|
|
| Corporate governance report | Page 1 2 3 4 5 6 7
|
RISK MANAGEMENT, ACCOUNTABILITY AND AUDIT
Risk management
The board has adopted the following risk management policy. Through a process of communication and application to
all business units this policy has been successfully embedded throughout the group:
'The directors of Sun International Limited have committed the company to a process of risk management that is
aligned to the principles of the King II report. The features of this process are outlined in the company's risk policy
framework. All group business units, divisions and processes are subject to the risk policy framework.
Effective risk management is imperative to a company with our risk profile. The realisation of our business strategy
depends on us being able to take calculated risks in a way that does not jeopardise the direct interests of stakeholders.
Sound management of risk enables us to anticipate and respond to changes in our business environment, as well as
take informed decisions under conditions of uncertainty.
An enterprise-wide approach to risk management has been adopted by the company, which means that every key risk in
each part of the group is included in a structured and systematic process of risk management. All key risks are managed
within a unitary framework that is aligned to the company's corporate governance responsibilities.
Risk management processes are embedded in our business systems and processes, so that our responses to risk remain
current and dynamic. All key risks associated with major change and significant actions by the company also fall within
the processes of risk management. The nature of our risk profile demands that Sun International Limited adopts a
prudent approach to corporate risk, and our decisions around risk tolerance and risk mitigation reflect this. Nonetheless,
it is not the intention to slow down the group's growth with inappropriate bureaucracy. Controls and risk interventions
are chosen on the basis that they increase the likelihood that we will fulfil our intentions to stakeholders.
Every employee has a part to play in this important endeavour and in achieving these aims.' |
|
|
| |
|
| |
|
The group pursues strategies aimed at maximising long
term shareholder value. The risks to which the group's
existing businesses are exposed are continuously identified
and mitigated in terms of a group process that allocates
responsibility, determines the action to be taken and
monitors compliance with that action. This involves
managing existing businesses in a changing and challenging
environment as well as pursuing new business
opportunities locally and internationally. Any new business
opportunity which exposes the group to risk results in a
risk analysis being carried out by management as a prerequisite
to board consideration and approval. This
ensures the overall level of risk is assessed in relation to the
potential returns.
The board of directors is responsible for monitoring and
reviewing the risk management strategy of the group and
remains committed to the group's process of enterprise
risk management. The group risk committee assists the
board in fulfilling this responsibility and in the discharge of
its duties relating to corporate accountability and
associated risk in terms of management, assurance and reporting. The effectiveness, quality, integrity and
reliability of the group's risk management processes have
been delegated to the risk committee, whose primary
objective is to monitor, develop and communicate the
processes for managing risks across the group.
During the year, the company's risk register comprising the
top 50 risks was once again updated and each risk
reviewed, re-ranked and documented. The review process
also explored the possibility of new risks having entered
the risk environment, and these were defined and ranked
in the same way as existing risks. The register continues
to be updated on an annual basis, or as often as
circumstances necessitate. Ownership of each risk remains
the responsibility of assigned senior executives, who
report on progress made with agreed action plans and
existing internal controls. The top 20 risks are monitored
by the SIML board on a quarterly basis. The SIML board
submits a risk management report to the risk committee
twice a year focusing on the top 20 risks. Each division
drafts a risk management submission to the SIML board
quarterly, focusing on the top 10 risks facing the division.
Divisional risk management committees and operational risk management committees at each unit review their
risks at their risk committee meetings once a quarter and
minute the top 20 risks facing the operation and any risk
developments and losses.
The key risks that form the focus of this process
at a strategic level include: |
|
| |
|
| • |
the impact of potential anti-gaming sentiment; |
| • |
risks associated with the potential non-renewal of
gaming licences or exclusivity; |
| • |
pressures for empowerment charters within the industry; |
| • |
limited casino growth opportunities in South Africa and
market maturity; and |
| • |
the impact of potential increases in gaming taxes. |
|
|
| |
|
Each risk has been measured in terms of its potential
impact upon income statement items and the group's
balance sheet. The group's propensity for risk tolerance is
used to guide decisions for risk mitigation. The process of enterprise risk management is therefore embedded at a
strategic level and the process has been cascaded to the
group's major subsidiaries.
The board has adopted and disseminated a risk policy
framework outlining the group's framework and processes
of risk management. These are based on the Institute of
Risk Management's Code of Practice for Enterprise Risk
Management. The group has developed a good culture of
managing risk, with a significant number of embedded
processes, resources and structures in place to address risk
management needs. These range from internal audit
systems, insurance and risk finance, IT security, compliance
processes, quality management and a range of other line
management interventions. The risk policy framework
provides an integrated framework through which the
group's risk management efforts are maximised. All
operations are required to follow the policy's directives in
terms of risk assessment, risk monitoring and risk reporting.
At operational level, there are numerous risk management
processes, including functions such as safety management,
health and environment responsibilities, security, fire,
defence, fraud detection, food hygiene controls and quality
management. Each of these functions includes processes
for the identification of risk, the implementation of risk
mitigations, and compliance with relevant legislation. Risks
are monitored and reported upon at quarterly management
and divisional meetings. There is a comprehensive system of
incident reporting that allows for exception reporting to
executive management. The group's operational risk control
functions have performed well.
The group's annual internal audit plan incorporates the
outcomes of the enterprise risk management process and
the top risks in the group have been incorporated into the
internal audit plan and investigates the effectiveness of
risk controls. These risks are addressed by the plan at least
once a year. The director of internal audit attends risk
committee and divisional and management meetings
where risk is addressed in order to verify that the risk
management process is appropriate. The internal audit
function formally reviews the effectiveness of the group's
risk management processes once a year and reports on its
findings to the risk committee and the audit committee.
As such, internal audit provides a high profile risk
management facilitation role, but without assuming
responsibility for risk management which remains the
responsibility of line management.
The board is satisfied with the process of identifying,
monitoring and managing significant risks and internal
controls and that appropriate systems are in place to
manage the identified risks, measure the impact thereof
and that these are proactively managed so that the
company's assets and reputation are suitably protected. |
|
| |
|
 |
|
| |
|
|
|
|
|
