CORPORATE
GOVERNANCE

Sappi is committed to the highest standards of corporate governance, which form the foundation for the
long-term sustainability of our company and creation of value for our stakeholders.

  98% overall committee attendance rate  

Good governance at Sappi contributes to living our values through enhanced accountability, a transparent and ethical culture, strong risk management, a focus on effective control of the business, legitimacy and good performance. Governance is one of our key enablers to unlocking and protecting value, as we optimise the use of our capitals, address our key risks while taking advantage of exciting opportunities and minimising the negative impacts of trade-offs that have to be made, as set out in Key material issues.

See Key material issues for more information.

The group endorses the recommendations contained in the King Code of Governance Principles for South Africa 2016 (King IV) and applies the various principles to achieve the following good governance outcomes. An application register of how Sappi applies King IV principles is provided on the group's website (www.sappi.com).

The group is listed on the JSE Limited and complies in all material respects with the JSE Listings Requirements, regulations and codes.

The board of directors

The basis for good governance at Sappi is laid out in the board charter, which sets out the division of responsibilities between the board and executive management. The board creates and protects sustainable value by collectively determining strategies, approving major policies and plans, taking responsibility for risk management, and providing oversight as well as monitoring, to help to ensure accountability. The board is satisfied that it has fulfilled its responsibilities in accordance with its charter for the reporting period.

For further information about the board and the board charter please refer to www.sappi.com.

Board experience (Sappi's board members have experience across multiple industries and leadership roles) (%)

The Sappi board and diversity

Sappi operates globally and across a variety of markets, jurisdictions and cultures, requiring a diverse mix of experience, skills, gender, age and backgrounds. It is important that our board composition reflects this diversity, both in a South African context as well as globally.

Directors' independence (%)   Directors' age: average 60 years (%)
 
Diversity (%)   Directors' tenure: average 6.25 years (as at financial year-end) (%)
 

The composition of the board and attendance at board meetings and board committee meetings is set out below for the year ended September 2019:

      BOARD       BOARD COMMITTEES   AGM
Name Appointed
(Retiring)
from Board
    Audit and Risk   Nomination and
Governance
Human
Resources
and
Compensation
SETS %
attendance
during
tenure
 
Independent non-executives                          
BR Beamish 01 March 2019                  
MA Fallon              
100
JM Lopez 01 March 2019                
100
 
NP Mageza              
100
ZN Malinga                  
90
JD McKenzie (31 December 2019)            
100
B Mehlomakulu                  
100
MV Moosa              
100
KR Osar (31 December 2019)                
90
RJAM Renders                
100
Sir Nigel Rudd  
100
JE Stipp 01 June 2019              
100
 
Executives                          
SR Binnie (CEO)      
100
GT Pearce (CFO)                
100
Lead director Committee member (present) Chairman Ex officio Absent By invitation Indicates appointed to committee 01 August 2019

Strategic focus areas

In addition to standard items on the board's agenda, 2019 focus areas included:

  • External overviews of global and regional economies and related developments
  • Each serious safety incident was reviewed in detail
  • Biotech and related research and development
  • A renewed focus on new products, the exciter (R&D) programme and go-to-market strategies
  • The acquisition of Matane pulp mill in Canada
  • Carbon emissions and reduction of Sappi's carbon footprint
  • Human resource capacity building and transformation for the Southern Africa region
  • Review of all major shuts and the project management process
  • Review of regional market peculiarities
  • Review of results from the engagement survey
  • A review of the Code of Ethics and related policies, such as anti-trust and anti-fraud and corruption policies
  • A review of cyber-security risks
  • The Sefate employee share scheme
  • Land reform in South Africa and fibre supply in Europe
  • Cost reduction targets and strategies
  • Review of supply and demand, of dissolving wood pulp and impact on the group
  • Review of the packaging and speciality papers business
  • Planning for the 2025 strategic plan.

All top risks and emerging risks received attention from the board in 2019.

The following specific areas will be added to the board's agenda in 2020:

  • A revised approach for reviewing the risks facing the group
  • Project management and oversight for large capital projects
  • A review of gender diversification across regions and the group
  • Commercialisation of biotech
  • Consideration of additional cost improvement areas
  • Review of risks and opportunities related to climate change in line with the Task Force on Climate-related Finance Disclosure (TCFD) recommendations
  • Consideration and approval of the 2025 strategic plan.

