Governance and Sustainability

IT governance committee

Mandate and terms of reference

1

Introduction

 

1.1

The IT governance committee (“the committee”) is constituted as a sub-committee of the risk committee of Sun International Limited (“the Company”).

1.2

The deliberations of the committee do not reduce the individual and collective responsibilities of risk committee members and board members in regard to their fiduciary duties and responsibilities, and they must continue to exercise due care and judgement in accordance with their statutory obligations.

1.3

These terms of reference are subject to the provisions of the Companies Act of 2008, as amended (“the Companies Act”), the Company’s Memorandum of Incorporation (“MOI”), codes of good governance and any other applicable law or regulatory provision.

 
2

Purpose

 

2.1

The primary objective of the committee is to monitor, develop, and communicate the processes for managing IT governance across the Group as opposed to IT operational issues. In this regard, the committee is required to assist the risk committee and in turn the board, in the discharge of its duties as it relates to the alignment of IT with the governance, performance and sustainability objectives of the Group.

2.2

The board has the ultimate responsibility for the IT governance of the Company and of the Group, and the committee assists the risk committee and the board in fulfilling this responsibility.

2.3

The terms of reference of the committee are summarised herein and should be reviewed at least annually by the committee and may be amended from time to time, as required, subject to the approval of the risk committee and the board.

3

Membership

 

3.1

The committee shall be appointed by the risk committee, subject to the approval of the board, and shall be representative of the senior management of the Group.

3.2

Divisional or departmental heads, as may be deemed appropriate by the risk committee to fulfil the functions of the committee, shall be included in the membership of the committee.

3.3

The Chairman of the committee (“the committee Chairman”) shall be appointed by the risk committee subject to approval by the board.

3.4

The committee shall comprise one independent IT governance expert and the independent expert shall provide feedback to the risk committee for so long as he/she is a member of the committee.

3.5

The risk committee shall be entitled to remove any members of the committee and to fill any vacancies.

3.6

All members of the committee shall have a working familiarity with IT processes and protocols. The members of the committee shall be knowledgeable about the affairs of the Group and, where appropriate, specific skills shall be represented on the committee.

3.7

The members of the committee as a whole must have sufficient qualifications and experience to fulfil their duties.

 
4

Authority

 

4.1

The board supports and endorses the establishment of the committee and the committee acts in terms of the delegated authority of the risk committee and the board as recorded in these terms of reference.

4.2

The committee has unrestricted access to all information, including records, property and personnel of the Group that are required to give effect to its mandate and must be provided with adequate resources in order to fulfil its responsibilities.

4.3

The board has responsibility for the governance of information as well as the governance of technology.

4.4

The committee, in carrying out its duties, is authorised by the risk committee to:

 

4.4.1

investigate any activities within its terms of reference;

 

4.4.2

seek outside legal or other independent professional advice, where necessary, in terms of the Company’s Professional Advice Policy;

 

4.4.3

secure the attendance of outsiders with the relevant experience and expertise, where necessary, at the Company’s expense; and

 

4.4.4

seek any information it requires from any employee, and all employees are directed to cooperate with any requests made by the committee.

 
5

Terms of reference

 

5.1

The committee shall:

 

5.1.1

oversee the development and annual review of a policy and charter outlining the decision-making rights and accountability framework for IT governance and to recommend this for the approval of the risk committee and the board;

 

5.1.2

review and assess the effectiveness of the IT governance framework, in particular the relevant structures, processes and mechanisms to enable IT to deliver value to the business and mitigate IT risk;

 

5.1.3

endeavour to ensure that management implements all the structures, processes and mechanisms to execute the IT governance framework;

 

5.1.4

make certain that there are processes in place to ensure that management provide relevant IT reporting to the committee and for inclusion in the Integrated Annual Report;

 

5.1.5

oversee the promotion and awareness of ethical IT governance and management cultures as well as a common IT language;

 

5.1.6

consider the IT strategy for the management of the Company’s IT function and associated risks;

 

5.1.7

determine and apply criteria for prioritising and deciding on IT investments as well as monitor and evaluate all significant IT investments and expenditure, being mindful of the business value of such investment or expenditure;

 

5.1.8

review all IT risks such as the legal risk arising from the use of IT technology, disaster recovery arrangements and compliance with applicable IT laws and to report on such risks to the risk committee;

 

5.1.9

oversee that management implements formal processes to manage information in respect of the protection of information, and the protection of personal information processed by the Group; and

 

5.1.10

conduct an annual self-assessment on the effectiveness of the committee.

 
6

Meetings and reporting responsibility

 

6.1

Meetings shall be held no less than twice a year and additional meetings may be held as and when deemed necessary.

6.2

A quorum for meetings of the committee shall be a majority of members comprising the committee from time to time, such quorum to be present throughout the meeting.

6.3

Decisions of the committee shall be carried by vote of the majority of members present at meetings.

6.4

Minutes of meetings of the committee shall be taken and tabled to the risk committee and the board by the Secretary of the Company.

6.5

The committee Chairman or, in his/her absence, another member of the committee nominated by the committee Chairman, shall report to the risk committee at each risk committee meeting on matters relating to the committee in accordance with its terms of reference.