THE AUDIT AND RISK COMMITTEE (ARC) IS TASKED WITH TWO BASIC FUNCTIONS – TO OVERSEE THE AUDIT FUNCTION AND TO ENSURE PROPER RISK GOVERNANCE OF THE GROUP.
In essence, auditing the group is an assessment of the group’s current position – what assets are in hand and what we’ve experienced during the past year. Risk governance is an assessment of the unknown – what can we place on the table to ensure our continued success.
As such, it reminds one of a game of poker. On the one hand, you need to know your current position – what cards you have in hand, what assets you have available to bet, what plays were made by other players and how they affect your performance. Only by properly auditing your current position, can one move forward with confidence. You need to make sure proper controls are in place to prevent chips from falling off the board. You must understand the strength and weaknesses of the cards in hand – know what assets to be deployed against strategies you’ve seen in the game – or in the market. But, that is only one half of the game.
Now that you know what you’ve got, you must decide what you can place on the table – what to bet, without placing your continued presence in the game. Even sure bets and the best cards can be dealt a bad hand, and to stay in the game, those risks must be mitigated. It is a game of probabilities, much like risk governance. Yet, without a certain amount of risk, there can be no return – and that is the ARC’s primary function. What can we risk in the group to ensure sustainable above average wealth creation for all stakeholders?
Risk in itself is not bad, except when risk is mismanaged, misunderstood or mispriced. We are entrusted to ensure bets are correctly placed, bets that might affect the future of the group. The board of directors determines the risk tolerance for the group and the ARC is constantly testing, monitoring and implementing safety measures to ensure that the risk tolerance of the group is not enthused. As such, the risk tolerance of the group is clearly identified and defined. To assist management to identify risk indicators, the ARC is informed of the risks and exposures which the company may face. The ARC is also updated regularly on the company’s strategic objectives, procedures and evaluations.
Risk is not only measured in monetary value, but reputational risk is also of great importance. Are we a responsible player in this game and in the market? How the group’s actions are perceived by others in the market adds another layer of responsibility to being a good corporate citizen. The environment in which a company operates, the social impact it has, the economic impact and overall influence are all factors that must be considered when measuring risk.
To be a good corporate citizen might be attainable, or even achievable through regulatory
enforcement, but being a good corporate citizen is not good enough. Trustco holds itself to a higher standard, where good is not good enough, but aims for better.
All the discussions of risk are for naught if we do not know that we have a solid base of assets to operate from – to execute our betting strategies. Know thyself, the saying goes, and Trustco, a company with an integrated structure, encourages transparency, cooperation and integration between the external and the internal audit function. This enables the ARC to get a clear understanding of the strengths and weaknesses of the group’s internal control management systems. Any identified weaknesses are dealt with immediately.
To ensure our risk assessments are current, the ARC maintains an ongoing responsibility
to assess and maintain the effectiveness of the control framework, and therefore gathers
information from management and also from the external and internal audit as part of its
assessment process. This leads to the ARC challenging and testing management as well as the external and internal auditors on any assessment they may have made. Without this critical process, we could be betting blind! We are constantly briefed on how management is embedding a culture of good governance and ethical behaviour. Although embedding such a culture does not guarantee that the group will achieve its goals, the lack of such culture provides greater opportunity for error or improprieties to occur.
Trustco is not a company that engages in a “box-ticking” exercise to ensure compliance, but rather sees compliance as a means to enhance shareholder return. As chairman of the ARC, I can congratulate the company for actively pursuing good governance principles, cultivating a culture of excellence, and at all times being transparent.
I would like to use this opportunity, to thank all members of the committee for their considerable effort and the devotion with which they have executed their duties during the year. The management of internal audit, risk and compliance does not always have an easy task.They often experience challenging views and opinions from management, but their dedication and resilience is truly commendable.
Chairman of the audit and risk committee