Risk and the audit and risk committeeThe Board considers risk management to be a key business discipline designed to balance risk and reward, and to protect the Group against risks and uncertainties that could threaten the achievement of our business objectives.
The Board's risk strategy has been established through debate with the executive directors where the Group's risk tolerance has been considered and balanced against the drive towards the achievement of its strategies and objectives.
The Committee is responsible to the Board for overseeing the Group's risk management programme. The day-today responsibility for risk management, including maintaining an appropriate loss prevention and internal control framework, remains with the executives of the Group and of each Division.
The Committee's primary role is one of oversight and therefore it reviews and assesses the dynamic interventions, within the Group's available resources and skills, required in response to business-specific, industry-wide and general risks. The Committee tables a Group risk register, aggregated from those prepared by the Divisions and the Group Executive Committee, to the Board annually in August.
The Committee considers there to be two categories of Group risk which can broadly be described as Operational risks and Strategic/Environmental risks:
Operational risks by their nature can be immediately addressed or mitigated by local management actions. These risks - which include in-store health, safety and security, compliance, fire prevention and detection, IT systems and food safety, amongst others ñ are therefore the direct responsibility of each Divisional Executive Committee where a Loss Prevention or Risk Officer has line-responsibility for overseeing these risks.
Strategic/Environmental risks, in contrast, tend to be longer-term or more material in nature and can, in most cases, only be monitored, managed and partially mitigated through longer-term strategic or tactical business responses. These risks, which, for example, include executive talent retention and succession, transformation and supply chain, are the primary focus of the Group's Risk Management process.
The Group risk register summarises the major risks facing the Group, taking into account the likelihood of occurrence, the potential impact and any mitigating factors or compensating controls. Together with the Audit and Risk Committee it oversees the maintaining of a sound system of governance, risk management and control with regard to operations, safeguarding assets, reliability of management reporting and compliance with laws and regulations.
Massmart’s risk landscape, split into strategic and operational risk, can be summarised as follows:
- Non-adherence to business model or poor strategic execution
- Insufficient progress with transformation
- Talent retention and succession
- Economic volatility
- Expected standards of sustainability conduct
- Supply chain
- In-store health and safety
- Reliance on IT systems
- Complexity of the Groupís African operations
- Competitor attack on our major merchandise categories
- (covered in the Group Financial Statements)
- Market risk (comprising interest rate risk, currency risk and other price risk)
- Liquidity risk
- Credit risk
Litigation and legal
In the normal course of business, Massmart is subject to various legal proceedings, actions and claims. These matters are subject to risks and uncertainties that cannot be reliably predicted. Apart from the matter below, the Board does not believe that there are any material pending or threatened legal actions. Following the South African Competition Tribunal's approval of the Walmart/Massmart merger in May 2011, certain unions and South African Government departments have filed legal papers to appeal and review, respectively, the Tribunal's decision. This matter will be heard by the Competition Appeal Court on 20-21 October 2011. While the outcome of this hearing is uncertain, Walmart and Massmart are confident about the strength of their legal position. In the unlikely event of an adverse ruling, whatever that may be, it is unclear what the impact, if any, will be on Massmart's financial position.
Protecting Massmart's electronic assets is increasingly complex as networks, systems and electronic data expand and, in some cases, are shared with third parties and business partnerships. Depending on the internet for communication brings additional risk. Ensuring proper system security, data integrity and business continuity is the responsibility of the Board, but is given effect by the Audit and Risk Committee, the Massmart Technology Information and Process Forum (TIP) and Massmart's formally contracted information technology business partners and providers and is independently reviewed by the external and internal auditors.
Financial risk and appraisal
Financial targets agreed in Group budgets and strategy processes are predicated on assumptions about the future that are uncertain and may prove incorrect or inaccurate. The monitoring and management of this risk is the responsibility of the Executive Committee. Monthly performance is measured and compared to the budget and prior year, and corrective or remedial action taken as appropriate.
Despite extensive financial, accounting and management controls and procedures, including reviews by internal and external auditors, there are risks arising from the Group's cash management and treasury operations, direct and indirect taxation, and employee or third-party fraud or economic crime.
In addition to financial reviews, Massmart has implemented voluntary processes that enable independent reviews of its corporate accountability performances. These include a biannual ethics review by the South African Institute of Ethics and an annual Socially Responsible Investment (SRI) Index review that is coordinated by the JSE.
Group risk landscape Strategic risk
Click here to view
Group risk landscape Operational risk
Click here to view