Risk management

Enterprise risk management

PPC's enterprise risk management framework sets out the governance structures, principles and risk management processes followed across the group.

Philosophy

Our risk management philosophy is to protect shareholder value through an integrated enterprise-wide framework for identifying, assessing, prioritising, mitigating, monitoring and reporting risks and opportunities.

PPC's risk management process is based on the principle that each employee is responsible for managing risk while carrying out their daily tasks. Risks are identified, analysed and evaluated in line with PPC's risk-rating matrix that spans operations and divisions in the group. Management is responsible for developing appropriate risk responses and action plans are implemented to mitigate risks.

Governance

The risk appetite and tolerance levels are reviewed annually by the risk and compliance committee. These were updated and applied in the enterprise risk management system.

Key activities in 2018

In the review period, we concentrated on implementing a formal business continuity programme across the group.

The main focus in establishing an effective programme for PPC was to align multiple response plans to ensure organisational resilience and minimise the impact on PPC should a disaster occur. Our secondary aim was to entrench a common methodology to ensure compliance with the following standards and codes:

A business continuity management (BCM) policy and crisis communication policy were approved by the chief executive officer and communicated throughout the group.

PPC has followed a phased approach to implementing the business continuity programme:

The group risk and compliance function continues to monitor reported incidents of theft, robberies, fraud, etc and management actions to prevent these incidents from reoccurring.

The risk self-assessment and verification programme is regarded as an opportunity to review, evaluate and improve uniformity and the level of compliance to PPC standards and others to achieve a satisfactory level of corporate governance. It gives management a level of assurance that the operations are consistently conforming to standards. Action plans address weaknesses and ensure continuous improvement.

This programme allows PPC to build capacity by ensuring that various employees and subject-matter experts work together and knowledge is transferred. The decision to incorporate the risk self-assessment and verification process in the integrated safety, health, environmental, risk and quality (SHERQ) system will enable the group to review and simplify the process of managing findings and tracking action plans in one integrated system.

Beyond de-risking

Key risks in FY2018

RISK NAME   RESIDUAL RISK   INHERENT RISK   LINK TO MATERIAL MATTERS (where specific)

A

Non-compliance with MPRDA*

  6   25  

Compliance with MPRDA

B

Reduced profitability

  6   15  

Reduced profitability
Optimal capital structure
Liquidity

C

Risk of fraud, theft and corruption

  5   15  

Financial disciplines

D

Non-compliance with dti codes

  4   20  

Human capital – talent development

E

Reporting misstatement

  4   15  

Financial disciplines

F

Currency risk

  4   15  

Financial disciplines
Liquidity

G

Skills and succession pipeline

  4   15  

Human capital – talent development

H

Severe safety incidents/fatalities

  4   12  

Human capital – talent development

I

Government policy and uncertainty

  4   8  

Compliance with MPRDA

J

Extreme weather patterns

  3   6  

Water

* Mineral and Petroleum Resources Development Act (South Africa) (MPRDA).

The heat maps below show how PPC’s controls have reduced risks (residual) from their original ratings

RESIDUAL RISK HEAT MAP INHERENT RISK HEAT MAP

 

RISK   DESCRIPTION RESPONSE   ACTION PLAN
A
 
Non-compliance with mprda

PPC's non-compliance with the Mineral and Petroleum Resources Development Act (MPRDA) may result in a wide range of consequences, including the potential loss of existing and future mining and prospecting licences and other severe operational consequences.

  • Compliance with ownership requirements of MPRDA
 
  • Implementation of top-up BBBEE transaction
B
 
Reduced profitability

Reduced profitability due to the disruptive effect of competitors entering markets, potential for additional competitors entering and ever-increasing costs, resulting in liquidity pressures, increased borrowing costs and inability to increase stakeholder returns.

  • R50 per tonne profit improvement initiatives
  • Strategic cost improvement
  • Operational efficiency
 
  • Deliver on strategic initiatives
C
 
Risk of fraud, theft and corruption

Non-compliance with code of conduct/ethics and/or lack of controls may result in unethical behaviour in the form of fraud, theft and corruption, etc which may attract sanctions imposed by international standards/codes, financial loss and/or loss of assets and may damage PPC's reputation.

  • Tip-offs anonymous line in place
 
  • Consistent treatment of investigation results
  • Review code of conduct and develop an ethics framework aligned to behavioural expectations
D
 
Non-compliance with dti codes

PPC's current level of compliance with the Department of Trade and Industry (dti) code may reduce its competitiveness in the South African market.

  • Ownership: improved compliance from current level 3
 
  • Implementation and monitoring of top-up BBBEE transaction
E
 
Reporting misstatement

Operating in different countries increases exposure to legal, accounting, taxation, environmental and compliance frameworks. This poses a risk if PPC is unable to attract/employ globally competent personnel able to deal with these complexities and local expertise to deal with in-country specific requirements.

  • Managed through talent management initiatives
 
  • Introducing process enablers with FOH-FOUR
  • Long-term strategic priorities and initiatives
F
 
Currency risk

Currency risk due to:

  • Foreign currency denominated loans
  • Paying for raw materials and spare parts in foreign denominations
  • Covariance risk (exposure of operating in multiple currency jurisdictions)
  • Export strategy to earn forex (Rwanda, Ethiopia and Zimbabwe)
  • Localisation of inputs (materials and skills)
  • Conversion of loans to local currency
 
  • Export strategy to earn forex
  • Decoupled raw material supply agreements in Rwanda from logistics
G
 
Skills and succession pipeline

Skills gap and succession pipeline for critical roles to support the business strategy.

  • Development of leadership pipeline
  • Development of key skills pool in line with human resource talent management strategy
 
  • Employee value proposition roll-out
H
 
Severe safety incidents/fatalities

Injuries that are life-changing to single or multiple persons or result in fatalities.

  • Health and safety strategy and programme in place
 
  • Zero tolerance to fatalities and incidents with potential for a fatality
I
 
Government policy and uncertainty

Political leadership changes followed by policy/regulatory changes and related economic impacts may have unexpected consequences.

  • In-country monitoring of legislative developments and improved stakeholder management framework
 
  • Implement compliance management framework
  • Country-specific regulatory universes
J
 
Extreme weather patterns

Extreme weather patterns may impact the economy and business activity.

  • Water scarcity prevention and contingency strategies
  • Insurance cover
 
  • Implement water management strategies
  • Monitor weather patterns and take appropriate action

Focus areas for 2019 and beyond
Enterprise risk management

The continuous review and improvement of our enterprise risk management framework in line with best practice (particularly the latest updates to the international standard: ISO 31000 risk management guideline and the updated internal control – integrated framework of the Committee of Sponsoring Organisations of the Treadway Commission (COSO)) will ensure PPC's risk management processes and systems remain relevant, add value and are embedded in the business processes of all operations. Risk reviews will ensure risks are identified and adequately defined. All risks are rated in line with the risk matrix and response strategies and actions are recorded and implemented to effectively mitigate risks.

Business continuity management

Once readiness reviews (phase 2) are completed, phase 3 will begin (simulations and testing business continuity plans).

Risk self-assessment and verification process

The risk self-assessment and verification tool will be implemented in 2018 as part of integration into the SHERQ system and rolled out across the group.

Insurance underwriting survey recommendations

There will be increased focus on implementing recommendations from the insurance underwriting survey.

Combined assurance model

In line with the recommendations of King IVTM, management will drive the roll out of combined assurance models throughout the group.