EOH's enterprise risk management approach has continued to evolve over the last year after its establishment in 2019. There has been comprehensive work to develop and enhance risk identification, assessment and control procedures during the year.

The CODE team, which is a multidisciplinary team of GRC specialists, reports into the CRO risks facing the company and where appropriate monitors the mitigation actions to ensure risks are reduced to an acceptable level. A Group Risk Committee (Group Risk Co) has been established that is Chaired by the CRO. The Group Risk Co meets monthly, and is comprised of the Executive Committee members, additional ad-hoc meetings are also held if required. The main responsibility of the Group Risk Committee is to:

• Review the Top Risks facing the company and mitigation actions to reduce the risks
• Oversee projects/structures in place designed to identify and reduce risk, such as the Compliance and Ethical Programmes, and the Bid Assurance function.

Embedding risk management

Work still needs to be done to manage risk in an integrated way, and with a common language. This will necessitate enablement of a more collaborative organisational culture, that is motivated to candidly assess the status of risk and to nurture opportunity. The foundation laid in the latter part of this year will support a culture of good governance, as well as ethical and courageous leadership within EOH, presenting a critical opportunity to drive our business forward.

The following projects were executed on during 2020:

• Implementation of a bid assurance office with a bid risk management tool
• Engagement with lines of business through dedicated CODE team risk liaisons, resulting in improved risk identification and management
• Ongoing improvements in business resilience due to COVID-19 pandemic

The following areas will serve as focus areas for the following year:

• Implementation of a real time risk assurance system,
• Risk awareness campaigns and training through the organisation
• Reassessment of principle risks in line with the new revisited Group Strategy
• Embedment of the risk management process

MANAGING OUR RISKS AND OPPORTUNITIES

	Risk			Description, mitigation (policies, processes and systems) and leadership accountability
	Macroeconomic conditions and COVID-19				Definition: Volatile macroeconomic conditions may weaken enterprise spending effecting ability to achieve growth and revenue targets.		Mitigation: Implementation of cost-saving programs, including salary reductions across the organisation over the four-month period between April and July 2020. Bottom up extensive budget and forecast process undertaken with ongoing tracking to determine effects on the business. Providing creative solutions to our customers both in terms of digitising their business and being able to customise their requirements during the period.
	Cyber threat				Definition: An external cyber-attack could result in service interruption or the breach of confidential data. This could negatively impact our revenue and reputation.		Mitigation: Perform ongoing assessments of the risk environment and deploy security programs to mitigate any risks identified.
	Business information systems				Definition: Major failure of EOH internal business information systems due to the lack of an integrated system with an overarching governance framework, continuity management and disaster recovery for key applications would disrupt business operations.		Mitigation: To investigate the mobilisation of an EOH Group business information system to ensure control, oversight and sustainable continuity of business operations and improved decision making.
	Credit risk				Definition: The lack of a robust credit management policy and oversight may result in excessive and unmanaged credit being given to customers, exposing EOH to an inability to collect on debt.		Mitigation: Credit committee (executive structure) formed to manage credit risk.
	Liquidity				Definition: Liquidity constraints could be faced due to the gearing of the Balance Sheet and problematic legacy contracts not being closed out expeditiously.		Mitigation: Deleverage of Balance Sheet through the sale of non-core assets. Task teams formed to manage legacy projects. Focus on cash generative businesses.
	Regulatory compliance, including data privacy				Definition: Failure to meet regulatory requirements such as B-BBEE, tax liabilities relating to statutory employment, and emerging and evolving data privacy requirements would incur cost and reputational damage.		Mitigation: To galvanise the drive for regulatory and statutory compliance, ensuring high calibre executives are in place to drive forward EOH compliance across the Group, supported by integrated technology systems to enable transparency and oversight.
	Legal and litigation				Definition: The ongoing legal and forensic examination of wrongdoing could consume ongoing resources and executive bandwidth, yielding further financial claims requiring justice, remediation and restitution.		Mitigation: Ensure that legal resources are budgeted and in place to assure a fair process for justice and for restitution for stakeholders that have been wronged.
	Human capital and talent				Definition: The evaluation of human capital and talent capabilities could reveal the need for ongoing recruitment of talent, professionalised human capital management processes, and a requirement to motivate for the retention of staff demoralised by restructuring.		Mitigation: To ensure a focused approach to investing in an integrated and best practice human capital management capability and Group HR Officer to lead the full employee lifecycle, investing the recruitment of top class professional skills and staff motivation.
	Enterprise performance management				Definition: The lack of integrated, consistent and best practice enterprise performance management to assure the quality of EOH project execution and performance could result in a lack of visibility where there are distressed projects that could fail, causing damage.		Mitigation: To drive forward an enterprise performance management process with transparently monitored key performance measures, aligned to the EOH strategic objectives.
During the 2020 year we made significant progress to mitigate risks noted in 2019 to an acceptable level. We have included a summary of the mitigation measures implemented below to show how these risks are currently being managed.
	Unethical tendering practices				Definition: Future tenders could replicate the errors of the past resulting in contracts that are corrupt and do not create value for customers if an ethical Code of Conduct and governance framework is not in place to ensure good business practice.		Mitigation measures implemented: A bid assurance function has been set up under the Chief Risk Officer, part of the bid assurance function is for high risk bids to be looked at by the Bid Review Committee (BRC) that is composed of senior executives from the business as well as a representative from Corporate Legal, Risk and Compliance. During the year the process was also digitised into the iBOT tool which allows for risk rating and work flow automation of bids. Enhancements to the Control Room which conduct extensive "know you client" analysis has been incorporated into the process.
	Inadequate governance framework and capability				Definition: Inadequate governance practices, ineffective business processes, corporate control, reporting and poor quality of information could result in poor decision making, compromised value creation, and business performance problems.		Mitigation measures implemented: The EOH Governance framework has been rolled out across the organisation, with significant progress being made in areas of Governance and Ethical behaviours policy and training.
	Strategy and organisation redesign				Definition: The ongoing business restructuring will drive rapid cultural change that places pressure on the independent and entrepreneurial organisations within the Group, presenting operational challenges due to the complexity of integration.		Mitigation measures implemented: A robust strategy initiative was undertaken during 2020, to clearly outline the five-year strategy for EOH.