REPORT OF THE RISk COMMITTEE
The Risk Committee (Committee) has been established by the Board and assists the Board in ensuring that Management implements appropriate risk management processes and controls. The Committee has adopted formal terms of reference which are updated on an annual basis. The Committee acts in accordance with its delegated authority of the Board, as recorded in these terms of reference, and is accountable to the Board. The terms of reference are subject to the provisions of the Companies Act, 2008, as amended and the Memorandum of Incorporation of the Company, as well as any other applicable law or regulatory provision.
The Committee consists of six non-executive directors and their attendance at meetings is set out under Board and Executive Committee.
The Committee discusses with Management the Company’s policies with respect to risk assessment and risk management, including the guidelines and policies that govern Management’s assessment and management of risk. The Committee is responsible for the following:
- Reviewing the effectiveness of risk management policies and strategies in place and recommending to the Board for approval.
- Reviewing the adequacy of the risk management charter, policy and plan.
- Approval of the Company’s risk identification and assessment methodologies.
- Reviewing of the parameters of the Company’s risk/reward strategy, in terms of the risk appetite and tolerance relative to reward. Ensuring that risks are quantified where practicable.
- Reviewing and approval of the risks identified on a qualitative basis, according to probability and seriousness.
- Reviewing of the effectiveness and efficiency of the Enterprise Risk Management (ERM) system within the Company and being assured that material risks are identified and the appropriate risk management processes are in place, including the formulation and subsequent updating of appropriate Company policies.
- Reviewing the appropriateness of resources directed towards areas of high risk.
- Regularly receiving a register of the Company’s key risks and potential material risk exposures. Reporting to the Board any material changes and/or divergence to the risk profile of the Company.
- Reviewing the implementation of operational and corporate risk management plans.
- Reviewing of the insurance and other risk transfer arrangements, and considering whether appropriate coverage is in place.
- Reviewing of the business contingency planning process within the Group and being assured that material risks are identified and that appropriate contingency plans are in place.
- Reviewing and where necessary recommending actions for improvement and outstanding actions on risk management plans for the Company.
- Reviewing the outcomes of the formal risk assessment workshop conducted by Management at least once a year.
- Reviewing the Company’s sustainability risk on a regular basis.
- Providing the Board with a detailed and timely ERM report as presented by Management.
- Annually reviewing the risk management charter for recommendation to the Board for approval.
At its two meetings during the year under review, the Committee discussed and where applicable, approved the following:
- Reviewed the terms of reference for the Committee.
- Reviewed the Group Risk Register and discussed the top 10 risks in detail at both meetings.
- Reviewed and approved the combined assurance report provided at the three assurance levels with regard to the primary controls in place to address the identified risks.
- Reviewed the adequacy of the risk management policy, charter and plan and discussed the risk tolerance and risk appetite statements in detail. Certain recommendations were made to Management. These recommendations were adopted.
- Reviewed the insurance cover in place to protect the Company’s assets and to address any liability claims.
- Considered the increasing cyber risk and potential damage and disruption to Sibanye’s business. Management was requested to submit a proposed plan to address cyber risk concerns.
- Reviewed the crisis communication policy as part of business continuity planning.
- Reviewed the results of an Internal Audit and external debtors’ analysis of the Enterprise Risk Management process.
Chairman: Risk Committee
18 March 2016