The board acknowledges that it is accountable for the process of risk management and the system of internal control of the group. As HCI is an investment holding
company, under the auspices of the chief risk officer, the risk management process considers the risks and opportunities within the company as well as those inherent in its portfolio of investments.
The audit and risk committee is an integral component of the risk management process and, specifically, the committee ensures, by enquiry of management, external and internal auditors, that all material corporate risks have been identified, assessed, monitored and effectively managed.
The audit and risk committee further enables the principle that risk management is also about analysing opportunities and not only guarding against downside possibilities. Internal control structures have been implemented to ensure that significant business and financial risk is identified and appropriately managed:
- it is management’s responsibility to design, implement and monitor the risk management policies;
- risk assessments are performed on a continual basis;
- frameworks and methodologies are implemented to increase probability of anticipating unpredictable risks;
- risk responses by management are considered and implemented;
- risks are monitored continuously; and
- the board should receive assurance regarding effectiveness of risk management.
A disciplined and timeous reporting structure enables the audit and risk committee to be fully apprised of group company activities, risks and opportunities. This is achieved by requiring that subsidiary companies report their key risks and responses to the committee on a biannual basis, with additional exception reporting as required.
The focus is on those risks which may negatively impact the long-term sustainability of the business or have a material impact on short-term performance.
This continual emphasis on risk management assists the board to foster a culture in the HCI group that emphasises and demonstrates the benefits of a risk-based approach to internal controls and management of the group.
Effective risk management is seen as fundamental to the sustainability of the group’s interests.