Governance > Risk management

Risk

The management of risk is critically important to the ongoing success of the Group and is an inherent part of doing business. The definition of risk used in the Group is: “The likelihood of something occurring which will have an impact or consequence on objectives”.

The principles of risk management followed by the Group are systematic and structured, address uncertainty and its causes, are part of decision making, add benefit and value, are transparent and form an all-inclusive process that is dynamic, iterative and responsive to change.

The Aveng risk management process provides for both a top-down and bottom-up approach. The top-down focus provides the overall strategic framework and direction and defines the business imperatives taking cognisance of the Strategic Macro Risks facing the Group. In parallel, a bottom-up project analysis is undertaken on a business and project-by-project basis. This evaluates the project compliance with the strategic focus of the Group and the relevant operating group or business unit. The risk experienced by the Group is continually monitored to evaluate new and emerging risks, so as to ensure that future actions can be reviewed and focused appropriately on an ongoing basis.

An overall risk management framework has been developed for The Aveng Group which takes cognisance of the 10 key risk areas as shown below. Each of these areas is subdivided into the key risk areas and elements that are in turn considered individually. The key committees responsible and personnel are included in the schedule. This ensures that accountability for these risks is clearly defined.

Strategic risk

Strategic risks are those that could cause severe financial loss, fundamentally undermine the competitive position of the Company, affect the reputation of the Company or impact adversely on the market sectors in which Aveng operates. Strategic risks are not business or project specific but are both internal and external risks that either an operation or group faces as a whole.

The development of the initial sections of the Strategic Risk Framework for the Group has been completed. This includes the evaluation of strategic risks at business unit level, at operating group level and at Group level. The process includes risk groupings, probability and impact assessment matrices, risk landscapes, rankings, tolerance levels, and dashboards. The schedule developed represents a synthesis of internal and external risks facing the Group collated by category. This schedule is regularly reviewed by the executive committee and the board and the appropriate actions to mitigate or control these risks are considered and taken.

Business risk

‘A business’ is regarded to be individually and collectively as every division, business unit and operating group within the Group structure. Risks are currently categorised into those within the Group’s control and external factors outside its control. The latter includes country, exchange rate and commodity price risks. Aveng endeavours to mitigate this category of risk by maintaining a strategic balance between business sectors, markets, currencies, countries and products.

The Group has utilised the COSO subjective framework to assist them in achieving their business objectives within the operating groups and business units. The framework takes cognisance of the individual business imperatives and defines the risks in terms of their probability and impact. The process is dynamic and strives to provide a balance between realising opportunities for gain while minimising adverse impacts.

The components of business risk management include internal and external environment, objective setting, event identification, risk assessment, risk response, control activities and information and communication. The broad risk areas covered include global, geopolitical, societal, technological, reputational, ownership, country, legal and regulatory compliance, human resources and industrial relations, safety, health and the environment, economic cycle, currency and payment, contracting, manufacturing, weather and commodity price risks.

The Aveng operational risk management process is summarised in the matrix below:

 The Key
 Risks
  Overall
strategic
    Strategic
opera-
tional
    Business     Project     Portfolio     Human
resources
    Finance
and admin-
istration
    Business
develop-
ment
  Information
technology
    Risk-based
audit
    Safety
 Respon-
 sibility
                                                             
 Board  committees     Board     Audit
and risk
committee
    Audit
and risk
committee
          Audit
and risk
committee
    Transfor-
mation/
remuneration committees
    Audit
and risk
committee
        Audit
and risk
committee
    Audit
and risk
committee
    Safety
committee
 Other  committees                     Tender risk committee (Chair:
WR Jardine)
          Human resources committee (Chair:
JJA Mashaba)
    Financial director committee (Chair:
SJ Scott)
    Strategic business development committee   IT Steering (Chair:
SJ Scott)
          Safety (Chair:
V Narsai)
 Individual  respon-
 sibility
        Chief executive officer Group risk manager Aveng executive committee Operating group managing directors     Group risk manager Operating group managing directors     Group risk manager Operating group/
Business
unit
managing directors
    Chief executive officer
Group risk manager Continuous improvement group
    Group human resources director Operating group
Human resources directors
    Financial director Aveng executive committee Operating group financial directors     Operating group managing directors
Business development managers
  Financial director Chief information officer     Financial director Group risk manager Internal audit manager     Group safety manager Operating group managing directors
A detailed analysis is undertaken and the probability of the event occurring and its potential impact dictate the mitigation measures required to ensure that the resultant risk falls within the Group’s risk tolerance levels. As a result of this analysis residual risk is determined along with necessary controls and their contribution.