Our control environment
The Board of Directors, management and all employees of the Company are responsible for establishing and maintaining the internal control environment of the Company. All employees play a role in either strengthening or weakening the Company´s internal control system.
Strategic implementation of the MDS requires Transnet to meet – as far a possible – financial and operational targets within the context of good corporate governance, risk management, control effectiveness and compliance.
The Transnet Internal Control function aims to provide reasonable assurance that the Company´s strategic objectives and initiatives will be achieved while complying with policies, processes, legislation and optimally applying technology.
Internal Control enables members of the Audit Committee and management to gain better visibility into key business processes and ensure a high level of reliability in financial statement reporting. It also assists financial stakeholders and business process owners with extensive reporting capabilities, automated control testing and monitoring of business processes using predefined and configurable business rules.
The Control Framework Maturity Assessment is used to measure the strength of the control environment. The components of the framework are depicted below:
Governance functions within Transnet´s control environment
Transnet´s control environment encompasses various governance functions and operational management practices, including (but not limited to):
Integrated procurement management
Enterprise Risk Management (ERM) and integrated assurance
Strategic execution and performance management
Governance of sustainability
Governance of stakeholder engagement and management
Information technology (IT) management and ICT governance
Ethics and fraud risk management
Regulatory compliance (including the tariffing process)
Our control environment
- Acquisition Council Terms of Reference.
- Optimally regulated infrastructure-related procurement and delivery management with Acquisitions and Disposals Committee Terms of Reference.
- Infrastructure Procurement and Delivery Management Framework with procurement rules, procedures and processes.
- Procurement Ombudsman.
- Up-to-date compliance assurance for High-value Tender (HVT) processes.
- Transnet Delegation of Authority.
- Efficient and effective contract management, with SCM Contract Management Procedures Manual and Procurement Procedures Manual.
- SCM Policy and robust, independent complaints handling.
- Adherence to strict set of laws, codes, rules and standards, including (but not limited to):
- Section 217 (1) of the Constitution and section 51(1) (a) (iii) of the PFMA;
- Promotion of Just Administrative Action Act, No 3 of 2000, which was issued in terms of section 33 of the Constitution;
- The Construction Industry Development Board Act, No 38 of 2000 (CIDB Act), and the regulations (CIDB regulations) thereto;
- The Promotion of Access to Information Act, No 2 of 2000 (PAIA);
- The Preferential Procurement Policy Framework Act, No 5 of 2000 (PPPFA), and the regulations thereto (PPPFA regulations); and
- National Treasury (NT) also issues Instruction Notes which regulate Transnet´s procurement processes.
- Accords with section 51 of the Public Finance Management Act (PFMA).
- Governed by the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA standards).
- An independent assurance function that is functionally accountable to the Transnet Audit Committee.
- The mandate and terms of reference are included in the Internal Audit Charter – approved annually by the Transnet Audit Committee.
- TIA is a fully outsourced function operating under strategic leadership of the Chief Audit Executive – a Transnet permanent employee and a Group Leadership Team member.
- The internal audit consortium of firms assists with the implementation of the approved Strategic Audit Plan, and the panel of forensic firms assists with forensic investigations.
- Develops and executes a risk-based audit plan.
- Zero tolerance for fraud, theft, corruption and other economic crimes.
- The Board of Directors delegates the Group´s Risk Management function to the Risk Committee.
- The strategic risk profile is generated from the Transnet ERM Strategy Framework, based on ISO 31000: 2009.
- Transnet´s Integrated Assurance Model manages risks and controls, and encompasses the assurances provided by management, internal specialists, internal audit, external audit, and external advisers and service providers.
- The Integrated Assurance Model is based on three perspectives:
Combination of multiple assurance providers
Various types of assurance activities performed
Frequency of assurance activities performed
Cost-effective assurance by balancing:
Lines of defence
Nature of assurance activities performed
Frequency of assurance activities performed
Minimised management burden through:
Spread of assurance activities through the year to ensure a manageable distribution of assurance tasks
- Confidence through:
- The first line of defence is based on the assurances provided by direct line management, which is blanket assurance across the full scope of risks and controls.
- The second line of defence encompasses assurance providers that are internal to the Company, yet not directly responsible for the direct management of the process under review.
