Corporate governance

Sappi is committed to the highest standards of corporate governance, which form the foundation for the long-term sustainability of our company and creation of value for our stakeholders.

Overall committee attendance rate

Good governance at Sappi contributes to living our values through enhanced accountability, a transparent and ethical culture, strong risk management, a focus on effective control of the business, legitimacy and good performance. Governance is one of our key enablers to unlocking and protecting value, as we optimise the use of our capitals, address our key risks while taking advantage of exciting opportunities (see Risk management), while minimising the negative impacts of trade-offs that have to be made, as set out in the presentation of our key material issues (see Our key material issues). The group endorses the recommendations contained in the King Code of Governance Principles for South Africa 2016 (King IV) and applies the various principles in the achievement of good governance outcomes.

See 2018 King IV on www.sappi.com/annual-reports for an application register of how Sappi applies the King IV principles.

The group is listed on the JSE Limited and complies in all material respects with the JSE listings requirements, regulations and codes.

The board of directors

The basis for good governance at Sappi is laid out in the board charter, which sets out the division of responsibilities between the board and executive management. The board collectively determines strategies, approves major policies and plans, is responsible for risk management, and provides oversight as well as monitoring, to help to ensure accountability. The board is satisfied that it has fulfilled its responsibilities in accordance with its charter for the reporting period.

See 2018 Our leadership and executive management on www.sappi.com/annual-reports.

The composition of the board and attendance at board meetings and board committee meetings is set out in the table below for the year ended September 2018:

          Board committees
Name Status Board Audit and Risk Nomination and
Governance
Human Resources
and Compensation
Social, Ethics,
Transformation and
Sustainability (SETS)
SR Binnie Chief Executive Officer 6/6 B 5/5 B 3/3 B 5/5 3/3
GT Pearce Chief Financial Officer 6/6 B 5/5 B 1/3
Sir Nigel Rudd Independent non-executive Chairman C 6/6 E 4/5 C 3/3 E 4/5 E 3/3
RJ DeKoch(1) Non-executive (retired 16/8/2018) R 6/6 R 3/3
MA Fallon Independent non-executive 6/6 5/5 C 5/5 B 1/3
D Konar(2) Independent non-executive (retired 31/1/2018) R 3/3 C/R 2/2 R 1/1
JD McKenzie Lead independent director 6/6 3/3 5/5 B 3/3
NP Mageza(3) Independent non-executive 6/6 C 4/5 4/5
B Mehlomakulu Independent non-executive 5/6 3/3
MV Moosa(4) Independent non-executive 6/6 B 2/5 1/1 C 3/3
KR Osar Independent non-executive 6/6 5/5
RJAM Renders Independent non-executive 6/6 5/5 5/5 B 1/3
R Thummer(5) Independent non-executive (retired 31/12/2017) R 3/3 R 2/2
Attendance by board and board committee members (%)   99   95   100   95   100
(1) Mr RJ DeKoch retired from the board of Sappi Limited and the SETS Committee with effect from 16 August 2018.
(2) Dr D Konar retired from the Sappi Limited board and the Audit and Risk Committee with effect from 31 January 2018.
(3) Mr Peter Mageza was appointed Chairman of the Audit and Risk Committee following Dr D Konar's retirement with effect from 31 January 2018. Mr Mageza was also designated as the Audit and Risk Committee financial expert from 31 January 2018.
(4) Mr MV Moosa was appointed to Nomination and Governance Committee with effect from 06 February 2018.
(5) Dr R Thummer retired from the board of Sappi Limited and the SETS Committee with effect from 31 December 2017.
Other ✓ Indicates board committee membership, C indicates board committee chairman, B indicates attendance by invitation, E indicates attendance ex officio and R indicates that the director retired from the Sappi Limited board and the respective sub-committee. The figures in each column indicate the number of meetings attended out of the maximum possible number of meetings during the period indicated.
Induction and training of directors

Following appointment to the board, directors receive induction and all directors receive training tailored to their individual needs, when required.

