PDF 25 MB - Sun International | Investor Centre
PDF 25 MB - Sun International | Investor Centre
PDF 25 MB - Sun International | Investor Centre
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
SUN INTERNATIONAL ANNUAL REPORT ’10<br />
114<br />
CORPORATE GOVERNANCE REPORT CONTINUED<br />
Each risk has been measured in terms of its potential impact upon<br />
statements of comprehensive income items and the group’s statements of<br />
financial position. The group’s propensity for risk tolerance is used to<br />
guide decisions for risk mitigation. The risk committee intends to formalise<br />
a recommendation regarding the group’s appetite for risk, for consideration<br />
by the board. The process of enterprise risk management is embedded at a<br />
strategic level and the process has been cascaded to the group’s major<br />
subsidiaries.<br />
The board has adopted and disseminated a Risk Policy Framework outlining<br />
the group’s framework and processes of risk management. The group has<br />
developed a strong culture of managing risk, with a significant number of<br />
embedded processes, resources and structures in place to address risk<br />
management needs. These range from internal audit systems; insurance<br />
and risk finance; IT security and governance; compliance processes; quality<br />
management; and a range of other line management interventions. The<br />
Risk Policy Framework provides an integrated framework through which<br />
the group’s risk management efforts are maximised. All operations are<br />
required to follow the policy’s directives in terms of risk assessment, risk<br />
monitoring and risk reporting.<br />
At operational level, there are numerous risk management processes,<br />
including functions such as safety management, health and environment<br />
responsibilities, security, fire, defence, fraud detection, food hygiene<br />
controls and quality management. Each of these functions includes<br />
processes for the identification of risk, the implementation of risk<br />
mitigations, and compliance with relevant legislation. Risks are monitored<br />
and reported upon at quarterly management and divisional meetings.<br />
There is a comprehensive system of incident reporting that allows for<br />
exception reporting to executive management. The group’s operational<br />
risk control functions have performed well.<br />
The group’s annual internal audit plan incorporates the outcomes of<br />
the enterprise risk management process and the top risks in the group<br />
have been incorporated into the internal audit plan and internal audit<br />
investigates the effectiveness of risk controls. These risks are addressed<br />
by the plan at least once a year. The director of internal audit attends<br />
risk committee and divisional and management meetings where risk<br />
is addressed in order to verify that the risk management process is<br />
appropriate. The internal audit function formally reviews the effectiveness<br />
of the group’s risk management processes once a year and reports on its<br />
findings to the risk committee and the audit committee. As such, internal<br />
audit provides a high profile risk management facilitation role, but without<br />
assuming responsibility for risk management which remains the responsibility<br />
of line management.<br />
The board is satisfied with the process of identifying, monitoring and<br />
managing significant risks and internal controls and that appropriate<br />
systems are in place to manage the identified risks, measure the impact<br />
thereof and that these are proactively managed so that the company’s<br />
assets and reputation are suitably protected. Accordingly, the board has<br />
elected not to appoint a single chief risk officer, as recommended by<br />
King III, as the risk function is comprehensively embedded throughout<br />
the group.<br />
ACCOUNTABILITY AND AUDIT<br />
Internal audit<br />
The internal audit department is designed to serve management and the<br />
board of directors through independent evaluations and examinations of<br />
the group’s activities and resultant business risks.<br />
The purpose, authority and responsibility of the internal audit department<br />
is formally defined in an internal audit charter which is reviewed by the<br />
audit committee and approved by the board. This charter is reviewed on<br />
an annual basis and revised as necessary.<br />
The internal audit department is designed to respond to management’s<br />
needs while maintaining an appropriate degree of independence to<br />
render impartial and unbiased judgements in performing its services. The<br />
scope of the internal audit function includes performing independent<br />
evaluations of the adequacy and effectiveness of group companies’<br />
controls, financial reporting mechanisms and records, information systems<br />
and operations, reporting on the adequacy of these controls and<br />
providing additional assurance regarding the safeguarding of assets and<br />
financial information. Internal audit is also responsible for monitoring<br />
and evaluating operating procedures and processes through, inter alia,<br />
gaming compliance, Responsible Gambling Programme compliance,<br />
operational safety and health and environmental audits. Risk assessment<br />
is co-ordinated with the board’s assessment of risk through interaction<br />
between internal audit, the audit and risk committees which also<br />
minimises duplication of effort. The director of internal audit reports at<br />
all audit and risk committee meetings and has unrestricted access to<br />
the chairmen of the company and the audit and risk committees. The<br />
appointment or dismissal of the director of internal audit is with the<br />
concurrence of the audit committee.<br />
In accordance with the group’s policy of conducting an independent<br />
assessment every three years, KPMG Inc has been engaged to conduct an<br />
independent assessment of the effectiveness of the internal audit<br />
function, in the forthcoming financial year.<br />
External audit<br />
The external auditors provide the board and the audit committee with<br />
their independent observations and suggestions on the group’s internal<br />
controls, as well as suggestions for the improvement of the financial<br />
reporting and operations of the business.<br />
The external auditors’ audit approach is risk-based, requiring them to<br />
continually identify and assess risks throughout the audit processes. The<br />
external auditors are reliant on the operating procedures and place<br />
emphasis on understanding how management obtains comfort that the<br />
business is generating reliable information and then evaluating and<br />
validating the basis of this comfort. This approach aligns the way they<br />
work closely with the organisational structures and risk management<br />
processes.<br />
There is close co-operation between internal and external audit and<br />
reliance is placed, where possible, on the work of internal audit, therefore<br />
minimising the duplication of effort. The annual external audit plan is<br />
placed before the audit committee for review and approval. The external<br />
auditors attend all shareholder meetings of the company.