- The third line of defence relates to assurance providers that act independently from management and the Company´s operations. This implies that management has no influence over the outcomes, opinions and conclusions emanating from the assurance activities performed by the third-line assurance providers.
- The fourth line of defence relates to independent oversight committees with specific roles and responsibilities pertaining to the risk, control and assurance of Transnet´s activities and their impact on other stakeholders.
- Transnet´s performance targets are confirmed in the annually negotiated Shareholder´s Compact.
- Transnet manages the execution of its strategic imperatives through the Company´s Strategic Execution Framework.
- The framework is designed to achieve:
- Visibility of strategic execution to identify and close execution gaps;
- Group-wide integration and alignment of the MDS initiatives and critical processes;
- Problem-solving and analytical tools, and follow through with robust solution-driven actions;
- A risk-based execution process to monitor the MDS; and
- A platform for collaboration and seamless execution of strategic initiatives.
- The Code of Ethics (the Code) enables a culture of entrenched values, principles, standards and norms.
- Integrity Pacts are concluded with all bidders and suppliers.
- Fraud and corruption awareness training is conducted annually with all employees – bargaining and non-bargaining council employees.
- The Company´s service providers, suppliers and trade partners are also subject to the Code.
- The Code is revised every five years or as required.
- The Group Company Secretary is responsible for the development, review, and Human Resources is responsible for the implementation of the Code.
- Aspects of the Code are included in fraud and corruption awareness training, and are accessible to all Employees on the Company´s intranet.
- The Fraud and Corruption Risk Management Strategy provides mechanisms for the prevention, early detection and investigation of irregularities.
- The Board of Directors delegates authority to the Group Chief Executive who reports to the Board of Directors on all material stakeholder issues, and takes responsibility for incorporating these into Transnet´s strategy and risk management.
- Stakeholder engagement practices align with the Company´s Culture Charter and supporting values.
- Engagement norms include inclusivity, accountability and responsiveness.
- Stakeholder engagement performance is measured as a key performance indicator in the Balanced Scorecards of Stakeholder Relationship Owners.
- Stakeholder engagement is decentralised but the Board of Directors has overall responsibility for stakeholder engagement.
- The monitoring and evaluation of stakeholder engagement is reported to the Remuneration, Social and Ethics Committee and to the Board of Directors.
- Transnet has adopted guidelines from the AA1000 standards (Accountability Principles Standard 2008 and the AA1000 Stakeholder Engagement Standard 2011).
- The Board of Directors, supported by the Audit Committee and Risk Committee, is responsible for information technology governance and oversight.
- ICT governance is exercised through the approved governance and minimum controls frameworks – which are based on the Control Objectives for Information and Related Technologies (CoBIT) principles.
- The Board of Directors has delegated the responsibility for the implementation of the IT governance framework to the Risk Committee, which has further delegated to management.
- The Minimum Control Framework for ICT risks includes the following critical resources:
- Appropriately skilled staff;
- Enterprise Architecture management;
- Effective education programmes;
- Effective measures to minimise business impact through systems recovery;
- Information security; and
- IT vendor relationship management.
- The IT risk management framework is aligned to, and cascaded from, the Group Enterprise-wide Risk Management (ERM) framework, which includes disaster recovery and business continuity measures.
- Group Regulatory and Compliance ensures that the outcome of its plan is aligned with the mandates of the Audit Committee and Risk Committee, and executes its areas of focus from an annual Board-approved Compliance Plan.
- Managers are responsible for ensuring compliance as it relates to their areas of accountability.
- More than 200 primary regulatory requirements impact Transnet.
- Compliance is implemented through a risk-based approach using a decentralised model, with Compliance Officers appointed within Operating Divisions and Corporate Centre functions.
- The Compliance function independently monitors and reports on compliance controls relating to high-priority regulatory requirements.
- The Compliance function assists and supports the Board of Directors and management to discharge their compliance responsibilities.
- A Company-wide Sustainability Forum comprises representatives from the Corporate Centre functions, Operating Divisions and Specialist Units.
- The Sustainability Forum meets quarterly and is tasked with developing KPIs in relation to analysing sustainability performance.
- Sustainability committees in the Operating Divisions add impetus to sustainability initiatives.