committee received feedback from management on the group’s insurance, operational risk matters (logistic risks, human resource risks, food safety risks, climate change risks and financial risks) and the risk management process undertaken in SPAR Ireland and SPAR Switzerland.

Risk governance

Kevin O’Brien is the Group Risk and Sustainability Executive and is responsible, together with executive management, for the implementation and execution of the risk management process. An Enterprise Risk Management (ERM) policy and framework is in place and was reviewed during the 2018 financial year. In keeping with the King IV™ recommendation of providing a combined assurance policy and framework, the committee considered such a policy and framework and approved same at its August 2018 meeting.

Internal audit provides the committee assurance as to whether risk management processes within the group are adequate and effective, and makes recommendations on areas where the SPAR risk management processes could be improved.

Focus areas for the 2019 financial year will be to:

  • constitute a Combined Assurance Forum to monitor the implementation of the combined assurance policy and framework and report on its progress at Risk Committee meetings; and
  • monitor managements progress on the identification of any new strategic and operational risks identified in terms of the implementation of SPAR South Africa’s reviewed strategic plan.

IT governance

Enno Stelma is the Group IT Executive and is responsible, together with executive management, for the implementation and execution of effective technology and information management. An IT strategy and governance framework is in place and was reviewed during the 2018 financial year.

The second phase of the SAP programme is well underway. This phase completes the finance area with the introduction of accounts payable and accounts receivable. Roll-out of this phase will start in 2019. Preparation for the third and last phase has started. This phase will cover merchandising, replenishment and logistics.

Significant investment was made in advanced firewall technology to keep abreast with developments in the cybercrime area.

Downtime reports were carefully considered at every committee meeting and nothing of significance occurred during the 2018 financial year.

The IT audit report compiled by PwC was reviewed by the committee during the 2018 financial year with no major issues identified.

Compliance governance

Mandy Hogan is the Company Secretary and is responsible, together with executive management, for the implementation and execution of effective compliance management. A compliance policy is in place and will be expanded on during the 2019 financial year to include a formal system to help the company maintain compliance in all areas of its operation. The system will focus on upholding polices and procedures that prevent the company and employees from breaking laws and regulations.

Thank you to the members of the committee for their dedicated and constructive contributions to its functioning.

Chris Wells
Chairman of the Risk Committee
13 November 2018