Page 7 - IAR
P. 7
12 INTEGRATED ANNUAL REPORT 2017 TRUSTCO GROUP
CHAIRMAN OF THE AUDIT AND RISK
COMMITTEE’S REPORT
THE AUDIT AND RISK COMMITTEE (ARC) IS TASKED WITH TWO BASIC FUNCTIONS – TO OVERSEE THE AUDIT FUNCTION AND TO ENSURE
PROPER RISK GOVERNANCE OF THE GROUP.
In essence, auditing the group is an assessment of the group’s current position – what assets are
in hand and what we’ve experienced during the past year. Risk governance is an assessment of
the unknown – what can we place on the table to ensure our continued success.
As such, it reminds one of a game of poker. On the one hand, you need to know your current
position – what cards you have in hand, what assets you have available to bet, what plays were
made by other players and how they affect your performance. Only by properly auditing your
current position, can one move forward with confidence. You need to make sure proper controls
are in place to prevent chips from falling off the board. You must understand the strength and
weaknesses of the cards in hand – know what assets to be deployed against strategies you’ve
seen in the game – or in the market. But, that is only one half of the game.
Now that you know what you’ve got, you must decide what you can place on the table – what
to bet, without placing your continued presence in the game. Even sure bets and the best cards
can be dealt a bad hand, and to stay in the game, those risks must be mitigated. It is a game WINTON GEYSER
of probabilities, much like risk governance. Yet, without a certain amount of risk, there can be
no return – and that is the ARC’s primary function. What can we risk in the group to ensure CHAIRMAN OF THE AUDIT
AND RISK COMMITTEE
sustainable above average wealth creation for all stakeholders?
Risk in itself is not bad, except when risk is mismanaged, misunderstood or mispriced. We are
entrusted to ensure bets are correctly placed, bets that might affect the future of the group. The
board of directors determines the risk tolerance for the group and the ARC is constantly testing,
monitoring and implementing safety measures to ensure that the risk tolerance of the group is Risk is not only measured in monetary value, but reputational risk is also of great importance.
not enthused. As such, the risk tolerance of the group is clearly identified and defined. Are we a responsible player in this game and in the market? How the group’s actions are perceived
To assist management to identify risk indicators, the ARC is informed of the risks and exposures by others in the market adds another layer of responsibility to being a good corporate citizen. The
which the company may face. The ARC is also updated regularly on the company’s strategic environment in which a company operates, the social impact it has, the economic impact and
objectives, procedures and evaluations. overall influence are all factors that must be considered when measuring risk.
13 13 INTE TR
INTEGRATED ANNUAL REPORT 2017GRATED ANNUAL REPORT 2017
TRUSTCO GROUPUSTCO GROUP
To be a good corporate citizen might be attainable, or even achievable through regulatory process, we could be betting blind! We are constantly briefed on how management is embedding
enforcement, but being a good corporate citizen is not good enough. Trustco holds itself to a a culture of good governance and ethical behaviour. Although embedding such a culture does
higher standard, where good is not good enough, but aims for better. not guarantee that the group will achieve its goals, the lack of such culture provides greater
opportunity for error or improprieties to occur.
All the discussions of risk are for naught if we do not know that we have a solid base of assets
to operate from – to execute our betting strategies. Know thyself, the saying goes, and Trustco, Trustco is not a company that engages in a “box-ticking” exercise to ensure compliance, but
a company with an integrated structure, encourages transparency, cooperation and integration rather sees compliance as a means to enhance shareholder return. As chairman of the ARC, I can
between the external and the internal audit function. This enables the ARC to get a clear congratulate the company for actively pursuing good governance principles, cultivating a culture
understanding of the strengths and weaknesses of the group’s internal control management of excellence, and at all times being transparent.
systems. Any identified weaknesses are dealt with immediately.
I would like to use this opportunity, to thank all members of the committee for their considerable
To ensure our risk assessments are current, the ARC maintains an ongoing responsibility effort and the devotion with which they have executed their duties during the year. The
to assess and maintain the effectiveness of the control framework, and therefore gathers management of internal audit, risk and compliance does not always have an easy task. They
information from management and also from the external and internal audit as part of its often experience challenging views and opinions from management, but their dedication and
assessment process. This leads to the ARC challenging and testing management as well as the resilience is truly commendable.
external and internal auditors on any assessment they may have made. Without this critical
