CORPORATE GOVERNANCE AND RISK MANAGEMENT
The Board is accountable to shareholders and other stakeholders and is ultimately responsible for the implementation of sound corporate governance practices throughout the Group. Aspen’s Board of Directors is committed to ensuring that the Group adheres to high standards of corporate governance in the conduct of its business.
In an environment of increasing regulatory pressure, the Board is ever mindful of the need to maintain an appropriate balance between the governance expectations of investors, regulators, government and other stakeholders, and the market demands that the Group delivers competitive financial returns to its shareholders.
Governance in the Group extends beyond mere legislative and regulatory compliance and management strives to entrench an enterprise-wide culture of good governance aimed at ensuring that decisions are taken in a transparent manner, within an ethical framework that promotes the responsible consideration of all stakeholders, while also holding decision makers appropriately accountable. In line with the philosophy that good corporate governance is an evolving discipline, governance structures, practices and processes are actively monitored and revised from time to time to reflect best practice.
The Aspen Audit & Risk Committee (“Committee”) is established in terms of a formal Terms of Reference, as reviewed and approved by the Board from time to time and in terms whereof its mandate, role and responsibilities are confirmed. It performs the responsibilities as determined in terms of the Companies Act of South Africa (2008) and as assigned to it by the Board. The Committee conducts its affairs in compliance with these Terms of Reference and discharges its responsibilities contained therein, as well as in the Companies Act.
The Deputy Group Chief Executive, Group Finance Officer, Group Executive: Internal Audit, Group Chief Corporate Services Officer, Group Executive: Tax, Company Secretary & Group Executive: Governance & Communications, Group Executive: Treasury, Group Head: Risk & Sustainability, and representatives of the internal and external auditors attend meetings by invitation. From time to time other executives and directors of the Group attend meetings of the Committee as requested. The Committee has unrestricted access to the external and internal auditors.
In accordance with the Terms of Reference, the Committee meets at least four times annually, but more often if necessary. Each of the scheduled meetings is preceded by a pre-meeting during which the Chairman ascertains the key issues requiring consideration and to be addressed. All directors have a standing invite to attend meetings and the minutes of meetings are made available to all directors by means of a database of documents they can access online. The Chairman of the Committee provides the Board with a verbal report of the Committee’s activities at each Board meeting. During the year, the Committee meets with the external auditors and with the Group Executive: Internal Audit without management being present. Any matters that require attention arising from these meetings are dealt with by the Committee, as appropriate.
The Chairman of the Committee represents the Audit & Risk Committee at the annual general meeting each year. The Company Secretary & Group Executive: Governance & Communications is the secretary of the Committee.
The Remuneration & Nomination Committee, through its nomination process, ensures that members are sufficiently qualified and experienced in matters such as financial and sustainability reporting, internal financial controls, external and internal audit processes, corporate law, risk management, financial sustainability issues, information and technology governance as it relates to integrated reporting, and governance processes.
The Committee’s membership and attendance at meetings for each financial year is reported on in the Audit & Risk Committee report, which is included in the Annual Financial Statements and the Integrated Report.
The Committee has an independent role with accountability to both the Board and our shareholders. The Committee does not assume the functions of management, which remain the responsibility of the executive directors, officers, and other senior members of management.
The Committee is, inter alia, responsible for assisting the Board in discharging its duties in respect of the safeguarding of assets, accounting systems and practices, internal control processes and the preparation of the Group and Company Annual Financial Statements in line with the relevant financial reporting standards as applicable from time to time. The Committee’s responsibilities can be divided into two broad categories:
The Committee provides confirmation that it is satisfied with the quality of the external audit work performed by the external auditor in respect of all of the Group’s subsidiaries, including Aspen’s South African subsidiaries which are audited by the external auditor and a joint auditor on a shared basis, and that the firm and relevant designated auditor are accredited with the JSE list of auditors and the IRBA and hold the requisite certifications and registrations.
In recommending the external auditor for appointment as proposed external auditor for each financial year, the Committee calls for and considers:
- The decision letter and findings report of the inspection report issued in respect of the firm by the IRBA of South Africa on both the firm and the designated individual auditor;
- A summary of the firm’s monitoring procedures; and
- The outcome and summary of any legal or disciplinary proceedings which may have been instituted by the IRBA against the firm and designated individual auditor.
