Enterprise-wide Risk Framework

Our Approach to Enterprise-wide Risk Management (ERM)

Our enterprise risk management approach informs our business strategy and related objectives. The Shareholder and the Board recognize that in order to achieve our goals, it is important to proactively identify, understand and mitigate risks which have the potential to affect our ability to deliver on our strategy. Equally important, we need to identify, understand and take advantage of opportunities

Board

The ZCDC Board is ultimately responsible for the enterprise-wide risk management framework, which is aligned with ISO 31 000, Republic of Zimbabwe’s Risk Management Framework and Guidelines for Public Sector, ZimCode and the King IV requirements. The Board oversees the ERM program and monitors our top strategic, operational, stakeholder management, sustainability and safety-specific risks. It also monitors risk treatment actions and the effectiveness of the actions in addressing significant risks, guided by our risk appetite and tolerance framework.

Audit, Risk and Compliance Committee

Oversight of the risk governance process was delegated to the Audit, Risk and Compliance Committee and Quarterly Reports sent to the Committee. The Committee also reviews the strategic risk profile to:

• Assess its completeness
• Consider external and internal factors that could lead to new/emerging risks and opportunities
• Review the likelihood and impact/consequence of existing risks and assess any new or emerging risks and opportunities to determine residual ratings
• Review the completeness, effectiveness and/or relevance of mitigating actions and evaluate resulting residual risk ranking

Implementation and daily management

Executive managers are accountable for effective risk management in their areas of responsibility, including maintaining, updating and regularly reviewing departmental risk registers. The ERM team is responsible for shaping, safeguarding and specialized servicing of risk management across ZCDC by implementing and maintaining an integrated risk management framework, methodology and system that supports ZCDC’s strategic pillars.

Whistleblowing

In line with Best Practice ZCDC maintains a Whistleblowing facility across all operations that allows people/stakeholders to report issues and concerns confidentially, with the option to remain anonymous.