IN THIS SECTION

	Corporate Governance
	Risk report
	Remuneration report

Risk report

At Netcare, our inspiration to excel in providing medical innovation and quality care is to be found in our values. We continue to focus on living our core value of care, and the associated values of dignity, participation, truth and passion, through every action, decision and intervention we have with our patients, their families, the wider communities we serve, fellow colleagues and all other stakeholders.

Introduction

We recognise that business involves undertaking risk for reward, and that engaging in risk is inherent in all our activities as we strive to achieve our objectives and increase stakeholder value. Consequently, risk management within the Group does not attempt to eliminate risk completely, but rather provides a structure to continuously identify, assess, evaluate and manage risk.

The Board is ultimately responsible for the governance of risk within the Group and has appointed the Risk Committee to assist in discharging its responsibility. The Board, through the Risk Committee, sets the strategic direction for the process and system of risk management by authorising the risk management policy and plan.

109 For more detail on the Risk Committee's terms of reference.

Management is responsible for executing the Board's strategy in accordance with the risk management policy and plan. Management is also accountable to the Board for designing, implementing and monitoring the process and system of risk management and ensuring it is integrated into the day-to-day activities of the Group. Risk management is embedded in overall Group governance as part of the policy framework.

The Group Risk Management function is the custodian of the risk management policy and plan, and coordinates the risk management activities throughout Netcare. It ensures that risks are properly managed and consistent with the agreed risk appetite.

At Netcare, we recognise that risk management is a systematic and formalised process to identify, assess, evaluate and manage risks, and we have adopted a comprehensive approach to achieve this. The process of identifying risks is driven by an assessment of the impact that they may have on the Group achieving its objectives. Risk management is embedded into business activities, functions and processes to ensure our response remains current and dynamic.

Netcare openly discloses its risk management processes, both internally and externally, to create awareness and understanding of the Group's risk management culture and ensure that stakeholders view the Group as a responsible corporate citizen. We aspire to establish a culture in which the management of risk is the responsibility of every employee.

The Board defines the risk appetite for the Group in terms of the level of risk it is willing to accept in pursuit of the Group's vision and commitment to creating stakeholder value. Our risk appetite is not one specific figure or formula, but varies depending on the specific category of risk.

Risk management responsibilities

Risk management process

The risk management process involves the coordinated and efficient application of activities and resources to minimise the negative impacts of risks to levels which can be tolerated by stakeholders, as well as to optimise the opportunities or positive impacts of all risks.

The Group Risk Management function engages with key stakeholders from the major divisions and business units in South Africa (SA) to identify key risks, and monitors the plans and processes to manage these risks. With these internal stakeholders, it also consolidates key risks, and ranks and assesses the top business risks affecting the Group. The top business risks are formally reported to the Risk Committee which meets bi-annually.

During 2011 the Group Risk Management function reviewed and updated the Risk Management Policy, based on input from:

Enterprise Risk Management – Integrated Framework published by the Committee of Sponsoring Organisations of the Treadway Commission (COSO);
Principles and recommendations of the King Report on Corporate Governance for South Africa (King III);
South African National Standard on Risk Management (ISO 31000); and
Best practice in risk management among major listed companies.

The process and system of risk management considers:

Strategic direction and objectives of the Group;
Nature and extent of risks facing the Group;
Extent and categories of risk regarded as acceptable for the Group;
Likelihood and impact of identified risks materialising;
Ability of the Group to reduce the incidence and impact to the business if identified risks materialise;
Cost of risk response plans and processes relative to the benefit obtained; and
Effectiveness of the implemented risk response plans.

Risk management process

Effectiveness of risk management

The Audit Committee is an independent committee responsible for internal control, governance and risk management within the Group. It is an integral component of the risk management process and provides an independent and objective view of the effectiveness of the Group's risk management activities. Netcare's internal control environment comprises the policies and control procedures adopted and implemented by management to provide reasonable assurance that risks are mitigated in pursuit of the Group's objectives.

The Group Internal Audit function provides independent and objective assurance to the Board, through the Audit Committee, on the effectiveness of the entire process and system of risk management, and provides recommendations for improvement where necessary. The Group Internal Audit function monitors implementation of internal control improvements via follow-up reports and a follow-up database.

The Board is satisfied that the Group's risk funding strategy and existing cover are adequate and appropriate in relation to the exposures identified. The Board, through the Audit Committee, has also considered the effectiveness and efficiency of the process and system of risk management, and found it to be effective. This determination has been corroborated by relevant compliance reports. Furthermore, in the event of a disastrous incident there is a documented and tested major incident plan and disaster recovery programme to support continuity of critical business processes.

The Board is confident that:

The system and process of risk management in place is appropriate for the Group's model and strategy;
The risk appetite inherent in the business model is appropriate;
An appropriate risk culture has been embedded in the Group's operations; and
The system and process of risk management operates effectively to inform the Board of major risks facing the Group.

