This responsibility includes setting the risk appetite and tolerance of the PPS Group, measuring the relevant risks against it, and ensuring that the necessary controls and service level agreements are in place, are effective and are adhered to at all times. Assurance of good corporate governance is achieved through the regular measurement, reporting, and communication of risk management performance, which includes progress with risk management plans and improvements to risk management maturity. Management and employees are responsible for the management of risk in accordance with the Enterprise Risk Management Framework, read with the PPS Group Risk Management Standard, and incorporating risk management into the day-to-day operations of the PPS Group. Management is assisted by the risk management function in performing annual risk assessments and updating these quarterly, and agreed mitigating actions are managed using CURA software. Risk registers are produced from CURA and are reviewed monthly by the Group Executive Committee and quarterly by the Group Risk Committee for strategic and major operational risks. A Risk Report containing the findings and conclusions of the risk environment of the PPS Group is prepared on a quarterly basis and is reviewed by the Group Risk Committee and the respective Boards. Other operational risk registers are continuously managed by the relevant business areas. An opportunity assessment methodology has been implemented by PPS. The purpose of using this methodology is to identify opportunities and the material risks associated with new opportunities to enhance the quality and depth of the risk management process. This methodology also enables an assessment of current strategic objectives against those derived, based on opportunities and the prioritisation of the efforts to get maximum return based on readily accessible resources. The PPS Holdings Trust Audit Committee, the PPS Group Nominations, Risk, Audit, Actuarial, Remuneration, Social and Ethics and Technology Steering Committees, as well as the Risk and Audit Committees of subsidiaries, make reports and recommendations to the PPS Group boards, enabling them to discharge their responsibilities in regard to risk management. Management of fraud and corruption risk and confidential reporting The PPS Group maintains a PPS Group Fraud and Corruption Policy and Response Plan, and a PPS Group Confidential Reporting Policy to manage fraud and corruption risk in the PPS Group, and to ensure that employees are able to report suspicious activities without fear of retribution. An anonymous reporting hotline, operated independently from the PPS Group by Deloitte, provides a facility to enable employees to report suspicious activities and unethical behaviour in a safe environment. All financial crime-related suspicious transactions and reports are managed by the Fraud Committee and other unethical behaviour is managed by the Human Resources Department. Principles and practices of financial management PPS Insurance issues insurance policies with a discretionary element of bonuses and is required to establish and maintain a document setting out its Principles and Practices of Financial Management (PPFM) and provide this document to policyholders. This document outlines PPS Insurance’s principles and practices of financial management, in order that policyholders can better understand the profit distribution principles and practices in place at PPS Insurance, as well as the investment strategy adopted by the PPS Insurance Board. The PPFM document is available to all policyholders on the PPS Group website at www.pps.co.za. Technology and information governance To assist the organisation in attaining its strategic goals, the PPS Group Technology Steering Committee (GTSC), a subcommittee of the Group Risk Committee (GRC), continues to offer strategic direction, prioritise essential initiatives, and oversee technology and information architecture. Global geopolitical risks were considered, especially as the platforms of PPS are mainly cloud-based and where appropriate, risk mitigations were introduced to address areas of risk. Internal Audit and other independent assurance providers reviewed Group IT on an annual basis with regard to, among other things, IT control audits, King IVTM governance, IT disaster recovery, ITIL maturity and for 2023, additional programs related to Information Security. 59 Corporate governance report
RkJQdWJsaXNoZXIy MTY2ODY3Ng==