RISK MANAGEMENT REPORT

Conservative
risk attitude
followed by
group
Impact and probability rating assigned to each risk

Clicks Group aims to achieve an appropriate balance between risk and reward, recognising that certain risks need to be taken to achieve sustainable growth and returns while at the same time protecting the group and its shareholders against avoidable risks.

A disciplined approach is followed in evaluating risks and developing appropriate strategies to mitigate and manage the risk.

The risk attitude of the group, which is the level of risk acceptable to the directors and management, is reviewed annually. The group adopts a conservative risk attitude which the directors believe is appropriate given the nature of the group’s business in the healthcare retail and supply market. In addition, as the group is dependent on organic rather than acquisitive growth to generate returns, it can afford to follow a more conservative approach to risk.

The directors confirm that risk mitigation and monitoring processes have proved to be robust and have been effective in limiting the impact of risks on the business in the 2010 financial year.

Following the adoption of King lll, the risk process will be reviewed annually by internal audit and the risk methodology by an external assurance provider.

Responsibility for risk management

The board is responsible for the oversight of the risk management process and has delegated specific responsibility to the audit and risk committee.

The audit and risk committee, which operates within written terms of reference, is responsible for ensuring the group has implemented an effective policy and plan for risk, and that disclosure regarding risk is comprehensive, timely and relevant. The role, functions and composition of the committee are included in the audit and risk committee report. The group executive committee is responsible for designing and implementing the risk management process and monitoring ongoing progress. The executive regularly review the group risks to ensure mitigation strategies are being implemented by the business units. Senior executives and line management within each business unit are accountable for managing risk in achieving their financial and operating objectives.

Group internal audit monitors the progress of the group and business units in managing risks and reports its findings to the audit and risk committee on a quarterly basis. External audit reports to the audit and risk committee on risk matters identified in their role as external auditors.

Risk mitigation and monitoring processes have proved to be robust in limiting the impact of risks

Risk management process

Risk management is embedded in the group’s annual business planning cycle. In determining the strategic and operational plans for the year ahead, each business unit is required to review its risk register. This includes a review of the risks of the previous financial year, considering new or emerging risks, facilitated workshops with all levels of management and, where appropriate, presentations by external consultants on the environment and market conditions.

A risk framework sets out the various risks that should be considered as part of the risk identification process. The risks are broadly classified according to the following categories: strategic, environmental, financial, reputational, regulatory, people, economic, process and technology. These potential risks are updated annually to ensure all relevant industry issues are considered.

Risk ratings

Each risk on the register is assigned an impact and probability rating:

  • The impact assigned to a risk covers financial, compliance, reputational and people criteria and is based on a ten-point rating scale from “insignificant” to “catastrophic”; and
  • The probability of a risk materialising is measured on a five-point scale from a “remote” possibility of the risk occurring to an “almost certain” likelihood that it will take place.

The impact and probability ratings are then multiplied to determine the inherent (gross) risk and its significance to the group.

Detailed risk mitigation plans are developed for each risk which then determine the level of residual (net) risk. Residual risk ratings are then assigned to each risk.

The major risks, together with mitigation strategies, are outlined in the table on the following pages. Comparative risk ratings have been included for 2009.

Changes in major risks

While the directors do not believe there has been any material change in the risk profile of the group over the past year, the following changes have been made to the register of major risks:

Risks classified as major risks for the first time in 2010 are:

  • Sourcing and registering of private label products in Clicks;
  • Containing costs in a lower inflationary environment;
  • Non-compliance with pharmacy and other healthcare industry regulations; and
  • Availability of information technology systems.

The risks relating to the “current economic climate” and “healthcare legislation” which featured in 2009 are no longer considered as major risks as their potential impact and the probability of occurrence has reduced.

Financial risk management

A comprehensive financial risk management programme focuses on the unpredictability of financial markets and seeks to minimise the potential adverse effects on the group’s financial performance. Management recognises that the failure to manage financial risks could impact negatively on profitability and ultimately lead to the destruction of shareholder value.

Through its business activities the group is exposed to a variety of financial risks, including market risk (currency, interest rate and price risk), credit risk and liquidity risk. The group’s exposure to these risks and policies for measuring and managing the risk are included in notes 27 and 28 to the annual financial statements.

The group’s treasury function provides a centralised service for funding, foreign exchange, interest rate management and counterparty risk management. The treasury function reports to the chief financial officer and group financial manager and operates within the parameters of the group’s treasury policy. The treasury committee, which comprises the heads of finance of the business units together with the chief financial officer and group financial manager, meets with the group treasurer on a quarterly basis. The treasury committee reviews the performance of the treasury function against agreed benchmarks, adopts procedures to minimise financial risk and ensures the accurate cash flow forecasting of the group.

