Risk management report

A high level of risk awareness and mitigation has been embedded in daily management and operational activities. Given the size and complexity of the Group, Murray & Roberts can never comprehensively eliminate risk from every area of its operations. For this reason, management maintains a planned, coordinated and structured approach to identify, assess, address, monitor, communicate and report the Group’s large and complex risks.

This includes governance structures (such as the Board risk management committee, the executive risk committee and the business platform risk committees), organisational leadership, strategic planning and effective management to ensure that the appropriate operational and functional capacities, as well as controls, systems and processes, are in place to manage and mitigate risk. Underpinning this is the Group Risk Management Framework.

The Group Risk Management Framework constitutes one of three pillars on which the Group Integrated Assurance Framework stands, and aims to:

  • Align strategy with risk tolerance;
  • Improve and streamline decision-making which improves the Group risk profile;
  • Promote the strategic, informed and coordinated procurement of a quality order book;
  • Ensure equitable commercial terms and conditions are contracted based on a predetermined set of acceptable contracting principles, together with the rational pursuit of commercial entitlement;
  • Promote early and rigorous project reviews, and timeous responses to projects showing early signs of underperformance;
  • Promote continuous improvement through the meticulous institutionalisation and rigorous application of key lessons learnt;
  • Reduce operational surprises, improve predictability and build shareholder confidence;
  • Build robust organisational risk structures and facilitate timeous interventions, to promote long-term sustainable growth; and
  • Promote the efficient and proactive pursuit of opportunities.




In addition to the various Group operating board responsibilities, organisational structures have been created and tasked with risk governance and include the business platform risk committees, the Murray & Roberts Limited risk committee and the Murray & Roberts Limited project oversight committee.


Dedicated risk management support has been created at Group level and within businesses. This includes enterprise-wide risk leadership, risk management monitoring, risk-based auditing and operational and risk committees.


Strategic risk is evaluated as a hurdle to achieving the Group’s long-term strategy. Direction is set for organic and acquisitive growth to access new markets and create new capacity, and is also applied to acquisitions, disposals, new business development and timely and necessary leadership intervention.


Operational risk is a potential barrier to achieving planned profits within the Group’s business platforms. Methodologies for identifying, evaluating, mitigating, monitoring and communicating risk are applied in the operational business environment. Business plans with a three-year horizon are developed and performance against these is subject to quarterly review.


Project risk is evaluated as a potential barrier to delivering contracted scopes against cost, time and technical performance targets, while maintaining health, safety and environmental performance at acceptable levels. A Project Management Framework sets the minimum standard for project management required in the delivery of projects across the Group. A Project Management Development Programme is in place to enhance and refresh project management skills across the Group. The framework also provides internal audit with a consistent set of processes and controls against which project performance is tested. Project risk management activities include the Group risk tolerance filters, lessons learnt and contracting principles schedules, project reviews and project dashboards.


Corporate risk management relates to a range of portfolios within the corporate office, which address various forms of risk including risk management standards and procedures, the Group Code of Conduct, the Statement of Business Principles, regulatory compliance, commercial and legal oversight, integrated assurance, business continuity and information technology disaster recovery, treasury, bonds and guarantees, tax, insurance, crisis communication and forensic investigations.


Regulatory compliance constitutes the second pillar of the Group Integrated Assurance Framework. With the continued growth and expansion of the Group, especially in new geographies and disciplines, regulatory compliance is a large and complex area to understand. This in turn requires a structured approach to evaluate compliance failures and ensure adequate responses are initiated timeously to mitigate and avoid any negative impact on the Group’s performance. The regulatory compliance function provides specific focus on regulatory compliance risk within the context of the Group Integrated Assurance Framework.

The key imperative of regulatory compliance is to ensure material compliance across the Group with every law, rule, code and standard where non-compliance could materially impact the Group’s performance and/or continued existence, whether from a financial, legal or reputational perspective.

The implementation of the Group Regulatory Compliance Framework focuses on the seamless integration of regulatory compliance (with risk management and internal audit) into business planning, execution and management.


Internal audit is a key element of the Group’s assurance structure, and constitutes the third pillar of the Group Integrated Assurance Framework. Internal audit has established a robust, risk-based approach to identify the critical risk management control environment which is relied on by management, and which is to be tested and evaluated for the purposes of providing the Board with the risk management and regulatory compliance assurance it requires to meet its governance objectives. Internal audit follows a planning and execution process through which the risk-based approach is delivered in a consistent manner, followed by detailed reporting and issue tracking.

It is through diligent implementation of the Group Integrated Assurance Framework that the critical risk processes and responses to be included in the internal audit plan are developed. These include interactions with the Group risk manager and the Group legal executive, and with specific reference to their respective mitigation objectives, strategies and plans. The audit plan also encompasses the assessment of Group-wide corporate governance, internal financial controls and risk management procedures, as well as specific areas highlighted by the audit & sustainability committee, Group executive committee and by executive and operational management for separate and dedicated review.

