The AECI Board recognises that risk management is an integral part of the Group strategy-setting process and is accountable for risk management. This is embodied in AECI's risk philosophy which recognises that managing risk is fundamental to the generation of sustainable shareholder value and the enhancement of stakeholder interests. Risk management is integrated into the culture of the organisation and is driven by the Board's mandate, leadership and commitment.
By understanding and properly managing its risks, AECI provides greater certainty and security for its employees, customers, suppliers and other stakeholders and its decisions are better informed, more decisive and geared at moving the Company with greater confidence towards the achievement of its goals. The alignment of risk management and strategic decision-making increases the probability that AECI will be able to minimise its downside risks and also capitalise on the upside of risks. This is enhanced by maintaining an appropriate balance between risk and reward in the business.
It is acknowledged that risk can never be fully eliminated. Management has designed and implemented processes to identify, assess, manage, monitor and report on the significant risks faced by individual businesses and the Group as a whole on a continual basis. This involves the assessment and monitoring of the broader context in which the Group operates in terms of the political and economic landscape, industry, labour and financial market trends. Work includes the analysis of research materials and industry benchmarking studies by institutions such as the World Economic Forum, the World Bank and Control Risk. These serve as an early warning system or a mechanism for the identification of future risks and opportunities.
In 2017 specific attention was given to understanding and managing risk in new territories and markets, informing the Group's expansion into countries like Senegal, Madagascar and Germany. The objective is to optimise the Group's positioning in terms of its ability to capitalise on opportunities. This is in line with the philosophy of focusing not only on downside risk but also identifying upside risk and benefiting from identified opportunities. The Risk Management function is optimally geared to continue providing support in this regard.
All related activities and processes are underpinned by the Group Risk Management Policy and the Group Enterprise Risk Management Framework ("Framework"). The latter is based on the principles of the International Guideline on Risk Management (ISO 31000) and King IV, where guidelines are provided for the systematic, consistent and professional approach required to ensure successful and effective risk management. AECI's risk management process is supported by a software application that has been implemented Group-wide.
The following key methodology elements have been embedded in the Framework:
AECI's maturity level, determined through an assessment based on its adopted Risk Intelligence Maturity Model, is on the border between "semi-integrated and change driven" and "intelligent, integrated and optimised", with the desired future maturity level being "intelligent, integrated and optimised". The characteristics of the various states of maturity, as self assessed, are detailed in the schematic below.
AECI will continue its pursuit of its desired risk maturity level. To this end, greater focus in 2018 and in future years will be on:
Establishing the context of risk management at AECI is the foundation of good risk management and is vital to the successful implementation of the risk management process. Important considerations when determining context are illustrated in the framework diagram below.
Given the Group's competitive and rapidly evolving external environment, contextual analysis is crucial for the provision of proactive and informed risk information that supports timeous decision-making and leads to effective strategy execution. Scanning the external environment involves a multi-dimensional assessment of key elements that shape and are shaped by the Group's actions, also as illustrated below.
In line with the aspiration to continually improve the AECI Governance and Assurance service offering, a review by the Internal Audit function was undertaken in 2017. This review followed the Process Element Approach contained in the Institute of Internal Auditors' Practice Guide - Assessing the Adequacy of Risk Management Using ISO 31000.
The review concluded that, at a technical level, the AECI Enterprise Risk Management process contains the required elements of ISO 31000, both in design and in operation, and that the process is considered to be fit for purpose.
| INITIAL | INFORMAL | STANDARDISED AND GOVERNANCE- DRIVEN |
SEMI-INTEGRATED AND CHANGE-DRIVEN |
INTELLIGENT, INTEGRATED AND OPTIMISED |
||||
|
|
|
|
|
 |
INTERNAL CONTEXT SETTING |
EXTERNAL CONTEXT SETTING |
RISK MANAGEMENT CONTEXT SETTING |
||
The internal environment in which the entity seeks to achieve its objectives:
|
The external environment in which the entity seeks to achieve its objectives:
|
The approach and boundaries are defined and applied to the risk assessment at hand:
|
