Our approach to risk management

Recent global and local developments have highlighted the need for a robust, integrated risk management approach across businesses. During the course of the past year the Altron group reviewed its risk management methodology and is engaged in a process of implementing a new risk reporting structure and strategy. The implementation of this new process will increase the accountability of operations and management of the risks at all levels. This in turn will assist the organisation to increase its ability to make well-informed decisions and react rapidly to risks and opportunities both in the short and long term.

Risk management at Altron is carried out within the governance structures of the group and the process is represented in the diagram below. Altron's risk governance process is a top-down approach with the board overseeing and approving all risk management processes and activities. Although the board plays a critical role in how we manage our risks, operational risk identification, management and reporting are achieved via a bottom-up approach. Altron is also currently engaging on the implementation of a top-down strategic risk management structure that assists the board to ensure that operations are focusing on the key strategies. Altron's risk management process comprises three levels of reporting as indicated in the diagram:

Risk governance and management processes

Risk management process – level 1 refers to risk management at an operational level. Risks are identified and managed at operational level and are reported to the executive committees of Altron TMT and Altron Power respectively. Altron's business risk department performs quarterly follow-ups pertaining to risk management documents compiled at the operational level. Top risks are consolidated and reported to the relevant Altron TMT and Altron Power executive committees. Altron's internal audit department performs reviews at the operational levels and their findings are reported to the relevant Altron TMT and Altron Power executive committees.

Risk management process – level 2 includes the reporting of risks to the subholding group companies' financial review and risk committees. Major risks are elevated to the Altron group chief executive through the executive committee; the Altron social and ethics committee (in respect of risks relating to the non-financial aspects of the business); the Altron risk management committee (in respect of all risks, both financial and non-financial); and the Altron audit committee. These committees also ensure that the mitigation and management of the risks identified are effective, efficient and adequate. Altron's internal audit department submits reports to all the above-mentioned committees. The Altron business risk department ensures that control deficiencies are adequately implemented and reports on the status of implementation to the above committees.

Risk management process – level 3 includes the overall evaluation and management of risks by the Altron board. In addition, the role of internal audit is to provide assurance to the board that appropriate controls are in place. The board is thus ultimately responsible to ensure that the risk governance processes and the risk management processes remain adequate and effective in identifying the group's risks and opportunities and that there is a system of efficient and effective monitoring, mitigation and management in place.

The risk governance process includes the development and implementation of the following documents and monthly meetings:

  • A standardised set of policies and procedures
  • A formal delegation of authority
  • Operational management reviews
  • Executive committee meetings
  • Quarterly risk review meetings

The policies and delegation of authorities are reviewed annually.

Roles and responsibilities

The Altron executive committee is responsible for assisting the chief executive with his responsibilities regarding the management of risks by identifying, managing, controlling and mitigating risk in the group. Its members include the chief executive of Altron who chairs the committee, the chief financial officer, the operations executives for power, information technology and telecommunications and multimedia, the group executive: technology and strategy and the group executive: corporate affairs. The group company secretary, group executive: marketing, PR and communications and the group legal executive also attend the meetings by invitation.

The risk management committee, in conjunction with the social and ethics committee, is responsible for assisting the board with discharging its duties in respect of the identification of risks, the measurement of risks and the assessment of the effectiveness of risk management throughout the Altron group. To achieve this the committee:

  • Oversees the governance of risk through the Altron group’s risk management framework and its system of internal controls and co-ordinates Altron’s risk management and assurance efforts
  • Establishes and maintains a common understanding of the body of risks that the Altron group needs to address if it is to achieve its strategic objectives
  • Reviews and confirms the Altron group’s levels of risk tolerance and its risk profile at least twice a year
  • Monitors the perceived effectiveness of the Altron group’s existing controls, which include the external verification of some of our risks by a range of independent assurers
  • Monitors external developments relating to corporate accountability, including emerging and potential risks

Our range of risks is aligned with our four strategic value drivers: financial sustainability, human capital, products and services, and external relationships. Management assesses our residual risk exposure to determine whether risks should be treated, tolerated, transferred or terminated. If management considers a risk to be significant, an action plan is developed to mitigate and/or reduce the risk to a more acceptable level. The action plan stipulates who is responsible for taking action, what kind of action needs to be taken and it also includes a time frame within which a risk needs to be reduced or mitigated.

One of the responsibilities of the Altron audit committee is to review the findings of the risk management committee and assess the implications of those findings on the group’s financial reporting and financial sustainability.

The risk management committee’s key focus areas for the year under review and the areas it plans to focus on during the new financial year can be found in the full governance report.

Altron’s internal audit department supports the identification and mitigation of control risks through their ongoing internal audits on the group’s financial systems, computer systems, production efficiencies, health safety and environmental, security and ethics processes.

During this reporting period a centralised business risk department was created within Altron group services to assist in developing and implementing an adequate risk reporting framework into all relevant departments, divisions and services within the group. The department will be responsible for the continuous monitoring and assessment of material risks as well as ensuring that risk mitigation strategies are timeously actioned and brought to within acceptable levels.

Looking ahead

Our risk focus for the next financial year will be on ensuring that the new processes that we are developing provide us with relevant and timely information so that we can monitor the risks facing the group and take swift action where required.

As the group undergoes substantial change and refocus, our top risks are expected to evolve as well. The diagram below illustrates the key risks identified as well as their current trend.

Roles and responsibilities