Integrated risk management (IRM)
The Eskom board, through the risk management committee,
acknowledges its overall accountability for ensuring an effective
results-driven, IRM process. Exco has implemented a risk monitoring
system that enables management to respond appropriately to
all significant risks that could impact negatively or positively on
business objectives.
To ensure completeness of the risk identification process, Eskom
has identified 13 major risk categories against which all business
objectives are assessed. The Eskom integrated risk accountability
matrix assigns executive accountability for each of the 13 risk
categories.
Risk management in Eskom is performed at departmental,
regional, divisional and subsidiary level and reported upward to
corporate (bottom-up). After consolidation of these integrated
risk reports, Exco and the board risk management committee
review and evaluate the risk profile to determine the major
operational, strategic and business continuity risks (top-down).
 |
|
Click here for more details of Eskom’s risk management principles. |
Ethical business conduct
Eskom commits itself to the highest standard of ethical conduct,
underpinning its key value of integrity. It strives at all times to
foster trust, dependability and honesty.
The ethics office assists the chief executive and the board in
setting the framework, rules, standards and boundaries for ethical
behaviour, and provides guidance to the Eskom group on ethical
conduct.
Key milestones for the past financial year include the approval of
Eskom’s code of ethics by its executive committee and the board,
the development of a communication strategy for the launch of
the code in April/May 2008 and its subsequent implementation
throughout the organisation. Training was provided to 77% of the
workforce on conflict of interest and ethics training was given to
new employees through the induction programmes.
Ethics awareness is furthermore created through the following
channels and ongoing initiatives:
- maintaining effective ethics structures within each division
- keeping the executive committee and the human resources,
remuneration and ethics committee informed via quarterly
ethics status reports
- providing an ethics advisory service for employees, suppliers
and customers
- maintaining an advisory service database in order to identify
trends
- monitoring ethics training interventions within the divisions
- monitoring the submissions of the electronic declaration
of interests forms by the board of directors, the executive
committee and employees
- maintaining the ethics website, covering key ethical issues,
frequently asked questions and training material
- hosting the annual ethics networking forum for ethics
sponsors and co-ordinators
- promoting Eskom’s externally managed toll-free whistleblowing
line, enabling employees, suppliers and customers to
report crime and irregularities confidentially
Internal control
The board is responsible for ensuring that an effective internal
control framework is established. Eskom controls focus on
critical risk areas identified by operational risk management
and confirmed by management. Controls provide cost-effective
assurance that assets are safeguarded and liabilities and working
capital are efficiently managed. Organisational policies, procedures,
structures and approval frameworks provide direction, establish
accountability and separate responsibilities. They each contain
self-monitoring mechanisms. Management and the corporate
audit department monitor controls and corrective action.
Audit
In line with the requirements of the PFMA and good governance,
corporate audit gives the audit committee and management
information on the appropriateness and effectiveness of internal
controls. Information is derived from an independent evaluation
of risk management and governance processes and internal
controls. Corrective action is identified and improved controls
suggested.
The audit plan covers major financial and commercial risks and
responds to any changes in Eskom’s risk profile.
Corporate audit is supported by the board and audit committee
and has unrestricted access to all organisational activities, records,
property and personnel.
External auditors independently audit and report on the financial
statements. The statements comply with international financial
reporting standards (IFRS).
Technical audit
The corporate technical audit department provides reports
to management on technical, environmental, quality and safety
performance. It also carries out incident investigations and
monitors technical performance. In addition, the department
measures and verifies energy efficiency and load-shifting projects.
Safety, health, environmental, quality and technical risk audits,
reviews and assessments are also conducted.
Corporate technical audit is supported by the board, audit
committee and chief executive, and has unrestricted access to all
organisational activities, records, property and personnel. Audit
programmes are based on one- and three-year cycles.
Security risk management
The board ensures that an integrated crime-prevention plan is
implemented to minimise exposure to criminal acts, particularly
fraud. The security risk management department addresses these
threats. Its work covers crime prevention, detection, response
and investigation.
Where serious fraud, corruption and irregularities are
suspected, forensic investigations (a division of security
risk management) establishes the facts to enable
management to deal appropriately with the matter and
prevent a recurrence.
|
