overview
Risk overview
Our enterprise risk management approach, which has continued to evolve, has enhanced our risk identification, assessment and control procedures.
EOH's principal risks and where appropriate, the accompanying mitigation actions, are reported to the Board and exco by the Code team, which is a multidisciplinary team of GRC specialists. The Group Risk Committee is chaired by the Chief Risk Officer ('CRO') and meets quarterly. The main responsibility of the Group Risk Committee is to:
- review the top risks facing the Company and mitigation actions to reduce the risks;
- oversee projects/structures in place designed to identify and reduce risk, such as the compliance and ethical programmes and the bid assurance function; and
- in addition, business unit risks are discussed at quarterly BU reviews where new risks are discussed and mitigation monitored.
MANAGING OUR RISKS AND OPPORTUNITIES
The risks tabulated below are the top risks for the EOH Group for the 2021 financial year. Risks identified here are overseen by the Governance and Risk Committee, which is accountable for providing oversight of the actions being managed at executive level.
Risks are managed within the context of the risk and compliance framework, which forms part of the EOH corporate governance framework. This framework includes control, management compliance and integrated assurance, aligned to our five philosophies, and is designed to drive our strategic objectives and future value creation for all our stakeholders.
| Risk | Impact | Mitigation | |
| Macro-economic conditions and COVID-19 | Volatile macro-economic conditions, exacerbated by the economic impact of COVID-19, may weaken enterprise spending and affect ability to achieve growth and revenue targets. |
|
|
| Cyber threat | A malicious or accidental cyber-attack from outside our organisation, as well as insider threats or supplier breaches, could result in service interruptions and/or the infringement of personal and confidential data. This could impact our customers, our revenue and reputation, and lead to costs associated with fraud and/or extortion.During the COVID-19 pandemic, there has been an increase in cyber threats; this is exacerbated by remote work. |
|
|
| Regulatory compliance including data privacy | Failure to meet regulatory requirements such as B-BBEE, tax liabilities relating to statutory employment, and emerging and evolving data privacy requirements would incur cost and reputational damage. |
|
|
| Implementation of a new Group enterprise resource planning ('ERP') system | The adoption of a new ERP system, which will replace the existing accounting systems, poses several challenges relating to, among other things, training of personnel, communication of new rules and procedures, changes in corporate culture, migration of data and possible business interruptions during implementation. |
|
|
| Human capital | There is increasing demand for tech skills in the global market. Remote work in a post-COVID-19 market is providing skilled resources additional opportunities. As competition for these employees increases, EOH may not be successful in attracting and retaining qualified personnel. |
|
|
| Legacy issues | The ongoing legal and forensic examination of wrongdoing could consume ongoing resources and executive bandwidth, yielding further financial claims requiring justice, remediation and restitution. |
|
|
| Liquidity | Liquidity constraints could be faced due to the suboptimal gearing of the balance sheet. |
|
|
EMBEDDING RISK MANAGEMENT
We continue to embed risk management practices, including:
- overseeing and refining tolerance levels and controls within the new ERP system;
- enhancing risk management reporting through digital offerings to provide real-time assurance; and
- focus on human capital risk as it relates to employee mental health, as a result of COVID-19 and the impact new hybrid way of work.