ANNUAL REPORT 2001 Group Profile and Core Values Transformation Strategy Financial Highlights Segmental Analysis Chairman's Statement Chief Executive's Report to Stakeholders Group Directorate and Executive Corporate Governance Risk Management Share Performance Financial Performance Analysis of Shareholders Annual Financial Statements Picture Gallery

Risk Management

Murray & Roberts is implementing an enterprise wide risk management protocol.

The protocol aims to ensure that risk management takes place on a continuous basis enabling the group executive to have proper visibility of all areas of business risk. It allows appropriate review and decision-making within a pre-agreed authority framework.

The protocol comprises three main elements:

  • A management and review structure including a risk management committee and internal audit function and incorporating the group audit committee.
  • Risk classification and standardised policies, procedures or guidelines to ensure risk exploitation, mitigation or avoidance.
  • An authority framework to ensure that decisions and reviews occur at the appropriate level of responsibility and accountability.

Risks are classified into four main categories and common language and definitions are used throughout the group to ensure consistency of actions. The categories are:

  • Strategic risks reserved for group executive attention and decision-making. Mitigation of these risks normally cannot be dealt with by means of policies and procedures but requires extensive research and analysis. The group knowledge executives provide leadership in the identification and management of these risks in their areas of specialisation such as IT, Technology, Tax, Finance and Communications.
  • Operational risks which arise largely from the activities and the products and services delivered by the group's operations. These are dealt with by means of implementation and maintenance of world class 'loss control' systems such as ISO 9000 and QS 9000 in all of the group's operations. The management of these risks is the responsibility of operating company managing directors and their executive teams.

The business model for executing major projects has been standardised with a unique but tried and tested Murray & Roberts format. This includes a project steering committee and corporate executive chairmanship.

  • Compliance risks arising from the requirements of the numerous laws and regulations applicable to the group's operations, such as the managment of environmental impacts, health and safety. Implementation of systems such as ISO 14000 and NOSA are currently underway in order to ensure a high standard of compliance and the avoidance of serious loss.
  • Governance risks which relate mainly to financial and personnel management. These risks are mitigated by the employment of competent people and by the use of standardised policies and procedures.

Forensic review and investigation forms an important element of risk management and recovery.

An anonymous 'whistle blowing' system facilitates disclosure of governance lapses throughout the group.