To reduce project risk as far as possible, the following procedures are followed:

  • Only competent and experienced executives prepare bids for submission.
  • All opportunities are logged on an Opportunity Management System, which tracks and processes opportunities, subjecting them to a series of risk tolerance filters in order to develop a risk profile. These filters are in turn extracted from the delegation of authority matrix, which is approved by the Board.
  • In preparing bids, based on first principles and on a bottom-up basis, the estimating tools used across the Group are proven and validated. The costing process is comprehensive, and subject to rigorous and independent internal reviews.
  • Risks are identified based on past experience and carved out of bids contractually or retained but priced and then managed within budget.
  • Critical bid requirements are: the exclusion and/or pricing of known risks; projects must be cash positive; unacceptable risks and unusual contracting terms are prohibited; and limits of liability are always contracted.
  • Where a lump sum project is accepted, the design must be mature, the scope and/or specification clear and an efficient mechanism for change management and dispute resolution must be included in the contract.
  • An allowance for contingencies (unforeseen or unplanned risks) is added to the bid price to cater for possible risks (threats) that cannot be proactively priced and managed. They are a hedge against risk and are utilised within the framework for which they are established. They are under the control of the project director and the use of a contingency is ratified by the project review committee.
  • Generally known suites of contracts are used, such as FIDIC, NEC, JBCC, GCC, and specific attention is placed on the special terms. Bespoke contracts are negotiated based on the detailed guidance of internal and external attorneys.
  • Large and complex project bids are subject to independent review and approval by the Murray & Roberts Limited risk committee, which issues a mandate that has to be followed by the project negotiation team. Projects above US$300 million are escalated to the Murray & Roberts Holdings Board for approval. Any deviation from a mandate is referred back to the relevant risk committee for a final decision.
  • The designated executive, identified to lead the project, signs off on the final bid terms and conditions to achieve effective ownership.
  • The Murray & Roberts project oversight committee reviews large and complex projects to ensure performance is in line with the tendered terms and prevailing circumstances (to recognise changes in market conditions). Projects showing early signs of underperformance are also reviewed by this committee, with the objective of preventing as far as possible projects entering into distress by identifying early signs of difficulty and ensuring corrective action and intervention is initiated.


Leaders, tasked with overall governance but who are not involved in the ‘engine room’ of the business they govern, require line-of sight to the mechanics for which they are ultimately accountable.

Likewise with risk management, the Board is responsible for the performance of the Group it governs, but is remote from the details that influence (positively or negatively) the outcomes. For this reason, leadership requires line-of-sight to the controls, procedures, processes and systems that deliver the outcomes to ensure that they are appropriate, complete, robust and timeous in application.

The Group has defined four discrete risk environments, being: Strategic, Corporate, Operational and Project. Each risk has a specific owner, be it a business platform, operating board or an individual executive.

In addition, the risk management and internal audit functions, located in the corporate office (and which advise on risk management approaches, methodologies and systems), monitor that risk management is diligently exercised at every level across the Group, and in turn separately report to various constituted boards and committees on both the inherent risk and the residual risk across the Group. This reporting is on a materiality basis, so the higher the level of authority, the greater the level of risk filtration.

As a project-based group, the predominant source of risk is in the project area. Murray & Roberts is an international contractor and contracting on a variety of projects, which differ in specification, scope and size, introduces significant risk into the Group.

Critical to the preparation of bids and successful project delivery is the application of two standards to each bid which have been formulated on the basis of the Group’s past performance:

All bids submitted are tested against the above two standards to ensure that the identified risks are correctly addressed and failures of the past are not repeated.

The three business platforms, which comprise the Murray & Roberts Group’s project businesses, are also the source of operational risk.


Strategic and corporate risks are associated with the activities of the office of the Group chief executive and the executive committee members operating in the corporate office. Risks associated with macro factors, such as growth (organic and acquisitive), new markets, new products, accounting, taxation, banking/bonding, funds transfers and the like are managed within the corporate office, reviewed by the risk committee quarterly and reported to the boards of Murray & Roberts Limited and of Murray & Roberts Holdings Limited.

A Group business continuity standard and procedure has been developed and implemented within each business platform. The assurance required with regard to these business plans falls within the mandate of the internal audit function.

The practice of risk management has been implemented across the Group. Embedding of risk management is being driven by executive management. As a final control over the management of risk across the Group, every Group area and activity is subject to audit, by both external auditors and internal auditors. The Murray & Roberts internal audit function is well resourced and qualified to carry out its mandated review and evaluation function, which includes risk management, and its findings are evaluated to corroborate the findings of the risk management function in its assessment of the adequacy of risk management across the Group.

The material Group risks, in no order of priority, are discussed below.



Global demand for commodities (metals and minerals) has shown some improvement. However, the major economies remain distressed and market sentiment generally is negative. This affects global business confidence and global demand for capital assets, projects and infrastructure.

A decline in economies across the globe has a direct impact on the markets Murray & Roberts operates in, particularly underground mining and oil & gas. The South African economy has been impacted by recent ratings downgrades and the economy remains growth constrained.

