Risk management report

A high level of risk awareness and response has been embedded in daily management and operational activities. Given the size and complexity of the Group, Murray & Roberts acknowledges that risk can never be fully eliminated. For this reason, management has designed and implemented a planned and structured approach to identify, assess, address, monitor, communicate and report the Group's large and complex risks. This includes governance structures (such as the Board risk management committee, the executive risk committee and the business platform risk committees), organisational leadership, strategic planning and effective management to ensure that the appropriate operational and functional capacities, as well as controls, systems and processes are in place to manage risk. Underpinning this is the Group Risk Management Framework.


The Group Risk Management Framework constitutes one of three pillars on which the Group Integrated Assurance Framework stands, and aims to:
  • Align strategy with risk tolerance;
  • Improve and streamline decision-making which improves the Group risk profile;
  • Promote the strategic, informed and coordinated procurement of a quality order book;
  • Ensure equitable commercial terms and conditions are contracted based on a predetermined set of acceptable contracting principles, together with the rational pursuit of commercial entitlement;
  • Promote early and rigorous project reviews, and timeous response to projects showing early signs of underperformance;
  • Promote continuous improvement through the meticulous institutionalisation and rigorous application of key lessons learnt;
  • Reduce operational surprises, improve predictability and build shareholder confidence;
  • Build robust organisational risk structures and facilitate timeous interventions, to promote long-term sustainable growth; and
  • Promote the efficient and proactive pursuit of opportunities.


THE GROUP RISK MANAGEMENT FRAMEWORK

THE GROUP RISK MANAGEMENT FRAMEWORK

ORGANISATIONAL STRUCTURES

REGULATORY COMPLIANCE

REGULATORY COMPLIANCE

With the continued growth and expansion of the Group, especially in new geographies and disciplines, regulatory compliance is a large and complex area to understand. This in turn requires a structured approach to evaluate compliance failures and ensure adequate responses are initiated timeously to mitigate and avoid any negative impact on the Group's performance. The regulatory compliance function provides specific focus on regulatory compliance risk within the context of the Group Integrated Assurance Framework.

The key imperative of regulatory compliance is to ensure material compliance across the Group with every law, rule, code and standard where non-compliance could materially impact the Group's performance and/or continued existence, whether from a financial, legal or reputational perspective.

The implementation of the Group Regulatory Compliance Framework focuses on the seamless integration of regulatory compliance (with risk management and internal audit) into business planning, execution and management.

INTERNAL AUDIT

Internal audit is a key element of the Group's assurance structure, and constitutes the third pillar of the Group Integrated Assurance Framework. Internal audit has established a robust, risk-based approach to identify the critical risk management control environment which is relied on by management, and which is to be tested and evaluated for the purposes of providing the Board with the risk management and regulatory compliance assurance it requires to meet its governance objectives. Internal audit follows a planning and execution process through which the risk-based approach is delivered in a consistent manner, followed by detailed reporting and issue tracking.

It is through diligent implementation of the Group Integrated Assurance Framework that the critical risk processes and responses to be included in the internal audit plan are developed. These include interactions with the Group risk manager and the Group legal executive, and with specific reference to their respective mitigation objectives, strategies and plans. The audit plan also encompasses the assessment of Group-wide corporate governance, internal financial controls and risk management procedures, as well as specific areas highlighted by the audit & sustainability committee, Group executive committee and by executive and operational management for separate and dedicated review.

To reduce project risk as far as possible, the following procedures are followed:
  • Only competent and experienced executives prepare bids for submission.
  • All opportunities are logged on the Opportunity Management System, which tracks and processes opportunities, subjecting them to a series of risk tolerance filters in order to develop a risk profile. These filters are in turn extracted from the delegation of authority matrix, which is approved by the Board.
  • In preparing bids, based on first principles and on a bottom-up basis, the estimating tools used across the Group are proven and validated. The costing process is comprehensive, and subject to rigorous and independent internal reviews.
  • Risks are identified based on past experience and carved out of bids contractually or retained but priced and then managed within budget.
  • Critical bid requirements are: the exclusion and/or pricing of known risks; projects must be cash positive; unacceptable risks and unusual contracting terms are prohibited; and limits of liability are always contracted.
  • Where a lump sum project is accepted, the design must be mature, the scope and/or specification clear and an efficient mechanism for change management and dispute resolution must be included in the contract.
  • An allowance for contingencies (unforeseen or unplanned risks) is added to the bid price to cater for possible risks (threats) that cannot be proactively priced and managed. They are a hedge against risk and are utilised within the framework for which they are established. They are under the control of the project director and the use of a contingency is ratified by the project review committee.
  • Generally known suites of contracts are used, such as FIDIC, NEC, JBCC, GCC, and specific attention is placed on the special terms. Bespoke contracts are negotiated based on the detailed guidance of internal and external attorneys.
  • Large and complex project bids are subject to independent review and approval by the Murray & Roberts Limited risk committee, which issues a mandate that has to be followed by the project negotiation team. Projects above USD300 million are escalated to the Murray & Roberts Holdings Board for approval. Any deviation from a mandate is referred back to the relevant risk committee for a final decision.
  • The designated executive, identified to lead the project, signs off on the final bid terms and conditions to achieve effective ownership.
  • The Murray & Roberts project oversight committee reviews large and complex projects to ensure performance is in line with the tendered terms and prevailing circumstances (to recognise changes in market conditions). Projects showing early signs of underperformance are also reviewed by this committee, with the objective of preventing as far as possible projects entering into distress by identifying early signs of difficulty and ensuring corrective action and intervention is initiated.


