The Group’s Enterprise Risk Management Policy follows the International Committee of Sponsoring Organizations of the Treadway Commission’s Internal Control – Integrated Framework and is reviewed annually. The policy defines the risk management objectives, methodology, risk appetite, risk identification, assessment and treatment processes, and the responsibilities of the various risk management role players in the Group.

Through risk management, an integrated and effective framework is established which seeks to identify, assess and manage important and emerging risks which could impact on our ability to achieve strategic, financial and operational goals, and regulatory compliance. The risk management process is fully integrated into the strategic planning process and supports the achievement of our strategy.

Protecting Information Assets

Our operations span multiple geographies, necessitating an adequate international data network and Group approach to threat management. Due to the importance of our information assets, we have an effective Information Security and Data Protection programme to protect our technology, information assets and users.

Contact
Dirk Lubbe
Group General Manager: Compliance and Data Protection