Induction and training of directors

Following appointment to the board, directors receive induction and all directors receive training tailored to their individual needs, when required.

Stakeholder communication

The board is responsible for presenting a balanced and understandable assessment of the group's position in reporting to stakeholders. The group's reporting addresses material matters of significant interest and is based on principles of openness and substance over form. The reporting includes information on key trade-offs that have to be made. Various policies have been developed to guide engagement with Sappi's stakeholders such as the Group Stakeholder Engagement Policy and Group Corporate Citizenship Policy on www.sappi.com/policies. Sappi has a policy addressing alternate dispute resolution (ADR) and relevant ADR clauses are generally included in contracts with customers and suppliers. There have been no requests for information for the period under review in terms of the Promotion of Access to Information Act (South African legislation).

See Our key relationships for more information.

Sappi board and management committees

Board and management committees have been established and are discussed below.

Board committees

The board has established committees to assist it to discharge its duties. The committees operate under written terms of reference set by the board.

Board of directors
  • Strategic leadership and guidance
  • The board delegates certain oversight responsibilities to board committees
  • Ultimate oversight, accountability and responsibility
  • The board assigns responsibilities for management of the group to the CEO
Sappi's board committees create and maintain sustainable value by focusing on these key areas:
Management committees

 

Board committees

The board has established committees to assist it to discharge its duties. The committees operate within written terms of reference set by the board.

 

Audit and Risk Committee

NP Mageza
Chairman

Membership details at September 2019:

  • NP Mageza
  • MA Fallon
  • KR Osar
  • RJAM Renders
  • ZN Malinga
  • JE Stipp
  96% committee attendance rate  

The Audit and Risk Committee confirms that it has received and considered sufficient and relevant information to fulfil its duties, as set out in the Audit and Risk Committee Report.

The external and internal auditors attended Audit and Risk Committee meetings and had unrestricted access to the committee and Chairman. The external and internal auditors met privately with the Audit and Risk Committee during 2019.

Mr NP Mageza is the Chairman and designated financial expert of the Audit and Risk Committee and attended the Annual General Meeting held on 6 February 2019. Ms ZN Malinga, joined the board and the Audit and Risk Committee with effect from 1 October 2018. Ms JE Stipp, joined the board with effect from 1 June 2019 and was appointed to the Audit and Risk Committee with effect from 1 August 2019.

See 2019 Audit and Risk Committee Report on www. sappi.com/annual-reports for more information.

   

Roles and responsibilities

The Audit and Risk committee consists of six independent non-executive directors. The committee assists the board in discharging its duties relating to the following:

  • Safeguarding and efficient use of assets
  • Oversight of the risk management function
  • Oversight of information and technology risks, related controls and governance
  • Oversight of non-financial risks and controls, through a combined assurance model
  • Operation of adequate systems and control processes
  • Reviewing the integrity of financial information and the preparing of accurate financial reports in compliance with applicable regulations and accounting standards
  • Reviewing the quality and transparency of sustainability information included in the Annual Integrated Report
  • Reviewing compliance with the group's Code of Ethics and external regulatory requirements
  • Oversight of the external auditors' qualifications, experience, independence and performance. For FY19, this included close monitoring of the audit activities of the external audit firm KPMG, as well as the ongoing review of reputational concerns relating to media reports involving KPMG South Africa
  • Oversight of the performance of the internal audit function
  • Oversight of the performance of the finance function
  • Oversight of taxation policies, congruent with responsible corporate citizenship
  • A formal review of the committee's operating effectiveness and performance every two years by way of an assessment with feedback being provided to the board.

Strategic focus areas

The Audit and Risk Committee helped to create and protect value by providing oversight and guidance for a wide range of topics, including the following areas related to Sappi's strategy:

  • Global business systems projects tasked with harmonising diverse systems and processes, to achieve streamlined, effective ways of working across the group and the associated cost advantages
  • Investment projects designed to rationalise declining businesses
  • Management's efforts to maintain a healthy balance sheet
  • Projects to accelerate the group's ability to take advantage of opportunities in higher-margin growth segments, such as dissolving wood pulp, packaging and speciality papers, the biotech and renewable energy fields
  • Review of cyber-security incidents impacting on specific outsourced service suppliers
  • Oversight of the establishment of a Control and Assurance Committee, which uses combined assurance to focus on risks facing the group
  • Suggestions and oversight for the development of a revised approach to reviewing the group's risks
  • Regulatory compliance with global privacy legislation.

