Corporate governance report
Telkom's board delegated the group compliance responsibility to the risk and compliance function, which is replicated in the business units.
The ERM framework forms the basis of the compliance methodology and compliance risk registers exist for all relevant legislation across the group.
Our risk and compliance operating model has been enhanced to support our federated business model. During the year, Telkom added layers of governance to embed risk and compliance management across the group and ensure robust compliance discussions. The integrated governance risk and compliance committee as well as the IT and information security governance committee were introduced as executive management subcommittees.
Aligned with the group's operating model, corporate compliance performs the full compliance function for the Corporate centre and provides support, guidance and oversight to the business units and subsidiaries with a reporting line to the risk committee. Refer to ERM on page 25 for more details on the operating model and governance structures.
During the year, we embarked on a transformation journey to enhance our risk and compliance management approach for the group.
Compliance during the reporting period was achieved through processes which identified the applicable requirements (as per laws, regulations and codes), assessed the state of compliance and assessed the risks and potential costs of non-compliance. Focus areas included, among others, the following:
- Implementation of compliance processes across the group to ensure there is consistency and monitoring
- Clearly documented risk management plans for new and amended legislation and regulations
- Continuous monitoring of control self-assessment on key legislation and improving controls
- Rolled out training across the group (i.e. Protection of Personal Information Act, Consumer Protection Act (CPA), Competition Act), and monitor and report to the relevant structures
- Continuous ongoing monitoring of changes in regulatory landscape and alerting line management accordingly
- Continuous risk-based analysis of compliance for continuous improvement
The complex and fluid compliance environment, along with the changes in the operating model, required Telkom to implement a multi-faceted approach, including implementing the following activities:
- Although there is still reliance on the Corporate centre to provide guidance and support, some business units have been empowered to enable them to monitor their compliance risk management plans.
- There were structures constituted to ensure that the culture of compliance is embedded across the group. This is achieved through each business units assurance forum led by the CFO and the ERM forum led by the chief risk and compliance officer.
- Effectiveness assessments are conducted by our assurance structures (i.e. internal audit) and reports addressed to mitigate the risks.
- The risk committee, audit committee and social and ethics committees of the board also ensure oversight and monitoring of the group's compliance activities on a regular basis at each meeting.
Our priorities will advance the maturity of the group's compliance management capabilities. It will also assist in ensuring that the group compliance is managed in a comprehensive manner. Our focus areas for FY2019 include:
- strengthening the compliance function under the Corporate CoE in line with the revised operating model;
- aligning frameworks across all disciplines;
- continuing to embed compliance culture and implement measures to support the culture;
- undertaking continuous improvement with reporting of non-compliance matters; and
- developing and providing decision support framework for consistent compliance risk-taking/avoidance decisions.
Telkom had no material or repeated regulatory penalties, sanctions or fines for contraventions of, or non-compliance with, statutory obligations.
Telkom has not had any inspections from the environmental regulators, and no notices of violation or citations were received.