The board is responsible for ensuring effective risk management within the group by ensuring that adequate procedures and processes are in place to identify, assess, manage and monitor key business risks.
The group’s risk management process aims to add practical value to the organisation and is aligned to the principles of good corporate governance as encompassed in Principle 8 of King IV™. The risk management plan has been separated from the risk policy, so that the risk plan can be reviewed annually and the policy once every three years.
Risks are identified, assessed and managed as part of the day-to-day operations at various levels of management, who are empowered to deal with risks in an efficient manner according to formal policies and protocols.
Each functional executive is responsible for identifying, evaluating and managing risk daily in their respective functional areas and reporting the results of this process to the risk committee. Each brand and division (including the international divisions) has its own risk register that tracks brand-specific risks around operations, menu, and restaurant design and specifications.
The risk committee reports on the effectiveness of the risk management process at each board meeting and provides an analysis of the residual risk rating of each risk (using a traffic light dashboard system). In addition, the board is presented with a summary of the highest-rated inherent and residual risks in the group. In determining these assessments, the committee uses the combined assurance approach and considers assurance provided by internal audit, management, or any other relevant external assurance provider.
The committee works closely with internal audit to enhance the existing risk management process on a continuous basis. In accordance with King IV™, the risk committee comprises a majority of non-executive directors and Dineo Molefe serves as a member of the risk and audit committees.
The board reviewed and approved the updated risk management plan at its meeting on 5 September 2018. These documents together set out:
– The responsibilities of employees, management, the risk committee and the board as it relates to risk management.
– The definition of risk and risk management.
– Risk management objectives.
– The board’s risk approach and risk philosophy.
– Detail around the risk management process, including the procedures for continuous updates to the risk register and the feedback process around risk.