Tip-offs: Report wrong doing

  • Risk Management

Overview of arrangements for governing and managing risk

The Board of Directors of enX (“the Board”) undertakes responsibility for the process of risk management in the Group, and is further responsible for setting the tone for risk management by providing discipline and structure. It has delegated this function to the Audit and Risk Committee. However, each sub-committee of the Board manages the Group’s risks for its areas of responsibility.

Whilst the Board has delegated its responsibility for risk management to the Audit and Risk Committee and the Board sub-committees, it still retains the ultimate accountability for risk governance. However, the committees are responsible for ensuring that the there is a combined assurance model in place that integrates both internal and external assurance providers.

The sub-committees are also responsible for monitoring the appropriateness of the assurance model and ensuring that significant risks are adequately addressed. In this way, the sub-committees fulfil an assurance role to the Board, based on the combined assurance reports of internal and external assurance providers. This approach is fully aligned to the King IV Report on Corporate Governance 2016 (King IV), and enables the Board to disclose to the Group’s stakeholders as to how it has satisfied itself that risk assessments, responses and interventions are effective.

As risk management is vital to enX’s strategy, and following the acquisition of the Eqstra businesses, a centralised ERM Framework was developed and implemented during the year under review after approval by the Board. The Group also established systems of internal control to mitigate strategic and operational risks.

The ERM Framework clearly defines enX’s risk management philosophy, sets the risk tolerance and appetite parameters, and encourages and inculcates risk management culture within the Group. Furthermore, the framework ensures that ERM is integrated and embedded into the Group’s normal business processes and activities.

The facilitation of risk management at a Group level was outsourced to BDO Advisory Services (Pty) Ltd (“BDO”), which works with independent risk champions at a divisional level. BDO reports to the Chairperson of the Audit and Risk Committee, which in turn reports to the Board.

The table provides a summary of the roles and responsibilities of each of the key stakeholders in the enX Group risk management process:

Board The Board is responsible for the governance of risk and sets the tone for risk management by providing discipline and structure. The Board approves the ERM Framework, which clearly defines enX’s risk management philosophy and encourages a risk management culture within the Group to ensure that ERM is integrated and embedded into normal business processes and activities.
Audit and Risk Committee The Audit and Risk Committee has implemented the ERM Framework for a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes within the company.
Chief Executive Officer the Group’s Chief Executive Officer drives the culture of risk management and signs off on annual risk attestation.
Senior Management Senior management continuously improves the Group’s risk management policy, strategy and supporting framework. They ensure employees in their business units comply with the risk management policy and foster a culture where risks can be identified and escalated.
Employees, contractors and agents All employees, contractors and agents comply with the Group’s risk management policies and control procedures, including being alert to and willing to report instances of non-compliance and unethical behaviour. They make recommendations, based on their practical experiences, on what measures can be implemented to manage and/or mitigate risks within the Group.

Risk management process

enX is guided by the ERM Framework published by the Committee of Sponsoring Organizations (COSO) of the Tredway Commission, ISO 31000:2009 Risk Management – principles and guidelines as the risk management standard for the Group and ISO Guide 73:2009, Risk Management – vocabulary, defining risk related terms.

All Group risk management standards, policies, procedures, guidelines proposals, plans and reporting are thus aligned with ISO 31000 and Guide 73. The risk management process illustrated below explains the Group’s relationships between the risk management principles, framework and process:

[minti_image img=”441″]

9th Floor, Kathryn Towers, 1 Park Lane, Sandton, Tel: +27 11 966 2000, Email: info@enxgroup.co.za