Stakeholder communication

The board is responsible for presenting a balanced and understandable assessment of the group's position in reporting to stakeholders. The group's reporting addresses material matters of significant interest and is based on principles of openness and substance over form. The reporting includes information on key trade-offs that have to be made. Various policies have been developed to guide engagement with Sappi's stakeholders such as the Group Stakeholder Engagement Policy and Group Corporate Social Responsibility Policy on www.sappi.com/policies. Sappi has a policy addressing alternate dispute resolution (ADR) and relevant ADR clauses are generally included in contracts with customers and suppliers. There have been no requests for information for the period under review in terms of the Promotion of Access to Information Act (South African legislation).

See Our key relationships for more information.

Sappi board and management committees

Board and management committees have been established and are discussed below.

Board of directors
  • Strategic leadership and guidance
  • Ultimate oversight, accountability and responsibility
  • The board delegates certain oversight responsibilities to board committees
  • The board assigns responsibilities for management of the group to the CEO
Nomination and
Governance Committee
  Human Resources and Compensation
Committee
  Audit and Risk
Committee
  Social, Ethics,
Transformation, and
Sustainability Committee
  • Board size, composition and diversity
  • Selection and recruitment of directors
  • Evaluation of board performance
  • Corporate governance developments
 
  • Directors' remuneration
  • Succession planning
  • Remuneration policy
  • Incentive schemes
  • Labour and industrial relations management
 
  • Financial and sustainability systems and reporting
  • Risk management
  • Compliance and ethics
  • Combined assurance
  • Internal and external audit
  • IT governance
 
  • Corporate social responsibility
  • Ethics
  • Environment
  • Safety
  • Broad-based black economic empowerment

Executive Committee

  • Executive directors (CEO and CFO)
  • Other senior executives
  • Execute strategic decisions approved by the board
 
Disclosure
Committee
  Control and
Assurance
Committee
  Accounting
Standards
Commit
  Group Risk
Management
Committee
  Global
Sustainability
Council
                 
Treasury
Committee
  Taxation
Committee
  IT Steering
Committee
  Project Steering
Committees
  Technical
Committees
Management committees
Board committees

The board has established committees to assist it to discharge its duties. The committees operate within written terms of reference set by the board.

Audit and Risk Committee
NP Mageza  

Roles and responsibilities

The Audit and Risk Committee consists of four independent, non-executive directors. The committee assists the board in discharging its duties relating to:

  • Safeguarding and efficient use of assets
  • Oversight of the risk management function
  • Oversight of information and technology risks, related controls and governance
  • Oversight of non-financial risks and controls, through a combined assurance model
  • Operation of adequate systems and control processes
  • Reviewing the integrity of financial information and the preparing of accurate financial reports in compliance with applicable regulations and accounting standards
  • Reviewing the quality and transparency of sustainability information included in the Annual Integrated Report
  • Reviewing compliance with the group's Code of Ethics and external regulatory requirements
  • Oversight of the external auditors' qualifications, experience, independence and performance. For 2018, this included close monitoring of the audit activities of the recently appointed external audit firm KPMG, as well as the ongoing review of reputational concerns relating to media reports involving KPMG South Africa
  • Oversight of the performance of the internal audit function
  • Oversight of the performance of the finance function
  • Oversight of taxation policies, congruent with responsible corporate citizenship, and
  • A formal review of the committee's operating effectiveness and performance every two years by way of an assessment with feedback being provided to the board.

NP Mageza
Chairman

Appointed: 31 January 2018

Membership details at September 2018:

  • NP Mageza
  • MA Fallon
  • KR Osar
  • RJAM Renders
 

Strategic focus areas

The Audit and Risk Committee helped to protect value by providing oversight and guidance for a wide range of topics, including the following areas related to Sappi's strategy:

  • Global Business Systems projects tasked with harmonising diverse systems and processes, in order to achieve streamlined, effective ways of working across the group and the associated cost advantages
  • Investment projects designed to rationalise declining businesses
  • Management's efforts to maintain a healthy balance sheet
  • Projects to accelerate the group's ability to take advantage of opportunities in higher margin growth segments, such as in dissolving wood pulp, specialities and packaging papers and the biotech field.