Areas of additional oversight for the committee in 2020 will be:

  • refinement of the risk framework and approach to reviewing risks
  • oversight of the risk topics to be reviewed by the Control and Assurance Committee (CAC)
  • oversight of the progress of the expanded project management approach.

Stakeholders

The Audit and Risk Committee has helped to create and protect value for many stakeholders, specifically employees, customers, shareholders and regulators.

See Our key relationships for further details.

Risks

The Audit and Risk Committee has provided oversight for all the risks in the group risk register and this includes addressing the following top 10 risks:

1 Safety 6 Project implementation and execution
2 Cyclical macro-economic context 7 Uncertain and evolving regulatory landscape
3 Evolving technologies and consumer preferences 8 Market share and customer concentration
4 Highly competitive industry 9 Employee relations
5 Natural resource constraints 10 Failure to attract and retain key skills

See Risk management for more information.

 

 

Nomination and Governance Committee

Sir Nigel Rudd
Chairman

Membership details at September 2019:

  • Sir Nigel Rudd
  • JD McKenzie
  • MV Moosa
  100% committee attendance rate  
   

Roles and responsibilities

The Nomination and Governance Committee consists of three independent directors. The committee considers the leadership and governance requirements of the company including a succession plan for the board. The committee identifies and nominates suitable candidates for appointment to the board in line with Sappi's policy on the promotion of gender and race diversity at board level, for board and shareholders' approval. It considers the independence of candidates as well as directors. The committee makes recommendations on corporate governance practices and disclosures, and reviews compliance with corporate governance requirements. It has oversight of appraising the performance of the board and all board committees. The results of this process and recommended improvements are communicated to the chairman of each committee and the board. The functioning and performance of Sappi's board and board committees were assessed externally in 2019 and established that the board and board committees functioned well.

Strategic focus areas

The Nomination and Governance committee helped to protect value by providing oversight and guidance in 2019 on:

  • Corporate governance
  • Tone at the top
  • Succession plans for senior executives and the board with a focus on board composition
  • Assessment of the board and board committee performance
  • Rotation and replacement of directors

A focus area for 2020 will be executive and board succession planning.

Stakeholders

The Nomination and Governance Committee has helped to protect value primarily for the shareholders and regulators.

See Our key relationships for further details.

The Nomination and Governance Committee focused on some of the top 10 risks:

1 Safety    
6 Project implementation and execution    
7 Uncertain and evolving regulatory landscape    
10 Failure to attract and retain key skills    

See Risk management for more information.

 

 

Human Resources and Compensation Committee

MA Fallon
Chairman

Membership details at September 2019:

  • MA Fallon
  • NP Mageza
  • JD McKenzie
  • RJAM Renders
  • BR Beamish
  100% committee attendance rate  

Mr BR Beamish was appointed to the committee from 01 August 2019.

   

Roles and responsibilities

The Human Resources and Compensation Committee consists of five independent directors. The responsibilities of the Human Resources and Compensation Committee are, among others, to provide oversight of the group's human capital, determine the group's human resource policy and strategy, assist with the hiring, and setting of terms and conditions of employment of executives, the approval of retirement policies, and succession planning for the CEO and management. The committee ensures that the compensation philosophy and practices of the group are aligned to its strategy and performance goals. It reviews and agrees the various compensation programmes and, in particular, the compensation of executive directors and senior executives as well as employee benefits. It also reviews and agrees to executive proposals on the compensation of non-executive directors for approval by the board and ultimately by shareholders.

Strategic focus areas

The key focus area in 2019 was to review Sappi's compensation policy and practices to ensure alignment and compliance to the requirements of King IV. The Sappi Limited AGM was held on 06 February 2019 and the requisite ordinary resolutions endorsing the remuneration policy (96% majority) and implementation reports (93% majority) were passed. This vote by our shareholders is an endorsement for our ongoing commitment to good governance and disclosure.

