Risk and compliance committee report

Report to shareholders on the activities of the risk and compliance committee for the 12 months ended 31 March 2018.

The board has considered it appropriate to allocate oversight of risk and compliance governance to the risk and compliance committee. This committee's main objectives are to:

These objectives are supported by the underlying policy statement:

To ensure the protection of shareholder value through the establishment of an integrated risk management framework/system for identifying, assessing, mitigating, monitoring, evaluating and reporting risks.


Following the departure of Mr Darryll Castle from the board, Mr Johannes Claassen was appointed to the committee. Mr Tim Ross, chairman of the audit committee, is an ex-officio member of this committee to ensure effective collaboration through cross-membership between committees and to avoid duplication or fragmented functioning of the committee.

On 31 March 2018, members of the committee were:

Membership     Qualification     Status
T Leaf-Wright (chair)     Chartered Institute of Secretaries     Independent
C Naude     BSc (hons), MBL     Independent
J Claassen     BEng, EDP     Executive
T Ross     CA(SA)     Independent

The committee held two meetings during the financial year:

Meeting date       Attendance  
29 May 2017       All present  
12 October 2017       All present  

Responsibility for risk in the PPC group is clearly mapped. In summary:

Enterprise risk management

In fulfilling management's responsibility, a risk management plan is compiled, implemented and monitored to ensure the underlying policy is implemented and risk management processes are embedded in PPC's business processes. Key activities in the review period included:

Material matters

During the review period, risk registers in the PPC group were reviewed. For detail on the group's material risks, please refer to page 34.

Group compliance

As a governance principle, the board ensures PPC complies with applicable laws and considers adhering to non-binding rules, codes and standards. This responsibility has been delegated to the risk management and compliance committee, which monitors compliance issues, approves the compliance policy, ensures it is observed and compliance risk is reported.

Management is responsible for implementing the compliance policy and day-to-day management of compliance risks. This includes responsibility for ensuring appropriate remedial or disciplinary action if non-compliances are identified. Key activities undertaken by the compliance division over the year included:

The threshold for disclosure of significant fines and penalties is R30 million. Management has confirmed that there were no significant fines and penalties.

Key future focus areas

The following strategic focus areas were identified for the 2019 financial year and beyond:

Enterprise risk management

By continuously reviewing and improving enterprise risk management, we ensure PPC's risk management processes and systems remain relevant, add value and are embedded in the business process of all operations and divisions. Risk reviews ensure issues are identified and adequately defined. All risks are rated in line with the risk matrix and response strategies, and actions are recorded and implemented to effectively mitigate risks.

Business continuity management

Readiness reviews (phase 2) will be completed, followed by phase 3 (simulations and testing of business continuity plans).

Risk self-assessment and verification process

PPC is integrating the risk self-assessment and verification tool into the SHERQ system. This will be implemented in 2019 and rolled out across the group.

Insurance underwriting survey recommendations

There will be increased focus on implementing recommendations.

Combined assurance model

Management will drive roll-out of combined assurance models throughout the group.

Compliance management

Key activities we embarked on in the review period will continue, focusing on:

In 2019, this committee will be integrated into the audit committee, and the combined entity will continue to oversee implementation of these objectives and report on management performance to the board.

For the review period, the committee is satisfied it has complied with its responsibilities as set out in its terms of reference.

On behalf of the risk and compliance committee

Tim Leaf-Wright

12 July 2018