Areas of additional oversight for the committee in 2019 will be:

  • Refinement of the risk framework
  • Additional oversight of the expanded scope of the repurposed Control and Assurance Committee (CAC), and
  • A continuation of the monitoring of the performance and reputation of external audit.

See 2018 Audit and Risk Committee Report on www.sappi.com/annual-reports for more information.

The Audit and Risk Committee confirms that it has received and considered sufficient and relevant information to fulfil its duties, as set out in the Audit and Risk Committee Report.

The external and internal auditors attended Audit and Risk Committee meetings and had unrestricted access to the committee and chairman. The external and internal auditors met privately with the Audit and Risk Committee during 2018.

Mr NP Mageza was appointed Chairman and designated financial expert of the Audit and Risk Committee following Dr D Konar's retirement, effective 31 January 2018. Mr Mageza attended the Annual General Meeting (AGM) held on 07 February 2018. Ms ZN Malinga, joined the board and the Audit and Risk Committee with effect from 01 October 2018.

Stakeholders

The Audit and Risk Committee has helped to protect value for the following stakeholders: employees, customers, shareholders and regulators.

See Our key relationships for more information.

 

Risks

The Audit and Risk Committee has provided oversight for all the risk in the Group Risk Register and this includes addressing the following top 10 risks:

(1) Employee safety
(2) Cyclical macro-economic context
(3) Highly competitive industry
(4) Project implementation
(5) Evolving technologies and consumer preferences
(6) Uncertain and evolving regulatory landscape
(7) Foreign exchange volatility
(8) Natural resource constraints
(9) Market share and customer concentration
(10) Employee relations

See Risk management for more information.

Nomination and Governance Committee
Sir Nigel Rudd  

Roles and responsibilities

The Nomination and Governance Committee consists of three independent directors. The committee considers the leadership and governance requirements of the company including a succession plan for the board. The committee identifies and nominates suitable candidates for appointment to the board in line with Sappi's policy on the promotion of gender and race diversity at board level, for board and shareholders' approval. The committee considers the independence of candidates as well as directors. The committee makes recommendations on corporate governance practices and disclosures, and reviews compliance with corporate governance requirements. The committee has oversight of appraising the performance of the board and all the board committees. The results of this process and recommended improvements are communicated to the chairman of each committee and the board. The functioning and performance of Sappi's board and board committees were assessed externally in 2018 and established that the board and board committees functioned well.

Sir Nigel Rudd
Chairman

Membership details at September 2018:

  • Sir Nigel Rudd
  • JD McKenzie
  • MV Moosa
 

Strategic focus areas

The Nomination and Governance Committee helped to protect value by providing oversight and guidance in 2018 over:

  • Corporate governance
  • Tone at the top
  • Succession plans for senior executives and the board
  • Assessment of the board and board committee performance, and
  • Rotation and replacement of directors.

A focus area for 2019 will be board succession planning.

Stakeholders

The Nomination and Governance Committee has helped to protect value primarily for the following stakeholders: shareholders and regulators

See Our key relationships for more information.

 

Risks

The Nomination and Governance Committee focused on the following of the top 10 risks:

(1) Employee safety
(4) Project implementation

See Risk management for more information.

Human Resources and Compensation Committee
MA Fallon  

Roles and responsibilities

The Human Resources and Compensation Committee consists of four independent directors. The responsibilities of the Human Resources and Compensation Committee are, among others, to provide oversight of the group's human capital, determine the group's human resource policy and strategy, assist with the hiring, and setting of terms and conditions of employment of executives, the approval of retirement policies, and succession planning for the CEO and management. The committee ensures that the compensation philosophy and practices of the group are aligned to its strategy and performance goals. It reviews and agrees the various compensation programmes and in particular the compensation of executive directors and senior executives as well as employee benefits. It also reviews and agrees to executive proposals on the compensation of non-executive directors for approval by the board and ultimately by shareholders.

