Governance and Sustainability

Report of the risk committee

Composition

       
Mr PDS Bacon  
(Committee Chairman)  
Click here to view résumé  
Dr NN Gwagwa  
Click here to view résumé  
Mr IN Matthews  
Click here to view résumé  
Mr GR Rosenthal  
Click here to view résumé  
Independent non-executive director   Non-executive director   Independent non-executive director   Independent non-executive director  
Meeting attendance: 3/3   Meeting attendance: 3/3   Meeting attendance: 2/3   Meeting attendance: 3/3  

 
       
Mr GE Stephens  
Executive director  
Click here to view résumé  
Mr AM Leeming  
Executive director  
Click here to view résumé  
Ms KH Mazwai  
Executive director  
Click here to view résumé  
 
Chief Executive Officer   Chief Financial Officer   Director: Group Human Resources    
Meeting attendance: 3/3   Meeting attendance: 3/3   Meeting attendance: 3/3    

The following SIM directors are also members of the risk committee:

       
Mr Z Miller  

Chief Information Officer  
Mr S Montgomery  

Director: Development  
Ms C A Reddiar  
Click here to view résumé  
Director: Corporate Services and Legal  
Mr SD Wing  

Chief Operations Officer  
Meeting attendance: 1/1   Meeting attendance: 3/3   Meeting attendance: 3/3   Meeting attendance: 3/3  

INTRODUCTION

The board is ultimately responsible for the governance of risk and the risk committee (“the committee”) has been delegated responsibility for monitoring, developing and communicating the processes for managing risks across the Group. The committee assists the board in the discharge of its duties relating to corporate accountability and associated risk in terms of management and reporting. As the Group operates in a dynamic and challenging environment, with new business opportunities being pursued both locally and internationally, the committee is tasked with assessing the related risks against the Group’s risk framework; risk appetite and risk tolerance.

Effective and sound risk management is imperative to the Group together with the realisation of the Group’s businesses strategies which depends on being able to take calculated risks without negatively impacting the business. This creates the interplay between risk appetite and tolerance and the committee’s mandate entails oversight of management’s controls and mitigating actions against the context of the Group’s risk management framework.

MANDATE

The committee Chairman reports to the board following each committee meeting on matters in accordance with the committee’s approved terms of reference. In fulfilling its mandate and with a view to overseeing the Group’s risk management, the committee met on three separate occasions during the year under review, including the annual risk workshop, to consider matters such as: the risk policy and identification of Group-wide risks (current, emerging and prospective); the Group’s stakeholder engagement initiatives; compliance with applicable laws; and the Group’s IT governance and IT related risks. In addition, the committee reviews the Group’s insurance policy, placement terms and related premiums with the Group’s insurance brokers on an annual basis.

In regard to IT governance and IT risks, the IT governance committee operates as a sub-committee of the risk committee and is comprised of an independent IT governance expert. The IT governance committee has its own mandate as established by the risk committee and reports into the risk committee at each meeting in order to provide the relevant assurance and/or elevate the necessary concerns to the committee.

The committee’s mandate also provides for a risk committee member to report on the matters canvassed by the committee to the audit committee. In turn, the audit committee Chairman is a member of the risk committee. These mechanisms enable the appropriate insights into the key risks faced by the Group and prevents the duplication of matters within the remit of the committees.

RISK MANAGEMENT

The Group has a strong risk management culture embodied throughout its business and the committee has overseen the robust risk management processes of the Group to ensure a sound and effective risk management system. This is crucial to the long-term development of the Group given the Group’s risk profile and its corporate reputation. The sound management of risk enables the Group to anticipate and respond to changes in its business environment, as well as to take informed decisions under conditions of uncertainty.

An enterprise-wide approach to risk management has been adopted by the Group, which means that every key risk in the business is considered in a structured and systematic process of risk management. All key risks are managed within a unitary framework that is aligned to the Company’s governance responsibilities. The risk framework is disseminated across the Group and each unit is responsible for the assessment and mitigating actions required on its part given the Group and local risks.

Risk management processes are embedded in the Group’s business systems and processes, so that its responses to risk remain current and dynamic. All key risks associated with major change and significant actions by the Group also fall within the processes of risk management. The nature of the Group’s risk profile demands that Sun International adopt a prudent approach to corporate risk whilst still effectively dealing with business realities. Controls and risk interventions are selected on the basis that they increase the likelihood that the Group will fulfil its strategic objectives responsibly.

RISK MANAGEMENT REVIEWS

The Group’s Internal Audit (“GIA”) department also reviews the effectiveness of the Group’s risk management processes and incorporates a review on the effectiveness of risk controls in its annual internal audit plan. GIA’s overall mandate includes the evaluation of risk exposure and the effectiveness and efficiency relating to:

  • the reliability and integrity of information
  • effectiveness of operating processes
  • safeguarding of assets
  • compliance to laws, regulations and controls

GIA further conducts risk management reviews at each of the units and reports their findings to the risk committee. GIA is of the opinion that based on the audits conducted and the reviews performed that the risk management processes in place remain relevant and are adequate.

ASSESSING THE GROUP’S RISKS

Management are tasked with identifying the relevant risks posed to the Group and present its report to the risk committee at each meeting. This report takes the form of a Group risk register reflecting the nature of the risk; the mitigating controls; impact and likelihood of the risks as well as the nature of inherent risk.

