Risk management at Altron is about safeguarding our ability to create value for all of our stakeholders and is carried out within the governance structures of the group. Operational risk identification, management and reporting are achieved via a bottom-up approach. Risks are then managed strategically in a top-down approach emanating from the board.
In 2017 the group business risk department implemented a single risk management, reporting and governance framework into all the relevant departments, divisions and services within the group. The result is that the group risk function (as is also occurring with the governance, compliance and sustainability functions) has been centralised into a foundational, group-wide process, and embedded into the day-to-day management of each of the group’s businesses.
In addition, the group’s risk reporting policies and escalation procedures have been standardised, resulting in a faster and more efficient upward flow of risk information. This will assist in reducing unnecessary redundancy in reporting and will enable the group to proactively monitor and mitigate risks.
The new frameworks and processes have already begun to show results in increasing the accountability of operations and management of the risks at all levels, and are making it easier to consolidate and analyse risk-related data at a group level.
Our range of risks is aligned with our four strategic value drivers: financial sustainability, human capital, products and services, and external relationships. Management of the operations assesses our inherent risk exposure to determine whether risks should be treated, tolerated, transferred or terminated. If a risk is considered significant, an action plan is developed by management to mitigate and/or reduce the risk to a more acceptable level. The action plan stipulates who is responsible for taking action, what kind of action needs to be taken and also includes a time frame within which a risk needs to be reduced or mitigated.
As the group undergoes substantial change and refocus, our top risks have evolved as well. A summary of these risks is shown in the diagram below. Our key risks within each value driver, and the actions we take to mitigate their effects, are detailed in each of the relevant performance sections.
Throughout the year, we have seen a steady reduction in the residual risk ratings of all risks through the implementation of efficient and effective mitigation strategies.
Notable highlights from the 2016 risk assessment include a significant decrease in the high debt levels, disposal of discontinued operations, and reduction in reputational risk. Due to the restructuring of the group we have seen a slight increase in the human capital risk, which we are currently addressing. The Altech Autopage disposal, labour unrest and network risks have been fully mitigated.
|1||Disposal of discontinued operations|
|3||Altron growth profile|
|4||Broad margin pressure|
|6||Effectiveness of sales function|
|7||Threat of international competition/ disintermediation|
|8||Commoditisation of IT products and services|
|9||Inappropriate or ineffective cyber security|
|10||Radical economic transformation|
|11||Customer concentration risk|
The new structures and standardised processes have streamlined risk reporting and management across the group. Going into 2018 our focus is on further embedding this structure into each of the businesses, and ensuring compliance and consistent application of the relevant principles. We also intend to enhance the governance processes and compliance lines as we look to integrate governance, risk, compliance and sustainability functions (GRCS) through the creation of a group-wide GRCS foundation. The immediate focus areas within this platform will be information governance and compliance.
It is critical to the value proposition of the group, and to ensuring proper integration of management processes, that our information governance structures are firmly in place. We therefore aim to ensure that the new processes that we are implementing provide us with relevant and timely information so that we can monitor the risks facing the group and take swift action where required. This, in turn, will assist the organisation to increase its ability to make well-informed decisions and react rapidly to risks and opportunities, both in the short and long term. The GRCS platform will gradually be implemented over the next 24 months and we anticipate that the benefits and efficiencies to the group created through this foundation will be significant.