MA Fallon
Chairman

Membership details at September 2018:

  • MA Fallon
  • NP Mageza
  • JD McKenzie
  • RJAM Renders
 

Strategic focus areas

The key focus area in 2018 was to review Sappi's compensation policy and practices to ensure alignment and compliance to the requirements of King IV. The Sappi Limited AGM was held on 07 February 2018 and the requisite ordinary resolutions endorsing the remuneration policy (99% majority) and the implementation reports (92% majority) were passed. This vote by our shareholders is an endorsement for our ongoing commitment to good governance and disclosure.

The strategic focus areas for the committee in 2019 will be:

  • To maintain high standards of corporate governance and supports and applies the principles of good governance advocated by the South African Institute of Directors (IoD) and the King IV Report on Corporate Governance for South Africa 2016 (King IV). This will ensure compliance with legal and regulatory requirements as they pertain to compensation, and
  • To review succession and retirement plans for key positions in Sappi.

See Remuneration Report for more information.

Stakeholders

The Human Resources and Compensation Committee has helped to protect value primarily for the following stakeholders: employees, shareholders and regulators.

See Our key relationships and Remuneration Report for more information.

 

Risks

The Human Resources and Compensation Committee has focused on the following of the top 10 risks:

(1) Employee safety
(2) Cyclical macro-economic context
(3) Highly competitive industry
(4) Project implementation
(5) Uncertain and evolving regulatory landscape
(10) Employee relations

See Risk management for more information.

Social, Ethics, Transformation and Sustainability Committee
MV Moosa  

Roles and responsibilities

The Social, Ethics, Transformation and Sustainability (SETS) Committee comprises two independent non-executive directors, and the CEO. A 100% attendance record was achieved by board committee members for 2018. Other executive and group management committee members attend SETS Committee meetings by invitation. Dr R Thummer retired from the board and the SETS Committee on 31 December 2017 and Mr R DeKock retired from the board and SETS Committee on 16 August 2018.

The committees mandate is to oversee the group's sustainability strategies, ethics management, good corporate citizenship, labour and employment practices, as well as its contribution to social and economic development and, with regards to the group's South African subsidiaries, the strategic business priority of transformation.

The SETS Committee is supported by the Global Sustainability Council as well as by regional sustainability committees in dealing with day-to-day sustainability issues and helping to develop and entrench related initiatives in the business.

MV Moosa
Chairman

Appointed: 06 February 2018

Membership details at September 2018:

  • MV Moosa
  • SR Binnie
  • B Mehlomakulu
 

Strategic focus areas

In 2018 the committee:

  • Approved the implementation of a Supplier Code of Conduct which will enable Sappi to manage our supply chain risks more closely
  • Approved safety initiatives including studies by outside experts to help Sappi imbed safety first practices, not just in the workplace, but in all aspects of our employees lives
  • Oversaw external assurance on LTIFR and emissions data as well as environmental impact analyses for major investment projects
  • Considered trade-offs between:
    • Productivity and safety advantages of mechanisation and the social and human capital implications, and
    • Financial and natural capitals relating to the use of coal versus other renewable energy fuels for our heating requirements).

The strategic focus areas for the committee in 2019 will be:

  • Overseeing an emerging risk and opportunity in the textile supply chain where major fashion brands are becoming far more aware of supply chain risks and the trade-offs between alternative textiles, and
  • Safety initiatives.

See SETS Committee Report and Our global 2020 sustainability goals for more information.

Stakeholders

The SETS Committee has a broad spread of stakeholders for which it helps to protect (or create) value: suppliers, customers, employees, regulators, shareholders and society.

See Our key relationships for more information.

 

Risks

The SETS Committee has focused on the following of the top 10 risks:

(1) Employee safety
(4) Project implementation
(5) Evolving technologies and consumer preferences
(8) Natural resource constraints
(9) Market share and customer concentration
(10) Employee relations

See Risk management for more information.

