57

• A risk awareness culture via management of the business

units.

• Disciplined and effective risk management processes

and controls, and adherence to risk management

standards and limits.

• Compliance with the relevant statutory, regulatory, and

supervisory requirements by way of a robust compliance

risk management process.

• Regular monitoring by Compliance.

• Review of control measures by Internal Audit.

• Oversight of the risk management process by the Group

Risk Committee.

The PPS Group boards ensure that PPS has implemented

an effective ongoing process to identify risk, measure its

potential outcome and then implement what is necessary

to proactively manage these risks. This responsibility

includes setting the risk appetite and tolerance of the

PPS Group, measuring the relevant risks against it, and

ensuring that the necessary controls and service level

agreements are in place, are effective and are adhered

to at all times. Assurance of good corporate governance

is achieved through the regular measurement, reporting,

and communication of risk management performance,

which includes progress with risk management plans and

improvements to risk management maturity.

Management and employees are responsible for the

management of risk in accordance with the Enterprise

Risk Management Framework, and incorporating risk

management into the day-to-day operations of the PPS

Group. Management is assisted by the risk management

control function in performing annual risk assessments and

updating these quarterly, and agreed mitigating actions

are managed utilising CURA software. Risk registers are

produced from CURA and reviewed monthly by the Group

Executive Committee and quarterly by the Group Risk

Committee for strategic and major operational risks. A Risk

Report containing the findings and conclusions of the risk

environment of the PPS Group is prepared on a quarterly

basis and is reviewed by the Group Risk Committee and

the respective Boards. Other operational risk registers

are continuously managed by the relevant business areas.

An opportunity assessment methodology has been

implemented by PPS. The purpose of using thismethodology

is to identify opportunities and the material risks associated

with new opportunities to enhance the quality and depth

of the risk management process. This methodology also

enables an assessment of current strategic objectives

against those derived, based on opportunities and the

prioritisation of the efforts to get maximum return based

on readily accessible resources.

The PPS Holdings Trust Audit Committee, the PPS Group

Risk, Audit, Actuarial, Remuneration, and Social and Ethics

Committees, as well as the Risk and Audit Committees

of subsidiaries, make reports and recommendations to

the PPS Group boards, enabling them to discharge their

responsibilities in regard to risk management.

MANAGEMENT OF FRAUD AND

CORRUPTION RISK AND

CONFIDENTIAL REPORTING

The PPS Group maintains a Fraud and Corruption Policy

and Response Plan, and a Confidential Reporting Policy to

manage fraud and corruption risk in the PPS Group, and

to ensure that employees are able to report suspicious

activities without fear of retribution. An anonymous

reporting hotline, operated independently from the PPS

Group by Deloitte, provides a facility to enable employees

to report suspicious activities and unethical behaviour in

a safe environment. All financial crime-related suspicious

transactions and reports are managed by the Fraud

Committee and other unethical behaviour is managed

by the Human Resources Department.

PRINCIPLES AND PRACTICES OF

FINANCIAL MANAGEMENT

PPS Insurance issues insurance policies with a discretionary

element of bonuses and is required to establish and

maintain a document setting out its Principles and

Practices of Financial Management (PPFM) and provide

this document to policyholders. This document outlines

PPS Insurance’s principles and practices of financial

management, in order that policyholders can better

understand the profit distribution principles and practices

in place at PPS Insurance, as well as the investment strategy

adopted by the PPS Insurance Board. The PPFM document

is available to all policyholders on the PPS Group website at

www.pps.co.za.

INFORMATION TECHNOLOGY (IT)

GOVERNANCE

The PPS IT strategy is reviewed by the Group Risk

Committee (GRC) and progress is tracked regularly through

formal published project plans. This strategy is reviewed

annually and progress is highlighted for the GRC along

with any adjustments that may have resulted from changed

business strategies or environmental developments. This

strategy is also regularly reviewed to ensure its alignment

with business priorities.