Risk Management


The Group Integrated Assurance Framework coordinates the Group's overall approach to risk management.

This entails identifying, assessing, addressing, monitoring, communicating and reporting Group risk, and includes the process of independently auditing adherence to and implementation of Group policies, standards, plans, procedures, practices, systems, controls and activities to ensure that the Group achieves the level of operational efficiency and compliance required by the Board.

The Board-approved Group Integrated Assurance Policy establishes and mandates the risk management, regulatory compliance and internal audit functions; effectively as the following three pillars of the Group Integrated Assurance Framework.

A high level of risk awareness and response has been embedded in daily management and operational activities. Given the size and complexity of the Group, Murray & Roberts acknowledges that risk can never be fully eliminated. For this reason, management has designed and implemented a planned and structured approach to identify, assess, address, monitor, communicate and report the Group's large and complex risks. This includes governance structures (such as the Board risk management committee, the executive committee and the business platform risk committees), organisational leadership, strategic planning and effective management to ensure that the appropriate operational and functional capacities, as well as controls, systems and processes are in place to manage risk. Underpinning this is the Group Integrated Assurance Framework.

With the continued growth and expansion of the Group, especially in new geographies and disciplines, regulatory compliance is a large and complex area to understand. This in turn requires a structured approach to evaluate compliance failures and ensure adequate responses are initiated timeously to mitigate and avoid any negative impact on the Group's performance. The regulatory compliance function provides specific focus on regulatory compliance risk within the context of the Group Integrated Assurance Framework.

The key imperative of regulatory compliance is to ensure material compliance across the Group with every law, rule, code and standard where non-compliance could materially impact the Group's performance and/or continued existence, whether from a financial, legal or reputational perspective.

The implementation of the Group Regulatory Compliance Framework focuses on the seamless integration of regulatory compliance (with risk management and internal audit) into business planning, execution and management.

Internal audit is a key element of the Group's assurance structure, and constitutes the third pillar of the Group Integrated Assurance Framework. Internal audit has established a robust, risk-based approach to identify the critical risk management control environment which is relied on by management, and which is to be tested and evaluated for the purposes of providing the Board with the risk management and regulatory compliance assurance it requires to meet its governance objectives. Internal audit follows a planning and execution process through which the risk-based approach is delivered in a consistent manner, followed by detailed reporting and issue tracking.

It is through diligent implementation of the Group Integrated Assurance Framework that the critical risk processes and responses to be included in the internal audit plan are developed. These include interactions with the Group risk manager and the Group legal executive, and with specific reference to their respective mitigation objectives, strategies and plans. The audit plan also encompasses the assessment of Group-wide corporate governance, internal financial controls and risk management procedures, as well as specific areas highlighted by the audit & sustainability committee, Group executive committee and by executive and operational management for separate and dedicated review.

For more information about our Group risks and risk management practices, see our online integrated report.