Our Governance
Governance as the strong foundation of SANBS’ business
Our Governance
Reporting frameworks, process and combined assurance
Strategy, performance, and reporting
These are closely linked to our purpose, risks, and opportunities, and how we report on our performance.
Strategy and performance
The Board understands that SANBS' core purpose, risks, opportunities, strategy, and performance are all connected and together contribute to our ability to create enduring value. SANBS extended its five-year iHEALTh strategy, initially set to conclude in 2024, until 2025. This showed the commitment to aligning strategic initiatives with the changing environment.
To ensure strategy remains relevant, the Board conducts annual strategy sessions, where we review and adjust our approach to respond effectively to the dynamic environment.
The Board, Executive, and Management teams produced a strategy for 2025-2030, transitioning from a product-focused approach to a customer-centric model.
To monitor progress and ensure accountability for the implementation of our strategy, we integrate processes for strategy, risk management, and performance. This method helps us track performance and achieve our strategic objectives. Integrating these components ensures we effectively measure and manage our progress and identify risks and opportunities.
Reporting
The Board ensures our reporting is transparent, enabling all stakeholders to clearly understand our performance and future prospects. We follow several key practices to uphold this commitment:
Comprehensive reporting
We value providing stakeholders with timely and well-rounded information
Establishing reporting guidelines
The Board sets reporting standards, ensuring quality and relevance to meet various stakeholder needs
Publications
We publish an annual integrated report (IR) and annual financial statements (AFS), which keep stakeholders informed about our activities and financial performance
Oversight and assurance
The Board verifies and ensures the information reported is accurate. Specific areas of reporting are examined by relevant Board committees and internal functions for correctness. An external audit confirms the integrity of our financial statements and ensures non-financial information in our IR is reliable
Promoting trust and confidence
By adhering to these high reporting standards, SANBS maintains the trust of stakeholders and ensures a culture of openness and accountability within its operations
Governance of functional areas
The Board oversees all functional areas within SANBS.
Risk governance
The Board ensures that SANBS manages risks effectively to achieve our goals. SANBS applies a strong Enterprise Risk Management (ERM) approach. We regularly assess risks and opportunities and implement mitigation plans within Board-approved limits to protect the company, our donors, and stakeholders from potential threats that could hinder the achievement of our goals.
The ERM Framework guides how we implement risk management across SANBS and ensures that risk management is effectively included in our work.
The RTIG Committee oversees how we manage risks and opportunities.
The Chief Financial Officer (CFO) and the Senior Manager for Enterprise Risk Management oversee the management of risks and opportunities.
You can find more information about SANBS' risk management practices as well as the RTIG Committee report.
Information and technology governance
The Board oversees technology and information management to help SANBS achieve its objectives.
We have formalised strategies and guidelines in this regard, along with security measures to protect our data. We regularly assess whether our technology management follows the IT Governance Framework.
SANBS has initiated a project which aims to improve data governance processes and management thereof across the company. Deliverables include reviewing SOPs and formalising data ownership roles.
SANBS is conducting in-depth research to thoughtfully integrate AI into our digital transformation, recognising its potential to enhance efficiency and service delivery while ensuring robust governance to manage risks such as data privacy and bias, and overreliance on AI.
The ICT team has presented the RTIG Committee with an outline of AI concepts, strategic opportunities, and real-world use cases tailored to SANBS, together with a phased, governance-led adoption plan to facilitate responsible implementation. While SANBS experienced no significant breaches, the organisation remains vigilant amid increased phishing and cyber threats.
Comprehensive controls, including third-party security management, continuous monitoring, regular vulnerability assessments, and staff awareness programmes, are in place to safeguard data integrity and service continuity.
We engage external auditors to review our technology governance to ensure we meet the necessary standards. The RTIG Committee has oversight over technology and information governance.
Our policies are based on the COBIT 2019 framework for IT governance. We also align our information security with national standards and international frameworks.
We have Business Continuity Plans in place to ensure effective response to incidents or disasters that cannot be prevented or mitigated through existing controls.
See Board focus areas, and the RTIG committee report for information on our digital journey and the management of risks and opportunities associated with the use and planned use of AI within SANBS. Read more in our CEO report, and material matters.