SHOPRITE HOLDINGS LTD. King III Reporting in terms of the JSE Listings Requirements 2.1

Transcription

1 SHOPRITE HOLDINGS LTD King III Reporting in terms of the JSE Listings Requirements The JSE Listings Requirements require all JSE-listed companies to provide a narrative on how it has applied the new recommendations contained in King III. Below is the latest report for Shoprite Holdings Ltd in this regard: Principle Description Applied Compliance Status Chapter 1: Ethical leadership and corporate citizenship 1.1 The Board should provide effective leadership on an ethical foundation that the company is and is seen to be a responsible corporate citizen. that the company's ethics are managed effectively. During the 2014/15 financial year, the Board reviewed its Charter as well as the Group's Code of Conduct which sets the basis for the Group's ethics framework. The Integrated Annual Report outlines the Group's performance in this regard. Non-financial performance, risks and the impact of operations are considered by the Board at its meetings. The Social and Ethics Committee is furthermore mandated to deal with such detail of sustainability matters at its meetings. The ethical standards that guide the Group's relationships with stakeholders are governed by the Code of Conduct. A revised Code of Conduct has been adopted by the Group and compliance therewith forms part of the risk management assessment. To ensure that the Board has full oversight of ethics related matters, regular reports on the Group's ethical performance are furnished to the Audit & Risk as well as the Social & Ethics Committees. Chapter 2: Board and directors 2.1 The Board should act as a focal point for and custodian of corporate governance. The Board operates in accordance with a detailed charter that specifically deals with the roles, responsibilities and accountabilities of the Board. It meets at least four ( 4) times a year. Through its meetings and interaction with management the Board ensures that applicable principles are implemented and a high level of compliance maintained. 2.2 The Board should appreciate that strategy, risk, performance and sustainability are inseparable. The Board charter emphasises the fact that the Board acknowledges that strategy, risk, performance and sustainability are inseparable. The Board and its committees monitor key performance indicators for material issues, as well as a broader range of sustainability, risk and compliance indicators. 2.3 The Board should provide effective leadership based on an ethical foundation. The Board determines the Group's strategic direction and provides corporate governance oversight. In this regard it ensures that the Group's portfolio 1s managed in a responsible fashion. 2.4 that the company is and is seen to be a responsible corporate citizen. The Board provides strategic guidance to the Group and ensures that all dec1s1ons consider the immediate and long term impact these have on the environment, the communities in which the Group operates as well as mternal and external stakeholders. During the reporting period, the Group continued with: its corporate social investment spending; and the upliftment and support of the commun1t1es in which 1t operates as well as charitable projects and initiatives.

2 that the company's ethics are managed effectively. that the company has an effective and independent audit committee. JSE Listings Requirements Section 3.84(d) The Board should be responsible for the governance of risk. The Board should be responsible for technology governance. that the company complies with applicable laws and considers adherence for non-binding rules, codes and standards. The management of ethics forms an important aspect of the Board's responsibility and focus. Established policies which are frequently reviewed, include: Code of ethics; Whistleblowing; Conflicts of interest; and Gifts and benefits from suppliers. Regular reports on ethical matters are received from the Social and Ethics Committee. Shareholders elect members of the Audit and Risk Committee annually. The Group's Audit and Risk Committee consists entirely of Independent Non Executive Directors, each with significant, relevant experience. The performance of the Audit and Risk Committee is monitored by the Board on an on-going basis to ensure its effectivity and independence. Its effectivity is assessed on an annual basis. Refer to the Audit and Risk committee report in the 2015 Integrated Report and Chapter 3 for more detailed information. The Audit and Risk Committee assists the Board to execute its responsibility in this regard and oversees and monitors risks within the Group. Risk reports are submitted to the committee and the committee reports verbally and via committee minutes to the Board at each meeting. An IT steering committee, that includes the Financial Director and Head of IT, reports to the Audit and Risk Committee in this regard. An IT governance charter which defines the structures, processes and responsibilities for IT governance has been adopted. The Board receives legislative updates from time to time and 1s responsible for ensuring that the Group complies with applicable laws, considers adhering to non-bindings rules, codes and standards and recognises the fact that the Group's operations are located in various jurisdictions which are at different levels of maturity and in which the rule of law exists in varying degrees. The Audit and Risk and the Social and Ethics Committees assist the Board to monitor such compliance. The company secretary monitors compliance with applicable laws and also considers non-binding codes, rules and standards, assesses the impact and recommends a suitable course of action to the Board. The Board takes respons1bil1ty for deciding whether to follow the recommendations of the company secretary. The Group received no material fines or penalties for non-compliance during 2014/15 financial year that there is an effective risk-based internal audit. The Board through the Audit and Risk Committee has established a Group-wide risk-based internal audit function whose purpose, authority and responsibilities are defined in a Board-approved charter that 1s consistent with the principles of King III The Board should appreciate that stakeholders' perceptions affect the company's reputation. The Board in its reviews and deliberations considers all significant stakeholder matters and perceptions and guides Management in dealing with these in order to manage such perceptions and reputational risk.

