Underground Mining + Oil & Gas + Power & Water
Risk Management, Regulatory Compliance and Independent Assurance (internal and external audits) are the three pillars of the Group Integrated Assurance Framework.
THE GROUP RISK MANAGEMENT FRAMEWORK AIMS TO:
RISK MANAGEMENT IS INTEGRAL TO GOVERNANCE AND OUR VALUE CREATION STRATEGY. SIGNIFICANT EFFORT IS MADE TO EMBED RISK AWARENESS, PREVENTION AND MITIGATION MEASURES ACROSS GROUP OPERATIONS.
The appropriate governance structures, including the Board risk committee, executive risk committee, project oversight committee and business platform risk committees, ensure that the appropriate operational and functional procedures, systems and controls are in place to mitigate risks and harness opportunities in pursuit of our strategic objectives.
Given the Group’s scale and complexity, it is not possible to completely eliminate all risks arising from internal and external business and commercial interfaces. Our experienced management teams manage and maintain a planned, coordinated and structured approach to identify, assess, address, monitor, communicate and report the Group’s risks. The mitigation of those risks, most likely to prevent the Group from achieving its strategic objectives are prioritised. Guiding this approach is the Group Risk Management Framework, which promotes a consistent risk management culture across the Group.
THE GROUP RISK FRAMEWORK
In addition to the various Group operating board responsibilities, organisational structures have been created and tasked with risk governance, including the business platform risk committees, the Murray & Roberts Limited risk committee and the Murray & Roberts Limited project oversight committee.
Dedicated risk management support has been created at Group level and within businesses. This includes enterprise-wide risk leadership, risk management monitoring, risk-based auditing and operational and risk committees.
STRATEGIC RISK MANAGEMENT
Strategic risk is evaluated as a hurdle to achieving the Group’s long-term strategy. Direction is set for organic and acquisitive growth to access new markets and create new capacity, and is also applied to acquisitions, disposals, new business development, timely and necessary leadership intervention.
OPERATIONAL RISK MANAGEMENT
Operational risk is a potential barrier to achieving planned profits within the Group’s business platforms. Methodologies for identifying, evaluating, mitigating, monitoring and communicating risk are applied in the operational business environment. Business plans with a three-year horizon are developed and performance against these is subject to quarterly review.
PROSPECT AND PROJECT LIFE CYCLE
Project risk is evaluated as a potential barrier to delivering contracted scope against cost, time and technical performance targets, while maintaining HSE performance. A Project Management Framework sets the minimum standard for project management required in the delivery of projects across the Group. A Project Management Development programme is in place to enhance and refresh project management skills across the Group. The framework also provides internal audit with a consistent set of processes and controls against which project performance is tested. Project risk management activities include the Group risk tolerance filters, lessons learnt and contracting principles schedules, project reviews and project dashboards.
CORPORATE RISK MANAGEMENT
Corporate risk management relates to a range of portfolios within the corporate office, which address various forms of risk including risk management standards and procedures, the Group Code of Conduct, the Statement of Business Principles, regulatory compliance, commercial & legal oversight, integrated assurance, business continuity & IT disaster recovery, treasury, bonds & guarantees, tax, insurance, crisis communication and forensic investigations.
The Board approves the risk appetite for the Group at several levels and has established a clear line of sight and responsibility to ensure effective risk management across the organisation. Several factors are considered in determining the risk appetite in each risk category. This Risk Appetite Statement categorises the Group’s appetite for each risk as low, moderate or high, according to the following definitions:
LOW – The level of risk will not impede the Group’s ability to achieve its strategic objectives.
MODERATE – The level of risk may delay or disrupt the achievement of its strategic objectives.
HIGH – The level of risk will significantly impede its ability to achieve its strategic objectives.
Where applicable, controls are in place to reduce the likelihood or alternatively mitigate the impact of risk events.
Key risk categories
Key risks are those that have a financial, operational and reputational impact and include:
The Group has defined four discrete risk environments: strategic, corporate, operational and project. Each risk has a specific owner, be it a business platform CEO, operating board or an individual executive.
The primary responsibility for managing risk lies with business line management. The risk management, regulatory compliance and internal audit functions in the corporate office advise on risk management approaches, methodologies and systems. They also monitor the diligent execution of risk management at every level of the Group, reporting to various boards and committees on inherent and residual risks in each risk area.
Murray & Roberts is a specialised multinational contractor that contracts on projects which differ in complexity, scope and size. Project risk is therefore the predominant source of risk for the Group. Critical to the preparation of tenders and effective project delivery is the application of three standards, which have been formulated and are regularly updated on the basis of past performance:
All bids submitted are tested against these standards to ensure that the identified risks are correctly addressed and past failures are not repeated.
Operational risk exposures typically relate to the infringement of laws, including competition, company, labour, health and safety and environment, as well as commercial, technical and logistical aspects of a project. Each business platform has its own risk committee ensuring that these risks are regularly reviewed and assessed, and effectively mitigated.
Strategic and corporate risks are associated with the activities of the Group chief executive and executive committee and include risks associated with:
The corporate office manages these risks which are reviewed by the executive risk committee quarterly and reported to the boards of Murray & Roberts Limited and Murray & Roberts Holdings Limited.