The strategic focus areas for the committee in 2020 will include:

  • To maintain high standards of corporate governance in line with King IV
  • Action points from the employment engagement survey
  • Leadership development
  • Global HR systems implementation
  • To review succession and retirement plans for key positions in Sappi
  • To engage with key stakeholders to discuss areas of mutual concern.

See Remuneration Report for more information.

Stakeholders

The Human Resources and Compensation Committee has helped to protect value primarily for the employees, shareholders and regulators.

See Our key relationships and Remuneration Report for more information.

Risks

The Human Resources and Compensation Committee has focused on the following top 10 risks:

1 Safety    
2 Cyclical macro-economic context    
6 Project implementation and execution    
7 Uncertain and evolving regulatory landscape    
9 Employee relations    
10 Failure to attract and retain key skills    

See Risk management for more information.

 

 

Social, Ethics, Transformation and Sustainability Committee

MV Moosa
Chairman

Membership details at September 2019:

  • MV Moosa
  • SR Binnie
  • B Mehlomakulu
  • BR Beamish
  • JM Lopez
  100% committee attendance rate  

Mr BR Beamish and Mr JM Lopez were appointed to the Human Resources and Compensation Committee from 01 August 2019.

   

Roles and responsibilities

The Social, Ethics, Transformation and Sustainability (SETS) Committee comprises two independent non-executive directors and the CEO. Other executive and group management committee members attend committee meetings by invitation. It should be noted that a number of other non-executive directors attend SETS committee meetings ex officio. The chairmen of the Audit and Risk Committee and SETS Committee attend each other's meetings to avoid unnecessary repetition of discussions.

The committee's mandate is to oversee the group's sustainability strategies, ethics management, good corporate citizenship, labour and employment practices, as well as its contribution to social and economic development and, for the group's South African subsidiaries, the strategic business priority of transformation.

The committee is supported by the Global Sustainability Council and by Regional Sustainability Committees in dealing with day-to-day sustainability issues and helping to develop and entrench related initiatives in the business.

Strategic focus areas

In 2019 the committee:

  • Oversaw the implementation of a Supplier Code of Conduct intended to enable Sappi to manage our supply chain risks more closely
  • Provided oversight of safety initiatives and reviewed serious safety incidents
  • Oversaw external assurance on LTIFR and emissions data as well as environmental impact analyses for major investment projects
  • Considered trade-offs between the following:
    • Productivity and safety advantages of mechanisation and the social and human capital implications
    • Financial and natural capitals relating to the use of coal versus other renewable energy fuels for our heating requirements.

The strategic focus areas for the committee in 2020 will include:

  • Further reduction of the group's carbon footprint
  • Safety initiatives
  • Sappi Southern Africa's performance against the applicable BBBEE legislation.

Stakeholders

The SETS Committee has a broad spread of stakeholders for which it helps to protect (or create) value, namely suppliers, customers, employees, regulators, shareholders and society.

See Our key relationships for more information.

Risks

The SETS Committee focused on the top 10 risks:

1 Safety    
2 Cyclical macro-economic context    
3 Evolving technologies and consumer preferences    
4 Highly competitive industry    
5 Natural resource constraints    
6 Project implementation and execution    
7 Uncertain and evolving regulatory landscape    
8 Market share and customer concentration    
9 Employee relations    
10 Failure to attract and retain key skills    

See Risk management for more information.
See SETS Committee Report and summary of the group's sustainability initiatives at www.sappi.com/sustainability.

Management committees

The board assigns responsibility for the day-to-day management of the group to the CEO. To assist the CEO in discharging his duties, a number of management committees have been formed. Some of these committees also provide support for specific board committees. The management committees are a key component of Sappi's second line of defence and assurance. Refer to Risk management for additional details of Sappi's approach to risk, controls and assurance.

Executive Committee

This committee comprises executive directors and senior management from Sappi Limited as well as the CEOs of the three main regional business operations, and the dissolving wood pulp business. The CEO has assigned responsibility to the Executive Committee for a number of functional areas relating to the management of the group, including the development of policies and alignment of initiatives for strategic, operational, financial, governance, sustainability, social and risk processes. The Executive Committee meets at least five times per annum.

Disclosure Committee

The Disclosure Committee comprises members of the Executive Committee and senior management from various disciplines. Its objective is to review and discuss financial and other information prepared for public release. It is the ultimate decision-making body, apart from the board, on disclosure.