3 In this regard, the Board ensures that the Group operates on the basis of transparency and that consistent and timeous information communication is disseminated to all stakeholders the integrity of the company's integrated report. The Integrated Report is compiled by an internal team, approved by management with oversight from the Audit and Risk Committee and finally approved by the Board prior to publication and circulation The Board should report on the effectiveness of the company's system of internal controls. Based on the report by the Group's Audit and Risk Committee and the Head of the Group's Internal Audit department, the Board reports on the effectiveness of the Group's internal controls. 2.14: The Board and its directors should act in the best interests of the company. The Board strictly adheres to its fiduciary duties and duty of care and skill codified in the Companies Act. Policies/procedures have been implemented to ensure that Directors act within the best interests of the Group at all times. This include: The declaration of all relevant interests at Board meetings; Disclosure of any potential or perceived conflict of interest by individuals; A policy that deals with the dealing in the Group's securities; The taking of legal advice by the Board when deemed necessary to ensure compliance with relevant legislation and the JSE Listings Requirements. Directors are permitted to obtain independent advice,n respect of their duties and liabilities The Board should consider business rescue proceedings or other turnaround mechanisms as soon as the company,s financially distressed as defined in the Act. The Board should elect a chairman of the Board who is an independent, nonexecutive director. The CEO of the company should not also fulfil the role of chairman of the Board. x The Audit and Risk Committee reviews financial information,n detail and recommends any special action to the Board if required. In this regard the Group's solvency and l1qu1dity and go,ng concern status are reviewed on a regular basis. Appropriate measures will be taken 1f the Group suffers financial distress at any stage. Dr CH Wiese is the chairman of the Board and Dr JW Basson the CEO. The roles of the chairman and CEO are thus separate and clearly defined. The chairman,s not independent. The Board is of the view that Dr Wiese,s in the best position to provide overall leadership to the Board due to his wealth of knowledge and experience. Mr JG Rademeyer was appointed as Lead Independent Director and his ma,n responsibilities are to chair any meeting in which the Chairman has a conflict of interest and to provide an alternative point of contact to stakeholders The Board should appoint the chief executive officer and establish a framework for the delegation of authority. Dr JW Basson has been appointed as CEO. The Board has delegated to the CEO and other executive directors the authority to run the day-to-day business of the Group subject lo an approval framework established by the Board The Board should comprise a balance of power, with a majority of non-executive directors. The majority nonexecutive directors should be independent. The Board consists of fourteen (15) directors, eight (8) Non-Executive Directors and seven (7) Executive Directors. Seven (7) of the Non-Executive Directors are independent and one ( 1 ), Dr CH Wiese,,s not Independent.

4 JSE Listings Requirements Section 3.84(b)(f) and (g) Directors should be appointed through a formal process. JSE Listings Requirements Section 3.84 (a) and (e) The induction of and ongoing training and development of directors should be conducted through formal processes. The Board should be assisted by a competent, suitably qualified and experienced company secretary. JSE Listings Requirement Section 3.84 (1) and (j) The evaluation of the Board, its committees and the individual directors should be performed every year. The Board should delegate certain functions to wellstructured committees but without abdicating its own responsi b1 I ities. JSE Listmgs Reqwrements Sect,on 3.84(d) x In assessing the status of directors, the principles of King III and the JSE Listings Requirements are considered. New appointments to the Board are considered collectively as and when the need arises on the recommendation of the Nominations Committee. The selection process considers the existing balance of skills and experience required as well as a continual process of assessing the needs of the Group. Brief resumes of directors standing for re-election appear in the 2015 Integrated Report to assist shareholders in the election process. The formal Board induction programme is managed by the company secretary. Induction is conducted in accordance with an established programme and based on the needs of each new director. Regular updates are provided on governance and regulations by the company secretary and external advisors. All directors have access to key management members for information on the Group's operations. The Board selects and appoints the company secretary and recognises the important role to be played by this person in entrenching good corporate governance. Mr PG du Preez is the Group company secretary and was appointed on 27 October In compliance with the JSE Listings Requirements, a detailed assessment was conducted by the Board to satisfy itself of the competence, qualifications and experience of the company secretary. This was performed through: a review of qualifications and experience: Mr du Preez holds BTech, LLB and LLM (International Trade Law) degrees and is a fellow of Chartered Secretaries of Southern Africa. He is also a member of the Compliance Institute of South Africa; assessments by directors deta1l1ng all the legislative and King III requirements. This questionnaire included questions on his effect1v1ty as gatekeeper of good corporate governance, the effect iveness of the arm's length relationship (including his advisory role) as well as how he performed his role and duties as company secretary. The outcome of the assessment confirmed that all requirements were met, including competence, qualifications and experience. Mr du Preez does not serve as a director of the Board and the assessment confirmed his arm's length relationship with the Board. A self-evaluation of the performance of the Board and its Committees as a whole is performed annually. The results of such evaluations are considered and action plans implemented where required. Evaluations are not necessarily performed solely on an annual basis. The chairman 1s responsible to assess each director and committee on an on-going basis. The Board committees assist the Board in executing its duties, powers and authorities. The required authority 1s delegated by the Board to each committee to enable it to fulfil its respective functions through formally approved terms of reference. Delegating authority to Board committees or management, other than the specific matters for which the audit committee carries ultimate accountability in terms of the Companies Act does not m1tiqate or