Management committees

The board assigns responsibility for the day-to-day management of the group to the CEO. To assist the CEO in discharging his duties, a number of management committees have been formed. Some of these committees also provide support for specific board committees. The management committees are a key component of Sappi's second line of defence and assurance. See Risk management for additional details of Sappi's approach to risk, controls and assurance.

Executive Committee
This committee comprises executive directors and senior management from Sappi Limited as well as the CEOs of the three main regional and dissolving wood pulp business units. The CEO has assigned responsibility to the Executive Committee for a number of functional areas relating to the management of the group, including the development of policies and alignment of initiatives regarding strategic, operational, financial, governance, sustainability, social and risk processes. The Executive Committee meets at least five times per annum.
Disclosure Committee

The Disclosure Committee comprises members of the Executive Committee and senior management from various disciplines. Its objective is to review and discuss financial and other information prepared for public release. It is the ultimate decision-making body, apart from the board, with regards to disclosure.

Treasury Committee
The Treasury Committee meets monthly to assess financial risks on treasury related matters.
Taxation Committee

The Taxation Committee meets monthly to discuss and address global taxation matters.

Project Steering Committees
For key strategic projects, steering committees are established to oversee successful execution of the project.
Technical Committees
The Technical Committees focus on global technical alignment, performance and efficiency measurement as well as new product development.
Group Risk Management Committee

The committee is known as the Group Risk Management Team (GRMT) and is mandated by the board to establish, coordinate and drive the risk management process throughout Sappi. It has established a risk management system to identify and manage significant risks. The GRMT reports regularly on risks to the Audit and Risk Committee and the board. Risk management software is used to support the risk management process.

Control and Assurance Committee

The Internal Control Steering Committee supported by the Internal Control function provides regular oversight and guidance to the business on internal controls and combined assurance for financial, strategic and operational risks. One of the main focus areas for 2018 was to formulate plans for expanding the scope of the committee to include, in a more thorough manner, oversight of the combined assurance process and coordination of assurance providers at Sappi. In its expanded role, this revised committee, which will be known as the Control and Assurance Committee (CAC), will be accountable to the Group Risk Management Team (GRMT) and the Audit and Risk Committee.

The committee will, among other things, oversee the activities of control and assurance workgroups (CAW) established to review key risks, identify risk mitigations and controls, assurance provision and identification of any gaps and subsequent remediation activities. The first working group will meet in the first financial quarter of 2019 and will focus on IT security risks, fibre certification risk as well as our periodic review and streamlining of the group's risk and control framework, which is the foundation for Sappi's first line of defence and assurance.

IT Steering Committee

The IT Steering Committee promotes IT governance throughout the group and is the highest authority responsible for this aspect of Sappi's business, apart from the board. The committee has a charter approved by the Audit and Risk Committee and the board. An IT governance framework has been developed and IT feedback reports are presented to the Audit and Risk Committee and the board. Sappi IT has implemented a standardised approach to IT risk management through a groupwide risk framework supported by the use of risk management software. The committee has helped to create value for shareholders in 2018 by its oversight of:

  • The SAP S/4HANA project which forms part of Sappi's Global Business Systems project in support of the One Sappi strategy to achieve cost advantages, and
  • The negotiation of an enterprise licence agreement with Microsoft, which included migration to Office 365.

Oversight by the committee will continue in 2019 for these IT initiatives, as well as:

  • The integration of the SAP systems of the recently acquired operating units in Italy into Sappi's SAP environment, and
  • The implementation of COBIT 2019.
Ensuring leadership through ethics and integrity

Sappi is committed to doing business the right way. Trust is created by operating from a commonly accepted set of values, enhancing and protecting our reputation. We require our directors and employees to act with integrity, to be courageous, to make smart decisions and to execute with speed, in all transactions and in their dealings with all business partners and stakeholders.

Code of Ethics   Legal compliance programme   Conflict of interests   Insider trading

Our values underpin the group's Code of Ethics and commit the group and its employees to sound business practices and compliance with applicable legislation, which help to promote legitimacy.

Actions are taken against employees who do not abide by the spirit and provisions of our code.

Online Code of Ethics and anti-bribery and corruption training was provided to employees across the group in 2017 and 2018.

