GOVERNANCE, ETHICS, AND CYBERSECURITY
A high standard of corporate governance has been instilled within the Group. We gain competitive differentiation in how we execute projects that are safe, efficient, and of high quality while considering environmental impacts; in our approach as an employer in all our markets; and in how we behave as a corporate citizen with international and local responsibilities. An effective governance structure, aligned with the principles and practices of King IV, is in place and a clear organisational framework defines the relationships and decision-making rights between governing bodies in the Group and across business platforms. Our governance frameworks and reporting structures ensure visibility and compliance across all our business platforms.
ETHICAL BUSINESS CONDUCT
Corporate culture ultimately determines strategic choices and outcomes. The Murray & Roberts culture is tangible; it is rooted in our Values and binds our operations to the philosophy of Engineered Excellence. Our Values, Statement of Business Principles and Code of Conduct guide employees when acting for and on behalf of the Group in the pursuit of its strategic and business objectives. These pillars are the reference point for our decisions on policy positions, capital allocation, business practices and contracting principles, as well as how we manage performance and set our priorities.
We expect every one of our employees to adhere to our high ethical standards, and all our businesses are expected to align with the Group’s frameworks, standards and Values at a minimum, in tandem with all local laws, regulations and contracting norms.
The following three elements ensure we uphold our reputation for responsible and ethical conduct:
1. Code of Conduct
Our Code of Conduct supports ethically robust and defensible decision-making. It applies to all employees and all other stakeholders with whom we do business. Behaviours that depart from these principles are firmly sanctioned. The code and supporting policies are updated regularly.
2. Standards of Good Practice
We subscribe to and comply with the 10 business principles of the UN Global Compact and with the principles and standards of good practice of the OECD Guidelines for Multinational Enterprises.
3. Business Practices
Group executives and senior management complete written declarations twice a year, confirming they are aware of the Group’s anti-corruption and bribery policies and are not aware of any instances where these policies, or competition law, have been infringed. For every tender submitted, everyone in a position of authority of influence in the preparation and authorisation of the tender, formally declare that there was no unethical, unlawful or uncompetitive practice involved in the preparation and/or submission of the tender, and that they are not aware of anyone else affiliated with the tender directly or indirectly having committed any such malpractice. The declaration is binding throughout the project life cycle.
The Company has a capital structure where each share carries one voting right. There are no restrictions to the shareholders’ rights to introduce a resolution at the AGM, subject to the requirements set out under Section 61 of the Companies Act. On receipt of a written demand delivered to the Company and submitted by holders in aggregate of at least 10% of the voting rights, the Board must call a shareholders meeting.
There are no anti-takeover measures in place and the Company is only able to issue shares on the express permission of the shareholders by means of an ordinary resolution. No resolution to approve the general issue of shares has been proposed since the 2010 AGM. There are no limitations on share ownership as an anti-takeover device.
The Group does not trade in countries that are grey listed by the latest OECD tax transparency report. The sole purpose for registration in such countries is as an Investment Holding company which does not obtain any tax benefit.
PricewaterhouseCoopers non-audit related fees are 14% (FY20: 10%) of the total audit fees.
INTEREST OF DIRECTORS
The directors of the Company held direct beneficial interests in 1 879 694 ordinary shares of the Company's issued ordinary shares (FY2020: 1 327 361).
WHISTLE BLOWING POLICY
The Whistle Blowing Standard, implemented by the Murray & Roberts Limited Board and management teams, provides for the anonymous reporting of unethical behaviour and is available to all stakeholders of the Group.
The Murray & Roberts Group conducts its business honestly and with integrity. This protects the reputation of our organisation and our employees. The Group subscribes to an independent, confidential whistle-blowing hotline service that operates 24 hours a day, 7 days a week and 365 days a year.
How does it work?
- Anybody can contact Tip-Off's Anonymous.
- Trained operators will respond to calls in all 11 of the official languages.
- The hotline is open 24 hours a day and 365 days a year.
- All information is sanitised and fed back to the company for further investigation.
- Tip-Off's Anonymous will never reveal the identity of the caller and you don’t have to give your name.
Contact Tip-Off''s Anonymous using any of these methods:
Toll Free 0800 00 32 46
Free Fax 0800 00 77 88
Freepost DN298, Umhlanga Rocks, 4320
The frequency and sophistication of cybercrime incidents globally is increasing. As more employees work remotely in line with changing workplace models and as the business platforms accelerate their digital strategies, the potential for disruption or damage to the Group caused by cyber breaches or attacks increases. The Group maintains robust cybersecurity frameworks to guard against these real threats.
Our IT systems are independently tested, and continual improvement is made to our IT Security Framework, including our security governance processes and technical defences. Business continuity system restore tests are run annually. A cyber incident response procedure is in place. Our approach includes cybersecurity awareness programmes for employees, backup solutions to recover from breaches and insurance cover for cybercrime-related losses.
Our FY21 performance:
- We rolled out online learning courses on cybersecurity and data privacy, and raised awareness about the POPI Act, which came into effect in South Africa on 1 July 2021.
- We are updating the information management standard, which will be distributed to all operations so that they can update their particular information management standards and ensure that their employees who are responsible for working with and processing personal data understand their responsibilities.
- The Group is satisfied that it complies with the POPI Act requirements, and an audit review will be conducted of the actions taken.
- There were no cybersecurity breaches experienced during FY2021 and no data lost.
- Additional policies have been applied to various software solutions, and additional backup capabilities introduced. A Group-wide security maturity assessment was undertaken, measured against a minimum security baseline standard, to ensure adequate cyber protection.
- A Group-wide vulnerability management standard was launched, with the selection of new technology solutions underway to support the standard. This will assist with a more proactive response to data recovery and downtime.
- A cybersecurity assessment was conducted for the South African operation.
In this section