5 A governance framework should be agreed between the Group and its subsidiary boards. Companies should remunerate directors and executives fairly and responsibly. Companies should disclose the remuneration of each individual director and certain senior executives. Shareholders should approve the company's remuneration policy. discharge the Board and its directors of their duties and responsibilities and the Board fully acknowledges this fact. The Board has established the following committees: Audit and Risk; Social and Ethics; Remuneration; and Nomination. Formal terms of reference have been adopted by each committee and are reviewed on an annual basis. Committee chairpersons report back to the Board at each Board meeting and the minutes of all committee meetings are included in Boa rd meeting documentation. The composition of the committees complies with t he relevant provisions of the Companies Act, the JSE Listings Requirements and King III. Refer to the committee reports 1n the 2015 Integrated Report for further detail. Each subsidiary operates with a separate board of directors but the Main Board and its committees oversee all significant aspects and transactions of subsidiaries which are also governed in terms of limits of authority. The Remunerations Committee considers the remuneration of Executive and Non-Executive Directors on an annual basis which is benchmarked against peer groups to ensure fair remuneration. Non-Executive Directors' fees are approved by shareholders with Executive Directors' remuneration being reported to shareholders annually in the Integrated Report. Full details are disclosed in the 2015 Integrated Report. See 2.25 above. At the annual general meeting of Shoprite Holdings on 27 October 2014, shareholders voted in favour of the Group's remuneration policy. The policy will again be tabled for a non-binding advisory vote at the annual general meeting of sha reholders on 12 October Chapter 3: Audit committee 3.1 that the company has an effective and independent non-executive audit committee. All members of the Audit and Risk Committee are regarded as Independent directors and are appointed by the shareholders at the annual general meeting of shareholders. JSE Listings Requirements Section 3.84(d) Refer to the Audit and Risk Committee report in t he 2015 Integrated Report fo r further details. 3.2 Audit committee members should be SU1tably skilled, experienced and independent, non-executive directors. The Audit and Risk Committee is represented by five (5) independent directors wit h the necessary skills and expertise. The chai rman 1s a chartered accountant. 3.3 be chaired by an independent, non-executive director. Mr JG Rademeyer is the independent chairman of the Audit and Risk Committee. His independence is evaluated annually as part of the evaluation process.