  • Focus on client relationships to promote negotiated contracts with equitable terms, focusing on value rather than price.
  • Grow further in the natural resources sector, particularly water.
  • Continue implementation of African growth strategy in selected countries within the East, West and Central African regions.
  • Cost reduction across all business platforms and geographies to support profitability.
  • JVs with empowered companies.
  • Diversification across the project life cycle, which includes an emphasis on development, front-end engineering and operations and maintenance.

Oil and gas is needed to fuel growing global energy demands. However, the current low oil price and oversupply continues to have a major impact on the revenues of gas producers and has created a reduction in new capital projects and capital spend within the sector. Although oil and gas companies will have to start re-investing in the medium term, profit margins will be under pressure as these companies remain financially stressed.

  • Establish a presence in geographic areas where the oil and gas majors are located.
  • Establish JVs with other Murray & Roberts business platforms to explore East African oil and gas opportunities.
  • Diversification across the project life cycle, which includes an emphasis on operations and maintenance.
  • Diversify oil and gas capability in Australasia markets into complementary water, power and infrastructure markets.
  • International organisational restructure aligned to drive market diversification.

While Murray & Roberts remains in a strong cash positive position, outstanding claims, project losses and working capital demands may constrain our ability to make additional acquisitions and meet growth targets.

  • Resolve outstanding claims, including Dubai Airport and other Middle East projects.
  • Continue to manage overheads and improve project and commercial performance.
  • Procure advance payments on projects and ensure that all projects remain cash positive or at least cash neutral.

Lack of compliance with employment equity and BBBEE requirements could reduce the likelihood of Murray & Roberts being successful in winning South African public sector tenders and in limited cases, private sector tenders.

  • Continuous monitoring of developments in terms of new BBBEE legislation and other relevant laws.
  • Continue to focus on management control, employment equity, skills development and enterprise and supplier development within each South African business.



Although the Group has made significant progress in managing safety risk, anything more than Zero Harm remains a concern and continues to receive diligent and proactive attention from the executive team across the Group.

  • The Zero Harm Through Effective Leadership Programme, aimed at establishing a purpose-driven culture, ensures sustainable improvement in health and safety.
  • The VFL initiative, practised across the Group, is focused on achieving Zero Harm.
  • FRCP and Life Saving Rules are in place across the Group and on every project site.
  • The MAP Programme, developed in the Oil & Gas platform, has been rolled out across all the operations in the Group and is now fully operational as a key process to ensure the Group achieves its goal of Zero Harm.
  • The Philisa Care Employee Health and Wellness Programme is in operation in South Africa, and is aimed at improving health and wellness standards and performance across the Group. Similar programmes are in place across a number of international businesses.
  • The Environmental Framework, incorporating a number of critical standards, implemented to regulate important environmental issues such as energy efficiency, carbon emissions, waste and water, is in place across the Group’s operations.

Ongoing industrial and community unrest in South Africa continues to cause project delays and disruptions, impacting on productivity, safety and profitability. It also adds a further hurdle to the decision-making process for investment in new capital projects, particularly in the mining sector.

  • The Employee Relations Framework, implemented across the Group’s South African businesses, is operating well.
  • Communication with shop stewards, appointed on all sites, has served to mitigate the risk and the VFL safety initiative is addressing a broader range of issues that affect employees.
  • Strike mitigation plans are in place at each operation and project site.
  • Client engagement and contract and commercial management on projects ensures early and comprehensive pursuit of commercial entitlements.
  • The focus on growing our footprint in less risky markets and sectors continues.
  • Key areas of the business are under suitable insurance cover.



Losses on projects continued to be incurred during the year under review.

  • Management, including at Group level, timeously reviews underperforming projects to revisit and revise recovery plans and programmes.
  • Clients are engaged to find common cause around the recovery plans.
  • The oversight committee continues to review underperforming projects and provide timeous guidance aimed at driving improvements in project performance.
  • Comprehensive project assurance and performance management tools have been developed within the business platforms, based on the experience gained from past project losses. The focus is on obtaining assurance of compliance with project management systems.
  • Project Critical Control Executive Dashboards have been developed and are being implemented across the Group to provide executives with early insight to key performance indicators of projects under their control.

The power programme remains a key focus for the Power & Water business platform. Past delays and current acceleration in the power programme has exacerbated the scarcity of industrial skills and experience, and the resourcing of the programme continues to challenge the Group.

As the programme is accelerated, unforeseen commercial disputes give rise to an increase in matters being independently adjudicated.

These disputes in turn have an impact on cash flows and while a forum is in place to deal with such disputes, this aspect of the programme is not without undue risk.

  • Clients are being engaged to resolve outstanding matters.
  • Disputes are immediately referred to adjudication if they cannot be resolved amicably.
  • Focus on employing and retaining (locally and internationally) skilled and experienced employees.

Uncertified revenues taken to book on Dubai Airport and other Middle East projects must still be realised through protracted claims processes. This creates the risk of a write-back of revenues accounted for in prior financial years if the outcomes are less favourable than the accounting position.

  • In the case of the Dubai Airport dispute, the arbitration is in progress and is likely to be resolved during FY2018.
  • Other claims in the Middle East will be pursued through negotiation, mediation and/or arbitration to ensure the most efficient outcome for the Group.