Treasury Committee

The Treasury Committee meets monthly to assess financial risks on treasury-related matters.

Taxation Committee

The Taxation Committee meets monthly to discuss and address global taxation matters.

Project steering committees

For key strategic projects, steering committees are established to oversee successful execution.

Technical committees

The technical committees focus on global technical alignment, performance and efficiency measurement as well as new product development.

Group Risk Management Committee

The committee is known as the group risk management team (GRMT) and is mandated by the board to establish, coordinate and drive the risk management process throughout Sappi. It has established a risk management system to identify and manage significant risks. The GRMT reports regularly on risks to the Audit and Risk Committee and the board. Risk management software is used to support the risk management process.

Control and Assurance Committee

The Control and Assurance Committee (CAC) is supported by the internal control function and provides regular oversight and guidance to the business on internal controls and combined assurance for financial, strategic and operational risks. The committee is accountable to GRMT and the Audit and Risk Committee.

Among other duties, the committee provided oversight for the activities of control and assurance workgroups (CAW) established to review key risks, identified risk mitigations and controls, assurance provision and identification of any gaps and subsequent remediation activities. The working group focused on IT security risks, fibre certification risk, corporate communications risks as well as our periodic review and streamlining of the group's risk and control framework, which is the foundation for Sappi's first line of defence and assurance. In 2020, the CAW will assist the CAC to create and protect value by undertaking reviews of combined assurance, risks and controls relating to retirement benefits, taxation, safety, and environmental sustainability.

IT Steering Committee

The IT Steering Committee promotes IT governance throughout the group and is the highest authority responsible for this aspect of Sappi's business, apart from the board. The committee has a charter approved by the Audit and Risk Committee and the board. An IT governance framework has been developed and IT feedback reports are presented to the Audit and Risk Committee and the board. Sappi IT has implemented a standardised approach to IT risk management through a group-wide risk framework supported by risk management software. The committee has helped to create value for shareholders in 2019 by its oversight of:

  • The integration of SAP systems of operating units in Italy into Sappi's SAP environment
  • Coordination with group internal audit of reviews of IT security arrangements for specific service providers who experienced or may have been at risk of cyber-security attacks
  • The implementation of COBIT 2019.

Oversight by the committee will continue in 2020 for these IT initiatives, as well as:

  • The integration of SAP systems of the recently acquired Matane Mill in Canada, into Sappi's SAP environment
  • The implementation of reviews of IT security arrangements for key suppliers.

Global Business Systems Council

This council meets monthly to provide direction for strategic business improvement projects, in particular, harmonisation, One Sappi and effective use of resources.

Sustainability Council

This council provides direction for Sappi's efforts to achieve its sustainable value creation objectives.

Brand Council

This council coordinates Sappi's brand communication programme, monitors brand performance and ensures effective brand management to enhance Sappi's reputation.

Ensuring leadership through ethics and integrity

Sappi is committed to doing business the right way. Trust is created by operating from a commonly accepted set of values, enhancing and protecting our reputation. We require our directors and employees to act with integrity, to be courageous, to make smart decisions and to execute with speed, in all transactions and in their dealings with all business partners and stakeholders.

Our values underpin the group's Code of Ethics and commit the group and its employees to sound business practices and compliance with applicable legislation, which help to promote legitimacy.

Actions are taken against employees who do not abide by the spirit and provisions of our code.

Online Code of Ethics, anti-bribery and corruption training as well as social media training has been provided to employees across the group over the past three years.

A Group Supplier Code of Conduct (code) has been developed to help ensure that Sappi's values and ethical standards are clearly understood and supported by all our suppliers, their first-tier suppliers and other stakeholders.

See Code of Ethics on www.sappi.com/code-of-ethics.

   

The programme is designed to increase awareness of, and enhance compliance with, applicable legislation. The group compliance officer reports twice per annum to the Audit and Risk Committee.

Sappi enhanced the legal compliance programme in 2019 by progressing implementation of Exclaim legal compliance software for Sappi group functions and Sappi Southern Africa. In addition, online training has been provided to employees across the group on relevant core legal compliance topics.