6 Principle Description Applied Compliance Status oversee integrated reporting. ensure that a combined assurance model is applied to provide a coordinated approach to all assurance activities. satisfy itself of the expertise, resources and experience of the company's finance function. oversee the internal audit function. be an integral component of the risk management process. The audit committee is responsible for recommending the appointment of the external auditor and overseeing the external audit process. report to the Board and shareholders on how it has discharged its duties. The Board has assigned this responsibi lity to the Audit and Risk Committee which considers the disclosures in the Integrated Annual Report, including sustainability information, the annual financial statements and recommends the approval thereof to the Board. An assurance framework has been adopted as part of the enterprise risk management framework, which incorriorates a combined assurance model. The expertise and experience of the financial director as well as the level of financial experience and qualifications of the Group financial department is evaluated on an annual basis by the Audit and Risk Committee. The expertise, resources and experience of the Group's internal audit function and t he internal audit plan is assessed on a regular basis. The Audit and Risk Committee approves the annual internal audit plan and monitors performance against the plan. Reports are submitted by the internal audit manager at every committee meeting. The Audit and Risk Committee oversees the Enterprise Risk Management process and is therefore an integral part of the strategy and framework developments in relation to risk management. Annually, the Audit and Risk Committee reviews the independence of the external auditors, including the professional suitability of the lead auditor, and recommends the appointment to the Board and shareholders for the forthcoming financial year. The current external auditor is PwC Incorporated with Mr A Wentzel as the lead auditor as approved by shareholders at the 2014 annual general meeting. During the period under review, the remuneration paid to PwC totalled approximately Rxxx million of which Rxxx million was paid 1n relation to non-audit services. The non-audit services provided were mainly tax compliance related advice provided to the Group's non-rsa subsidiaries. The Chairman of the Audit and Risk Committee reports to the Board verbally and in writing subsequent to each meeting. A report to shareholders is prepared by the chairman and tabled at the annual general meeting. The committee chairman attends the annual general meeting to respond to questions. Chapter 4: The governance of risk The Board should be responsible for the governance of nsk. The Board should determine the levels of risk tolerance. The risk or audit committee should assist the Board in carrying out its risk responsibilities. The governance of risk within the Group is the Board's responsibility. The Audit and Risk Committee reviews the Group's risk assessment and satisfies itself of the adequacy of responses and mitigations. The risk tolerance of the Group is reviewed annually by management and approved by the Board. Significant risks are 1dent1f1ed and mitigation steps taken. The Audit and Risk Committee reviews all aspects of the nsk function. A risk forum consisting of key management and chaired by the Financial director assists in this regard.

7 The forum meets a minimum of four (4) times a year and the chairperson of the forum reports to the Audit and Risk Committee after to each meeting. 4.4 The Board should delegate to management the responsibility to design, implement and monitor the risk management plan. Management is accountable to the Board through the Audit and Risk Committee for embedding the risk management process in the Group. The Group's risks are reviewed and assessed annually by management. Risks are updated and progress on mitigation plans are reported to the Audit and Risk Committee. 4.5 that risk assessments are performed on a continual basis. The nsk assessment process identifies risks and the process 1s formalised and regular. 4.6 that frameworks and methodologies are implemented to increase the probability of anticipating unpredictable risks. The Enterprise Risk Management Framework establishes formal governance, procedures and processes for all risks. Workshop methodology has been used as a basis upon which risk assessments are conducted and ensures that unpredictable risks are identified. 4.7 that management considers and implements appropriate risk responses. Risks are monitored by management and the Group Risk forum on a continuous basis. Progress of the Group in managing its risks is reported to the Audit and Risk Committee. 4.8 continual risk monitoring by management. See The Board should receive assurance regarding the effectiveness of the nsk management process. The Audit and Risk Committee is provided with the assurance of the effectiveness of the Group's nsk management process through the Group Risk forum, internal and external auditors as well as the Group's inhouse compliance function that resorts under the company secretary that there are processes in place enabling complete, timely, relevant, accurate and accessible risk disclosure to stakeholders. The Group's Integrated Report provides a comprehensive outline to stakeholders of the risk management process. Chapter 5: The governance of information technology The Board should be responsible for information ti>,hnology governance. IT should be aligned with the performance and sustainability objectives of the company. The Board has assumed the responsibility for IT governance but has delegated the establishment of an appropriate IT policy, framework and strategy to management. The IT steering committee reports to the Audit and Risk Committee on various aspects including compliance with relevant governance frameworks and results of internal audit reviews. An information technology (IT) governance framework has been adopted and is reviewed and approved by the Audit and Risk from on a regular basis. IT is fully integrated into the Group strategic planning process which ensures alignment in the achievement of the Group's business object1ves.