RISK MANAGEMENT PRACTICES

Leaders, tasked with overall governance but who are not involved in the engine room of the business they govern, require line-ofsight to the mechanics for which they are ultimately accountable.

Likewise with risk management, the Board is responsible for the performance of the Group it governs, but is remote from the details that influence (positively or negatively) the outcomes. For this reason, leadership requires line-of-sight to the controls, procedures, processes and systems that deliver the outcomes to ensure that they are appropriate, complete, robust and timeous in application.

The Group has defined four discrete risk environments, being: Strategic, Corporate, Operational and Project. Each risk has a specific owner, be it a business platform, operating board or an individual executive.

In addition, the risk management and internal audit functions, located in the corporate office (and which advise on risk management approaches, methodologies and systems), monitor that risk management is diligently exercised at every level across the Group, and in turn separately report to various constituted boards and committees on both the inherent risk and the residual risk across the Group. This reporting is on a materiality basis, so the higher the level of authority, the greater the level of risk filtration.

As a project-based group, the predominant source of risk is in the project area. Murray & Roberts is an international contractor and contracting on a variety of projects, which differ in specification, scope and size, introduces significant risk into the Group.

Critical to the preparation of bids and successful project delivery is the application of two standards to each bid which have been formulated on the basis of the Group’s past performance:

  • Group Schedule of Contracting Principles; and
  • Group Schedule of Lessons Learnt.

All bids submitted are tested against the above two standards to ensure that the identified risks are correctly addressed and failures of the past are not repeated.

RISK MANAGEMENTThe three business platforms, which comprise the Murray & Roberts Group's project businesses, are also the source of operational risk. Risk exposures typically relate to infringement of laws, including competition, health and safety, environment, commercial, technical and logistical activities. Each business platform has its own risk committee at which these and project risks are regularly reviewed and assessed, together with responsible management's mitigation actions.

Strategic and corporate risks are associated with the activities of the office of the Group chief executive and the executive committee members operating in the corporate office. Risks associated with macro factors, such as growth (organic and acquisitive), new markets, new products, accounting, taxation, banking/bonding, funds transfers and the like are managed within the corporate office, reviewed by the risk committee quarterly and reported to the boards of Murray & Roberts Limited and of
Murray & Roberts Holdings Limited.

A Group business continuity standard and procedure has been developed and implemented within each business platform. The assurance required with regard to these business plans falls within the mandate of the internal audit function.

The practice of risk management has been widely implemented across the Group. Embedding of risk management is being driven by executive management. As a final control over the management of risk across the Group, every Group area and activity is subject to audit, by both external auditors and internal auditors. The Murray & Roberts internal audit function is well resourced and qualified to carry out its mandated review and evaluation function, which includes risk management, and its findings are evaluated to corroborate the findings of the risk management function in its assessment of the adequacy of risk management across the Group.

The material Group risks, in no order of priority, are discussed below:

Key

STRATEGIC RISKS


MACRO ECONOMY

Global demand for commodities remains weak. The major economies remain distressed and market sentiment generally is negative. This affects global business confidence and global demand for capital assets, projects and infrastructure.

Declining business confidence in South Africa and a volatile labour market lead to reduced foreign investment and may further constrain opportunities in the local mining markets.

Insufficient South African government major infrastructure spend impacts negatively on a number of business areas.

  • Focus on client relationships to promote negotiated contracts with equitable terms, focusing on value rather than price.
  • Grow further in the natural resources sector, particularly water.
  • Continue implementation of African growth strategy in selected countries within the East, West and Central Africa regions.
  • Cost reduction across all business platforms and geographies to support profitability.
  • JVs with empowered companies have been established for projects where empowerment is required.
  • Diversification across the project lifecycle continued, which included an emphasis on development, front-end engineering and operations and maintenance.
MITIGATIONarrow

 

 

OIL & GAS MARKETS

Oil and gas is needed to fuel growing global energy demands. However, the current low oil price and oversupply continues to have a major impact on the revenues of gas producers and has created a reduction in new capital projects and capital spend within the sector.

  • Establish a presence in geographic areas where the oil and gas majors are located.
  • Establish joint ventures with other Murray & Roberts platforms to explore East African oil and gas opportunities.
  • Diversification across the project lifecycle continued, which included an emphasis on operations and maintenance.
  • Diversify oil and gas capability in Australasia markets into complementary water, power and infrastructure markets.
MITIGATIONarrow
GROUP LIQUIDITY

While Murray & Roberts remains in a cash positive position, outstanding claims, project losses and working capital demands may constrain our ability to make additional acquisitions and meet growth targets.

