57
• A risk awareness culture via management of the business
units.
• Disciplined and effective risk management processes
and controls, and adherence to risk management
standards and limits.
• Compliance with the relevant statutory, regulatory, and
supervisory requirements by way of a robust compliance
risk management process.
• Regular monitoring by Compliance.
• Review of control measures by Internal Audit.
• Oversight of the risk management process by the Group
Risk Committee.
The PPS Group boards ensure that PPS has implemented
an effective ongoing process to identify risk, measure its
potential outcome and then implement what is necessary
to proactively manage these risks. This responsibility
includes setting the risk appetite and tolerance of the
PPS Group, measuring the relevant risks against it, and
ensuring that the necessary controls and service level
agreements are in place, are effective and are adhered
to at all times. Assurance of good corporate governance
is achieved through the regular measurement, reporting,
and communication of risk management performance,
which includes progress with risk management plans and
improvements to risk management maturity.
Management and employees are responsible for the
management of risk in accordance with the Enterprise
Risk Management Framework, and incorporating risk
management into the day-to-day operations of the PPS
Group. Management is assisted by the risk management
control function in performing annual risk assessments and
updating these quarterly, and agreed mitigating actions
are managed utilising CURA software. Risk registers are
produced from CURA and reviewed monthly by the Group
Executive Committee and quarterly by the Group Risk
Committee for strategic and major operational risks. A Risk
Report containing the findings and conclusions of the risk
environment of the PPS Group is prepared on a quarterly
basis and is reviewed by the Group Risk Committee and
the respective Boards. Other operational risk registers
are continuously managed by the relevant business areas.
An opportunity assessment methodology has been
implemented by PPS. The purpose of using thismethodology
is to identify opportunities and the material risks associated
with new opportunities to enhance the quality and depth
of the risk management process. This methodology also
enables an assessment of current strategic objectives
against those derived, based on opportunities and the
prioritisation of the efforts to get maximum return based
on readily accessible resources.
The PPS Holdings Trust Audit Committee, the PPS Group
Risk, Audit, Actuarial, Remuneration, and Social and Ethics
Committees, as well as the Risk and Audit Committees
of subsidiaries, make reports and recommendations to
the PPS Group boards, enabling them to discharge their
responsibilities in regard to risk management.
MANAGEMENT OF FRAUD AND
CORRUPTION RISK AND
CONFIDENTIAL REPORTING
The PPS Group maintains a Fraud and Corruption Policy
and Response Plan, and a Confidential Reporting Policy to
manage fraud and corruption risk in the PPS Group, and
to ensure that employees are able to report suspicious
activities without fear of retribution. An anonymous
reporting hotline, operated independently from the PPS
Group by Deloitte, provides a facility to enable employees
to report suspicious activities and unethical behaviour in
a safe environment. All financial crime-related suspicious
transactions and reports are managed by the Fraud
Committee and other unethical behaviour is managed
by the Human Resources Department.
PRINCIPLES AND PRACTICES OF
FINANCIAL MANAGEMENT
PPS Insurance issues insurance policies with a discretionary
element of bonuses and is required to establish and
maintain a document setting out its Principles and
Practices of Financial Management (PPFM) and provide
this document to policyholders. This document outlines
PPS Insurance’s principles and practices of financial
management, in order that policyholders can better
understand the profit distribution principles and practices
in place at PPS Insurance, as well as the investment strategy
adopted by the PPS Insurance Board. The PPFM document
is available to all policyholders on the PPS Group website at
www.pps.co.za.INFORMATION TECHNOLOGY (IT)
GOVERNANCE
The PPS IT strategy is reviewed by the Group Risk
Committee (GRC) and progress is tracked regularly through
formal published project plans. This strategy is reviewed
annually and progress is highlighted for the GRC along
with any adjustments that may have resulted from changed
business strategies or environmental developments. This
strategy is also regularly reviewed to ensure its alignment
with business priorities.