See Code of Ethics on www.sappi.com/code-of-ethics.

 

The programme is designed to increase awareness of, and enhance compliance with, applicable legislation is in place. The group compliance officer reports twice per annum to the Audit and Risk Committee.

Sappi enhanced the legal compliance programme in 2018 by the acquisition and implementation of Exclaim legal compliance software for Sappi group and Sappi Southern Africa. In addition, online training has been provided to employees across the group on relevant core legal compliance topics.

We intend to expand the use of the Exclaim software in support of our legal compliance responsibilities in 2019. This will help to create and protect value primarily for employees, customers, shareholders and regulators.

 

 

The group has a policy that obliges all employees to disclose any interest in contracts or business dealings with Sappi to assess any possible conflict of interest.

The policy also dictates that directors and senior officers of the group must disclose any interest in contracts as well as other appointments to assess any conflict of interest that may affect their fiduciary duties.

During the year under review, apart from that disclosed in the financial statements, none of the directors had a significant interest in any material contract or arrangement entered into by the company or its subsidiaries.

See Code of Ethics (Preventing fraud and corruption) on www.sappi.com/code-of-ethics.

 

The company has a code of conduct for dealing in company securities and follows the JSE Limited listings requirements in this regard.

See Code of Ethics (Insider trading) on www.sappi.com/code-of-ethics.

             
Reporting on compliance and ethics concerns

Sappi employees and stakeholders can report any potential illegal or non-compliant behaviour they observe directly to (senior) management, internal audit or legal counsel, or alternatively, report anonymously, via telephone or an online form. Whistle-blower 'hotlines' have been implemented in all the regions in which the group operates. The hotline service, operated by independent service providers, enables all stakeholders to anonymously report environmental, safety, ethics, accounting, auditing, control issues or other concerns. Retaliation against whistle-blowers is not tolerated. The follow up on all reported matters is coordinated either by legal counsel or internal audit and reported to the Audit and Risk Committee. The majority of calls and ethics reports received related to the Southern African region. Please refer to the whistle-blower hotline and ethics report graphs for information on the number of hotline calls per 1,000 employees, the categories of hotline calls and ethics reports, and the outcome of the investigations. The hotline report rates, categories of reports and outcomes of cases broadly align with international whistle-blower benchmark data.

See Code of Ethics (Reporting and whistle-blowing) on www.sappi.com/code-of-ethics.

Hotline report rate per 1,000 employees   Analysis of hotline and ethics reports
by category (%)
  Analysis of hotline and ethics report
case outcomes (%)
Hotline report rate per 1,000 employees   Analysis of hotline and ethics reports by category (%)   Analysis of hotline and ethics report case outcomes (%)
Financial statements

The directors are responsible for overseeing the preparation and final approval of the Group Annual Financial Statements, in accordance with International Financial Reporting Standards issued by the International Accounting Standards Board.

The group's results are reviewed prior to submission to the board, as follows:

  • All quarterly results – by the Disclosure Committee as well as the Audit and Risk Committee, and
  • Interim and final results – by external audit.
Risk, controls and assurance at Sappi

Risks facing the group are identified, evaluated and managed by implementing risk mitigations, such as insurance, strategic actions or specific internal controls. Sappi maintains a robust framework of risks and controls which assists in the application of the King IV guidelines and the achievement of governance outcomes by helping to: create an ethical culture; establishing effective control; and promoting legitimacy, all of which helps Sappi and its stakeholders to benefit from good performance. The framework includes controls addressing our material matters, by focusing on the main drivers of Sappi and comprises both financial and non-financial controls, which support the achievement of our strategy, within our risk appetite and tolerance levels, across the economic, social and environmental context in which the organisation operates as well as each of the six capitals set out in the IIRC's model.

See Our strategy and performance and Our global 2020 sustainability goals for more information on these capitals and integrated thinking in the context of Sappi's sustainable business model.

The group's internal controls and systems are designed in accordance with the COSO control framework to support the achievement of the group's objectives including strategic, operational and financial performance goals, effective and efficient use of resources, safeguarding assets against material loss, integrity and reliability of internal and external financial and non-financial reporting, and compliance with applicable laws and regulations.

Sappi operates a combined assurance framework, which aims to optimise the assurance coverage obtained from management, internal assurance providers and external assurance providers, on the risk areas affecting the group.

During 2018, we further developed our approach to combined assurance which will be overseen by the repurposed Control and Assurance Committee (CAC). The committee and workgroups it establishes will be tasked with providing more holistic feedback to the GRMT and Audit and Risk Committee on the state of controls and the quality and coverage of assurance from the various assurance providers across Sappi's three lines of defence.

Sappi's combined assurance framework, incorporating the three lines of defence and oversight by the board and board sub-committees

      First line of defence   Second line of defence   Third line of defence   Oversight by the board
  Risk areas and value drivers, capitals   Business management operations supported by appropriate controls and systems   Monitoring and oversight functions   Independent assurance provided by external audit, internal audit and other assurance providers   Board and board sub-committees
  Governance, risk, and controls – general (core business cycles)  

Day-to-day risk management activity

Established risk and control environment:

Executive, corporate and regional lead teams

Corporate and regional business functions, eg sales, finance, IT, HR, purchasing

Business units, eg forestry, mills, sales offices

Business unit operations, eg production, engineering, controlling, materials management

  Control and Assurance Committee management self-assessments   Internal audit   Audit and Risk Committee
  Strategy and vision; competition and markets; socio-political   Executive Committee, Group Head Strategy, Control and Assurance Committee, management self-assessments   Internal audit   Nomination and Governance Committee
  Financial, tax and treasury   Control and assurance, accounting standards, taxation, Treasury and Disclosure Committees, management self-assessments   KPMG, tax authorities, internal audit   Audit and Risk Committee
  Legal and compliance   Legal Compliance Programme, Group Compliance Manager   Legal compliance audits, internal audit   Audit and Risk, SETS, HR and Compensation Committees
  IT   IT Steering Committee; Group IT Governance functions, management self-assessments   KPMG, ISA 3402s, penetration testing, internal audit   Audit and Risk Committee
  Planet, environment, natural capital   Sustainability councils, Environmental and Energy (E4) Global Cluster, GRMT   ISO 14001, FSC, PEFC, EMAS, KPMG

Government reviews emissions effluent etc internal audit
  SETS Committee
  Ethics   Group Compliance Manager, ethics surveys, management self-assessments   Internal audit   SETS Committee
  People, HR and transformation   Global HR Committee, regional labour forums, employee engagement surveys, management self-assessments   BEE audits, internal audit   Audit and Risk, SETS, HR and Compensation Committees
  Research and development, intellectual property   Group Technical Cluster, management self-assessments   ISO 17025, internal audit   SETS Committee
  Manufacturing; supply chain
management, quality, forestry
  Technical clusters and platforms. regional SHEQ audits, supplier audits, management self-assessments   ISO 9001, ISO 50001, FSC-PEFC, Matrix, internal audit   SETS Committee
  Stakeholders, communication, reputation, society   Group corporate affairs, sustainability and investor relations functions   Internal audit   SETS Committee
  Safety   Group and regional risk management teams, safety audits   OHSAS 18000, regulatory inspections, internal audit   SETS Committee

A key element of combined assurance at Sappi is derived from the annual control self-assessments completed by control owners, which helps to protect value to stakeholders by providing management and the board with assurance on the state of controls throughout the group. Control gaps identified through this process are recorded and remediation progress is monitored by management, relevant committees, auditors and the board.

The Audit and Risk Committee advises the board on the state of risk management and controls, as well as assurance, in Sappi's operating environment. This information is used as the basis for the board's review, sign-off and reporting to stakeholders, via the integrated report and annual financial statements, on risk management and the effectiveness of internal controls and assurance within Sappi.

