Governance
Risk management

Risk management

AECI’s focus is on the proactive identification, assessment and management of risk attributable to the nature of our business, as we cannot eliminate risk completely. Effective risk management is regarded as pivotal to the achievement of strategic goals in a sustainable manner. The proper understanding and management of risk enhances certainty and security for employees, customers and other stakeholders. We are better informed, more decisive and the quality of and confidence in decision making is improved.

The Board is responsible for the risk management process and is assisted in its responsibilities by the Risk Committee. The day-to-day responsibilities for risk management, and the design and implementation of appropriate processes to manage risk, reside with management.

The Risk Committee approves the risk strategy and the policies that are formulated and implemented by the Executive Committee and Senior Management. This system assists the Board in discharging its responsibility for ensuring that the wide range of risks associated with all of the Group’s operations are managed effectively in support of the creation and preservation of stakeholder wealth and well-being. Full reviews of the risk control and disclosure processes are undertaken regularly.

The Group Risk Officer is primarily responsible for establishing, updating and maintaining the Group risk framework based on internationally recognised standards, providing guidance, supporting and coordinating the identification and documentation of risk areas Group-wide and implementing the risk management system.

The Internal Audit function plays a pivotal role in providing assurance to the Board on the effectiveness of the risk management process. Where shortcomings are identified, these are addressed as part of the continual improvement of the risk management process and assurance framework.

Where a risk is assessed as material based on AECI’s risk capacity, risk appetite and risk limits, it is reported to and reviewed by Senior management and the Executive Committee as part of the risk management escalation process. This enables the prioritisation of risk management activities within the Group.

In conducting its annual review of the effectiveness of risk management, the Board considers the key findings from the ongoing monitoring and reporting process and independent assurance reports. The Board also takes into account material changes and trends in the risk profile and considers whether the control systems adequately support the Group’s ability to achieve its strategic objectives. The Board receives assurance from regular internal audit reports and, where considered necessary, from other reports on risk and internal control throughout the Group.

PROCESS

AECI’s risk management process comprises both bottom-up and top-down elements and follows a holistic approach in identifying, analysing, evaluating, treating, monitoring and reviewing risks. The bottom-up identification and prioritisation process is supported by workshops with the management teams of the Group’s businesses. The top-down element involves management at AECI Head Office level. This ensures that potential risks are discussed at the top management level and are included in the subsequent reporting process, if found to be relevant. With this process, together with the enhanced risk management software currently being implemented, AECI ensures that the management of risks is an integral part of its corporate governance system and that risk management is integrated into its day-to-day business activities.

The risk analysis is depicted on a 5 x 5 risk rating scale consisting of potential impact and estimated probability. The potential impacts are minor, moderate, serious, major or severe and are in turn linked to a qualitative and quantitative residual risk value. The estimated probability is based on the following:

almost certain = monthly basis;
likely = once in one year;
possible = once in three years;
unlikely = once in five years;
rare = more than five years.

The Board is satisfied as to the integrity of the ongoing process for identifying, evaluating and managing significant risks and that, where weaknesses are identified, these are addressed promptly within the Group and its operations.

PROGRESS IN 2012

In 2012, AECI’s already well-developed and comprehensive risk management framework was further refined and entrenched across our businesses and support functions. As was the case in 2011 the output of these efforts was used, inter alia, to determine material issues for inclusion and discussion in this integrated report.

Two key aspects in the risk management environment were the focus of attention in 2012:

1. Embedding an improved risk culture across our organisation enabling employees, management and Executives, individually and collectively, in taking informed decisions. The risk culture will continue to be entrenched in 2013 and includes the following:
 
distinct and consistent tone from the top and across all levels of management in respect of risk taking and mitigation;
commitment to ethical principles;
common, Group-wide acceptance of the importance of continual risk management;
the transparent and timely flow of risk-related information top-down and bottom-up within the Group;
encouragement of risk event reporting and active learning from mistakes and near misses;
ensuring that risk management skills and knowledge are valued, encouraged and developed; and
sufficient diversity of perspective, values and beliefs to ensure that the status quo is challenged consistently and rigorously.
2. Streamlining the risk management process whilst ensuring it remains effective and an integral part of the organisation’s day-to-day business activities.
  As we strive to reach our desired state of risk maturity, we identified the need to automate the risk management system. Under the guidance of the Group Risk Officer, a risk management system was selected and is being implemented Group-wide. The benefits expected include:
 
improved risk management process disciplines;
automation and streamlining of risk reporting requirements;
improved accuracy, consistency and efficiency in reporting;
increased transparency and visibility of the risk environment;
enhanced standardisation in reporting across all Group businesses and corporate functions;
automated contingency plans and escalation procedures; and
improved ownership of the risk management process.
  AECI’s progress to risk maturity is presented schematically below.

