LENMED AIR 2019.pdf

and its reputation, but it is willing to take on risks at manageable levels for operations and finance, recognising that reward and opportunities flow from the acceptance of risk. The Group is not itself involved in conducting medical research or practising medicine but provides facilities and equipment for procedures conducted by medical practitioners; and nursing care for patients. The Group operates in a field in which risk is ever present and is a fundamental part of business strategy. Accordingly, the company adopts practices and procedures, which address risk in all facets of the business. Hospital management and staff are made aware of the risks inherent in their roles and they accept responsibility for managing risk within their scope. The Group has not set a loss limit which it is willing to accept on any transaction as this will always be dependent on the activity on hand. In evaluating any project including reviews of under- performing assets, etc, the company gives considerable attention to ensuring that the project does not: + Strain the solvency and liquidity of the company with reference to the five-year forecasts + Cause a breach of bank and loan covenants + Cause a breach of the prudent financial ratios under which the company operates The appointed insurance broker, Marsh provides additional assurance on risk management through regular discussions with management and an annual presentation to the Risk Committee. The organisation structure continues to be expanded to place a greater emphasis on compliance and professional standards as well as internal controls and succession planning. The filling of new roles and the implementation of continually improving standards is an ongoing process. The Group policy on risk delegates risk management to every manager and employee as a significant job responsibility. It has accordingly not made risk management a stand-alone staff function. As such the company has also not seen it as necessary to seek independent third-party assurance on its governance of risk, except to the extent that it receives assurance from Marsh on insured and uninsured risks on assets and liabilities and it engages with its attorneys and other professional advisors prior to entering into significant contracts or commitments. The Audit and Risk Committee receive the reports of the IT Governance Committee as well as the minutes of that committee. The IT executive attends the deliberations of the Audit and Risk Committee when invited and makes presentations to the committee on progress on the implementation of SAP, on which good progress has been made on the initial framework, cyber- crime and IT policies. In the future, the Group will enjoy the benefit of additional data analysis which will be provided from SAP and related systems. A considerable proportion of IT management and operations areoutsourcedtoensure state-of-the-art performance and to diversify risk. The performance of the outsourced services against SLA is reviewed annually by the IT Committee. During the year, the systems were tested by benign hacking programmes. Any shortcomings found were the subject of additional programme safeguards, controls and further system tests. The Group continues to make progress in identifying and assessing the extent of compliance with the legislation that affects it. This is a work in progress because of the dynamics of legislative amendments and court interpretations; which applies to all business in SA. In this, the company receives guidance from its outsourced legal advisors. Conclusion The committee confirms that it has fulfilled its responsibilities in accordance with all material aspects of its charter for the year and has recommended the integrated report to the Board for distribution to members. Board committees continued 74 ENSURING AND PROTECTING VALUE