STRATEGIC LEADERSHIP | SUSTAINABLE VALUE CREATION | STRONG BUSINESS RESPONSE | CORPORATE DATA AND ADMINISTRATION | 17 | ||
RISK MANAGEMENT
Sun International's risk management process is focussed on identifying and minimising the impact of the key strategic, operational, financial, reputational and regulatory risks facing the business in the geographies and economic sectors in which the company operates. The process encompasses activities which are from a risk perspective value accretive as well as those activities which could potentially lead to value depreciation. The scope of the risk management process includes the consideration of internal and external factors, which could impact on the successful implementation of the group's strategy with a focus on operating environment, trends, material matters, threats, opportunities and stakeholder engagement.
COVID 19
The group continues to enforce and monitor strict and disciplined Covid-19 protocols to mitigate against the risk of employees, customers and other key stakeholders contracting the virus. These protocols are benchmarked across all jurisdictions.
RISK APPROACH
The board is ultimately responsible for the governance of the group's risk management process and the formulation of the group's risk appetite and setting and monitoring risk tolerance. The board discharges its duties by mandating specific risk management duties and responsibilities to the group's risk committee and the group's chief executive and executive management team. The executive management are collectively responsible for the compilation and continuous review of the group's risk register, which is tabled
at each meeting of the risk committee for discussion as well as ensuring that the risk management process is inclusive and deeply embedded throughout the group.
The group considers its risks in terms of the potential likelihood of an identified risk actually occurring and its impact on the group, resulting in each risk being allocated an inherent risk rating. The potential impact is determined by considering the operational, regulatory and financial impact a risk could have on the group, while the likelihood is rated on a scale ranging from a remote
to a definite possibility. Each inherent risk is considered along with the effectiveness of mitigating controls, which results in a residual risk exposure. A residual risk rating is allocated to each risk, with a detailed risk mitigation action plan with quarterly status updates and contingency plans and opportunities, to minimise or prevent the risk. Each risk is assigned to a specific executive who is responsible for implementing the mitigation measures and is held accountable for continually monitoring, mitigating where possible and reporting on progress.
Prior to the final risk committee meeting for the year, the group's risk working committee, comprising of the executive team, senior management and other relevant invitees conduct a full review of the risk register, risk ratings and mitigation measures, for presentation to the risk committee. The risk committee ensures that the group's approach to risk management and methodology remain relevant and that the risks included in the risk register represent the group's risk universe. The risk committee is satisfied that the group's 2021 risk approach was consistently applied group-wide and remains relevant and robust. The group's risk management process and the effectiveness of risk mitigation implemented at a group and unit level are reviewed by various providers, as defined in the group's combined assurance framework.
The group's risk management approach stood us in good stead when addressing the Covid-19 pandemic. The executive team acted decisively and quickly in putting additional policies and protocols in place to address Covid-19. The risk committee also annually reviews the group's insurance programme before presentation to the board for approval. The 2019/2020 programme included infectious diseases in its business interruption cover and the group was successful with a claim against its insurers receiving a substantial settlement during the year under review.
To further bolster our risk process, a dedicated group risk manager was appointed who will be responsible for supporting the leadership and management. The group will also commission a third-party independent review of the group's risk management approach and methodology,
to ensure its effectiveness and alignment with the board's risk appetite, tolerance plus industry best practice.
RISK GOVERNANCE
The risk committee chairman reports to the board following each meeting, in accordance with the committee's terms of reference. The committee's mandate provides that material matters are reported to the group's audit committee to ensure the committee has appropriate insight into the group's material risks and opportunities and to avoid duplication of matters within the remit of both committees. The board, through the audit and risk committees, considers the risks and opportunities the group may face. It also seeks the assurance of the risk committee chairman that the risks have been assessed and mitigated by management. The audit committee chairman is a member of the risk committee. The interaction between these two committees is such that
the audit committee has an oversight role, specifically in relation to financial reporting risks.