STAGES OF RISK MANAGEMENT CAPABILITY MATURITY

ASSURANCE

Management sets standards and implements systems of risk management and internal control aimed at reducing the risk of error or loss in a cost-effective manner. The Company’s Internal Audit function appraises the Group companies’ internal control and reports on this to the Audit Committee. The management of each operating business submits an annual Letter of Assurance to the Audit Committee of the Company affirming that the internal control in entities for which they have responsibility is adequate for their operations.

For sustainability reporting, independent external limited assurance is currently obtained on selected indicators as set out in the Independent assurance report on selected sustainability information.

A combined assurance model in line with King III requirements is being enhanced to ensure that all risks identified are subjected to the appropriate level of control and are assured by internal and external providers as appropriate.

MATERIALITY

One of the principles that underlie the process of preparing an integrated report is to determine which issues the Company’s various stakeholders would wish to see reported; in other words, what are the material issues that should be included in a report and which issues are peripheral and therefore should be excluded. The diversity of businesses in the AECI Group and the corresponding diversity of stakeholders sometimes makes it difficult to determine which issues pass the test of materiality.

For the purposes of this integrated report, management has again chosen to use the Company’s risk management framework as a guide to materiality. From the risk identification process, nine main material issues have been determined. The table below provides a short description of each of these, along with the primary stakeholders to whom the issue pertains. Each is then linked to relevant strategic pillars that support AECI’s approach to managing these material issues.

The strategic pillars on which AECI bases its current business activities and future growth are summarised as follows:

a cost base that is globally competitive and continually revised and improved;
world-class technology;
customer-centric, value-adding service that is unique or innovative; and
excellence, professionalism and good governance/compliance in all areas of business.

MATERIAL ISSUES IDENTIFIED   PRIMARY STAKEHOLDERS   STRATEGIC PILLARS
The management of safety, health and environmental issues in accordance with the Group’s values.   Customers, employees, communities, regulators.   World-class technology; excellence, professionalism and good governance/compliance in all areas of business.
The spectrum of competitors and customer trends; these include both local and international players and changing customer requirements in the areas of cost, quality, service and technology.   Customers, technology partners, business partners.   World-class technology; a cost base that is globally competitive and continually revised and improved; customer-centric, value-adding service that is unique or innovative.
Economic conditions and industry trends; these include potentially recessionary conditions, movements in foreign exchange rates and commodity prices, and changing trends in the mining and manufacturing sectors in different geographic regions.   Customers, shareholders, investors and financiers, business partners.   A cost base that is globally competitive and continually revised and improved.
Access to and retention of skilled resources.   Employees, business partners, regulators, shareholders, investors and financiers.   Excellence, professionalism and good governance/compliance in all areas of business.
Labour and political stability.   Customers, employees, suppliers, communities, investors and financiers.   Excellence, professionalism and good governance/compliance in all areas of business.
Transformation to achieve the benefits of diversity and to grow sustainably.   Customers, suppliers, employees, regulators, shareholders, investors and financiers.   Excellence, professionalism and good governance/compliance in all areas of business.
Information Technology (“IT”) network security.   Customers, suppliers, employees, regulators.   World-class technology; excellence, professionalism and good governance/compliance in all areas of business.
Technology and production processes, particularly with respect to quality, reliability and the avoidance of obsolescence, product liability and excessive costs.   Customers, suppliers, technology partners, business partners, investors and financiers.   World-class technology; excellence, professionalism and good governance/compliance in all areas of business.
Compliance with legislation and standards.   Regulators, employees, communities, investors and financiers.   Excellence, professionalism and good governance/compliance in all areas of business.