Risk Measurement and Management
In the year under review, the Group focused on entrenching its risk management process and refining it further.
The Board is responsible for the risk management process and is assisted in its responsibilities by the Risk Committee. The day-to-day responsibilities for risk management, and the design and implementation of appropriate processes to manage risk, reside with management.
The Risk Committee approves the risk strategy and the policies that are formulated and implemented by the Executive Committee and Senior Management. This system assists the Board in discharging its responsibility for ensuring that the wide range of risks associated with all of the Group’s operations are managed effectively in support of the creation and preservation of stakeholder wealth and well-being. Full reviews of the risk control and disclosure processes are undertaken regularly.
The Group Risk Officer, reporting to the Company Secretary, is primarily responsible for establishing, updating and maintaining the risk framework, providing guidance, supporting and coordinating the identification and documentation of risk areas Group-wide and implementing the risk management system. Risks are ranked using an internationally recognised methodology.
The Internal Audit function plays a pivotal role in providing assurance to the Board on the effectiveness of the risk management process. Where shortcomings are identified, these are addressed as part of the continual improvement of the risk management process and assurance framework.
Where a risk is assessed as material, it is reported and reviewed by the Executive Committee and Senior Management as part of the risk management escalation process. This enables the prioritisation of risk management activities within the AECI Group
The risk management system meets regulatory requirements. In conducting its annual review of the effectiveness of risk management, the Board considers the key findings from the ongoing monitoring and reporting process, management assertions and independent assurance reports.
The Board also takes into account material changes and trends in the risk profile and considers whether the control systems adequately support the Group’s ability to achieve its strategic objectives. The Board receives assurance from regular internal audit reports and, where considered necessary, from other reports on risk and internal control throughout the Group.
AECI’s risk management process comprises both bottom-up and top-down elements and follows a holistic approach in identifying, analysing, evaluating, treating, monitoring and reviewing risks. With this process, together with enhanced application software currently being installed, AECI ensures that management of risks is an integral part of its Corporate Governance system and that risk management is integrated into its day-to-day business activities.
The potential impact and estimated probability of risks is based on a 5 x 5 risk rating scale. The impact comprises minor, moderate, serious, major and severe risks which are linked to a qualitative and quantitative residual risk value. Probability is based on the following time frame:
The bottom-up identification and prioritisation process is supported by workshops with the management teams of the Group’s businesses. The top-down element involves management at AECI Limited level. This ensures that potential risks are discussed at the top management level and are included in the subsequent reporting process, if found to be relevant.
The Board is satisfied as to the integrity of the ongoing process for identifying, evaluating and managing significant risks and that, where weaknesses are identified, these are addressed promptly within the Group and its operations.
AECI’s progress to risk maturity is presented schematically below.
Management sets standards and implements systems of risk management and internal control aimed at reducing the risk of error or loss in a cost-effective manner. The Company’s Internal Audit function independently appraises the Group companies’ internal control and reports directly to the Audit Committee. The management of each operating business submits an annual Letter of Assurance to the Audit Committee of the Company affirming that the internal control in entities for which they have responsibility is adequate for their operations.
For sustainability reporting, limited assurance is currently obtained on selected indicators.
A combined assurance model in line with King III requirements is being enhanced to ensure that all risks identified are subjected to the appropriate level of control and assured by internal and external providers as appropriate.
One of the principles that underlie the process of preparing an Integrated Report is to determine which issues the Company’s various stakeholders would wish to see reported; in other words, what are the material issues that should be included in a Report, and which issues are peripheral and therefore should be excluded. The diversity of businesses in the AECI Group and the corresponding diversity of stakeholders sometimes makes it difficult to determine which issues pass the test of materiality.
For the purposes of this first Integrated Report, management has chosen to use the Company’s risk management framework as a guide to materiality. From the risk identification process, eight main material issues have been determined. The table below provides a short description of each of these, along with the primary stakeholders to whom the issue pertains. Each is then linked to relevant strategic pillars that support AECI’s approach to managing these material issues.
The strategic pillars on which AECI bases its current business activities and future growth are summarised as follows:
These issues, and their control, frame the context of this Integrated Report.