HOW WE GOVERN OUR BUSINESS
Combined assurance receives deliberate and focused attention at Bidvest. The audit committee ensures that our combined assurance model adequately addresses Bidvest’s risks and material matters through the aggregated efforts of assurance providers.
Continually optimising our combined assurance model avoids duplicative efforts, rationalises collaboration efforts upstream amongst assurance providers, coupled with effectively managing assurance costs. The activities are coordinated to maximise the depth and reach of assurance achieved by each of the assurance providers. This enables an effective control environment and ensures the integrity of information used for reporting and decision making.
Bidvest values simplicity. Focus makes it easier to manage our business, which is fundamental for transparency and good governance.
Board. Executive directors implement strategies and operational decisions. Nonexecutive directors provide an independent perspective and complement the skills and experience of executive directors. They objectively assess strategy, budgets, performance, resources, transformation, diversity, employment equity and standards of conduct.
Remuneration is a critical factor to attract, retain and motivate the entrepreneurial talent that is at the heart of Bidvest’s strategic and operational objectives.
Risk management means identifying risks, taking action and turning these into opportunities. At Bidvest, a combined assurance model enables an effective control environment and ensures integrity of information.
Human capital. At Bidvest we care for our people. We aim to provide a safe and healthy workplace with equal opportunities which is conducive to learning and personal growth.
Transformation is important. Bidvest manages transformation beyond the scorecard. It is a strategic imperative for growth, prosperity and continuity. Bidvest has a level 4 B-BBEE rating.
Sustainability. We aim to do business in an environmentally friendly manner that drives positive social and economic change.
Key stakeholder relationships are an essential element of strategy implementation and supports long-term sustainability objectives.
Internal audit (IA)
The IA function is an independent, value-adding, progressive and responsive service to Bidvest’s stakeholders. It fulfils a role of objectively evaluating the business processes and controls so as to appropriately manage risk and support management's commitment to a strong control environment and operational excellence.
A risk-based IA plan is approved by the divisional and Group audit committee on an annual basis and is re-calibrated quarterly in order for the IA function to provide assurance services against the relevant and elevated risks of the business.
The IA function is well-constituted with a professional audit staff (in excess of 25 CA(SA)’s in senior audit positions) with sufficient knowledge, skill-set and experience to execute on the board approved IA Charter that is consistent with the Institute of Internal Auditor's definition of internal audit as well as the principles of King IV. Given the ever-increasing dependencies of the business on IT, specialised audit and consulting skills have become a necessity in the function.
Analytics and automation are well-entrenched into the mechanisms of the IA functions with further disruptive robotic initiatives being the focus for the future of IA.
IT governance – The board acknowledges technology as a mechanism to access, protect and manage information. In relation to the IT Framework below, the board governs both technology and information so that these support the organisation in achieving its strategic objectives.
The IT Forum is represented by CIOs from each division across Bidvest and is a platform within which to:
Each IT environment across Bidvest is subjected to an IT audit as part of the IA plan. The IT audit assesses design and effectiveness of the IT environments from a control perspective coupled with providing a view on the strategic enablement of IT by the businesses.
IT resources. Fit-for-purpose in-house operational IT skills, with the necessary strategic IT oversight, are in place. These are complemented by outsourced vendors with specialist networking, telecommunications, and cyber security skillsets.
IT dependency. Business and IT are continuously enhancing alignment, through IT representation on the various board and executive committees, and in recognition of the key role IT plays in the various businesses
Technology investment. The IT functions generally run very lean with a common philosophy to sweat IT-related assets. However, significant investment is beginning to be made in the IT innovation and digitisation space across Bidvest.
Project assurance. Major IT projects are well-governed, with input from the necessary stakeholders. Major projects are timeously implemented.
Business resilience controls (including technical controls) are appropriately implemented by the individual companies, based on the needs of the company. Incident response management is being given increased focus.
Management of it risk exposure. Significant attention is given to this across the IT environments, with an increasing focus on the management of IT risk exposure related to any new acquisitions.
Cybersecurity. Significant attention has been given to the identification and management of cybersecurity risks across Bidvest. Implementation and enhancement of the necessary controls are being performed on a case-by-case basis, dependent on the risks identified.
Data governance. Data governance, including the necessary supporting IT architecture, is receiving attention by the various companies, especially those with the greatest exposure to data risks. Companies have identified the need for leveraging existing data assets to enable business intelligence insights.
Vendor managenent. Vendor relationships are effectively managed by the company IT departments. Economies of scale are leveraged where appropriate.