Risk Management

Group Strategic Approach

The Board is ultimately responsible for governance of risk management across the Group. The Board achieves this through the Audit & Risk, Finance & Investment, and the Executive Committees along with independent divisional or subsidiary Boards.

The responsibilities of each of the committees are provided on the Corporate Governance page. Our approach to risk management is structured on Enterprise Risk, Finance and Internal Controls Risk, Climate Risk as well as external risks to the economy, society and environment.

Enterprise Risk Management

Management of Enterprise Risk is based on effective leadership provided by the Board through the Executive, Audit and Risk, Finance and Investment Committees as well as the Sustainability Working Panel. The Board reviews all material business and financial risks to provide sound decisions and targets for implementation. This ensures that all forms of risks are identified, evaluated and monitored, with systems and processes adapted accordingly to minimise and manage risks.

The Group uses the following instruments and approaches to risk management:

  • Maintaining certifications with the International Management System Standards (MSS) as presented in the table below. The Group continues to work with businesses to attain further certification and standards where appropriate, striving for best practice.
  • Supplier and/or customer compliance audits.
  • Safety, Health, Environment and Quality (SHEQ) policies.
  • Providing effective leadership to ensure all forms of risks are identified, evaluated and monitored, and systems and processes are adapted accordingly to minimise any risks.
  • Robust policy framework including policies and procedures on human resources, human rights, ethics, code of conduct, occupational health and safety, sustainability, environment, supply chain management, and corporate social responsibility

Accreditation to the following Standards play an important part in the Group’s Risk Management and monitoring processes

Risk-Management-02

The Group’s Standards & Certifications

International Management Systems

  • ISO 9001 Quality Management System
  • ISO 14001 Environmental Management System
  • ISO 22000 Food Safety Management System
  • ISO 17025 Management System for general requirements for the competence of testing and calibration laboratories
  • FSSC 22000 Food Safety Management System, recognised by the GFSI (Global Food Safety Initiative)
  • ISO 45000 Occupational Health & Safety

Global Standards

  • BRCGS (Brand Reputation through Compliance) – Packaging – Natpak
  • SMETA (Sedex Members Ethical Trade Audit) – Natpak
  • SGP (Supplier Guiding Principles) – Natpak

Health Standards

  • International Labour Standards on Occupational Safety and Health – ILO-OSH
  • Health Professions Authority of Zimbabwe (HPA)
  • Ministry of Health Certification
  • National Social Security Authority (NSSA) Factory Licence
  • Food Safety Advisory Board standards
  • City of Harare – City Health Licence
  • Ruwa Local Board – Health Registration Certificate
  • Municipal and Council Health Departments standards

Agriculture

  • Agricultural Marketing Authority (AMA)
  • Ministry of Agriculture Certification
  • Environmental Management Agency (EMA) Licence

Other

  • KOSHER (Jewish Dietary framework for food preparation processing and consumption)
  • HALAAL (National Halaal Association of Zimbabwe (NHAZ)

Financial and Internal Control Risk

The Audit & Risk Committee plays a critical role in assisting the Board with managing internal control risk within the Group as is fully explained on the Corporate Governance page.

Environmental Risk

Environmental responsibility is an important aspect of the Group’s operating practices. The Group gives high emphasis to the importance of environmental risk by being environmentally compliant and setting robust policies, goals and targets. The Group aims to avoid, minimise, mitigate, monitor and manage environmental risks from its activities by adhering to responsible practices and undertaking regular environmental and occupational health and safety inspections. The results from the inspections are included in a positive feedback management cycle.

Regulatory Compliance

We place high value on being legally compliant with national and international standards applicable to our operations. The Group adheres among other legislation to the following specific national legislation:

  • Companies and Other Business Entities Act [24:31]
  • Public Health Act (Chapter 15:09)
  • Labour Act (Chapter 28:01)
  • Accident Prevention (Workers Compensation Scheme) Notice – Statutory Instrument No. 68 (of 1990)
  • Factories and Workers Act (Chapter 14:08)
  • Environment Management Act (Chapter 20:27)
  • Environmental Management (Effluent & Solid Waste Disposal) Regulations, Statutory Instrument No. 6
  • Environmental Management (Control of Hazardous Substances) (General) Regulations, 2018. Statutory Instrument No. 268 of 2018
  • Environmental Management (Environmental Impact Assessment & Ecosystems Regulations) Statutory Instrument No. 7 of 2007
  • NSSA Act of 1989, Chapter 17: 04 (Social Security Schemes for the provision of benefits to all employees) Data Protection Act (Chapter 11:22).

Climate Change Risk

Another aspect of environmental risk is the impact of climate change on our operations. The Group recognises the need to review climate risk exposure and to develop appropriate strategies to ensure resilience throughout our operations and within our sphere of influence. The Group is committed to implementing appropriate climate-related innovations and opportunities thereby enhancing sustainable development practices. The Group’s management approach is guided by the United Nations Framework Convention on Climate Change (UNFCCC) along with national frameworks such as the National Climate Policy, Climate Response Strategy, and the upcoming Climate Change Management Bill.

Cybersecurity and Data Protection

Adequate cybersecurity management requires a strategic approach that involves implementing appropriate security controls, and preventing, detecting, and responding to cyber incidents as they occur. Cybersecurity management is a continuous process that adapts to evolving potential threats and risks. Cyber attacks often result in substantial financial losses and potential consumer mistrust. The Group ensures alignment of our data management systems to the Data Protection Act (Chapter 11:22).

Anti-corruption

The Group takes a comprehensive approach to anti-corruption management and recognises the impact that corruption poses to its financial stability, reputation, and ethical standing. We have therefore implemented robust procedures to prevent and detect corruption within all our operations and subsidiaries. We are committed to maintaining the highest standards of integrity and ethical conduct and have developed procedures for effective reporting and investigation of any cases of misconduct. Investigations are conducted in a fair, non-prejudicial manner irrespective of the suspect’s length of service, position and/ or relationship to the Group. Our anti-corruption culture encourages employees to timeously report all allegations or incidents of fraud, theft and corruption. Apprehended employees may be subject to a disciplinary process or criminal investigation by the police authority.

Whistle-blower system

The Group subscribes to the whistle-blower system independently managed under the Deloitte Tip-Offs Anonymous service. This system utilises hotlines and email channels for employees and stakeholders to report breaches of any form of crime or unethical behaviour within the Group. Confidentiality is maintained throughout the process, providing reporters with the assurance of reporting fraudulent activities without fear of victimisation. The reported allegations are investigated to substantiate breaches to the Group’s codes on ethics and conduct, with subsequent disciplinary action taken accordingly.