8 5.3 The Board should delegate The IT steering committee is mandated by the Audit and to management the Risk Committee to guide IT governance within the Group. responsibility for the implementation of an IT governance framework. 5.4 The Board should monitor The IT steering committee monitors and evaluates and evaluate significant IT s1gnif1cant IT investments and expenditure. A report in investments and this regard is tabled at each meeting of the Audit and expenditure. Risk Committee. 5.5 IT should form an integral The IT risk management framework includes the part of the company's risk assessment and management of all significant IT risks. management. The IT steering committee monitors disaster recovery and other IT practices. Reports in this regard are presented to the Risk forum and Audit and Risk Committee. 5.6 An information management strategy has been that information assets are implemented which monitors the management of assets, managed effectively. including the management of information security. 5.7 An audit and risk committee IT is represented at the meetings of the Audit and Risk should assist the Board in Committee by the financial director who forms part of the carrying out its IT IT steering committee. responsibilities. Chapter 6 : Compliance with laws, rules, codes and standards 6.1 The Group does not have a dedicated compliance that the company complies function. Legislative and regulatory compliance IS with applicable laws and monitored by the company secretary. The Group's considers adherence to regulatory universe was updated in 2015 and presented non-binding rules, codes to the Audit and Risk Committee as well as the Board. and standards. The potential effect of pending legislation on the Group's business activities are also assessed prior to promulgation. 6.2 The Board and each The Board is continually informed of material legislation, individual director should rules, codes, standards and changes thereto. Information have a working on laws, rules and codes are shared with directors understanding of the effect regularly through documentation and briefing sessions by of the applicable laws, the company secretary and external advisers. rules, codes and standards on the company and its business. 6.3 Compliance risk should The Group's enterprise risk management framework form an integral part of the provides for all classes of risk that includes compliance company's risk risks. management process. 6.4 The Board should delegate The Group's compliance function resorts under the to management the corn pa ny secretary. implementation of an effective compliance See response in 6.1. framework and processes. Chapter 7: Internal audit 7.1 An effective risk-based internal audit function exists. The that there 1s an effective purpose, authority and responsi bi I ities of the internal risk-based internal audit audit function are defined in the Board-approved internal function. audit charter. The internal audit charter was reviewed during 2015.

9 Internal audit should follow a risk-based approach in its plan. Internal audit should provide a written assessment of the effectiveness of the company's system of internal control and risk management. be responsible for overseeing internal audit. Internal audit should be strategically positioned to achieve its objectives. A risk-based approach to internal audit planning is adopted in assessing the Group's control environment and is aligned to the risk assessment process. A written assessment regarding the effectiveness of the Group's internal controls and risk management is tabled at meetings of the Audit and Risk Committee. The head of internal aud it reports functionally to the Audit and Risk Committee and administratively to the Financial director and is present at all meetings of the committee. The Audit and Risk Committee approves the annual internal audit work plan and monitors the performance of internal audit against the approved work plan. The head of internal audit has unrestricted access to members of the Audit and Risk Committee and executives of the Group. This function is adequately skilled and resourced to discharge its responsibilities. Chapter 8: Governing stakeholder relationships The Board should appreciate that stakeholders' perceptions affect a company's reputation. The Board should delegate to management to proactively deal with stakeholder relat1onsh1ps. The Board should strive to achieve the appropriate balance between its various stakeholder groupings, in the best interests of the company. Companies should ensure the equitable treatment of shareholders. Transparent and effective communication with stakeholders is essential for building and maintaining their trust and confidence. that disputes are resolved as effectively, efficiently and expeditiously as possible. Engagement with stakeholders is aimed at the establishment of open, interactive relationships. See 2015 Integrated Report for further details. The Board has delegated the management of the Group's various stakeholders to management. Stakeholder engagement is managed at various levels within the Group by ut1l1sing different platforms. An external communication policy has also been adopted. The Group has identified its stakeholder groups and management from various functions are assigned to manage relationships with stakeholders. The Board realises that there is a broad range of stakeholders who have a genuine stake in or are affected by the Group and its various activities. Consistent and timeous information is disseminated to all shareholders. The legitimate interests of minority shareholders are protected by the Companies Act and the JSE Listings Requirements. The Group maintains a dialogue with all stakeholders. Regular market notifications of key f inancial information and material changes in the Group's operations are published. A website is also maintained at The Group's promotion of access to information manual is available on its website. Alternative dispute resolution provisions are incorporated in most of the Group's commercial agreements. Each dispute is handled in accordance with the provisions of the governing agreement, the primary objective being to ensure that disputes are resolved as effectively, efficiently and expeditiously as possible.

10 Chapter 9 : Integrated reporting and disclosure 9.1 ' The Audit and Risk Committee as well as the Social and the integrity of the Ethics Committee review the integrated report and company's integrated recommend approval of the report to the Board. The report. Board reviews and finally approves the content of the integrated report prior to publication. 9.2 Sustc1inability reporting and ' An Integrated Report is produced which, together with disclosures should be complementary reports, addresses the sustainability of integrated with the the Group, including financial and non-financial aspects company's financial such as risk, environment, social and governance issues. reporting. Reporting is prepared in line with recognised guidelines that include International Financial Reporting Standards (IFRS) and King III. 9.3 Sustainability reporting and x The Board, Audit and Risk as well as the Socia l and disclosure should be Ethics Committees review the Integrated Report and independently assured. complementary reports. Consideration is given to obtain independent assurance on certain aspects of sustainability reporting where and when appropriate. 16 September 2015