The Committee, in consultation with executive management, agrees to the engagement letter, terms, audit plan and budgeted audit fees for the financial year.
There is a formal procedure that governs the process whereby the external auditor is considered for non-audit services. The Committee approves the terms of the service agreement for the provision of non-audit services by the external auditor and approves the nature and extent of non-audit services that the external auditor provides in terms of the agreed pre-approval policy. The fees paid in respect of non-audit services for the year are disclosed in the Audit & Risk Committee report, as well as in the Annual Financial Statements.
The external auditor is invited to attends all Audit & Risk Committee deliberations, except those which may present a conflict of interest to the audit firm or the designated auditor. The external auditor is required to meet independently with the Committee at least annually. A schedule of findings by the external auditor arising from the annual statutory audit is tabled and presented at an Audit & Risk Committee meeting following the audit. The Committee endorses action plans for management to mitigate noted concerns.
The Committee performs an annual assessment on the results of the formal documented review of the design, implementation and effectiveness of the Group’s systems of internal financial controls conducted by Group internal audit, supported by approved outsourced internal audit service providers for each financial year. In addition, it considers information and explanations given by management and discussions with the external auditor on the results of their audits, and whether any material breakdowns in the functioning of the internal financial controls were detected during the year under review.
Furthermore, the Committee considers and satisfies itself of the appropriateness of the expertise and adequacy of resources of the Group’s finance function and experience of the senior members of management responsible for the Group’s finance function.
The Committee considers reports issued by the JSE, such as those relating to the proactive monitoring of financial statements, ensuring that findings and recommendations from these reports are adopted and implemented as appropriate.
In addition, the Committee considers and reports on key audit matters in relation to the Company’s Annual Financial Statements.
The duties and responsibilities of the members of the Committee are set out in the Audit & Risk Committee Terms of Reference included in the Board Charter and which is approved by the Board.
The Committee considers the results of sustainability audits conducted by its appointed specialist assurance providers in this regard and the limited assurance engagements performed on selected key performance indicators by such assurance providers, the Group’s external auditors, and internal audit. The Committee is required to, annually, satisfy itself and confirm that the sustainability information, as presented in the Integrated Report, is reliable, consistent and fairly presented.
The Group Tax Committee is charged with ensuring all Group companies implement the Group’s tax philosophy and policies and comprises the Deputy Group Chief Executive, Group Finance Officer, Group Chief Strategic Development Officer and Group Executive: Tax, who meet on a regular basis to discuss the status of the Group’s tax affairs.
The Group Treasury Committee is charged with:
- monitoring the Group’s performance in managing the risks identified in the Group treasury policy;
- considering the recommendations made, and actions taken, by Group Treasury function in terms of its duties under the Group treasury policy;
- reviewing the effectiveness of the Group’s operational treasury activities; and
- considering the appropriateness of the Group’s debt funding portfolio, including related intragroup guarantees and funding arrangements.
The Group Treasury Committee comprises the Deputy Group Chief Executive, Group Chief Finance Officer, Group Chief Strategic Development Officer, Group Executive: Corporate Finance, Group Executive: Treasury and the Group Treasury Manager.
The executives responsible for the Group’s tax and treasury functions attend the quarterly meetings of the Committee to report on notable matters arising within the areas of their responsibility during the quarter.
Internal audit reports centrally with responsibility for reviewing and providing assurance on the adequacy of the internal control environment across all of the Group’s significant operations. Various financial internal control audits are outsourced to an auditing firm, ensuring that specialist resources are utilised for financial internal control assessments. The internal audit plan follows a three-year cycle and is revised regularly in accordance with the risk profiles as discussed and tabled at the Audit & Risk Committee meetings with any changes to the internal audit plan being approved by the Committee.
Each internal audit conducted is followed up by a detailed report to operational and senior management, including recommendations on aspects requiring improvement. The Group Executive: Internal Audit is responsible for reporting the findings of the internal audit work against the agreed internal audit plan to the Audit & Risk Committee at each Committee meeting. Copies of the detailed reports are also provided to the Audit & Risk Committee together with an overall summary of the audit result for each audit.
The Group Executive: Internal Audit has direct access to the Committee, primarily through its Chairman, and attends Audit & Risk Committee meetings by invitation.
