Opportunities and risks
Transnet’s risk control and assurance environment
Transnet has an established, principles-based Integrated Assurance Model that provides a clearly defined, documented approach for integrating and aligning Transnet’s assurance processes and control systems, thereby enabling appropriate risk and governance oversight.
The governance of risk
Accountability is key in the management of risks. Named individuals are associated with specific risks, controls or tasks. The primary risk roles are:
- Risk owners: Ensure that the risk assessments are up to date and properly recorded in risk registers.
- Control owners: Provide periodic assurance that controls are adequate, effective and efficient.
- Task owners: Take appropriate risk treatment actions.
Risks taken outside tolerance levels
Risk sponsors assess the desired control effectiveness of all risks, assuming that all additional mitigation has become effective. The level of desired control effectiveness considers various perspectives, including the extent to which the Company can control the root causes, consequences and the likelihood of the risk materialising. The Company also performs a cost benefit analysis when assessing the scope for further control and risk treatment. The risk sponsors consider closing the gap (if any) between the actual control effectiveness and the desired control effectiveness when deciding on risk response strategies. The top five residual risks are tolerated for being outside the generic tolerance levels. This is largely due to the influence of external factors on these risks.
Integrated Assurance Model for capital projects and programmes
Management of risk
Transnet’s enterprise risk management (ERM) process aims to achieve an appropriate balance between opportunities realised for gain, while minimising adverse impacts. General activities include risk identification, evaluation, prioritisation, treatment, monitoring, reporting and integration in decision-making and key business processes. Rather than striving only for inherent efficiencies and operational performance, the ERM process helps to shape the business’ strategic direction. The risk management approach is evolving from being process- and compliance-focused, to one of data centricity. The strategic risk profile considers King IV principles1 and the ISO 31000:2009 Risk Management Standard. It is further based on Transnet’s Shareholder’s Compact and strategic fundamentals2.
|1||King IV Report on Corporate Governance of 2016.|
|2||Financial sustainability, capacity creation, operational excellence, market segment competitiveness, and nine SDOs.|
Fraud and Corruption Risk Management Strategy
Transnet’s Fraud and Corruption Risk Management Strategy, as contained in the Fraud Risk Management Programme (FRMP), provides mechanisms for the prevention, early detection and investigation of irregularities. The FRMP provides corrective measures to address control breakdowns and related root causes.
In 2016, Transnet undertook a Sustainability Risk and Opportunities Assessment to assess emerging risks that have the potential to impact our business in the medium to long term. Accordingly, we developed a pathway to leverage opportunities. This was done across seven themes:
- Circular economy
- Climate change
- Disruptive technology
- Energy security
- Social inequality
Risk event proximity
Since reporting on these risks in our 2017 Integrated Report, we have observed movements in these risks, with some having already materialised in the current reporting year. Accordingly, we assessed how the risks have evolved over the past two-year period and reviewed their relative impacts.
Transnet used an Event Proximity Matrix (EPM) to track the status of emerging risks. The EPM defines the time proximity for the risk assessment in terms of Short (One-year: Financial year), Medium (Five-year: Corporate Plan) and Long term (30-year: Long-Term Planning Framework) time horizons, and positions emerging risks in terms the following parameters:
- Value network: Provides a global view of emerging risks
- Value chain: Provides a localised (South African) view of emerging risks
- Business operations: Provides a view of emerging risks in terms of Transnet’s business operations
Accordingly, Transnet can interpret the interconnectedness and dependencies of operations with greater accuracy. It is particularly useful as a planning tool to assess the speed and intensity with which these emerging risks are likely to impact our operations as they filter through from a global to local context, compelling the Company to transform at an accelerated pace.
We encourage the reader to read our EPM findings below together with our section on ‘Strategy and Resources’ (page 45), which looks ahead at our long-term planning horizon, as well as our ‘Outlook’ section (page 110), which considers our short- to medium-term planning horizon.