IT governance sub-committee
Economic | impact | Risk | tolerance | |||
Effectiveness of | Covid-19 impact | |||||
mitigating controls | ||||||
Reputational risk | Factors | Business | ||||
considered | opportunities | |||||
by the | ||||||
Legal compliance | board when | Risk movement and | ||||
assessing risk | level of control | |||||
Stakeholder impact | Business interruption | |||||
Risk appetite | Risk timeframe - | |||||
short, medium and | ||||||
long-term | ||||||
RISK IDENTIFICATION PROCESS
Risk appetite
The board determines the group's risk appetite annually based on an assessment of the strategic,
financial, operational, compliance and reputational risks contained in the risk register
Review and | Consolidate | Consider | Communicate | Report most | Conduct an | |
identify unit | and update | additional | the consolidated | significant risks | annual risk | |
risks for the | unit-specific | group risks and | group risk | to the risk | review workshop | |
group through | risk registers | interrogate | register to | committee as | ||
the quarterly | into a group risk | and update | all units for | well as any new | ||
unit-specific risk | register | the controls | updates, | or deleted risks | ||
Responsibility | registers | and mitigating | review and | |||
actions | consideration | |||||
Management | Risk | Risk working | Risk | Executive | Risk | |
Risk committee
Insurance and risk
Sun International | Audit committee | |||||
board of directors | ||||||
Group Internal Audit | ||||||
Executive committee | ||||||
at unit level | manager | committee | manager | team | committee |
Assurance
Various assurance providers review and audit the group's risk management processes at group and at unit level
2021 SUN INTERNATIONAL Integrated Annual Report
Unit | Gaming | Hospitality |
operational risk | operational | operational |
committee | committee | committee |
Risk and sustainability
STRATEGIC LEADERSHIP | SUSTAINABLE VALUE CREATION | STRONG BUSINESS RESPONSE | CORPORATE DATA AND ADMINISTRATION | 18 | ||
Risk management continued
COMBINED ASSURANCE MODEL
Required level of assurance in respect of group risks
Philosophy and approach
Sun International's combined assurance strategy and framework objective is to ensure optimal, cost-efficient and focused assurance coverage across the group. Our hybrid top-down and bottom-up approach, which aligns with the JSE listing requirements and King IV outcomes, ensures adequate assurance on key business risks and processes as detailed below.
The group's combined assurance provides a view and opinion over the adequacy and operational effectiveness of key controls in relation to material risks. Successful assurance enhances the degree of confidence that the control environment is functioning optimally, to mitigate material risks and promote the achievement of group-wide objectives. Sun International's combined assurance is designed such that the level of assurance required is dependent on the level of risk assessed,
assurance activities as well as the assurance provider's level of independence, skill and qualifications. Sun International's assurance strategy is tailored so that the higher the level of risk, the higher the level of assurance required.
The audit committee and senior management ensure that both external and internal assurance providers appointed have the appropriate experience, skills and follow an acceptable assurance approach. This is achieved through periodic
THE GROUP'S COMBINED ASSURANCE APPROACH
INTEGRATES
the group's value drivers and strategic objectives
THE GROUP'S COMBINED ASSURANCE FRAMEWORK
taking into account inherent risk and risk appetite. The assurance quality provided by the various assurance providers depends on factors such as the nature, timing, and extent of
assessment of the assurance providers to establish both assurance coverage and assurance quality.
