1 RISK COMMITTEE . CHARTER . WBHO RISK MANAGEMENT CHARTER . 1. INTRODUCTION. Enterprise risk management deals with risks and opportunities affecting the value creation or preservation of an entity (company) and is defined as follows: Enterprise risk management is a process, effected by the board of directors, management and other personnel of an entity, applied in strategy setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives. 1. Business decisions or events (from the external or internal environment) usually have a positive or negative impact or both on an entity. Events with negative impacts represent risks, which can destroy value creation or erode existing value. Conversely, events with a positive impacts may offset negative impacts and represents opportunities.
2 The primary purpose of enterprise risk management is to ensure that the upside, as well as downside, of risk is proactively managed to grow the entity sustainably and as a profitable, reliable and responsible corporate citizen. The purpose and the design of this Risk CHARTER is to emulate these principles and to give effect to the WBHO pragmatic approach to risk management. The design thereof is summarised in the diagram below. This CHARTER should be read together with the diagram below to put all of its elements into perspective. Diagram 1. WBHO Board Risk CHARTER Executive COMMITTEE Setting the tone at Risk / Audit COMMITTEE the top Risk Management Policy (point 2). Governance Structure (point 3). 1. COSO Enterprise Risk Management Integrated framework September 2004. 2. RISK MANAGEMENT POLICY. Risk is inherent in all of our business activities and we concentrate our risk management activities on those areas where our engineering, construction and management skills will have the greatest effect on the risk reward decisions we make.
3 The aim of WBHO, from a risk management perspective, is not to eliminate risk totally, but, rather, to provide the structural means to identify, prioritise and manage the risks inherent in all of our business activities. It requires a balance between the cost of managing and treating risks and the benefits gained from doing so. WBHO understands that, emanating from the strategies that it adopts, and the objectives and methods undertaken, that risks and opportunities will be identified and, ultimately, dealt with in the risk CHARTER . This process is an integral part of the overall business model of WBHO. Business risks are further described as uncertain future events that could influence the achievement of business objectives . In order to achieve our business objectives and to create stakeholder value, we take risks because without risk there is no reward; however, our endeavour is to understand and effectively manage the risks we take in order to minimise losses and maximise opportunities WBHO acknowledges that risk management is an essential element of good corporate governance, and is an integral part of good management practice.
4 The intent is to embed risk management in a practical way into business processes and not to impose risk management as an extra requirement. 3. GOVERNANCE STRUCTURE. Scope: WBHO Risk Management governance structure is compliant with the applicable JSE listing requirements (with specific reference to King III, following the comply or explain' principle from a risk management perspective). We take on business risks in an ethical and transparent manner and as a responsible corporate citizen we comply with all applicable laws and regulations (legal landscape) wherever we do business. Principles: Risk taking is core to our entrepreneurial success and taken in an ethical and transparent manner without violating appropriate laws and regulations wherever we are doing business. Risk management is an integral part of the business practices of WBHO at all levels and includes the identification, evaluation and appropriate response, tracking and reporting of risks to provide reasonable assurance regarding the achievement of objectives and / or capitalising on business opportunities.
5 WBHO follows a pragmatic approach to risk management, which builds on existing management processes to give effect to its risk management process. Responsibilities: Board The Board is responsible for risk governance and sets the tone for risk management and ensures that risk management does not become a series of activities that are detached from the realities of business and is evident in the aforementioned Risk Management Policy. Risk / Audit COMMITTEE The risk COMMITTEE assists the Board in discharging its risk management duties and reviews the effectiveness and progress of risk management against the risk management maturity model and ensures that the key risks facing the company are identified and effectively managed. Management Management is responsible for the design, implementation and monitoring of the risk management framework, risk management process, risk management plan and to give effect to risk management in operations, in substance and form.
6 Internal Audit Internal Audit provides independent assurance (but does not reduce management accountability as primary assurance providers) that the risk management policy, risk management framework and risks management process is effective, attests that the risk management plan has been implemented, and reports any failures or weaknesses related to the controls for key risks. Risk / Audit COMMITTEE Purpose The risk COMMITTEE is incorporated with the WBHO Audit COMMITTEE (the COMMITTEE ). The deliberations of the COMMITTEE do not reduce the individual and collective responsibilities of the Board of Directors in regard to their duties and responsibilities and they must continue to exercise due care and judgment in accordance with their statutory obligations. Member composition WBHO Audit and risk COMMITTEE members must comprise of at least three independent non- executive Board Members.
7 The Chief Executive Officer, Chief Financial Officer and any other senior executives or employees may be invited as the circumstance warrants. Role of the Risk / Audit COMMITTEE The COMMITTEE has an independent role, operating as an overseer and a maker of recommendations to the Board for consideration and final approval. The COMMITTEE does not assume the responsibility for Risk Management, which remain the responsibility of the Board. The role of the COMMITTEE is to assist the Board to ensure that the Operations Risk COMMITTEE (ORC) has adopted the approved Risk Management policy, developed and implemented a risk management framework, risk management process and risk management plan that will enhance the ability of ExCo to achieve its strategic objectives. Role of the Operations Risk COMMITTEE (ORC). The ORC is responsible for the management of the business strategy and business performance, adoption of the risk management policy, development and implementation of the risk management framework, risk management process and risk management plan.
8 Responsibilities of the Risk / Audit COMMITTEE The COMMITTEE performs all the functions as is necessary to fulfill its role as stated afore and including the following: Oversee the adoption of the risk management policy, risk management framework, risk management process of WBHO, along with the development of a risk management plan;. Monitor the implementation of the risk management policy, risk management framework, risk management process and the risk management plan;. Make recommendations to the Board concerning the risk appetite and risk tolerance metric;. Ensure that risk assessments are performed on a continuous basis;. Ensure that management considers and implements appropriate risk control measures;. Ensure that continuous risk monitoring by management takes place;. Express the COMMITTEE 's formal opinion to the Board on the effectiveness of Risk Management; and Review reporting concerning risk management that is to be included in the integrated report, ensuring that it is timely, comprehensive and relevant.
9 Authority of the Risk / Audit COMMITTEE The COMMITTEE acts in terms of the delegated authority of the Board as recorded in the terms of reference. It has the power to investigate any activity within the scope of its terms of reference;. The COMMITTEE , in the fulfillment of its duties, may call upon the chairpersons of the other committees to provide it with information, subject to an approved process;. The COMMITTEE has access to the records, facilities and any other resources necessary to discharge its duties and responsibilities;. The COMMITTEE may form, and delegate authority to, subcommittees and may delegate authority to one or more designated members of the COMMITTEE ;. The COMMITTEE has the right to obtain professional advice to assist with the execution of its duties, subject to a approved process; and The COMMITTEE makes the recommendations to the Board that it deems appropriate on any area within the ambit of its terms of reference where action or improvement is required.