Eskom Holdings values the importance and benefits of having
a comprehensive, fully integrated risk management (IRM)
programme. Our programme manages risks on an enterprisewide
basis. The Eskom IRM programme strives to comply with
best practices, having regard to the requirements of King II, the
DPE Risk Management Framework, and the broad guidelines of
international benchmarks such as the Integrated Risk Management
of South Africa (IRMSA) Code of Practice, the Committee of
Sponsoring Organisations of the Treadway Commission (COSO),
and other international risk guidelines.
The board acknowledges its overall accountability for ensuring
an effective results-driven, integrated risk management process.
Exco, through the general manager: risk management, has
implemented a risk control system to enable management to
respond appropriately to significant risks that could impact
negatively or positively on business objectives.
Risk reviews are conducted twice a year with input from
divisional and functional areas. Risks identified are ranked by
divisions and subsidiaries, reviewed, and then assessed by Exco,
the risk management committee, and the board to determine
the major operational, strategic, and business continuity risks.
The ratings of the risks are finalised after considering the
mitigation plans, and executive accountability is assigned for
each of the risk categories.
Integrated risk profile
Eskom reports on operational, strategic, and business continuity
risks as part of the risk profile. The risk dashboard reflects the
likelihood and impact of the top ten risks facing us.
Safety, climate change, leadership, ethics and attention to detail
are focus areas inherent in all risk mitigation actions and impact
all of these risks.
|Description of risks
||Timeous, on budget and
effective rollout of the
availability and reliability
||Impact of government
and regulatory policy on
||Continuity of electricity
||EDI restructuring and
||Public confidence in
||Effectively plan and
||Availability of skills and
These are events, hazards, variances, or opportunities that could
influence the achievement of Eskom’s operational and compliance
objectives. We have 10 major operational risks, which have not
changed significantly over recent years.
In the Eskom context, a strategic risk is a significant
unexpected or unpredictable change or outcome beyond
what was factored into the organisation’s strategy and
business model and which could impact the group’s
The strategic risks monitored and managed by the
board and Exco are climate change, skills availability,
primary energy, financial sustainability, and the policy
Business continuity risks
Business continuity management (BCM) addresses
business process continuity, recovery, and restoration
following business interruption and disasters. BCM risks
are those events, hazards, variances and opportunities
that could influence the continuity of Eskom.
All divisions and subsidiaries develop, implement, maintain
and review appropriate business continuity plans for all
the areas of their business.
||Click here for more details on major operational risks and strategic risks.