The Risk Committee is pleased to present its report for the financial year ended 31 March 2018.
The committee is governed by a formal Risk Committee charter that is reviewed regularly. This charter guides the committee in terms of its objectives, authority and responsibilities, as assigned by the Supervisory Board. The committee fulfilled its responsibilities in accordance with its charter during the 2018 financial year.
The Foschini Group Enterprise Risk Management (ERM) framework provides a structured, integrated, dynamic and consistent approach to risk management. This integrated approach recognises that effective risk management is critical to the achievement of strategic objectives and the long term sustainable growth of the business. The process by its nature is continuous and interactive such that risks are reviewed throughout the year, updating both the risk registers and combined assurance model. The framework is in line with relevant standards including ISO 31 000, the COSO framework and King IV™.
COMMITTEE MANDATE AND FUNCTIONING
Overall, the Supervisory Board remains accountable to ensure that risks are effectively managed and it has delegated the oversight of risk management to the Risk and Audit Committees in terms of two separate but aligned mandates. The Risk Committee reviews significant risks and their related mitigations and reports back to the Supervisory Board at each meeting, while the Audit Committee focuses predominantly on the financial risks and reviews the effectiveness of the risk process. Each business area is responsible for identifying, assessing and managing the risks in their respective area. The combined assurance process optimises assurance coverage and ensures that significant risks are adequately addressed, enabling an effective control environment and ensuring the integrity of information used for decision-making and reporting.
Risks and opportunities are identified throughout the year and assessed on the basis of likelihood of occurrence and potential impact to the Group (risk exposure). Mitigations are identified against each risk and the remaining residual risk assessed based on defined criteria. Annual workshops are held across the business to review critical strategic risks, significant trends in the operating environment and relevant interests of key stakeholders.
The risks with the highest exposure attribution for the Group are presented to the Operating Board to be reviewed and challenged ahead of being submitted to the Risk Committee and ultimately the Supervisory Board for review and approval. This process is facilitated by the Group Enterprise Risk function.
The committee meets four times a year. Quarterly updates on identified risks, related mitigations and emerging risks are provided to the Group Risk management committee for consideration. Significant matters and any revisions to risks are reported to the Risk Committee. The Group continuously seeks to improve and enhance the risk management process, while at the same time maintaining a practical and business minded approach.
The Supervisory Board adopts a conservative approach to risk appetite without inhibiting or unduly restricting the Group’s ability to utilise and capitalise on risk-adjusted opportunities. During the year the Group further defined its risk appetite and tolerance thresholds while considering the expectations of key stakeholders. The Group seeks to mitigate and minimise risk through mechanisms such as standardised processes, regular reporting, risk transfer and diversification. Decisions are underpinned by the Group values (PRIDE2), maintaining good legal standing, protecting reputation and an appropriate balance of risk versus reward. The Group annually reviews the level of risk it is willing to accept to achieve its strategic objectives, and in pursuit of creating and maintaining value for all stakeholders.
The Supervisory Board confirms that the Group’s risk management, mitigation and monitoring processes have been effective in limiting the potential impact of risks on the business during the year under review.
TECHNOLOGY AND INFORMATION GOVERNANCE
A technology and information governance steering committee has been established, which includes representatives from the various trading and services divisions. The committee meets quarterly and reviews the emerging technology and information governance-related risks, disaster recovery plans and any significant initiatives. The Risk Committee receives feedback on matters discussed and monitors technology and information governance initiatives to ensure these do not pose a risk to the continuity of the Group’s operations.
At each Risk Committee meeting, an update on legal compliance is presented. This update includes a legislative radar or forecast of significant legislative developments in all of the countries in which the Group has a footprint. Key areas of non-compliance, if any, are also brought to the attention of this committee. During the year, no material fines and/or other forms of sanction were issued against the Group and no directors or senior management were accused of or held liable for non-compliance with any laws, regulations or codes of conduct.
Further information on legislative compliance is provided in the Legal Compliance report.
During the year the Group updated its combined assurance process to align with the principles as outlined in King IV™. The Committee reviewed the revised framework and considers the approach to be adequate and appropriate for TFG. Regular reports are provided to the Audit and Risk Committees on the outcome of the process. The Risk Committee remains responsible to ensure that significant risks are adequately mitigated across the Group while the Audit Committee is focused on risks with financial implication, and assurance over the financial control environment.
During the year no significant matters of concern were highlighted.
Refer to the diagram below for a summary of the combined assurance methodology.Download our combined assurance model
KEY RISKS AND SIGNIFICANT UNCERTAINTIES
The landscape – including five continents and 32 countries – in which the Group operates is impacted by the expansion into new territories. Global and local events continue to influence the stability of the relevant economies which influences available capital and discretionary spend of our consumer. This trend increases the risk to turnover and debtor delinquencies. The Group continues to monitor the progress of Brexit and to consider the implications it may have for our United Kingdom businesses. TFG’s material matters further elaborate on the risks, opportunities and issues that can affect the Group’s ability to create shared and sustainable value.
The eight most significant risks to the Group are outlined below:
The Group’s risks continues to evolve as new risks emerge and appropriate mitigating activities are introduced to reduce the overall residual risk. The following risks increased in significance during the year:
The following risk, although still relevant, has reduced in significance:
Continued high levels of crime (i.e. burglaries and armed robberies but excluding credit fraud) reduces operating margin – the crime levels across South Africa continue to be of concern. However, TFG has managed to reduce the number and value of incidents experienced compared to the prior year. There continues to be a focused effort to further reduce the impact of crime on the business.
Chairman: Risk Committee
29 June 2018