Currently viewing: Governance and risk committee report / Next: Information and technology committee report

Governance and risk committee report

Jesmane Boggenpoel
Governance and Risk

"I am proud of how EOH has managed and continues to manage the extraordinary risks which arose as a result, both directly and indirectly of the COVID-19 pandemic. Our business continuity plans and initiatives allowed us to enable our entire staff contingent to work remotely and provide uninterrupted services to our clients within a very short space of time. We have been able to respond and adapt in a controlled and responsible way as the country has progressed through the various levels of lock-down. We have learnt valuable lessons through this process, and these will be used to enhance our business continuity practices in the future."

Committee composition

Jesmane Boggenpoel (Chairperson of the committee)
Andrew Mthembu Non-executive Director
Anushka Bogdanov (resigned 28 July 2020)
Sipho Ngidi Non-executive Director
Mike Bosman Non-executive Director
Stephen van Coller Executive Director
Fatima Newman Executive Director

The number of meetings and attendance per committee member are shown in the Corporate governance section.

Regular invited attendees: Head of Legal, Head of Risk and the Chief Compliance Officer.

The summaries in the EOH board of directors provide the Directors’ qualifications and experience.

Focus for 2021

  • Aligning our management of risks to best support the new business strategy.
  • Enhanced embedment of the risk, compliance and governance framework into all levels of the organisation.
  • Continued implementation of innovative tools and technology across the GRC function.
  • Enhancement of our risk quantification metrics and apply these to our defined risk tolerance levels.
  • Improving business resilience across the organisation in light of the lessons learnt from COVID-19.
  • Ensuring that the organisation is fully compliant with the Personal Protection Information Act (POPIA) by the time that all of the provisions therein come into effect.
  • Continued focus and strengthening of our cybersecurity measures.
  • Enhanced and increased focus on employee compliance, specifically with regard to conflicts of interest.
How we manage governance and risk




EOH board

Audit Committee1

Governance and Risk Committee

Social and Ethics Committee

Information and Technology Committee

Remuneration and Nominations Committee


Risk Committee






Note: The structure of committees has been updated in line with the King IV Report on Governance in South Africa 2016.

1 Audit Committee responsibilities include oversight of internal audit.


The Governance and Risk Committee (the committee) ensures the ethical and effective delivery of the EOH Corporate Governance Framework to deliver on the framework's objectives of an ethical leadership culture, sustainability and growth, stakeholder engagement, statutory compliance and responsible citizenship. The committee's responsibilities include championing the vision and strategy of EOH, oversight of governance structures and accountability, sustainability and resilience, corporate citizenship, enterprise risk management and compliance, transparency and disclosure. Effective oversight of these areas ensures leadership and excellent business decisions that manage risk and take opportunities to create and protect value.

The committee is responsible for:

  • overseeing and leading the process of embedding the EOH Governance Framework;
  • the development and review of the EOH risk policies, standards and procedures and of EOH Enterprise Risk Management and Compliance;
  • the effective mitigation of strategic, financial, technology and operational risks to all EOH stakeholders;
  • liaison with the Audit Committee to exchange information and knowledge relating to risk and opportunity;
  • providing opinions and recommendations to the Board on risk assessment, appetite and mitigation approaches; and
  • overseeing the establishment of business continuity arrangements and mitigation strategies to ensure sustainable value creation.


The committee met quarterly during the year to review the Company's top risks and mitigating actions as well as the progress that has been made in rolling out and embedding the new EOH Risk, Compliance and Governance Framework. Significant effort has been put in to appropriately resource the CODE team to ensure it is fit for purpose going forward and is able to provide the necessary oversight of processes and systems and mitigate future risk.

Risk management

The effective review of risk mitigation programs, business continuity and forensic services are performed by the Group Risk Committee, and feedback is provided to the Governance and Risk Committee through the Chief Risk Officer. The top risks facing the organisation are provided to the committee at each meeting. Additional information as it pertains to the top risks are contained in the Risk overview.

The Bid Risk Committee (BRC) has operated effectively during the year with a total number of 389 bids being reviewed since the establishment of the BRC in January 2019.

As a result of the progression in the risk and governance maturity, the committee is satisfied that the risk management function is operating effectively.

Compliance management

The committee has oversight of the compliance program, under which a number of activities took place during the year. These focused on:

  • Effective roll out of compliance training across the organisation, with a focus on the newly developed Code of Conduct;
  • The establishment of a Governance Committee to review the policy framework and provide quality assurance over new or amended policies, ensure the appropriate regulatory change management implementation as well as the preparation for and the provision of commentary on new regulation;
  • Establishment of a POPIA steering committee to oversee the assessment and implementation of POPIA related requirements across the Group;
  • Reporting on results of fraud investigations from internal channels and the whistleblowing channels;
  • Implementation of a conflicts management control room to conduct due diligence on all third parties together with the management of potential and existing conflicts of interest; and
  • The implementation of an automated compliance portal for anti-bribery and corruption attestations, gifts and entertainment registrations, conflicts of interest disclosures and share dealing requests.

In addition to the committee's key focus areas discussed in the report, key activities for the 2020 financial year included:

Focus areas Response
Enhancing the risk, compliance and governance framework
  • Tracking and improving adherence to processes and policies related to risk and governance.
Ensuring business continuity while navigating COVID-19
  • Establishing a COVID-19 Crisis Management Team to deal with the pandemic and required responses, including ongoing reporting to the Board.
Finalising the investigation into fraud and corruption at EOH under the previous management team
  • Instituted civil/criminal proceedings (as per Board key focus areas).


The committee is confident that the CODE team will continue to mature the risk, compliance and governance framework though the organisation. Based on the work performed and the oversight of governance and risk during the year, we believe that the committee effectively fulfilled the responsibilities set out in its terms of reference.

Jesmane Boggenpoel

Chairperson, Governance and Risk Committee

1 December 2020