The Murray & Roberts enterprise wide risk management protocol
aims to ensure that risk management takes place on a continuous
basis enabling the group executive to have proper visibility
of all areas of business risk. It allows appropriate review
and decision-making within a pre-agreed authority framework.
The protocol comprises:
•
A management and review structure including an internal
audit function and incorporating the group audit and risk
management audit committee.
Murray & Roberts’ executive committee meets
monthly and reviews the opportunities and risks that are
presented. Where necessary, senior executives are appointed
as project directors to deal with identified project risk.
•
An authority framework to ensure that decisions and
reviews occur at the appropriate level of responsibility
and accountability.
Risks are classified into four main categories and common language
and definitions are used throughout the group to ensure consistency
of actions. The categories are:
•
Strategic risks reserved for group executive attention
and decision-making.
Mitigation of these risks normally cannot be dealt with
by means of policies and procedures but requires extensive
research and analysis. The group knowledge executives
provide leadership in the identification and management
of these risks in their areas of specialisation such as
IT, Technology, Tax, Finance and Communications.
•
Operational risks which arise largely from the activities
and the products and services delivered by the group’s
operations.
These are dealt with by means of implementation and maintenance
of world class ‘loss control’ systems such
as ISO 9000 and QS 9000 in most of the group’s operations.
The management of these risks is the responsibility of
operating company managing directors and their executive
teams.
The business model for executing major projects has been
standardised with a unique but tried and tested Murray
& Roberts format. This includes a project steering
committee and corporate executive chairmanship.
•
Compliance risks arising from the requirements of the
numerous laws and regulations applicable to the group’s
operations, such as the management of environmental impacts
and health and safety.
Implementation of systems such as ISO 14000 and NOSA are
currently underway in order to ensure a high standard
of compliance and the avoidance of serious loss.
•
Governance risks which relate mainly to financial and
personnel management.
These risks are mitigated by the employment of competent
people and by the use of standardised policies and procedures.
Forensic review and investigation forms an important element
of risk management and recovery.
Murray & Roberts contracts the services of a forensic management
team to investigate, recover and prosecute, where possible,
any incident of theft or corruption involving its employees,
suppliers and partners.
An anonymous ‘whistle blowing’ system facilitates
disclosure of governance lapses throughout the group. Murray
& Roberts has outsourced the management of this service
and actively promotes its use amongst all employees, suppliers
and partners.
Both of these services are independent of internal audit and
report to the group chief executive, who is also available to
receive direct notification of inappropriate behaviour and non-performance
by employees.