An ongoing process for identifying, evaluating and managing the key risks faced by the Group has been in place for the year under review and up to the date of approval of the annual integrated report.

Key risks – South Africa

The major risks identified as being business critical for the sustainability of the South African operations, together with the plans and processes to mitigate these risks, are listed in the table below.

Risks	Risk mitigation
Quality patient care (clinical quality)
Failure to provide the best and safest patient care adversely affects Netcare's operations, brand and reputation.	The Group has instituted various clinical governance systems and processes to ensure that only the highest standards of clinical governance and patient outcomes are achieved. The Group appointed the Director: Quality Leadership on 1 January 2011, to drive the development and implementation of an overall Quality Management System to maintain excellent quality outcomes, improve clinical effectiveness, enhance patient safety and provide a better patient experience. The Group commenced various quality improvement initiatives to ensure we continuously improve the quality of care provided to our patients. Examples of quality improvement initiatives include: The rollout of "the Netcare Way", which seeks to provide every employee, permanent and temporary, with a basis from which to enhance the level of care they provide; A strategic review of Netcare Education; A project to analyse and improve the process of managing, monitoring and resolving feedback received from patients and other stakeholders; and Revised clinical governance structures and processes to enhance the effectiveness of clinical governance within the Group.
Availability and quality of skills
The healthcare industry is experiencing a shortage of skilled professionals including nurses, pharmacists, paramedics, emergency services doctors, doctors and specialists.	The Group has implemented various attraction and retention strategies. Netcare Education provides nursing training and education to students and qualified nurses. The Netcare 911 School of Emergency and Critical Care provides training in Basic, Intermediate and Advanced Life Support to paramedics in the Group and externally. The Group sponsors academic chairs at tertiary institutions, and grants scholarships and fellowships for doctors.
Pandemic or infection breakout
A pandemic or widespread infection breakout, affecting the public as well as healthcare professionals, could challenge the current clinical protocols designed to ensure business continuity and to maintain quality patient care.	The major incident plan contains detailed procedures to be adhered to in response to a major incident. All Hospital Executive Committees have received training on the major incident plan. Netcare has also developed the Pandemic Preparedness Plan which outlines the responsibilities, authorities and mechanisms to prevent and manage a potential pandemic breakout. There is continuous training to raise awareness and increase knowledge of any breakouts that may occur.

Industry regulations, legislative environment and funder regime
Changes in healthcare industry regulation and legislation impact the industry landscape and competitive environment, the most significant being: National Health Insurance (NHI) Government released the NHI green paper on 10 August 2011. The document is an expression of intent to increase access to quality healthcare through the NHI. Price regulation/collective bargaining The Minister of Health re-opened the possibility of private healthcare tariffs being determined through multilateral negotiations involving all stakeholders. Designated service providers (DSPs) Medical schemes who select DSPs have a greater ability to negotiate lower prices with healthcare providers in return for higher volumes. Prescribed minimum benefits (PMBs) The North Gauteng High Court issued a declaratory order to clarify that medical schemes are responsible to pay for PMBs at the full price charged by the healthcare provider. Office for Health Standards Compliance The National Health Amendment Bill provides for the establishment of an independent entity, the Office of Health Standards Compliance, to: Assist in developing minimum quality standards for health facilities; Monitor compliance of health facilities to the minimum quality standards; and Ensure that complaints are appropriately and independently investigated.	The Group continuously monitors the regulatory and legislative environment and engages with regulators regarding policy decisions. This enables proactive amendments to the Group's strategy and business model. The Group supports initiatives that broaden access to quality healthcare for all South Africans. We look forward to embracing the challenges and opportunities of achieving a sustainable, integrated healthcare system.
Fire and electrical safety
The appropriate operation of fire safety measures incorporated in Netcare's facilities, including the safety of electrical installations, are essential to maintain business continuity and ensure the safety of patients and employees.	The Group continues to be proactive in ensuring that facilities provide a safe and secure environment for patients, employees and members of the public. The Group has a documented and tested its major incident management plan and disaster recovery programme. The Group has comprehensive insurance cover to mitigate financial impact.