We intend to expand the use of Exclaim software in support of our legal compliance responsibilities in 2020. We have implemented a policy passport tool to support our legal compliance efforts. The introduction of these software tools and related training and online learning is helping to create and protect value primarily for employees, customers, shareholders and regulators.

The group has a policy that obliges all employees to disclose any interest in contracts or business dealings with Sappi to assess any possible conflict of interest. The policy also dictates that directors and senior officers of the group must disclose any interest in contracts as well as other appointments to assess any conflict of interest that may affect their fiduciary duties.

During the year under review, apart from that disclosed in the financial statements, none of the directors had a significant interest, in any material contract or arrangement entered into by the company or its subsidiaries.

See Code of Ethics (Preventing fraud and corruption) on www.sappi.com/code-of-ethics.

   

The company has a code of conduct for dealing in company securities and follows the JSE Limited Listings Requirements in this regard.

See Code of Ethics (Insider trading) at www.sappi.com/code-of-ethics.

Reporting on compliance and ethics concerns

Sappi employees and stakeholders can report any potential illegal or non-compliant behaviour they observe directly to (senior) management, internal audit or legal counsel, or alternatively, report anonymously via telephone or an online form. Whistle-blower hotlines have been implemented in all the regions in which the group operates. The hotline service, operated by independent service providers, enables all stakeholders to anonymously report environmental, safety, ethics, accounting, auditing, control issues or other concerns. Retaliation against whistle-blowers is not tolerated. The follow-up on all reported matters is coordinated either by legal counsel or internal audit and reported to the Audit and Risk Committee. The majority of calls and ethics reports received related to the Southern African region. Please refer to the whistle-blower hotline and ethics report graphs for information on the number of hotline calls per 1,000 employees, categories of hotline calls and ethics reports, and outcome of investigations. The hotline report rates, categories of reports and outcomes of cases broadly align with international whistle-blower benchmark data. See Code of Ethics (Reporting and whistle-blowing) on www.sappi.com/code-of-ethics.

 

Hotline report rate per 1,000 employees per annum   Analysis of hotline and ethics reports by category (%)   Analysis of hotline and ethics reports case outcomes (%)
   
         

Financial statements

The directors are responsible for overseeing the preparation and final approval of the group annual financial statements, in accordance with International Financial Reporting Standards issued by the International Accounting Standards Board.

The group's results are reviewed prior to submission to the board, as follows:

  • All quarterly results – by the Disclosure Committee as well as the Audit and Risk Committee
  • Interim and final results – by external audit.

Risk, controls and assurance at Sappi

Risks facing the group are identified, evaluated and managed by implementing risk mitigations, such as insurance, strategic actions or specific internal controls. Sappi maintains a robust framework of risks and controls which assists in the application of the King IV guidelines and the achievement of governance outcomes by helping to: create an ethical culture; establishing effective control; and promoting legitimacy, all of which help Sappi to and its stakeholders to benefit from good performance. The framework includes controls addressing our material matters, by focusing on the main drivers of Sappi and comprises both financial and non-financial controls, which support the achievement of our strategy, within our risk appetite and tolerance levels, across the economic, social and environmental context in which the organisation operates as well as each of the six capitals set out in the IIRC's model. More information on these capitals and integrated thinking in the context of Sappi's sustainable business model can be found in Our Strategy and performance, as well as Our global sustainability goals.

The group's internal controls and systems are designed in accordance with the COSO control framework to support the achievement of the group's objectives including strategic, operational and financial performance goals, effective and efficient use of resources, safeguarding assets against material loss, integrity and reliability of internal and external financial and non-financial reporting, and compliance with applicable laws and regulations.

Sappi operates a combined assurance framework, which aims to optimise the assurance coverage obtained from management, internal assurance providers and external assurance providers, on the risk areas affecting the group.

During 2019 we further developed our approach to combined assurance which was overseen by the Control and Assurance Committee (CAC). The committee and its workgroups provided more holistic feedback to the GRMT and Audit and Risk Committee on the state of controls quality as well as coverage of assurance from various assurance providers across Sappi's three lines of defence.

