Risk, SHE, Social & Ethics Committee (previously the Risk and Safety, Health & Environment Committee)

The Companies Act required the company to appoint a social and ethics committee by 1 May 2012. On 8 March 2012, the board approved the new terms of reference in terms of which the Risk and Safety, Health and Environment (SHE) committee was restructured and reconstituted as the Risk, SHE, Social and Ethics Committee. The membership of this committee remained the same.

In addition to the functions of the committee for risk and SHE matters as described below, the committee has statutory functions prescribed by the Companies Act, covering amongst others, areas of social and economic development, corporate citizenship, environment, health and public safety, consumer relationships, labour and employment equity.

After it was reconstituted, the committee held its first meeting on 23 April 2012. A detailed report on the work performed by this committee will be provided in the next integrated annual report.

For the period under review, the Risk and SHE Committee assisted the board to fulfill its risk governance and SHE objectives by ensuring, amongst others, that the company has implemented effective policies and plans for risk management and safety, health and environment that enhance the company’s ability to achieve its strategic objectives. The committee also ensured that disclosures and communication between the board and the Audit and Compliance Committee regarding risk management processes and activities pertaining to safety, health and environment were comprehensive and adequately facilitated. Whilst the committee had specific duties relating to risk governance, the role of the Audit and Compliance Committee was retained in terms of some aspects of risk management, including financial reporting risks, internal financial controls and fraud and IT risks relating to financial reporting. Other duties of the committee included overseeing the performance of the company against its set safety, health and environment targets and objectives, and considering reports relating to substantive SHE risks and liabilities that could potentially face the company.

The Risk, SHE, Social & Ethics Committee, comprising non-executive and executive directors, is chaired by an independent non-executive director, and meets at least twice a year. Its members are N Mjoli-Mncube (Chairman), P H Staude (CEO), F Jakoet, T N Mgoduso, C B Sibisi and M H Munro (in his capacity as Chief Risk Officer). Several members of the executive and senior managers of the company attend this meeting by invitation. M A C Mahlari is the secretary.

The Risk and SHE Committee had two meetings during the period under review. The record of attendance is contained in the table below.

Director Risk & SHE Committee
  A B
N Mjoli-Mncube (Chairman) 2 2
PH Staude (CEO) 2 2
F Jakoet 2 1
TN Mgoduso 2 2
MH Munro 2 2
CB Sibisi 2 2
A: Indicates the number of meetings held during the year while the director was a member of the committee.
B: Indicates the number of meetings attended during the year while the director was a member of the committee.

Risk Management Process

While the board is ultimately responsible for risk management, company management has designed and implemented a risk management framework and has committed the company to a process of risk management that is aligned to King III and to the company’s corporate governance responsibilities. This commitment is reflected in management’s continued attention to the importance of effective risk management in ensuring that business objectives and strategies are met and that continued, sustained growth and profitability is achieved. The framework, which incorporates the risk management policy, strategy and plan, aims to ensure that risk management processes are embedded in critical business activities and functions, and that risks are undertaken in an informed manner and pro-actively managed in accordance with the business risk appetite. This includes identifying and taking advantage of opportunities as well as protecting intellectual capital and assets by mitigating adverse impacts of risk.

The risk management review process seeks to achieve the correct balance between the issues that are specific to, and appropriately managed in, an operational area and those issues that are significant enough or cross cutting enough to be considered, and managed in an appropriate way, on a Tongaat Hulett basis. The approach to risk management includes being able to identify, describe and analyse risks at all levels throughout the organisation, with mitigating actions being implemented at the appropriate point of activity. The very significant, high impact risk areas and the related mitigating action plans are monitored at an executive level. Risks and mitigating actions are given relevant visibility at various appropriate forums throughout the organisation.

Tongaat Hulett has documented its approach towards Information and Communication Technology (ICT) in various documents such as the ICT governance framework (including the company’s policy and charter), disaster recovery plans, business continuity plans, acceptable use policy and a record of the approach to the protection and control of ICT documentation. The IT systems and application controls in the multiple computer systems in the various operations are, inter alia, subject to internal audit processes on an ongoing basis, integral to the audit of the overall control environment.

The current business environment is recognised as having many changing and challenging elements, particularly in the context of the volatile global economy and specific localised dynamics. Most of Tongaat Hulett’s business platforms and operational areas are not considered to be in a static, steady state. Consequently, rather than relying purely on periodic reviews, there is a continued and increasing adoption of a project management approach and use of project management skills in various management processes, including risk management. The ongoing, routine risk management processes are thus coupled with change management and specific, task based, project driven risk management initiatives.

Company-wide systems of internal control exist in all key operations to manage and mitigate risks and a Combined Assurance Strategy and Plan has been implemented to further enhance the co-ordination of assurance activities. Tongaat Hulett’s Combined Assurance Plan provides a framework for the various assurance providers to work together to provide assurance to the board, through the Audit & Compliance and Risk, SHE, Social & Ethics Committees, that all significant risks are adequately managed. The Plan consists of “three layers of defence”, being management, functional oversight and independent assurance providers, wherein the assurance on the risk management and related controls for the company is reported.

Appropriate business continuity plans and resources have been identified in order to ensure the implementation of recovery procedures, where potential risks have been identified as having the possibility of constituting a disaster.

The Tongaat Hulett internal audit function, which is supported by its internal audit service provider, KPMG, has performed a review of the effectiveness of the company’s internal control environment, including its internal financial controls, and the effectiveness of its risk management process. The evaluation of the company’s risk management processes included a review undertaken by KPMG. It noted Tongaat Hulett’s positioning, for the review period, on the KPMG Risk Maturity Continuum as “Mature” out of a possible range of “basic – mature – advanced”. Consequently, the company’s internal audit function has provided independent assurance to the Audit and Compliance and Risk, SHE, Social & Ethics Committees and the Board on the effectiveness of its risk management processes.

For the period under review, the Tongaat Hulett board, assisted by the abovementioned committees, is of the view that the internal control environment and the risk management processes in place for the company, are effective.