The risk committee assesses management’s review of the key risks and interrogates the controls and mitigating actions to ensure that management are mitigating the risk to the best of its ability. During the year under review each of the Group’s 41 identified risks were reviewed with the assistance of an external risk expert. Certain new risks were introduced whilst some risks had dissipated. In terms of the committee’s latest review and based on management’s view of its business, the following risks are reflective of the top 20 risks facing the Group:

             
  Risk Low     Medium     High  
  GrandWest exclusivity renewal             
  Impending smoking legislation             
  Increased competition from alternate forms of gaming (EBTs/LPMs/online gaming)            
  Impact of onerous travel restrictions             
  Increase in gaming taxes             
  Pressure on disposable income             
  Non-compliance with new B-BBEE targets             
  Failure to appoint and retain PDIs             
  Unsuccessful international expansion and/or underperformance of new acquisitions             
  Operational disruptions due to Union actions and staff dissatisfaction             
  Increased competitor actions             
  Gearing levels inhibit achievement of objectives             
  Crime at units             
  Change in licencing conditions             
  Litigation arising from Wild Coast Land Claim             
  Maturity of the South African market             
  Failure to successfully implement ERP system             
  Pressure on Group management fees             
  Poor implementation of Marketing and Sales strategy             
  Poor career and succession planning             

The Group’s risks are considered in terms of the impact and likelihood of the risk materialising together with the strength and effectiveness of the mitigating controls. The Group’s propensity for risk tolerance is used to guide decisions around risk management.

During this last review of the risk committee:

  • a new risk relating to the impact of the onerous travel restrictions was discussed in some detail as the potential decline in tourism to the country is a concern. Management continue to make the relevant representations to Government and will continue to highlight alterative solutions to the travel restrictions given the impact not only on the Group but along the South African tourism supply chain
  • a further risk that has been included on the Group’s risk register relates to the outbreak of the Ebola virus in Africa. This has an impact on the Group’s African units, particularly at the Federal Palace in Nigeria, both from an employee and occupancy perspective. In addition the Group is experiencing a limited amount of cancellations at this point from foreign guests in relation to its South African hotels. Contingency plans are in place to evacuate our staff in affected operations should it become necessary
  • a risk that has been prevalent on our risk register has been the risk relating to the failure of the successful implementation of the Enterprise Gaming System (“EGS”) across the Group. This risk has dissipated following the conclusion of the EGS roll-out and management are focused on ensuring that the benefits of the EGS system are leveraged
  • the risks relating to the Group’s international expansion were further canvassed in detail and such risks are mitigated by the role of the investment committee, which is a sub-committee of the board and is mandated to consider the specific project risks. In addition, management conduct a rigorous due diligence that entails country and partner risk assessments as well as a legal, financial and operational due diligence.

Each risk is comprehensively reviewed and is managed by the business through mitigating controls, key action plans and accountability by risk owners which permeates all levels of the organisation. This structure is depicted below.

Each risk owner is assigned the responsibility to oversee the effective mitigation of a particular risk. In so doing, three lines of defence are applied to each risk as follows:

  • Management: preventative controls, detective controls, management insight, Exco and Operational committees
  • Corporate functions: compliance and risk management
  • Independent Assurance providers: external audit, internal audit, other assurance providers

The final and fourth level of defence in mitigation of the Group’s risks, requires that these lines of defence are reviewed by the board committees.

IT GOVERNANCE

As reported earlier, the Group’s IT governance committee has been created as a sub-committee of the risk committee and provides a detailed report on the matters canvassed within its mandate for the year. The risk committee spent some time deliberating on the composition and positioning of the IT governance committee within its corporate structure. As the IT governance committee, under the stewardship of the Chief Financial Officer as Chairman, is performing effectively the committee therefore refrained from effecting any changes during the course of the year.

The IT governance committee Chairman reports to the risk committee on governance and risks within the IT domain and the risk committee has insight into the Group’s IT risk register. The committee confirms that appropriate mitigating controls around the Group’s IT risks are comprehensive. In particular the committee has spent time considering the implementation of an ERP system and have extensively canvassed possible risks together with ensuring that the relevant mitigating controls are in place.

STAKEHOLDER ENGAGEMENT

The risk committee is tasked with overseeing the Group’s stakeholder engagement practices. The purpose of this mandate is to oversee that the key material issues with each of the Group’s stakeholders are being effectively addressed by management to the extent possible.

Our stakeholders are defined as those Groups that have an impact on the Group and with whom the Group may impact on. The Group has assessed its stakeholder universe as follows:

Stakeholder matrix 2013/14

We assess our stakeholder universe in this manner so that the Group clearly understands the impact that these stakeholders can have on the Group and vice versa. It remains an imperative for management to effectively deal with critical issues and focus resources within areas that are crucial for the business. This enables management to allocate its resources and management time appropriately.

Management’s targeted focus for the year under review was to build on its relationships with its gambling board regulators. As is evident from our reporting, the Group’s casino licences are a critical enabler of our business and the Group’s compliance with its casino licence conditions remain imperative. Management has held focus Groups with most of its provincial gambling boards (with the remainder to take place in the forthcoming year) with a view to understanding the regulators perceptions of the Group’s compliance compared to the compliance audits and internal audits that are conducted. In addition, the Group sought feedback on areas of improvement and overall the Group has fared well in terms of the comments provided at such meetings. As reported last year, an executive team is responsible for building these relationships and reports to the risk committee on its developments.

There has been further significant engagement with our employees and unions in terms of the Section 189A process and the committee has overseen the associated risks of this process. The committee has received reports on management’s dealings with its impacted stakeholders and concurs with the Chairman’s statement that the process has been conducted with due and fair process to all stakeholders following extensive consultations.

The committee acknowledges that stakeholder perceptions shape corporate reputation and the Group will continually strive to engage in constructive dialogue with its stakeholders.

CONCLUSION

Given the significant developments within the Group, the committee has elected to hold a further meeting each year in order to dedicate additional time to assessing the Group’s risks during this growth era.

The committee is satisfied that the process of identifying and appropriately dealing with the material risks posed to the Group are adequately managed and that the Group’s risk management philosophy and frameworks are sound.