Sappi's combined assurance framework, incorporating the three lines of defence and oversight by the board and board committees

First line of defence Second line of defence Third line of defence   Oversight by the board
Risk areas and value drivers, capitals Business management operations supported by appropriate controls and systems Monitoring and oversight functions Independent assurance provided by external audit, internal audit and other assurance providers   Board and board committees
Governance, risk, and controls – general (core business cycles)

Day-to-day risk management activity

Established risk and control environment

Executive, corporate and regional lead teams

Corporate and regional business functions, eg sales, finance, IT, HR, purchasing

Business units, eg forestry, mills, sales offices

Business unit operations, eg production, engineering, controlling, materials management

Control and Assurance Committee management self-assessments Internal audit   Audit and Risk Committee
Strategy and vision, competition and markets, socio-political   Executive Committee, Group Head Strategy, Control and Assurance Committee, management self-assessments   Internal audit   Nomination and Governance Committee
Financial, tax and treasury   Control and assurance, accounting standards, taxation, treasury and disclosure committees, management self-assessments   KPMG, tax authorities, internal audit   Audit and Risk Committee
Legal and compliance   Legal compliance programme, Group Compliance Manager   Legal compliance audits, internal audit   Audit and Risk, SETS, HR and Compensation Committees
IT   IT Steering Committee, group IT governance functions, management self-assessments   KPMG, ISA 3402s, penetration testing, internal audit   Audit and Risk Committee
Planet, environment, natural capital   Sustainability councils, Environmental and Energy (E4) Global Cluster, GRMT   ISO 14001, FSC™, PEFC™, EMAS, KPMGGovernment reviews emissions effluent etc, internal audit   SETS Committee
Ethics   Group Compliance Manager, ethics surveys, management self-assessments   Internal audit   SETS Committee
People, HR and transformation   Global HR Committee, regional labour forums, employee engagement surveys, management self-assessments   BBBEE audits, internal audit   Audit and Risk, SETS, HR and Compensation Committees
Research and development, intellectual property   Group technical cluster, management self-assessments   ISO 17025, internal audit   SETS Committee
Manufacturing, supply chain management, quality, forestry   Technical clusters and platforms, regional SHEQ audits, supplier audits, management self-assessments   ISO 9001, ISO 50001, FSCTM PEFCTM, Matrix, internal audit   SETS Committee
Stakeholders, communication, reputation, society   Group corporate affairs, sustainability and investor relations functions   Internal audit   SETS Committee
Safety   Group and regional risk management teams, safety audits   OHSAS 18000, ISO 22000 regulatory inspections, internal audit   SETS Committee

A key element of combined assurance at Sappi is derived from the annual control self-assessments completed by control owners, which helps to protect value for stakeholders by providing management and the board with assurance on the state of controls throughout the group. Control gaps identified through this process are recorded and remediation progress is monitored by management, relevant committees, auditors and the board.

The Audit and Risk Committee advises the board on the state of risk management and controls, as well as assurance, in Sappi's operating environment. This information is used as the basis for the board's review, sign-off and reporting to stakeholders, via the Annual Integrated Report and annual financial statements, on risk management and the effectiveness of internal controls and assurance in Sappi.

As part of combined assurance on reported information, Sappi has obtained assurance on data in the Annual Integrated Report from the following sources:

  • KPMG have audited the Group Annual Financial Statements
  • External sustainability assurance was obtained from KPMG in 2019 for scope 1 and 2 emissions information as well as specific safety information
  • Specific Planet (environment) related processes are subject to review by third parties during the year. Certain local environmental and safety reporting is subject to audit by local regulators
  • Limited reviews of sustainability information have been undertaken by central technical management and internal audit.

Internal audit

The group has an effective risk based internal audit department which is suitably resourced. It has a specific charter from the Audit and Risk Committee and independently appraises the adequacy and effectiveness of the group's governance, risk management, systems, internal controls and accounting records. Internal audit coordinates combined assurance and reports the findings to local and divisional management, the external auditors as well as the Audit and Risk Committee.

The head of internal audit reports to the Audit and Risk Committee, meets with board members, has direct access to executive management and is invited to attend certain management meetings. The role of internal audit at Sappi is set out below.