The group's combined assurance approach ensures that assurance services and functions:
Enable an
effective control
environment
Support the integrity of information for internal decision making
Support the
integrity of the organisation's external reports
ASSISTS
the board and executive committee (exco) in executing their fiduciary duties and responsibilities, by ensuring:
Achievement of the group's strategic objectives
Reliability and integrity of financial and operational information
Effectiveness and efficiency of operations and programmes
Safeguarding of assets
Compliance with laws, regulations, policies, procedures, and contracts
Operational excellence and profitability
ENSURES
a sound control framework for an adequate and effective control environment, risk assessment, control activities, reporting and monitoring
OPTIMISES
the risk and opportunity universe
Top 10 risks
The risk table below identifies the group's top 10 risks as at 31 December 2021. These risks are discussed in detail and include
Sun International's level of control, key stakeholders impacted and primary board committee responsible for oversight. For the year under review the following risks moved into the group's top 10 risks:
Risk 3: Political and civil unrest | The following risks moved out of the top 10 risks: | ||||||
Risk 6: Recovery of the hospitality and tourism industry and its | |||||||
∞ | Ongoing changes in licence conditions | ||||||
impact on hotels and resorts | ∞ | Succession plans for critical roles | |||||
Risk 9: Loss of GrandWest casino licence exclusivity | ∞ | Infrastructure management and maintenance | |||||
Change | |||||||
Risk | Residual | in ranking | 2020 risk | Strategic | |||
ranking | Risk description | risk | from 2020 | rating | objective | ||
1 | Weak economic conditions | Extreme | (2020: 2) | SO1 SO5 | |||
2 | Coronavirus (Covid-19) | Serious | (2020: 1) | SO4 | |||
3 | Political and civil unrest | Serious | SO4 | ||||
4 | Smoking legislation | Moderate | (2020: 4) | SO4 | |||
5 | Increase in gaming taxes and levies | Moderate | (2020: 5) |
Lines of defence
Sun International's lines of defence model is used as a basis for risk management, governance and oversight structures to obtain assurance at various levels group-wide. The group has adopted a four lines of defence model, highlighting the different role players' responsibilities for internal controls and
risk management as shown alongside.
Lines of | ||
defence (LoD) | Example and description of role players | |
Management | ||
1st LoD | The definition of management includes all levels of the business and | |
management, including exco and the chief executive. | ||
Support functions | ||
2nd LoD | Corporate functions independent from the operations - includes, compliance, | |
sustainability and risk management that perform key functions to provide a | ||
second line of assurance to the board. | ||
Internal assurance | ||
3rd LoD | Internal assurance - incorporates internal assurance providers that provide | |
objective assurance such as Group Internal Audit. | ||
External assurance | ||
External assurance - incorporates assurance providers, such as external | ||
4th LoD | auditors, environmental auditors, and other external parties. These structures | |
are largely independent of the operational activities of the company and | ||
provide assurance to the board. | ||
SO5 | ||||||
6 | Hospitality and tourism industry recovery and its impact | Moderate | SO1 | |||
on hotels and resorts | ||||||
7 | Increased demands from stakeholders (minority | Moderate | (2020: 7) | SO4 | ||
shareholders, communities and local suppliers) | ||||||
8 | Erosion of market share due to other forms of gambling | Moderate | (2020: 11) | SO5 | ||
9 | Loss of GrandWest casino licence exclusivity | Within | (2020: 17) | SO5 | ||
appetite | ||||||
10 | Cyber threats and information security | Within | (2020: 9) | SO4 | ||
appetite | ||||||
Constant | Increased | Decreased | New risk |
2021 SUN INTERNATIONAL Integrated Annual Report
STRATEGIC LEADERSHIP | SUSTAINABLE VALUE CREATION | STRONG BUSINESS RESPONSE | CORPORATE DATA AND ADMINISTRATION | 19 | ||
Risk management continued
RISK 1 | (2020: 2) |
Weak economic conditions
RISK DESCRIPTION
The macro-economic outlook remains under pressure. Key factors impacting the economic climate include the impact of Covid-19 and the civil unrest and looting in parts of South Africa. Intermittent load shedding and deterioration of critical infrastructure continues to impact economic growth.
Risk category | Sun International's level | |
Financial sustainability | of control | |
Limited | ||
Primary board committee | Key stakeholders | |
Risk and audit committees | Shareholders, potential | |
investors and employees | ||
RISK MITIGATION
- Focus on improving our customer experience and engagement:
- Launched a Sun International mobile App for both our leisure and casino customers.
- Launched our online booking engine to drive an increase in direct bookings and improve the customer booking experience.
- Implementing a new gaming system (Playtech), in a phased approach, which will enhance our customer experience - system to be fully implemented in 2024.
- Ongoing focus on improving operational and resource efficiencies as well as cost containment across the group.
- Strengthened our balance sheet and improved our liquidity position.
