Risk Management


The Group Integrated Assurance Framework coordinates the Group's overall approach to risk management.

This entails identifying, assessing, addressing, monitoring, communicating and reporting Group risk, and includes the process of independently auditing adherence to and implementation of Group policies, standards, plans, procedures, practices, systems, controls and activities to ensure that the Group achieves the level of operational efficiency and compliance required by the Board.

The Board-approved Group Integrated Assurance Policy establishes and mandates the risk management, regulatory compliance and internal audit functions; effectively as the following three pillars of the Group Integrated Assurance Framework.

For more information about our Group risks and risk management practices, see our online integrated report.

A high level of risk awareness and mitigation has been embedded in daily management and operational activities. Given the size and complexity of the Group, Murray & Roberts can never comprehensively eliminate risk from every area of its operations. For this reason, management maintains a planned, coordinated and structured approach to identify, assess, address, monitor, communicate and report the Group’s large and complex risks. This includes governance structures (such as the Board risk management committee, the executive risk committee and the business platform risk committees), organisational leadership, strategic planning and effective management to ensure that the appropriate operational and functional capacities, as well as controls, systems and processes, are in place to manage and mitigate risk. Underpinning this is the Group Risk Management Framework.

The Group Risk Management Framework constitutes one of three pillars on which the Group Integrated Assurance Framework stands, and aims to:

  • Align strategy with risk tolerance;
  • Improve and streamline decision-making which improves the Group risk profile;
  • Promote the strategic, informed and coordinated procurement of a quality order book;
  • Ensure equitable commercial terms and conditions are contracted based on a predetermined set of acceptable contracting principles, together with the rational pursuit of commercial entitlement;
  • Promote early and rigorous project reviews, and timeous responses to projects showing early signs of underperformance;
  • Promote continuous improvement through the meticulous institutionalisation and rigorous application of key lessons learnt;
  • Reduce operational surprises, improve predictability and build shareholder confidence;
  • Build robust organisational risk structures and facilitate timeous interventions, to promote long-term sustainable growth; and
  • Promote the efficient and proactive pursuit of opportunities.

Regulatory compliance constitutes the second pillar of the Group Integrated Assurance Framework. With the continued growth and expansion of the Group, especially in new geographies and disciplines, regulatory compliance is a large and complex area to understand. This in turn requires a structured approach to evaluate compliance failures and ensure adequate responses are initiated timeously to mitigate and avoid any negative impact on the Group’s performance.

The regulatory compliance function provides specific focus on regulatory compliance risk within the context of the Group Integrated Assurance Framework. The key imperative of regulatory compliance is to ensure material compliance across the Group with every law, rule, code and standard where non-compliance could materially impact the Group’s performance and/or continued existence, whether from a financial, legal or reputational perspective.

The implementation of the Group Regulatory Compliance Framework focuses on the seamless integration of regulatory compliance (with risk management and internal audit) into business planning, execution and management.

Internal audit is a key element of the Group’s assurance structure, and constitutes the third pillar of the Group Integrated Assurance Framework. Internal audit has established a robust, risk-based approach to identify the critical risk management control environment which is relied on by management, and which is to be tested and evaluated for the purposes of providing the Board with the risk management and regulatory compliance assurance it requires to meet its governance objectives. Internal audit follows a planning and execution process through which the risk-based approach is delivered in a consistent manner, followed by detailed reporting and issue tracking.

It is through diligent implementation of the Group Integrated Assurance Framework that the critical risk processes and responses to be included in the internal audit plan are developed. These include interactions with the Group risk manager and the Group legal executive, and with specific reference to their respective mitigation objectives, strategies and plans. The audit plan also encompasses the assessment of Group-wide corporate governance, internal financial controls and risk management procedures, as well as specific areas highlighted by the audit & sustainability committee, Group executive committee and by executive and operational management for separate and dedicated review.