The role of internal audit at Sappi is set out in the following diagram:

Internal audit value proposition

Mission, vision, values Strategy Performance and outcomes
Stakeholders   Objectives   Capitals
  • Board, Audit and Risk Committee
  • Management
  • Employees
  • Other
 

People, Planet and Prosperity

  • Strategic
  • Operational
  • Compliance
  • Reporting
 
  • Manufactured
  • Financial
  • Human
  • Natural
  • Societal
  • Intellectual
Governance, risk and opportunity management, controls
Support Internal audit activities Support

Advisory and assistance

  • Forensic, hotline and ethics management
  • Projects, new business processes
  • Ad hoc management requests
  • Governance, risk, controls consulting
  • King IV, governance disclosures
  • Secondments to business
  • Internal control support (risk and control framework, self-assessments, segregation of duties, workgroups)
 

Assurance (risk based)

  • Financial processes and systems
  • Business processes and systems
  • Operational and strategic risks
  • IT (value, GCC, security, operations)
  • Ethics, risks, legal compliance
  • Sustainability data
  • Combined assurance
  • Annual opinion
Core
principles
Integrity   Competence and
due professional
care
  Objective and
independent
  Aligned with
strategies, risks
and objectives
  Appropriately
positioned and
resourced
Quality and
continuous
improvement
  Effective
communication
  Risk based
assurance
  Insightful,
future-focused and
proactive
  Promotes
organisational
improvement

 

During 2019, apart from the ongoing focus on financial controls, which includes supporting Sappi's strategy to maintain a healthy balance sheet, internal audit helped to create and protect value by completing reviews in support of the following strategic objectives:

  • Achieve cost advantages: advisory services to the global business systems projects (requisition to pay, sales order to cash, shared service centre optimisation)
  • Rationalising declining businesses: project management reviews for business optimisation projects.
  • Accelerate growth in higher margin growth segments: Integration and control onboarding reviews of operating units in the United Kingdom and Italy. Assurance reviews of contractors and capital expenditure for the Vulindlela project at Sappi's Saiccor Mill in South Africa.

In 2020, internal audit will continue to create and protect value for shareholders, management, several management committees, as well as the Audit and Risk Committee by:

 
  • Undertaking further advisory or assurance assignments for strategic projects
 
  • Developing our agile approach to establishing the audit plan and to streamline our way of working; and spearheading Sappi's enhanced focus on combined assurance by playing a leading role in coordinating the efforts of Combined Assurance Workgroup (CAW) which will address key group risks, provision of assurance and identification of gaps, with feedback to the Control and Assurance Committee (CAC), GRMT and Audit and Risk Committee
  • Continuing with capital expenditure and contractor reviews for the Vulindlela project in Sappi Southern Africa
  • Integration and control onboarding reviews of the acquired Matane Mill in Canada.

Internal audit maintains an internal quality assurance programme. An external quality assurance review is undertaken periodically. The last review was in 2015, conducted by the Institute of Internal Auditors (IIA). A generally conforms rating was received, which is the highest of the three levels of conformance to the IIA's standards. The 2019 internal quality assurance review highlighted a need for more regular review of our audit strategy and assessment of risks. This will be addressed in 2020.

Board assessment of the company's risk management, compliance function and effectiveness of internal controls and combined assurance

The board is responsible for the group's systems of internal financial and operational control. As part of an ongoing comprehensive evaluation process, control self-assessments, independent reviews by internal audit, external audit and other assurance providers were undertaken across the group to test the effectiveness of various elements of financial, disclosure and other internal controls as well as procedures and systems. Identified areas of improvement are being addressed to strengthen the group's controls further. The board has assessed the combined assurance provided in 2019. The results of the reviews did not indicate any material breakdown in the functioning of these controls, procedures and systems during the year. The internal controls in place, including the financial controls and financial control environment, are considered to be effective and provide a sound basis for the preparation of the Group Annual Financial Statements, Annual Integrated Report and other reports used internally for management decision making.

 

Company Secretary

The Company Secretary does not fulfil executive management functions outside of the duties of company secretary and is not a director. During the year, the board has assessed the independence, competence, qualifications and experience of the company secretary and has concluded that she is sufficiently independent (ie maintained an arm's length relationship with the executive team, the board and individual directors), qualified, competent and experienced to hold this position. The company secretary is responsible for the duties set out in section 88 of the Companies Act 71 of 2008 (as amended) of South Africa. Specific responsibilities include providing guidance to directors on discharging their duties in the best interests of the group, informing directors of new laws affecting the group, as well as arranging for the induction of new directors.