OUTLOOK
- The weak economic climate is set to continue and with the risk of further Covid-19 waves, there may be additional economic pressures for corporates and consumers. South Africa's energy supplier remains fragile, high-energy costs and failing infrastructure persist, all of which impact growth opportunities. Crime, corruption and unrest also remain a concern and continue to impact our economy.
RISK 3 | ||
(2020: new risk) | ||
Political and civil unrest
RISK DESCRIPTION
The political and civil unrest, similar to the unrest South Africa (Gauteng and KwaZulu-Natal) experienced in July 2021, is a risk to Sun International.
Risk category | Sun International's level | |
Financial sustainability | of control | |
Limited | ||
Primary board committee | Key stakeholders | |
Risk and audit committees | Employees, customers, | |
shareholders, suppliers, | ||
communities | ||
RISK 4 | (2020: 4) |
Smoking legislation
RISK MITIGATION
- Reviewed security arrangements and business interruption plans at properties.
- Reviewed the group's SASRIA insurance cover.
- Engaging with security companies to obtain early warnings of potential riots.
OUTLOOK
- Significant economic inequality could lead to future political and civil unrest which the group is closely monitoring.
RISK MITIGATION
► Submitted comments on the proposed |
Tobacco Bill against the May 2018 draft |
and we await government's view on the |
RISK 2 | ||
(2020: 1) | ||
Coronavirus (Covid-19)
RISK DESCRIPTION
The coronavirus global pandemic continues to severely impact our business operations and revenue across our gaming, hospitality and supply chain areas.
Risk category | Sun International's level | |
Business interruption | of control | |
Limited | ||
Primary board committee | Key stakeholders | |
Risk, audit, social and | Employees, customers, | |
ethics and remuneration | shareholders, suppliers, | |
committees | communities | |
RISK MITIGATION
- Covid-19protocols in place and continuously updated as lockdown levels change.
- Ongoing awareness and support provided around Covid-19 among employees, customers and guests.
- Opened several vaccinations sites at certain properties and actively promoting vaccinations group-wide.
- Significant cost containment measures implemented.
OUTLOOK
- Sun International will continue to adapt to the new normal business environment and encourage employees and guests to be vaccinated.
- Government's vaccination rollout plans will continue into 2022 to encourage citizens to be vaccinated.
RISK DESCRIPTION
South Africa's draft Control of Tobacco Products and Electronic Delivery System Bill, 2018 was published in May 2018 and includes a ban on smoking (including e-cigarettes) in public areas (both indoor and outdoor areas). This proposed legislation will have a significant impact on group casino revenues.
Risk category | Sun International's level | |
Regulated operating | of control | |
environment | Limited | |
Primary board committee | Key stakeholders | |
Risk committee | Employees, customers, | |
health authorities and | ||
shareholders | ||
collective submissions made. |
► Continue to lobby and engage with CASA, |
the gaming boards, trade unions and other |
affected corporates. |
OUTLOOK
- The South African legislation is not expected to be enacted in the 2022 financial year.
- The group continues to lobby and coordinate efforts with other affected industries.
- The group's legal department continues to monitor changes and/or movement on the proposed Bill.
2021 SUN INTERNATIONAL Integrated Annual Report
STRATEGIC LEADERSHIP | SUSTAINABLE VALUE CREATION | STRONG BUSINESS RESPONSE | CORPORATE DATA AND ADMINISTRATION | 20 | ||
Risk management continued
RISK 5 | (2020: 5) |
Increase in gaming taxes, fees and levies
RISK DESCRIPTION
Various provincial gaming boards have implemented and/or proposed increases to gaming taxes and levies in 2020. Where the increases have become effective the group is obligated to comply with the increases, however the group continues to engage with the various gaming boards directly and through CASA on these increases.
The Western Cape Provincial Government (WCPG) has promulgated a Bill into law that will introduce operator fees for casinos and route operators to fund the WCPG operations. The company has instituted legal action to review the WCPG's decision to impose the operator fees concerned. In the meantime, the WCPG confirmed that it will not impose the operator fees until the review application has been heard.
