During the 2017 financial year, the Committee met on two occasions.

The Board considers risk management to be a key business discipline designed to balance risk and reward, and to protect the Group against risks and uncertainties that could threaten the achievement of business objectives. The Board’s risk strategy has been established through deliberation with Massmart’s Executive Committee where the Group’s risk tolerance has been considered and balanced against the drive towards the achievement of its strategies and objectives, and the realisation of identified opportunities emanating from the assessment of the Groups risks and opportunities.

The Committee is responsible to the Board for overseeing the Group’s risk management programme. The day-to-day responsibility for risk management, including maintaining an appropriate loss prevention and internal control framework, remains with Massmart’s Executive Committee and Divisional Executives. Each division has developed a risk and loss prevention process that is best suited to its culture, structure and operations.

The Committee’s primary role is one of oversight and monitoring and it reviews and assesses the dynamic interventions, within the Group’s available resources and skills, required in response to business-specific, industry-wide and general risks. The Committee oversees the maintaining of a sound system of governance, risk management and control with regard to operations, safeguarding assets, reliability of management reporting, and compliance with laws and regulations. The Committee tables a Group risk register to the Board twice annually, in February and August, which is aggregated from those prepared by the Divisions and the Massmart Executive Committee.

The Committee is also responsible for reviewing and reporting on the Group’s application of King IV, and played an integral part in aligning the Group’s governance structures and processes with requirements and principles of the King IV.

In the execution of its statutory duties and in accordance with its charter, the Committee effectively discharged its responsibilities over the past financial year.

As part of the annual risk reporting process, the Divisions’ Risk Officers report any major risk incidents that occurred during the year.  These incidents are defined in the Group Risk Policy as ones that:

  • Directly or indirectly impact annual Divisional earnings before interest and tax or total assets by 5% or more (quantitative), or
  • Have significant qualitative dimensions that may include:
    • A major concern to Massmart Holdings’ public shareholders
    • Serious damage to the reputations of the Division and / or its executives and management
    • Affecting a major portion of the Division’s customer base
    • A large fraud or theft
    • A legal matter that may result in major financial or reputational risk
    • A material ethical or compliance breach, whether qualitative or quantitative
    • A major breakdown in the control environment
    • Significant IT system failure
    • Nationwide media coverage and/or public concern
    • Affecting the Division or Group’s ability to implement or execute its strategy and business objectives

The Committee considers there to be two categories of Group risk that can broadly be described as strategic/environmental risks and operational risks.

Strategic/environmental risks tend to be longer-term and more material in nature and can, in most cases, only be monitored, managed and partially mitigated through longer-term strategic or tactical business responses. These risks, which, for example, include executive talent retention and succession, transformation and supply chain, are the primary focus of the Group’s Risk Management process.

Operational risks by their nature can be immediately addressed or mitigated by local management actions. These risks – which include in-store health, safety and security, compliance, fire prevention and detection, IT systems and food safety, amongst others – are therefore the direct responsibility of each Divisional Executive Committee where a Loss Prevention or Risk Officer has line-responsibility for overseeing these risks.

Internal control framework

Massmart maintains clear principles and procedures designed to achieve corporate accountability and control across the Group. These are codified in the Massmart Delegation of Authority policy that describes the specific levels of authority and the required approvals necessary for all major decisions at both Group and Divisional level. Through this framework, operational and financial responsibility is formally and clearly delegated to the Divisional Boards. This is designed to maintain an appropriate control environment within the constraints of Board-approved strategies and budgets, while providing the necessary local autonomy for day-to-day operations.

Combined assurance

Identified risks and how assurance is achieved over those risks are reported to the Board through the Massmart Audit and Risk Committees, who assume responsibility for the oversight thereof, on an annual basis. Massmart’s combined assurance model incorporates and optimises all assurance services and functions so that, taken as a whole, they enable an effective control environment; support the integrity of information used for internal decision making by Management and the Board; and support the integrity of the Group’s external reports.

Massmart adopts a collaborative approach to risk identification, mitigation and assurance activities between the management of the various Divisions, Head Office support functions and internal and external assurance providers. The Divisional risk committees give feedback on their significant risks and material matters to the Risk Committee, who ultimately own and manage risks, and in turn give feedback to the Board thereon.

The Board, through the Risk Committee, objectively reviews the Group’s combined assurance model bi-annually, forming an opinion on the integrity of information and reports, and the degree to which an effective control environment has been achieved. An important role of Massmart’s Audit Committee, as delegated by the Board, is to monitor and supervise the effective function of MAS to provide an objective overview of the operational effectiveness of the Group’s systems of internal control and reporting.

Lease exclusivity litigation and other contingent liabilities

We have previously disclosed various litigation and regulatory referrals related to restrictive lease clauses involving Massdiscounters/Game, three of the major food retailers in South Africa and certain South African landlords. Most of these proceedings are on-going. The Competition Commission grocery retail market enquiry into the potential anti-competitive effect of excluding new market entrants by means of lease usage and exclusivity clauses has concluded its public participation process. The Commission inquiry panel’s preliminary report of its findings is expected to be published in April/May 2018, whereafter interested stakeholders will be invited to comment or respond to the findings. The self-referral we made to the Competition Tribunal in which Pick ‘n Pay, Shoprite and Spar were named as respondents to our complaint against exclusive lease terms was dismissed by the Tribunal on 13 February 2018 with costs, in a second round of exceptions raised by the counter-party respondents at the preliminary stage of the proceedings without a hearing into the merits of the complaint.

The Risk Committee comprises:

Mr Chris Seabrooke
Independent non-Executive Director
Dr Lulu Gwagwa
Independent non-Executive Director
Mr Guy Hayward
CEO and Executive Director
Ms Phumzile Langeni
Independent non-Executive Director
Mr Joe Ralebepa
General Counsel and Company Secretary
Mr Johannes van Lierop
CFO and Executive Director
Mr Dhari Moodley
Group Chief Ethics and Compliance Officer

* Mr Chris Seabrooke was appointed Chairman of the Audit Committee on 13 September 2017.

Mr Moses Kgosana was the Chairman and a member of the Audit Committee until his resignation from the Board and the Committee on 13 September 2017


More information on the Risk Committee’s roles and responsibilities can be found here