Integrated Annual Report
2019

Currently viewing: Material issues, risks and opportunities | Next: Engaging with our stakeholders

Material issues, risks and opportunities

Framework and model

The Group has in place an Enterprise Risk Management framework which is based on a combined assurance model comprising: management, external auditors and internal audit. This model and its related activities are structured to ensure that the Group's risks are adequately managed by formulating the Group's strategic imperatives on such.

IDENTIFICATION OF RISKS

Identification of risks is based on:

  • the Group's risk bearing capacity (the capacity to absorb losses arising from risks without an immediate threat to the Group's continued existence based on its current business model);
  • risk appetite (the amount and type of risk the Group is willing to accept in pursuit of its business objectives); and
  • risk tolerance (the acceptable levels of variation relative to the achievement of the Group's objectives).

QUANTIFICATION OF RISKS

Certain financial measures form the basis on which these risks are quantified.

CATEGORISATION OF RISKS

Identified risks are categorised according to:

  • inherent risk (a function of their potential impact and probability); and
  • residual risk (based on the effectiveness of mitigating controls or responses to address the inherent risk).

The identified risks are encompassed in the following risk categories:

  • supply chain disruptions;
  • IT infrastructure and network vulnerability;
  • loss of quality earnings/revenue/profitability/future growth;
  • talent attraction/development/retention;
  • brand identity and corporate image; and
  • regulatory compliance.

Residual risk heatmap – combined

Residual risk heatmap – combined

Below is a summary of the Group's top risks and/or material issues based on their residual risk ratings. A summary of the strategic imperatives related to each risk is provided.

MATERIAL ISSUES, RISKS AND OPPORTUNITIES

1. Social unrest impacting operations
Risk description   Mitigating controls   Strategic imperatives
  • Social unrest in the areas in which the Group operates impacts retail and manufacturing activities.
  • The risk is particularly relevant for Ceramic Industries’ factories and TopT retail stores.
  • Impacts safety of Group employees and customers.
 
  • Business interruption insurance cover in place.
  • The portfolio and marketplace are analysed on an ongoing basis to ensure risk is mitigated and targeted property returns are achieved.
  • The Group has a Social Unrest policy in place primarily focused on the safety of Group employees and customers.
  • Ongoing community engagement and social economic development activities conducted in communities in which we operate.
 
  • Continuous investment in and management of relationships with communities within which we operate.
2. Network penetration
Risk description   Mitigating controls   Strategic imperatives
  • External penetration of our networks (including hacking, phishing, etc). Probability intensified due to increased web traffic to webstores which are integrated into SAP, ongoing high profile hacking incidents internationally (related to malware), and roll out of wifi solution for customers in stores.
  • Website cloning and rerouting of online payments gateway via webstores and new mobile devices with integrated payment pebble.
  • External penetration of Android-based handheld scanners used in the stores (including hacking, phishing, etc).
  • Increased usage and access points with roll out of new local stores, East Africa stores and webstores.
 
  • Prevented with use of firewalls, segmentation of network landscape, implementation of secure socket layer certificates to encrypt end-to-end data and graph antivirus solution with additional patch management control
  • User passwords regularly updated.
  • Quarterly penetration testing performed by external service providers.
  • Handheld scanners hosted on hidden network with SSL encryption enabled.
  • Cyber insurance in place through reputable provider.
 
  • Quarterly review of all network policies and procedures and network and router configurations to assess risks in order to mitigate them.
  • A Protection of Personal Information (“PoPI”) compliance project is ongoing to assess areas of risk in order to mitigate them and ensure compliance with the PoPI Act.
  • Heat mapping of internal and external networks, reviewed on a monthly basis with senior management.
3. Pace of innovation and agility inadequate
Risk description   Mitigating controls   Strategic imperatives
  • Pace of innovation with smart scanners and functionality in stores and online is not sufficient or fast enough to keep pace with the market and competitors, and other disruptive activities.
 
  • The Group’s Digital Forum meets regularly to discuss and analyse trends and disruptive technologies to ensure that the business is positioned to respond to or introduce innovation into its operations.
  • Members of Digital Forum attend relevant conventions and expos.
  • Continuous engagement with service providers.
 
  • Ongoing research and development ensuring involvement of key stakeholders will promote relevance of technology/application to the needs of the business.
4. Loss of profitability and/or market share if products do not remain fashionable
Risk description   Mitigating controls   Strategic imperatives
  • Not remaining fashionable is a major risk and has significant influence on the market share enjoyed by the business.
  • The risk is especially pertinent for age group 35 and below.
  • Customer expectations not satisfied with product offering.
 
  • Regular regional meetings and strategy sessions held to source insight into markets, receive product feedback and communicate fashion trends, product innovation, merchandise and store improvements, market analysis and opportunities for growth.
  • There are experienced brand/divisional/ supply chain managers in the business, who focus on key products and areas.
  • Attendance at international trade fairs.
  • Ongoing cost/pricing adjustments and expansion of distribution channels (eg e-commerce).
  • Store displays and trading space are continually refreshed, and ideas shared across the Group via various mediums (eg operations newsletter).
  • Ongoing ‘competitor shopping’ undertaken.
  • Inventory provisioning process in stores ensures improved product life cycles.
  • BOP utilised to improve in-stock levels of business critical items, and management/exit of slow moving inventory.
 
  • Work with suppliers and leading experts to ensure ‘wow’ factor of products and merchandising.
  • Use business information tools to train and motivate operators to innovate and pioneer.
  • BOP continues to improve product lifecycles, thereby ensuring constant responsiveness to evolving fashion.
  • Optimal range/pricing structures will remain a priority.
  • The Group’s high standing among customers is to be maintained by continuing to deliver an offering in line with customer demand. In this regard, continuous improvement in the approach to product research and development is crucial.
5. Staff inadequately trained
Risk description   Mitigating controls   Strategic imperatives
  • Individuals are not adequately trained/ developed, and succession planning may be inadequate.
 
  • The Group conducts various training courses and operates an established Tiling and Plumbing Academy. Training spend is significant.
  • Divisional management and the executive directors of the Group are closely involved in the operations of the business and regular regional meetings are held, as well as other regular interactions.
  • The business implements career advancement training which comprises its Leadership Development Programme, Operator Training Programme (“OTP”) and other university-affiliated courses.
  • The Group has a culture of developing and promoting from within, and various initiatives and programmes are in place to foster this.
  • Employee engagement surveys are conducted and reviewed by Group management.
  • E-learning platforms are in place with Group and retail-specific content.
 
  • Instil greater retail-specific focus in training and development programmes; attract and retain key talent through promoting business partnerships; and encourage commitment to business success through development programmes and remuneration and reward strategies.
  • OTP will continue to serve as an important mechanism to build leadership capacity in the Group.
  • Enhanced e-learning initiatives will improve training in outlying and rural areas.
  • Building of additional capacity in the Human Resource department with particular focus on the Group’s three retail brands.