The KZN Provincial legislature has proposed amendments to the KZN Gambling Tax Act which seeks to increase gaming taxes; to tax Freeplay and to introduce a Transformation
Risk category | Sun International's level | |
Regulated operating | of control | |
environment | Limited | |
Primary board committee | Key stakeholders | |
Risk committee | Gaming boards, CASA, | |
provincial government and | ||
shareholders | ||
RISK MITIGATION
- Monitoring CASA's progress in challenging the increase on grounds of a procedural and fairness basis.
- Lobbying and challenging proposed gaming tax legislation is ongoing for the group.
- Legal action instituted to set aside the WCPG decision to impose operator fees on casinos and route operators in the Western Cape.
OUTLOOK
RISK 7 | (2020: 7) |
Increased demands from stakeholders (minority shareholders, communities and local suppliers)
RISK DESCRIPTION
There has been ongoing demands from local communities and local suppliers surrounding our operations, ranging from procurement, employment, shareholding to land opportunities.
Risk category | Sun International's level | |
Financial sustainability | of control | |
Limited | ||
Primary board committee | Key stakeholders | |
Social and ethics committee | Shareholders, communities | |
and suppliers | ||
RISK MITIGATION
- A formal community engagement management plan is in place to identify community needs.
- Continued to support local B-BBEE procurement and enterprise development within communities surrounding group operations, through our supplier registration database and our online tender notice board.
- Ongoing engagement with minority shareholders.
- Additional CSI and SED spend has been allocated to address some of the community needs identified as part of our ongoing community engagement strategy.
- Regular focused communication with interested stakeholder groupings such as our debt funders, shareholders and equity partners.
Fund, which is to be funded through gaming taxes raised. The company has engaged with the provincial legislature through CASA and directly in respect of its LPM operations and it will be objecting the proposed amendments.
- Currently the group is not aware of any additional increases in gaming taxes or levies.
- We anticipate engaging more constructively with gaming boards in the future regarding compliance costs associated with a gambling business.
OUTLOOK
- It is expected that increased stakeholder demands will continue, given the weak economic environment and the additional impact of Covid-19.
- Sun International will continue to proactively engage with stakeholders on their concerns.
RISK 6 | |||
(2020: new risk) | |||
Recovery of the hospitality and tourism industry and its impact on hotels and resorts
RISK DESCRIPTION
The hospitality, travel and tourism industry recovery will be prolonged, notwithstanding global vaccination programmes. This will affect international and local group travel and conferencing. Corporate transient travel will also be sluggish in the foreseeable future. Certain group properties will be harder
RISK MITIGATION
► Integration into the Global Hotel Alliance effective |
7 December 2021. |
► Ongoing focus on maximising domestic leisure revenues at all |
properties through online and direct booking channels. |
► Continual focus on maximising gaming accommodation and |
gaming revenues at Sun City, Wild Coast and Boardwalk. |
► Ongoing cost reviews at all properties. |
► Creation of additional events at resorts to drive midweek and |
RISK 8 | |||
(2020: 11) | |||
Erosion of market share due to other forms of gambling
RISK DESCRIPTION
The proliferation of Illegal gambling operations, the availability of casino style games offered by non-casino licensees and the operation of EBTs continues to erode gaming revenues.
RISK MITIGATION
► Engaged with a financial institution to ascertain the |
viability of blocking bank accounts of persons who |
are participating in illegal gambling activities. |
► Continuing to participate in the National Illegal |
Gambling Enforcement Forum consisting of the |
SAPS and the National Gambling Board (NGB). |
► Lobbying gaming boards for support from law |
enforcement agencies. |
► Following up on illegal gambling operations in |
hit due to reliance on conferencing and international tourists.