Derivative financial instruments are used to hedge certain risk exposures, including the long-term incentive schemes and foreign exchange risk on the import of merchandise. Foreign exchange risk is mitigated by entering into forward exchange contracts which are matched with anticipated future cash flows in foreign currencies. Details of the group’s forward exchange exposure is contained in note 28.

Insurance

Insurance forms a key element of the risk management process to protect the group against the adverse consequences of risk. The group recognises that although insurance is a means of mitigating the impact of certain identified risks, management has responsibility to manage these risks with the purpose of limiting their occurrence and their impact.

The audit and risk committee approves the annual insurance renewal, cover levels and the schedule of uninsured and uninsurable risks. The group insures assets to replacement value, carries appropriate levels of self-insurance and only contracts with reputable insurance companies. The group self-insures assets and liabilities based on recommendations from its advisers. Amounts in excess of the self-insured limits are covered by reinsurers.

Major group risks

Risk Implication for business Risk mitigation plans Risk rating*
Sourcing and registering private label products in Clicks Private label products present a major growth opportunity for Clicks. Failure to source quality scheduled, Over the counter (OTC) and front shop private label products at the appropriate margin and which meet regulatory requirements will negatively impact both profitability and reputation
  • Department established to source front shop private label products and focus on quality and regulatory compliance
  • Scheduled private label products to receive increased attention and dedicated manager appointed
27 (new risk)
Increasing cost to attract and retain pharmacy professionals The group employs pharmacists in Clicks, UPD and Clicks Direct Medicines and is the largest employer of pharmacists in the private sector. Shortage of healthcare professionals is an industry challenge and could limit business growth and increase costs
  • Employer of choice programme in place across the group
  • Dedicated pharmacy recruitment team
  • Remuneration packages reviewed and updated
  • In-house pharmacy academy, training initiatives with educational bodies and continuous professional development programmes aimed at attracting and retaining pharmacists
  • Bursaries granted to pharmacy students annually (40 awarded for 2011 financial year)
  • Employee share ownership scheme introduced to attract and retain scarce skills, including pharmacists
25 (2009: 28)
Retention of key staff Inability to attract and retain people in key positions across the group could ultimately compromise service delivery
  • Total rewards remuneration strategy across the group ensures market competitiveness in terms of cash and benefits
  • Annual survey introduced to measure and track employee perceptions
24 (2009: 24)
Process non-compliance Non-compliance with policies, procedures and processes could impact on sales, shrinkage and cash losses
  • Comprehensive control self-assessment process followed in each business unit
  • Shrinkage plan and audit process
24 (2009: 24)
Increasing competition in retail pharmacy Aggressive expansion by competitors could increase the shortage of pharmacists as well as negatively affect sales and market share growth in Clicks
  • Clicks currently has the largest retail pharmacy footprint in SA
  • Continued roll-out of pharmacies, with 30 – 40 dispensaries planned for 2011
  • Plan to open dispensaries in all Clicks stores (currently in 251 out of 369 stores)
  • Continuous improvement in pricing, product offer and customer service
24 (2009: 24)
Containing costs in a lower inflationary environment Lower inflation could negatively impact profitability and cost growth ahead of inflation could limit opportunities to enhance margin
  • Cost structures reviewed across all businesses
  • Review extent of store refurbishments and pharmacy roll-out
  • Focus on customer profitability in UPD
24 (new risk)
Legislative and regulatory compliance Non-compliance with onerous legislation could result in fines and penalties, criminal implications for directors and reputational damage
  • In-house legal and compliance capability developed
  • Legal compliance officer monitors compliance with existing and new legislation and regulation
21 (2009: 21)
Retail service disruption due to natural disaster Natural disasters could result in stock being destroyed or deliveries disrupted and lead to loss in sales through an inability to trade
  • Business continuity plan developed
20 (2009: 21)
Non-compliance with pharmacy and other healthcare industry regulations Sanction by the Pharmacy Council or other regulatory bodies could result in fines, penalties or restrictions being imposed on trading, as well as reputational damage
  • Pharmacy practice compliance reviews conducted by professional services team in Clicks
  • Group legal compliance monitoring
  • Insurance cover for professional risk of dispensing errors
  • Supplier contracts reviewed for compliance
20 (2009: not rated as a major risk)
Availability of IT systems While stores will continue to trade, interrupted access to IT systems means that stores will not be able to process certain transactions, including electronic fund transfers or medical aid authorisations
  • Network monitoring tool implemented to improve reaction times to systems’ interruptions
  • Manual in-store procedures cover short periods of interruption
20 (2009: not rated as a major risk)
* The risk rating is calculated by multiplying the impact assigned to each risk (10-point scale) by the probability (5-point scale) of the risk materialising, providing a risk rating out of 50 points.