Table of Contents Table of Contents
Previous Page  55 / 203 Next Page
Information
Show Menu
Previous Page 55 / 203 Next Page
Page Background

PPS

INTEGRATED REPORT 2018

54

CORPORATE

GOVERNANCE REPORT

(continued)

reporting (including communication and escalation

mechanisms) on all material risks.

• Reports to inform senior management, the Group Risk

Committee, and the boards of directors and trustees

on all material risks faced by the PPS Group and on

the effectiveness of the risk management system itself.

• Processes for ensuring adequate contingency planning,

business continuity, and crisis management.

The detailed particulars of the risk management system

are set out in the PPS Group Enterprise Risk Management

Framework.

INTERNAL CONTROL SYSTEM

The internal control system consists of the totality of

strategies, policies, procedures, and controls to assist the

boards of directors, trustees and managing executives

in the fulfilment of their oversight and management

responsibilities. The PPS Group has adopted a Five Lines

of Assurance model, supported by a combined assurance

framework, to facilitate and ensure effective governance

across all processes and functions.

The internal control system provides the boards of directors,

trustees, and managing executives with reasonable

assurance from a control perspective that the business

is operated consistently within the following parameters:

• Business objectives of the PPS Group.

• Strategy determined by the boards of directors and

trustees. The detailed particulars of the strategic

planning process are set out in the Strategic Planning

and Capital Allocation Framework.

• Key business, information technology and financial

policies and processes, as well as related risk

management policies and procedures, determined by

the boards of directors and trustees.

• Applicable laws and regulations.

The internal control system comprises the following

components:

• Appropriate segregation of duties, and controls to

ensure that segregation is observed.

• Appropriate controls for all key business processes and

policies, including for major business decisions.

• End-to-end control processes for complex business

activities.

• Controls to provide reasonable assurance over the

fairness, accuracy, reliability and completeness of the

insurers’ financial and non-financial information.

• Board-approved delegations of authority (these are

reviewed regularly by the PPS Group boards).

• Controls at the appropriate levels, including at the

procedural or transactional levels, and at the legal entity

or business unit levels.

• Regular monitoring of all controls to ensure they remain

effective.

• An inventory of all key policies and procedures, and

the controls in respect of each policy and procedure.

• Training in respect of relevant components of the

system of internal controls, particularly for employees

in positions of trust or responsibility, or who carry out

activities that involve significant risk.

CONTROL FUNCTIONS

In terms of the Prudential Standard GOI 3 Risk Management

and Internal Controls, insurance companies must have

certain control functions in place and these must be

adequately resourced. The following four key control

functions are in place within the two PPS Group insurance

companies:

• Risk management

• Actuarial

• Compliance

• Internal audit

The control functions are structured to include the

necessary authority, independence, resources, expertise,

access to the boards and all relevant employees, as well

as information to enable them to exercise their authority

and perform their responsibilities. The performance of the

control functions is reviewed periodically by the PPS Group

boards or relevant committee/s. The control functions are

required to complete regular self-assessments of their

respective functions.

The roles and responsibilities of the control functions are

documented and reviewed on an annual basis and are

approved by the PPS Group boards. The control functions

must avoid conflicts of interest and where conflict arises, it

will be brought to the attention of the PPS Group boards.

Where appropriate, the Heads of Internal Audit and

Actuarial Control Functions may be outsourced – subject

to the provisions of the Outsourcing Policy – in light of the

nature, scale, and complexity of the business, risks, and

legal and regulatory obligations. The Actuarial Control

Functions are performed by Deloitte in terms of outsourced

arrangements. Mr G T Waugh of Deloitte serves as the

Head of the Actuarial Control Function for PPS Insurance.

Mr J van der Merwe of Deloitte serves as the Head of the

Actuarial Control Function for PPS Short-Term Insurance.

The Internal Audit Control function is performed by KPMG

in terms of an outsourced arrangement. Ms I Fourie of

1 50 51 52 53 54 55 56 57 58 59 60 61 203  FlippingBook