Risk category | Sun International's level | |
Financial sustainability | of control | |
Limited | ||
Primary board committee | Key stakeholders | |
Risk committee | Shareholders, gaming boards, | |
CASA | ||
weekend demand. |
► Ongoing engagement with government on vaccination travel |
protocols to encourage a swift return of international tourists. |
► Lobbying relevant regional and national government to |
maintain and upgrade roads, airports and infrastructure around |
Sun City. |
► Engagement with the Tourism Ministry and Tourism Business |
Council of South Africa with respect to removing obstacles to |
the growth of international tourist arrivals, e.g. Visas, air access |
and destination marketing. |
Risk category
Increased competition
Primary board committee Risk committee
Sun International's level of control
Limited
Key stakeholders
Gaming boards, CASA, South African Police Service (SAPS) and provincial
and national government
Sun International's catchment areas. |
► The company leverages developments in the |
online sports betting business to offset the erosion |
of revenue. |
► CASA is challenging the unlawful gambling through |
the Advertising Regulatory Board and provides |
regular updates to Sun International. |
OUTLOOK
OUTLOOK
- While vaccination rollout programmes are ongoing, we anticipate a slow recovery in the hospitality, travel and tourism industry in 2022.
- It is anticipated that alternative casino style games will continue to grow.
- Strategic focus on growing SunBet's share in the online gaming market.
- The group's strategy is to keep abreast of the changing landscape in the online gaming environment.
2021 SUN INTERNATIONAL Integrated Annual Report
STRATEGIC LEADERSHIP | SUSTAINABLE VALUE CREATION | STRONG BUSINESS RESPONSE | CORPORATE DATA AND ADMINISTRATION | 21 | ||
Risk management continued
RISK 9 | |||
(2020: 17) |
Loss of GrandWest casino licence exclusivity
RISK DESCRIPTION
The Western Cape Twentieth Gambling and Racing Amendment Bill and the Western Cape Twenty-First Gambling and Racing Amendment Bill were published on
8 May 2020, which seeks to: impose new casino operator and LPM operator fees, create new exclusivity areas and reduce GrandWest's exclusivity zone from 75km to 25km, and introduce a relocation and exclusivity fee. The High court recently ruled in favour of Tsogo Sun and compelled the WGGRB to consider an application for relocation. It however suspended its decision for one year for the WCPG to enact a new regulatory regime which will expressly allow the WCPG Board to approve applications to relocate casinos in the Western Cape.
Risk category | Sun International's level | |
Gaming and other | of control | |
operating licences | Limited | |
Primary board committee | Key stakeholders | |
Risk committee | Gaming boards, provincial | |
government, shareholders and | ||
potential investors | ||
RISK MITIGATION
- Proactively engaging with the Western Cape Premier and national government to discuss relocation and the possibility of licence exclusivity.
OUTLOOK
- Covid-19and the weak economy will reduce the likelihood of a relocation given the financial viability of such a move.
RISK 10 | ||
(2020: 9) | ||
Cyber threats and information security
RISK DESCRIPTION
Increasing interconnectivity, globalisation and commercialisation of cybercrime are driving greater frequency and severity of cyber incidents, including data breaches. These incidents or breaches could lead to system unavailability, business disruption and financial loss.
Risk category | Sun International's level | |
Business interruption | of control | |
High | ||
Primary board committee | Key stakeholders | |
Risk committee | Employees, shareholders | |
and potential investors | ||
RISK MITIGATION
- Establishing a security training and awareness communication strategy to enhance our people defence.
- Enhanced our remote working security protocols to combat new threats.
- Enhanced security monitoring tools to help establish a holistic security operation group-wide.
- Establishing a vulnerability management practice to provide reporting, monitoring and execution of identified threats across the application and infrastructure landscape.
- Conducting independent internal and external penetration testing to understand current threats and vulnerabilities.
- Assessing the regulatory environment, particularly the new Cyber Act, which was promulgated in May 2021 and its impact to the group.
- Assessing outsourcing security providers to enhance the security skills and existing resources required.
- A cyber insurance policy was put in place to help minimise risk exposure.
OUTLOOK
- We are constantly assessing our threat landscape to ensure our information security management systems is effective and robust to deal with evolving threats.
- Ransomware has been an increasing threat in South Africa, and we have partnered with various organisations to help with our detection and response capabilities.
- Phishing attempts are the primary attack type and our focus area is to enhance our awareness and communication to employees.
- As we look at more digital technology solutions, we have also enhanced our cloud security controls.
2021 SUN INTERNATIONAL Integrated Annual Report
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
Sun International Limited published this content on 14 March 2022 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 14 March 2022 06:13:05 UTC.