Underpinned by our values, we proactively manage risk to enable the achievement of our strategic objectives and to maintain a positive reputation among our stakeholders. Risk management is inextricably linked to our strategy, is an essential element of sound corporate governance and a crucial enabler to exploit opportunities. Not only do we deal with the uncertainty in the business environment by minimising the downside, we also seek to capitalise on the upside potential to achieve our strategic objectives.
Our approach to risk management
Our risk policy strengthens the link between strategy, risk and key decision-making processes that are required for effective risk management. In 2017 we evolved our risk management approach to ensure flexibility and relevance to Sasol’s business needs in a changing operating environment, by implementing the Enterprise Risk Management (ERM) Framework.
The ERM Framework enables effective risk management with measurable results ensuring continuous feedback to meet stakeholder requirements. We sustainably manage our risks by applying our ERM Framework, which is anchored in the five risk management fundamentals, namely: accountability, business knowledge, event-based risk management, risk-based responsiveness and risk assurance.
Our ERM Framework has improved our internal risk capabilities. It enables us to have line of sight of our full risk landscape through the utilisation of our risk categorisation tool named our risk breakdown structure. The risk breakdown structure has six categories namely: Financial, Operational, Market, People, Legal and Regulatory and Geopolitical and Corporate Affairs. We have adopted the bow-tie methodology to assist us in better analysing the risks we face.
The ERM Framework includes our risk management process, which is aligned with Sasol’s operations excellence model (Plan, Do, Review, Improve) to efficiently manage and govern risk and enhance the monitoring of risk.
Governance of risk management
Risk tolerance and risk appetite
We understand and proactively manage risks within set risk appetite and risk tolerance levels, in order to optimise business returns. We define risk appetite as the amount and type of risk that we are willing to take in order to meet our strategic objectives. It is inextricably linked with expected returns. We define risk tolerance as the amount of uncertainty that we are prepared to accept and cope with. It identifies the maximum boundary, beyond which we are unwilling to operate.
Mitigating our top risks
Our top risks include:
- risks and opportunities that have a direct potential impact on financial risks which relate to revenue, earnings and capital as these financial risks are the main drivers of the approved risk appetite and tolerance metrics;
- risks that can impact our achievement of longer-term strategic objectives; and
- risks that can impact our near-to-medium term business plans and our reputation.
The risk “watch list” replaces our previous emerging risks. It contains risk areas not specifically covered in the revised group top risks and is constantly evolving. Jointly the top risks and “watch list” represent a comprehensive coverage of risks themes that could potentially impact Sasol.
The WATCH LIST THEMES INCLUDE:
- Asset inflation;
- Major public health crisis and global pandemics;
- Global security incidents;
- Disruptive/new technologies; and
- Energy mix.
|Risk and Rationale||Key Responses/Mitigation||STRATEGIC OBJECTIVES|
|1||Risk of macro-economic factors impacting our ability to sustain the business, manage our liquidity requirements and execute our growth strategy||
|2||Risk of our ability to remain competitive in the markets in which we operate and have growth aspirations||
|3||Risk of not consistently achieving competitive capital project performance||
|4||Risk of non-compliance to laws, regulations and non-adherence to good governance practices||
|5||Risk of ineffective human capital management||
|6||Risk of a major safety, health or environmental undesirable event or liability occurring||
|7||Risk of the impact of environmental challenges on the sustainability of our business model||
|8||Risk of major unplanned production interruptions impacting our integrated value chain||
|9||Risk of not delivering on strategic growth objectives||
|10||Risk of not building and sustaining trust-based relationship with our stakeholders||
|11||Risk of undesirable geo-political and social events in countries in which we operate||
|12||Risk of inadequate information security management of next generation cyber threats||