The Audit & Risk Committee is responsible for the appointment and removal of the Group Executive: Internal Audit. The Committee is also responsible for the assessment of the performance of the Group Executive: Internal Audit and the internal audit function. The Committee considers the effectiveness of the internal audit function. The Committee also considers the expertise and experience of the Group Executive: Internal Audit.
External and independent assessments of the internal audit function are performed every five years, with the last one being n 2017. This assessment indicated positive results and the function’s general conformance with the Institute of Internal Auditors Standards.
- The organisation’s line functions that own and manage risks – first line of assurance;
- Specialist functions that facilitate and oversee risk management and compliance – second line of assurance;
- Internal assurance providers – third line of assurance;
- Independent external assurance providers – fourth line of assurance; and
- Governing body and committees – fifth line of assurance.
The required level of combined assurance is determined by the effectiveness of the risk response activities and the impact of such risk to the Group Standards.
The Board considers risk management to be a key process in the responsible pursuit of strategic objectives and in the effective management of related material issues across the Group. Our management culture is underpinned by effective risk identification and mitigation activities which are applied, on a day-to-day basis, through a system of internal controls, monitoring mechanisms and relevant stakeholder engagement activities. In accordance with the Group’s risk philosophy, business activities and business plans are aligned to the Group’s governance, economic, environmental and social aspirations.
The Board of Directors is responsible for the governance of risk across the Group, for setting the risk appetite and for monitoring the effectiveness of our risk management processes. This responsibility is delegated to the Audit & Risk Committee.
The Group’s integrated risk management model considers strategic, operational, financial and compliance risks. Reputational risks and uncertain risks, which are inherent to our business and to the pharmaceutical industry in general, are also identified, monitored, recorded and appropriately managed. Risk indicators and risk appetite are reviewed and approved by the Board on an annual basis or more frequently where required. The boards of directors of our subsidiary companies are responsible for oversight of the risk management processes implemented at the relevant business units and for monitoring the effectiveness of the implemented risk management systems to ensure business continuity. Evaluations of material risks and of the effectiveness of the risk management process are conducted during the year by the Group Executive Risk Forum and the findings of these evaluations are reported to the Committee. Following a comprehensive review of risks and mitigating controls at the Audit & Risk Committee meeting(s), the Committee formulates an overall conclusion and submits a formal risk review report to the Board. The Committee’s report includes an opinion on the overall status of material residual, reputational and uncertain risks with reference to the adequacy of related mitigating controls and to the approved risk appetite. The report also presents an opinion on the effectiveness of the risk management process implemented in the Group, supported by the internal audit report.
In arriving at its opinion, the Audit & Risk Committee undertakes the following activities:
- Monitors the implementation of the Group risk policy and Group risk plan as approved by the Board;
- Reviews and considers the activities and reports of the Group Executive Risk Forum;
- Reviews and considers business unit risk reports presented to the Committee;
- Reviews and considers the report by internal audit on the integrity and robustness of the Group’s risk management processes;
- Reviews and considers the status of financial, information and technology, and internal controls, for the year under review, as reported by the Group’s internal and external auditors; and
- Reviews and approves the adequacy of the Group’s insurance cover, after having considered the claims for the prior year, a summary of the proposed insurance arrangements for the ensuing year and the insurable, but uninsured risks.
At year end, the Board, if satisfied, confirms its satisfaction with the status and effectiveness of risk governance in the Group and adequacy of mitigation plans for material risks. Internal audit determine whether the implemented risk management process is effective and makes recommendations for improvement which will be implemented as part of the continuous improvement process.
The Committee performs a regular evaluation of the Group’s I&T governance framework and on developing an appropriate roadmap for refining and expanding this framework to better evaluate, direct and monitor Aspen’s I&T assets as well as to align IT services with the Group’s current and future business needs. The Committee monitors the business system implementation by various Aspen businesses and functional departments across the Group that are in progress and which are also being monitored by the I&T Steering Committee. The Committee also monitors the programme to mitigate infrastructure technology security risks and maturity that is being coordinated centrally and which includes the introduction of supporting policies and procedures. Furthermore, the Committee has oversight of the mitigation plans that have been introduced to address the risk of material operational and disruptive incidents. Material incidents of this nature that occur during the year are reported on, and mitigated, as appropriate.
Recommendation of the Integrated Report and related sustainability information for approval by the Board
Please refer to the following Corporate Governance Documents: