Healthcare teamwork placeholder

Our Governance

Governance as the strong foundation of SANBS’ business

Healthcare teamwork placeholder

Our Governance

Reporting frameworks, process and combined assurance

Risk, Technology and Information Governance Committee

SANBS Purpose Icon
Committee member

Committee purpose and how it contributes to value creation

The overarching role of the committee is to assist the Board in overseeing that the following areas support SANBS in setting and achieving its strategic objectives:

  • The governance of risk management, including the system of compliance risk governance
  • Technology and information governance
Members of the committee during the period 1 April 2024 to 31 March 2025
  • Ms Faith Burn (Chairperson)
  • Dr Caroline Henry
  • Dr Sipho Kabane (from 27 November 2024)
  • Mr Gary Leong
  • Ms Phindile Mthethwa
  • Mr Ravi Reddy (Executive)
  • Ms Karin van den Berg (Executive)
  • Mr Tshepo Kgage (from 11 March 2025) (Executive)
Declaration
  • The committee has executed its responsibilities in accordance with its approved mandate.
Attendance
  • 100%

Key focus areas and value creating activities for the period under review

Enterprise risk management
  • Monitored the continued growth in maturity of enterprise risk management
  • Received and deliberated the Enterprise Risk Monitoring Report including emerging risks, opportunities and business continuity planning
  • Considered and approved the company’s risk framework including the company’s risk appetite and risk tolerance levels
  • Regularly reviewed the strategic risk register, treatment actions and emerging risks. Deliberated on the risk profile of various strategic risks to determine their relevance and risk ratings
  • Approved the risk profile for inclusion in the integrated report
  • Oversight of the mitigation of business risk – confirmed SANBS’ compliance with registration with Eskom for the use of solar energy at SANBS facilities
  • Deliberated the overview report on currency exposure (actual foreign currency transactions against budget, forex gains and losses)
  • Considered and approved the insurance programme renewal
Technology and information governance

Reviewed the IT risk register, cyber-security posture including cyber incident updates (phishing and data exposure incidents), information security and ICT audits, infrastructure updates, ICT investments monitoring report, business continuity management and arrangements, BECS project updates, contracting with service provider updates.

Noted: that the BECS phase 1 has transitioned to full operation and maintenance. The remaining issues are managed as new requests on an operational basis

Noted that the BECS phase 2 (involving a review of the eTraceline and COSMAS systems) remains on hold

Provided input and support to management on strategic projects – BECS, the modernisation of the ERP system (SAP Ariba, General Ledger Conversion projects), Order-to-Collect, Procure-to-Pay, the Data Governance, Inventory Optimisation and Donor App development

Considered and approved the Information and Communication Technology Governance Framework

Considered and approved the Information Security Governance Framework

Discussed current technological advancements such as AI – considering the plan and impact of these technologies focusing on digitalisation and zero carbon emissions. Requested a report on the strategic outlook regarding AI for the organisation

Compliance risk governance
  • Monitored and exercised oversight over compliance monitoring reports
  • Received updates on the progress of the development of the Compliance Programme to further mitigate risks, detect violations of regulations and promote ethical behaviour in the organisation
  • Received updates on material regulatory developments that could have an impact on the organisation
  • Reviewed the monitoring of key legislation in terms of the compliance monitoring plan to determine whether the controls were adequate and effective
  • Approved the revised Privacy Statement for the website
  • Considered developments regarding POPIA: POPIA training for all staff (E-learning); POPIA Compliance Framework approved by Exco
  • Reviewed the outcomes of Internal Audit’s audit of POPIA, including auditing the IT areas where POPIA is applicable and monitored the closure of actions plans
  • Considered and approved the Compliance Management Policy
Other
  • Reviewed and approved the committee terms of reference and annual work plan

Future focus areas 2026

The Committee will remain focused on overseeing the management of the risks associated with:

  • Strategic projects, with an emphasis on the Order-to-Collect process, the ERP Modernisation next phases, including SAP Ariba, and Data Governance
  • Cybersecurity posture and information governance
  • The advent of AI and associated risks and governance thereof
  • The strategic risk reporting and the continuous monitoring of the risks
  • Continued oversight of emerging risks from new legislative developments
  • Alignment with King V™ principles, once published
  • Oversee compliance governance with the Compliance Risk Management Plans including compliance monitoring and risk reporting for core, high, and medium-rated Acts. On-site branch visits and awareness training to enhance SANBS' compliance culture. Ongoing POPIA monitoring and a review of the Compliance Universe incorporating findings from CRMP monitoring
Top risks
 
Capitals
 
King IV™™
 
Stakeholders
Evaluation of our Boards’ performance
It takes more than one heart to save a life. At SANBS, we serve with heart, together with every donor, every colleague, and every life touched by our mission.