PPS
INTEGRATED REPORT 2018
54
CORPORATE
GOVERNANCE REPORT
(continued)
reporting (including communication and escalation
mechanisms) on all material risks.
• Reports to inform senior management, the Group Risk
Committee, and the boards of directors and trustees
on all material risks faced by the PPS Group and on
the effectiveness of the risk management system itself.
• Processes for ensuring adequate contingency planning,
business continuity, and crisis management.
The detailed particulars of the risk management system
are set out in the PPS Group Enterprise Risk Management
Framework.
INTERNAL CONTROL SYSTEM
The internal control system consists of the totality of
strategies, policies, procedures, and controls to assist the
boards of directors, trustees and managing executives
in the fulfilment of their oversight and management
responsibilities. The PPS Group has adopted a Five Lines
of Assurance model, supported by a combined assurance
framework, to facilitate and ensure effective governance
across all processes and functions.
The internal control system provides the boards of directors,
trustees, and managing executives with reasonable
assurance from a control perspective that the business
is operated consistently within the following parameters:
• Business objectives of the PPS Group.
• Strategy determined by the boards of directors and
trustees. The detailed particulars of the strategic
planning process are set out in the Strategic Planning
and Capital Allocation Framework.
• Key business, information technology and financial
policies and processes, as well as related risk
management policies and procedures, determined by
the boards of directors and trustees.
• Applicable laws and regulations.
The internal control system comprises the following
components:
• Appropriate segregation of duties, and controls to
ensure that segregation is observed.
• Appropriate controls for all key business processes and
policies, including for major business decisions.
• End-to-end control processes for complex business
activities.
• Controls to provide reasonable assurance over the
fairness, accuracy, reliability and completeness of the
insurers’ financial and non-financial information.
• Board-approved delegations of authority (these are
reviewed regularly by the PPS Group boards).
• Controls at the appropriate levels, including at the
procedural or transactional levels, and at the legal entity
or business unit levels.
• Regular monitoring of all controls to ensure they remain
effective.
• An inventory of all key policies and procedures, and
the controls in respect of each policy and procedure.
• Training in respect of relevant components of the
system of internal controls, particularly for employees
in positions of trust or responsibility, or who carry out
activities that involve significant risk.
CONTROL FUNCTIONS
In terms of the Prudential Standard GOI 3 Risk Management
and Internal Controls, insurance companies must have
certain control functions in place and these must be
adequately resourced. The following four key control
functions are in place within the two PPS Group insurance
companies:
• Risk management
• Actuarial
• Compliance
• Internal audit
The control functions are structured to include the
necessary authority, independence, resources, expertise,
access to the boards and all relevant employees, as well
as information to enable them to exercise their authority
and perform their responsibilities. The performance of the
control functions is reviewed periodically by the PPS Group
boards or relevant committee/s. The control functions are
required to complete regular self-assessments of their
respective functions.
The roles and responsibilities of the control functions are
documented and reviewed on an annual basis and are
approved by the PPS Group boards. The control functions
must avoid conflicts of interest and where conflict arises, it
will be brought to the attention of the PPS Group boards.
Where appropriate, the Heads of Internal Audit and
Actuarial Control Functions may be outsourced – subject
to the provisions of the Outsourcing Policy – in light of the
nature, scale, and complexity of the business, risks, and
legal and regulatory obligations. The Actuarial Control
Functions are performed by Deloitte in terms of outsourced
arrangements. Mr G T Waugh of Deloitte serves as the
Head of the Actuarial Control Function for PPS Insurance.
Mr J van der Merwe of Deloitte serves as the Head of the
Actuarial Control Function for PPS Short-Term Insurance.
The Internal Audit Control function is performed by KPMG
in terms of an outsourced arrangement. Ms I Fourie of