Information Technology (IT) strategy and development
The increasing pace of technological advancement requires a considered IT strategy and substantial investment to ensure Netcare is positioned to identify and implement the new technologies (that will define the future landscape of the healthcare industry) in good time.	The Group continuously monitors and evaluates new technologies to enable proactive amendments to the IT strategy and business model.
Netcare is dependent on the IT environment to enable critical business processes.	The Group has appointed employees with the appropriate level of skill to maintain the stability and integrity of the current IT environment.
The rollout of the SAP Enterprise Resource Planning (SAP ERP) application to replace current legacy systems is a large and complex project that requires appropriate management for successful implementation.	The SAP ERP Rollout Steering Committee, a sub-committee of the IT Steering Committee, manages the SAP ERP rollout. Netcare performs a post implementation review of every rollout and the lessons learnt are incorporated into the rollout plan.
Maintenance of healthcare facilities and equipment
Improperly maintained healthcare facilities and equipment pose a risk to the safety of patients and employees, and impact the quality of patient care.	Netcare continues to invest in state-of-the-art facilities and the latest technology. We spent in excess of R900 million during 2011 to expand, replace and refurbish our facilities and equipment.
International investments
Along with the numerous benefits afforded by Netcare's international investments, they also expose Netcare to various risks, the most significant being:
Public Private Partnership (PPP) in Lesotho The success of the Lesotho PPP is critical to Netcare's brand and reputation, and may create future growth and expansion opportunities to support and improve public healthcare infrastructure and delivery, while redressing existing health inequalities. The Lesotho PPP represents a first for the Group in that we are responsible for providing clinical services to the primary care clinics and hospital in Maseru. The provision of clinical services exposes the Group to the associated clinical risk involved in providing quality clinical services.	The Group provided training to Lesotho nationals in South African facilities prior to commencing operations in Lesotho. We are supplying senior nursing employees from SA to provide guidance and in-service training to Lesotho nationals during the opening phase. Netcare will continue to second senior employees to manage the Lesotho PPP in its initial stages.
General Healthcare Group (GHG) in the United Kingdom (UK) The challenging economic environment characterised by severe recessionary pressures in the UK continues to impact on GHG's operations. The macroeconomic environment in the UK may affect the refinancing of the £1.5 billion PropCo debt during October 2013.	During the 2011 financial year GHG implemented a major rationalisation programme to significantly reduce the cost base of the business. GHG continues to invest in strategic projects that will yield future growth and maintain its market-leading hospital infrastructure and facilities. The OpCo and PropCo debt facilities are separate and distinct from each other, without cross default or recourse across this structure. Furthermore, the GHG debt facilities are ringfenced and without recourse to the South African operations.

Key risks – United Kingdom

The risks pertaining to the UK operations have been prepared by the executive management of GHG and have been formally reported to the Group Risk Committee. The major risks identified as being business critical for the sustainability of the UK operations, together with the plans and processes to mitigate these risks, are listed in the table on the left.

Risks	Risk mitigation
Debt covenants
Failure to meet the requirements of debt covenants requires GHG to refinance or restructure existing debt, which is subject to the cost and availability of capital that has been affected by the prevailing capital market conditions.	GHG continues to monitor, analyse and forecast compliance with the requirements of debt covenants.
Quality patient care (clinical quality)
Failure to provide the best and safest patient care adversely affects GHG's operations, brand and reputation.	GHG operates within a robust clinical governance framework and has instituted various clinical governance processes to ensure that only the highest standards of clinical governance and patient outcomes are achieved.
Availability and quality of skills
The ability to attract and retain the appropriate quality and number of healthcare consultants and other staff are critical to the continued success of GHG.	GHG has various attraction and retention strategies in place.
Economic and business environment
The downturn in the economy and business environment adversely affects the demand for private healthcare services procured through private medical insurance and direct patient payment (self-pay).	GHG continues to monitor, analyse and forecast the impact of the economic downturn, to enable proactive amendments to GHG's strategy and business model.
Reduced margins
A decline in insured lives and self-pay, and lower margins from NHS work, are being driven by the continuing economic downturn.	GHG continues to focus on ensuring that its operating framework and patient pathways are as efficient as possible, while delivering clinical excellence. It also ensures that administrative support and discretionary costs are adequately controlled and appropriate.
Industry regulations, legislative environment and funder regime
Changes in healthcare industry regulation and legislation impacts the industry landscape and competitive environment.	GHG continuously monitors the regulatory and legislative environment, and regularly engages with stakeholders, to enable proactive amendments to GHG's strategy and business model.
Pandemic or infection breakout
A pandemic or widespread infection breakout affecting the public and healthcare professionals, would challenge the current clinical protocols designed to ensure business continuity and maintain quality patient care.	GHG monitors all communication from the World Health Organisation, UK Department of Health and the UK Health Protection Agency to ensure that GHG is aware of current risks. In addition, intelligence is obtained through local surveillance in hospitals. The risks and any outbreak are managed through established Infection Prevention and Control programmes and a comprehensive Business Continuity Management Plan.
Information technology
GHG is dependent on the IT environment to enable critical business processes.	GHG has contracted an external service provider to maintain the stability and integrity of the current IT environment.

Financial risk management

Details on the Group's financial risk management are included in note 34 to the Group annual financial statements.

Looking ahead

The Group Risk Management function will continue to enhance the risk management strategy and framework to ensure Netcare maintains its strategic advantage and continues to increase stakeholder value.