A Group business continuity standard and associated procedures are in place within each business platform. Internal audit provides assurance on these business continuity plans.
Regulatory compliance is the second pillar of the Group Integrated Assurance Framework. The implementation of the Group Regulatory Compliance Framework focuses on the seamless integration of regulatory compliance (with risk management and internal audit) into business planning, execution and management. The regulatory compliance function provides focus on these risks in line with the Group Integrated Assurance Framework.
As a multinational organisation, regulatory compliance is complex. It is therefore imperative to ensure that the Group complies, across all jurisdictions, with legal and other requirements that could materially impact its performance and sustainability, whether from a financial, legal or reputational perspective. The Group employs a structured approach to evaluate potential compliance failures and ensures adequate responses to prevent and, where necessary, to mitigate any negative impact.
Independent assurance, the third pillar of the Group Integrated Assurance Framework, consists of two complementary parts i.e. internal and external audit. This function provides an independent and objective challenge to the levels of assurance provided by business operations, risk management and regulatory compliance.
The internal audit function is well resourced and qualified to carry out its mandate. In executing its mandate, internal audit applies a robust, risk-based approach to identify critical risk management controls that management relies on, and which must be tested and evaluated to provide the Board with the risk management and regulatory compliance assurance it requires to meet its governance objectives.
The development of the internal audit plan includes interactions with the Group risk and legal functions, with specific reference to their respective risk and compliance mitigation objectives, strategies and plans. The audit plan also encompasses the assessment of Group-wide corporate governance, financial controls and risk management procedures, as well as specific areas highlighted by the audit & sustainability committee, Group executive committee and by executive and operational management for dedicated review.
External audit provides assurance on the Group’s financial statements.
The Group’s material risks, in no order of priority, are outlined below.
VULNERABILITY TO MACROECONOMIC FACTORS
Changes in the global economy have a direct impact on the markets in which the Group operates, particularly Underground Mining and Oil & Gas. Global demand for commodities (metals and minerals) has continued to improve in step with global economic recovery. However, the sustainability of rising commodity prices remains uncertain. Downside risks to the global economy, and therefore to growth prospects in the Group’s markets, include escalation in trade tensions between the USA and China, a no-deal Brexit, impacts of climate change and geopolitical volatility. In South Africa, economic growth remains subdued despite various economic measures introduced by the new administration.
OIL & GAS MARKETS
Oil and gas are needed to fuel growing global energy demands. However, the continued soft and volatile oil price and fluctuating supply continues to impact revenues of producers resulting in subdued growth in new capital projects in the sector. A recovery in the global LNG sector is expected from 2022, as global energy producers move to meet demand.
The Group remains in a strong cash positive position, outstanding claims, project losses and working capital demands may constrain our ability to make additional acquisitions and meet growth targets.
HEALTH, SAFETY AND ENVIRONMENTAL EXPOSURES
Although the Group has made significant progress in managing safety risk, anything more than Zero Harm remains a concern and continues to receive diligent and proactive attention from the executive team across the Group.
COMMUNITY AND INDUSTRIAL UNREST
Community and industrial unrest have an impact on productivity, safety and profitability by causing project delays and disruptions. This has emphasised the need for ongoing, direct and meaningful engagement with all employees and host communities.
Some of our projects are technically complex with long durations, increasing risk exposures during execution. These risks, together with risks beyond our direct control, may result in our failure to meet contractual cost or schedule commitments and other performance parameters, leading to material loss of project earnings. An emerging trend is an increasing expectation among clients for fixed-price and hybrid-type contracts, resulting in 38% of the Group’s project portfolio consisting of fixed-price contracts.
The table below reflects the number of projects across the Group at year end with losses in excess of R15 million. These loss-making projects are subject to additional oversight by the Group executive committee.
Middle East project losses have been accounted for in previous years. These projects have been delivered and the risk will close out when commercial closure on the projects is achieved.
AT 30 JUNE
> R15 MILLION
|≤ R100 million||29||1|
|≥ R100 million and ≤ R500 million||37||2|
|≥ R500 million and ≤ R1 billion||19||2|
|≥ R1 billion||20||1|
SOUTH AFRICAN POWER PROGRAMME
The power programme has reached the completion phase, which includes the demobilisation of project personnel. This phase is subject to heightened risks mainly relating to safety, productivity and industrial action, which may give rise to commercial disputes on the Medupi and Kusile power station projects. The outcome of these disputes may impact cash flows, although the accounting position on these projects is considered to be prudent and risk provisions to be adequate.
Occasionally the Group raises claims against clients for costs incurred relating to matters not included in the contract price of the project. These claims or commercial entitlements, often arising from delays caused by clients or changes to initially agreed project scopes, are accounted for in our financial statements as uncertified revenues, until such time that the claims are approved by the client at which time the uncertified revenue becomes certified. Failure to convert uncertified revenue to certified revenue, may result in the reversal of previously declared income.
The uncertified revenues taken to book on the Dubai Airport and other projects must still be realised through extensive claims resolution processes. This creates the risk of income accounted for in prior financial periods being reversed to the extent that the outcomes of the claim settlement process are less favourable than the accounting position taken.