  • Resolve outstanding claims, including Dubai International Airport, other Middle East projects and Gautrain.
  • Continue to manage overheads and improve project and commercial performance.
  • Procure advance payments on projects and ensure that all projects remain cash positive or neutral.
MITIGATIONarrow
TRANSFORMATION

Lack of compliance with employment equity and BBBEE requirements could reduce the likelihood of Murray & Roberts being successful in winning South African public sector tenders and in limited cases, private sector tenders.

  • Continuous monitoring of developments in terms of new BBBEE legislation and other relevant laws.
  • Continue to focus on management control, employment equity, skills development and enterprise and supplier development within each South African business.
MITIGATIONarrow

OPERATIONAL RISKS


HEALTH, SAFETY AND ENVIRONMENTAL EXPOSURES

Although the Group has made significant progress in managing safety risk, anything more than Zero Harm remains a concern and continues to receive diligent and proactive attention from the executive team across the Group.

  • The Zero Harm Through Effective Leadership Programme, aimed at establishing a purpose-driven culture, ensures sustainable improvement in health and safety.
  • The VFL initiative, practised across the Group is focused on achieving Zero Harm.
  • FRCP and Life Saving Rules are in place across the Group on every project site.
  • The MAP programme, which was developed in the Oil & Gas platform, is being rolled out across all the operations in the Group.
  • The Philisa Care Employee Health and Wellness Programme is in operation in South Africa, and is aimed at improving health and wellness standards and performance across the Group. Similar programmes are in place across a number of international businesses.
  • The Environmental Framework, incorporating a number of critical standards, implemented to regulate important environmental issues such as energy efficiency, carbon emissions, waste and water, is in place across the Group’s operations.
MITIGATIONarrow

 

 

INDUSTRIAL UNREST

Ongoing industrial and community unrest in South Africa continues to cause project delays and disruptions, impacting on productivity, safety and profitability. It also adds a further hurdle to the decision-making process for investment in new capital projects, particularly in the mining sector.

  • The Employee Relations Framework, implemented last year across the Group’s South African operations, is operating well.
  • Communication with shop stewards, appointed on all sites, has served to mitigate the risk and the VFL safety initiative is addressing a broader range of issues that affect employees.
  • Strike mitigation plans are in place at each business.
  • Client engagement and contract and commercial management on projects ensures early and comprehensive pursuit of commercial entitlements.
  • The focus on growing our footprint in less risky markets and sectors continues.
  • Key areas of the business are under suitable insurance cover.
MITIGATIONarrow

PROJECT RISK


PROJECT LOSSES

Losses on projects continued to be incurred during the year under review.

  • Management, including at Group level, timeously reviews underperforming projects to revisit and revise recovery plans and programmes.
  • Clients are engaged to find common cause around the recovery plans.
  • The oversight committee continues to review underperforming projects and provide timeous guidance aimed at driving improvements in project performance.
  • A comprehensive project assurance and performance management tool has been developed, based on the experience gained from past project losses, and will be implemented in the forthcoming year. The focus is on obtaining assurance of compliance to project management systems.
  • Project Critical Control Dashboards have been developed and are being implemented across the Group to provide executives with key performance indicators of projects under their control.
MITIGATIONarrow

 

 

SOUTH AFRICAN POWER PROGRAMME

The power programme remains a key focus for the Power & Water platform. Past delays and current acceleration in the power programme has exacerbated the scarcity of industrial skills and experience, and the resourcing of the programme remains a challenge.

As the programme is accelerated, unforeseen commercial disputes give rise to an increase in matters being independently adjudicated.

These disputes in turn have an impact on cash flows and while a forum is in place to deal with such disputes, this aspect of the programme is not without undue risk.

  • Clients are being engaged to resolve outstanding matters.
  • Disputes will be arbitrated if they cannot be resolved amicably.
  • Focus on employing and retaining (locally and internationally) skilled and experienced resource
MITIGATIONarrow

 

 

UNCERTIFIED REVENUES

Uncertified revenues taken to book on Dubai International Airport, other Middle East projects and Gautrain must still be realised through protracted claims processes. This creates the risk of a write-back of revenues accounted for in prior financial years if the outcomes are less favourable than the accounting position.

  • In the case of the Dubai International Airport dispute, the arbitration is in progress and is likely to be resolved during calendar year 2017.
  • Numerous disputes flowing from the Gautrain project are at various stages of arbitration and/or court hearings. Competent legal teams have been retained to advance claims and defend counter-claims with a majority of disputes having been decided in favour of the Group. Appeals have been noted where possible and this process therefore continues.
  • Other claims in the Middle East will be pursued through negotiation, mediation and/or arbitration to ensure the most efficient outcome for the Group.
MITIGATIONarrow