At the date of this report, the Risk Committee comprises: Mr Chris Seabrooke (Chairman); Dr Lulu Gwagwa; Ms Phumzile Langeni; Messrs Guy Hayward, Moses Kgosana, Johannes van Lierop, Norman Gray, Dhari Moodley and Mike Spivey; four of the members are independent non-Executive Directors and each have the requisite financial and commercial skills and experience to contribute to the Committee’s deliberations. Ilan Zwarenstein was a member of the Committee until he resigned as Group Finance Director on 12 March 2015, at which time Johannes van Lierop was appointed as Chief Financial Officer (CFO) of Massmart. The Risk Committee met twice in the year ended December 2015.
The Board considers risk management to be a key business discipline designed to balance risk and reward, and to protect the Group against risks and uncertainties that could threaten the achievement of business objectives. The Board’s risk strategy has been established through debate with the executive Directors where the Group’s risk tolerance has been considered and balanced against the drive towards the achievement of its strategies and objectives.
The Committee is responsible to the Board for overseeing the Group’s risk management programme. The day-to-day responsibility for risk management, including maintaining an appropriate loss prevention and internal control framework, remains with the Executives of the Group and of each Division. Each division has developed a risk and loss prevention process that is best suited to its culture, structure and operations.
The Committee’s primary role is one of oversight and therefore it reviews and assesses the dynamic interventions, within the Group’s available resources and skills, required in response to business-specific, industry-wide and general risks. The Committee tables a Group risk register to the Board twice annually, in February and August, which is aggregated from those prepared by the Divisions and the Group Executive Committee. The Committee is also responsible for reviewing and reporting on the Group’s application of King III, and will play an integral part in monitoring the development of King IV and will align governance requirements and formal practices upon the release of King IV.
As part of the annual risk reporting process, the Divisions’ Risk Officers report any major risk incidents that occurred during the year. These incidents are defined in the Group Risk Policy as ones that:
- Directly or indirectly impact annual Divisional earnings before interest and tax or total assets by 5% or more (quantitative); or
- Have significant qualitative dimensions that may include:
- A major concern to Massmart Holdings’ public shareholders;
- Serious damage to the reputations of the Division and / or its executives and management;
- Affecting a major portion of the Division’s customer base;
- A large fraud or theft;
- A legal matter that may result in major financial or reputational risk;
- A material ethical or compliance breach, whether qualitative or quantitative;
- A major breakdown in the control environment;
- Significant IT system failure;
- Nationwide media coverage and/or public concern; or
- Affecting the Division or Group’s ability to implement or execute its strategy and business objectives.
The Committee considers there to be two categories of Group risk that can broadly be described as Strategic/Environmental risks and Operational risks.
Strategic/Environmental risks tend to be longer-term and more material in nature and can, in most cases, only be monitored, managed and partially mitigated through longer-term strategic or tactical business responses. These risks, which, for example, include executive talent retention and succession, transformation and supply chain, are the primary focus of the Group’s Risk Management process. The Group risk register summarises the major risks facing the Group, taking into account the likelihood of occurrence, the potential impact and any mitigating factors or compensating controls. The Risk Committee oversees the maintaining of a sound system of governance, risk management and control with regard to operations, safeguarding assets, reliability of management reporting, and compliance with laws and regulations.
Operational risks by their nature can be immediately addressed or mitigated by local management actions. These risks – which include in-store health, safety and security, compliance, fire prevention and detection, IT systems and food safety, amongst others – are therefore the direct responsibility of each Divisional Executive Committee where a Loss Prevention or Risk Officer has line-responsibility for overseeing these risks.
Internal control framework
Massmart maintains clear principles and procedures designed to achieve corporate accountability and control across the Group. These are codified in the Massmart Delegation of Authority policy that describes the specific levels of authority and the required approvals necessary for all major decisions at both Group and Divisional level. Through this framework, operational and financial responsibility is formally and clearly delegated to the Divisional Boards. This is designed to maintain an appropriate control environment within the constraints of Board-approved strategies and budgets, while providing the necessary local autonomy for day-to-day operations.
The Board is responsible for the risk management programme that attempts to balance the risks and rewards in achieving the Group’s objectives. On behalf of the Board, the Risk Committee oversees the Group’s risk management programme. Responsibility for risk management and loss prevention rests however with the Group and Divisional Executive Committees.
Litigation and legal
During 2015 there were several developments regarding lease exclusivities. These lease exclusivities are legal arrangements contained within certain shopping centre lease agreements that appear to entrench the incumbent major food supermarkets in certain localities within South Africa. In 2014 Massmart formally requested the Competition Commission to investigate these market practices and in mid-2015 self-referred this complaint to the Competition Tribunal. At about the same time the Commission announced its intention to hold a formal inquiry into these tenancy arrangements and in February 2016 announced the names of the panel members who will lead this process. Finally, we have successfully appealed the November 2015 decision of the Supreme Court of Appeal regarding lease exclusivities at the Cape Gate shopping centre.
In addition to this matter, the Group and our subsidiaries are party to a variety of legal, administrative, regulatory and government proceedings, claims and inquiries arising in the normal course of business. While the results of these proceedings, claims and inquiries cannot be predicted with certainty, management believes that the final outcome of the foregoing will not have a material adverse effect on the Group’s financial position.
Financial risk and appraisal
Financial targets agreed in Group budgets and strategy processes are predicated on assumptions about the future that are uncertain and may prove incorrect or inaccurate. The monitoring and management of this risk is the responsibility of the Group Executive Committee. Monthly performance is measured and compared to the budget and prior year, and corrective or remedial action taken as appropriate.
Despite extensive financial, accounting and management controls and procedures, including reviews by Internal and External Auditors, there are risks arising from the Group’s cash management and treasury operations, direct and indirect taxation, and employee or third-party fraud or economic crime.
In addition to financial reviews, Massmart participates in externally-facilitated review and disclosure processes that enable independent reviews of its corporate accountability performances. These include a Carbon Disclosure Project participation, Broad-based Black Economic Empowerment verification and an annual JSE Socially Responsible Investment Index review.