RISK MANAGEMENT

The board accepts its responsibility for the governance of risk. The board regards risk management as a key business discipline which:

The day-to-day responsibility for identifying and managing risk resides with management.

Management is accountable to the board for designing, implementing and monitoring the system and process of risk management and to integrate it into the day-to-day activities. Risk management is decentralised into the business operations functions. Risk management has become a standard business discipline and is applied consistently throughout the group. The risk management process is integrated with the strategic and business planning process and is embedded through our management reporting and performance management system.

Operating under a written terms of reference that is approved by the board, the risk committee reports to the board and evaluates any risk which it deems necessary for discussion and evaluation by all directors. The Chairman of the risk committee reports progress on the key risk issues to the board and the risk profile is tabled annually at a board meeting.

The risk management framework and process are designed to assist the board to ensure that management monitors risks continually and reports back to the risk committee on the status of risks.

For certain special risk areas, management forums have been established to ensure that the risks in these areas are reviewed and considered by management with the required specialist skills and experience. These management forums include the treasury committee, tax committee and real estate committee. A board committee has been established to specifically monitor the management of sustainability risks. Where appropriate, feedback from these committees is incorporated into the quarterly reporting to the risk committee.

Information technology and governance
Given the high level of dependence of the business on its systems, information technology (IT) governance is an ongoing focus area. A dedicated IT Governance team is responsible for managing the governance aspects of IT, including compliance, continuity management and risk. A quarterly IT governance report is tabled and discussed at each risk committee meeting. Our yearly assessment of the IT governance processes benchmarked to COBIT (Control Objectives for Information and related Technologies), the internationally accepted best practice governance framework, confirmed that the maturity of our IT processes is in line with our desired maturity levels. Independent assurance by internal audit has confirmed our level is currently 3.2.

Insurance
Insurance is a key element of the risk management process. It is designed to protect us financially against the negative consequences of risk. There is a comprehensive asset and liability insurance programme in place. This programme includes appropriate levels of self-insurance. Our external insurance cover is provided by A-rated South African and international insurance companies. The completeness of our insurance cover as well as our policy wording are reviewed regularly and benchmarked by external experts to ensure that it takes into account new requirements and external developments.

Risk appetite
The business has implemented a materiality level against which risks are monitored and escalated. The materiality level is defined taking into account the impact that the risk may have on the sustainability of the business. The board is satisfied that this materiality level ensures that risks are appropriately reported against. A process will be undertaken in 2011 to more clearly articulate and define the risk appetite and tolerance of the business.

Our key risks
As retail trading conditions have changed and new priorities become more pronounced, we have seen some changes to the key business risks. The management of our natural resources of water and energy has received greater attention. The risk management process is designed to anticipate, identify, manage and mitigate those risks to ensure both the short-term and long-term economic, environmental and social sustainability of the group.