As part of combined assurance in respect of reported information, Sappi has obtained assurance on the data in the integrated report from the following sources:

  • Financial data is independently audited by KPMG
  • External sustainability assurance was obtained from KPMG for direct emissions (Scope 1) tCO2e and indirect emissions (Scope 2) tCOsub2e information as well as specific safety information.
  • Specific Planet (environment) related processes are subject to review by third parties during the year. Certain local environmental and safety reporting is subject to audit by local regulators, and
  • Limited reviews of sustainability information have been undertaken by central technical management and internal audit.
Internal audit

The group has an effective risk-based Internal Audit Department which is suitably resourced. It has a specific charter from the Audit and Risk Committee and independently appraises the adequacy and effectiveness of the group's governance, risk management, systems, internal controls and accounting records. Internal audit coordinates combined assurance and reports the findings to local and divisional management, the external auditors as well as the Audit and Risk Committee.

The head of internal audit reports to the Audit and Risk Committee, meets with board members, has direct access to executive management and is invited to attend certain management meetings. The role of internal audit at Sappi is set out in the following diagram:

Internal audit value proposition
Internal audit value proposition

During 2018, apart from the ongoing focus on financial controls, which includes supporting Sappi's strategy to maintain a healthy balance sheet, internal audit helped to create and protect value by completing reviews in support of the following strategic objectives:

  • Achieve cost advantages: Advisory services to the global business systems projects (requisition to pay, sales order to cash, SAP S/4 HANA, shared service centre optimisation)
  • Rationalising declining businesses: Assurance reviews of contractors and capital expenditure for project balance in Sappi North America, and
  • Accelerate growth in high margin products: Integration and control onboarding reviews of the newly acquired operating units in the UK and Italy.

In 2019, internal audit will continue to create and protect value for shareholders, management, several management committees, as well as the Audit and Risk Committee by:



  • Undertaking further advisory or assurance assignments for strategic projects
  • Implementing a more agile approach to establishing the audit plan and to streamline our way of working; and spearheading Sappi's enhanced focus on combined assurance by playing a leading role in coordinating the efforts of control and assurance workgroups (CAW) which will address key risks, provision of assurance and identification of gaps, with feedback to the Control and Assurance Committee (CAC), the GRMT and the Audit and Risk Committee, and
  • Capital expenditure and contractor reviews for the Vulindlela project in Sappi Southern Africa.

Internal audit maintains an internal quality assurance programme. An external quality assurance review is undertaken periodically. The most recent review was in 2015, conducted by the Institute of Internal Auditors (IIA). A generally conforms rating was received, which is the highest of the three levels of conformance to the IIA's standards. The 2018 review was performed internally and highlighted a need for greater agility as well as more comprehensive combined assurance reporting to the Audit and Risk Committee. Both these opportunities will be addressed in 2019.

Board assessment of the company's risk management, compliance function and effectiveness of internal controls and combined assurance

The board is responsible for the group's systems of internal financial and operational control. As part of an ongoing comprehensive evaluation process, control self-assessments, independent reviews by internal audit, external audit and other assurance providers, were undertaken across the group to test the effectiveness of various elements of the group's financial, disclosure and other internal controls as well as procedures and systems. Identified areas of improvement are being addressed to strengthen the group's controls further. The board has assessed the combined assurance provided in 2018. The results of the reviews did not indicate any material breakdown in the functioning of these controls, procedures and systems during the year. The internal controls in place, including the financial controls and financial control environment, are considered to be effective and provide a sound basis for the preparation of the financial statements, Annual Integrated Report and other reports used internally for management decision making.

Company secretary

The company secretary does not fulfil executive management functions outside of the duties of company secretary and is not a director. During the year, the board has assessed the independence, competence, qualifications and experience of the company secretary and has concluded that she is sufficiently independent (ie maintained an arm's length relationship with the executive team, the board and individual directors), qualified, competent and experienced to hold this position. The company secretary is responsible for the duties set out in section 88 of the Companies Act 71 of 2008 (as amended) of South Africa. Specific responsibilities include providing guidance to directors on discharging their duties in the best interests of the group, informing directors of new laws affecting the group, as well as arranging for the induction of new directors.