Primary responsibility for risk awareness and mitigation has been embedded across the Group’s business platforms. Given the scale and complexity of the Group, Murray & Roberts cannot comprehensively eliminate all risk from its internal and external business and commercial interfaces.
For this reason, management manages and maintains a planned, coordinated and structured approach to identify, assess, mitigate, monitor, communicate and report the Group’s risks, prioritising those that are complex and large. This includes governance structures (such as the Board risk management committee, the executive risk committee and the business platform committees), organisational leadership, strategic planning and effective management to ensure that the appropriate operational and functional capacities, as well as systems, controls and processes, are in place to manage and mitigate risk. Guiding this approach is the Group Risk Management Framework.
The Group Risk Management Framework constitutes one of three pillars on which the Group Integrated Assurance Framework stands, and aims to:
- Align strategy with risk tolerance;
- Improve and streamline decision-making which improves the Group’s risk profile;
- Promote the strategic and coordinated procurement of a quality order book, which contains a known and planned level of risk and a commensurate level of reward;
- Ensure equitable commercial terms and conditions are contracted based on a predetermined set of acceptable contracting principles, together with the rational pursuit of commercial entitlement;
- Promote early and rigorous project reviews, and timeous responses to projects showing early signs of deviation from planned and tendered expectations;
- Promote continuous improvement through the institutionalisation and application of key past lessons learnt;
- Reduce operational surprises, improve predictability and build shareholder confidence;
- Build robust organisational risk structures and facilitate timeous interventions, to promote long-term sustainable growth; and
- Promote the efficient and proactive pursuit of opportunities.
01 ORGANISATIONAL STRUCTURESIn addition to the various Group operating board responsibilities, organisational structures have been created and tasked with risk governance and include the business platform risk committees, the Murray & Roberts Limited risk committee and the Murray & Roberts Limited project oversight committee.
02 FUNCTIONAL SUPPORTDedicated risk management support has been created at Group level and within businesses. This includes enterprise-wide risk leadership, risk management monitoring, risk-based auditing and operational and risk committees.
03 STRATEGIC RISK MANAGEMENTStrategic risk is evaluated as a hurdle to achieving the Group’s long-term strategy. Direction is set for organic and acquisitive growth to access new markets and create new capacity, and is also applied to acquisitions, disposals, new business development and timely and necessary leadership intervention.
04 OPERATIONAL RISK MANAGEMENTOperational risk is a potential barrier to achieving planned profits within the Group’s business platforms. Methodologies for identifying, evaluating, mitigating, monitoring and communicating risk are applied in the operational business environment. Business plans with a three-year horizon are developed and performance against these is subject to quarterly review.
05 PROSPECT AND PROJECT LIFE CYCLEProject risk is evaluated as a potential barrier to delivering contracted scopes against cost, time and technical performance targets, while maintaining health, safety and environmental performance at acceptable levels. A project management framework sets the minimum standard for project management required in the delivery of projects across the Group.
A project management development programme is in place to enhance and refresh project management skills across the Group. The framework also provides internal audit with a consistent set of processes and controls against which project performance is tested. Project risk management activities include the Group risk tolerance filters, lessons learnt and contracting principles schedules, project reviews and project dashboards.