The Board, assisted by the Audit Committee, is responsible for risk management. The Afrox management team takes responsibility for the day-to-day implementation of risk management processes and the monitoring of these systems. Afrox’s risk management strategy includes a proactive approach to risk and opportunity management. The identification and mitigation of risks in relation to each of the integrated reporting capitals reflects how integrated thinking is applied. This also has an impact on reducing the gap between our market and intrinsic values. Our enterprise risk management (ERM) model has placed risks into four major categories;
- credit risk;
- financial risk;
- operational risk;
- reputational risk; and
- other risks.
Risks related to natural resources, such as future resource scarcity, fall into the categories of strategic and operational risks.
Risk management and assessment process
While external risks are not in management’s direct control, the ability to understand them, mitigate and efficiently react to them is. The Company undertook a Business Continuity Management (BCM) project that outlined key improvement areas for our disaster recovery processes. The Project further aided an improved understanding and measurement of our risk appetite and tolerance. The outcome of these assessments was the establishment of the Business Continuity Management framework.
In addition, the Board approved three other frameworks for risk governance:
- a risk appetite and tolerance framework
- a risk management framework; and
- a controls self-assessment framework.
The table below depicts the risk methodology used in setting the Company’s risk appetite and tolerance.
Risk appetite and tolerance framework
Risk management process
Risk management is seen as important in supporting the viability of our strategy and, by extension, the value creation process. Material risks that could have a significant impact on the execution of our strategy and its value creation goals have been incorporated into our decision-making process to reduce uncertainty.
The Audit Committee approved the Company’s Control Self-Assessment (CSA) framework, which forms an integral part of Afrox’s overall approach to building resilience within its critical business processes. It also impacts the Company’s response to and recovery from disruptive incidents. In addition, it tests the validity of mitigation actions. This framework was derived from Afrox’s risk management framework and provides opportunities to integrate and co-ordinate risk identification and risk management efforts while generally improving our understanding, control and oversight of operational risks. Furthermore, compliance to this framework will provide comprehensive and robust mitigation controls that can be tracked for maturity and progress.
Refer to our combined assurance model.
BCM outlines actions to take in a crisis to protect life and property and to contain the event. The objective of BCM is to:
- Minimise the impact of a major disruption to normal operations.
- Enable restoration of critical assets.
- Restore normality to Afrox’s business as soon as possible after a crisis.
Management of SHEQ risks
Our Board is responsible for managing the effectiveness and efficiency of the SHEQ process. The Company’s SHEQ department ensures that a policy is in place, and that the Company is proactive in its risk assessment and professional in its remediation. The most significant tool used to measure our commitment to safe operations is the SHEQ Golden Rules of Safety.
Executive managers review the SHEQ policy regularly for improvements in monitoring techniques, investigation and controls. The Company is committed to compliance with all external regulations, including ISO 9001, ISO 14001 and OHS 18001. For more on our SHEQ activities, refer to our combined assurance model.
SHEQ performance is governed by self-regulation, communication and adherence to safe practices.
Our top three risks
The table below outlines Afrox’s top three risks. These are all incorporated into the material matters.
Future focus areas for risk management
- Embedding the combined assurance model
- Risk quantification, monitoring, reporting and escalation