Menu

INTEGRATED ANNUAL REPORT ANNUAL FINANCIAL STATEMENTS

Governance policies, procedures and processes

Compliance

During the year, we focused on the following material regulatory developments impacting our business:

  • Group compliance universe: The legislative compliance universe was reviewed, monitored and reported. A critical framework that facilitates a compliance environment is our approved compliance universe containing applicable legislation. The legislation is categorised according to significance, namely core/primary, secondary and topical.
  • POPIA: We complied with legislative requirements and the General Data Protection Regulation. The AfroCentric Group adopted a three-step approach to track progress and manage this project effectively. Firstly, discover as much information as possible; secondly, conduct workshops or interviews to assess the AfroCentric Group’s compliance with POPIA; and thirdly, document findings by drafting and delivering responses on the gap analysis report, including actions required to ensure compliance.
  • There were no significant ESG-related incidents during the year, including incidents of legal non-compliance (whether under investigation, pending finalisation, or finalised) and directives, compliance notices, warnings or investigations, and any public controversies. Likewise, the Group incurred no fines, settlements, or penalties relating to ESG incidents or breaches.

Ethical behaviour

The Social and Ethics Committee remains the oversight committee for matters of ethics. AfroCentric is fully committed to applying and complying with the highest ethical standards and has a zero-tolerance policy on any issues relating to unethical conduct.

Internal mechanisms for seeking advice regarding ethical and lawful behaviour and organisational integrity and reporting concerns about unethical or unlawful behaviour and lack of organisational integrity include the Declaration of Conflicts of Interest and acceptance of the Code of Conduct – manually and digitally recorded. Our forensic department is also a source or mechanism for advice on such matters.

Whistleblower is the independent fraud and ethics hotline service provider to AfroCentric. Directors, employees, suppliers and other parties can report fraud, corruption, misconduct, illegal activities, or unethical behaviour without fear of reprisal or victimisation. There were no whistleblowing reports in 2024.

We recognise our responsibility to increase awareness around anti-bribery and anti-corruption principles throughout the value chain. 852 employees and three business partners received training on our anti-corruption policies and procedures during the year.

There were zero incidents of corruption confirmed related to this year and previous years.

We incurred no monetary losses due to legal proceedings (including fines) associated with fraud, insider trading, anti-trust, anti-competitive behaviour, market manipulation, malpractice or violations of other related industry laws or regulations.

Conflicts of interest

Declaration of interest

The Group has policies in place to manage potential conflicts of interest. Directors sign a declaration stating that they are unaware of any undeclared conflicts of interest due to their interest in, or association with, any other company. In addition, directors disclose interests in contracts and related-party transactions for the Board to assess whether such transactions are conducted on arm’s length commercial terms. In such instances, the directors in question will recuse themselves from deliberations. All information acquired by directors while performing their duties, which is not disclosed publicly, is treated as confidential. Directors may not use or appear to use such information for personal advantage or the advantage of third parties.

Dealings in shares

Directors and officers are prohibited from dealing directly or indirectly in AfroCentric’s ordinary shares based on unpublished price-sensitive information regarding its business or affairs. Similarly, no director or officer may trade in the Company’s shares during a closed period, as determined by the Board according to JSE Listings Requirements. The Group’s closed periods are between the last day of the reporting period and the publication of the results and during those periods when the Group trades under a cautionary note. The Group Company Secretary regularly disseminates written notice to all directors and executive management throughout the Group, highlighting the provisions of the Financial Markets Act and JSE Listings Requirements and informing them that dealing in AfroCentric’s shares during specific restricted periods may not be undertaken. In addition, the Board reviews its current share policy and updates the policy to improve processes. This was carried out during the year under review.

No compliance concerns regarding directors' dealings were raised during the year. An information and share dealings policy exists, and other controls are in place. The Board was inducted on the JSE rules regarding share dealings. Regular updates are provided to the Board via the Group Company Secretary.

Business continuity planning

The COVID-19 pandemic highlighted the importance of business continuity management. We ensure our IT systems are stable and available, and we use stress-testing scenarios and modelling potential economic outcomes to determine strategic direction and whether changes to the business continuity plans are necessary.

Combined assurance

Our combined assurance framework is supported by the three lines of defence model that specifies and delegates accountability for managing, overseeing and independently assuring risks across the Group. The duties of each line of defence are described below.

The combined assurance framework provides principles and guidelines for implementing combined assurance across the Group and continues to evolve as this process is embedded and matures.

Internal controls

Organisational policies, procedures, structures and approval frameworks provide direction, accountability and segregation of responsibilities and contain self‑monitoring mechanisms. Operational and executive management closely monitor the controls and actions taken to correct weaknesses as they are identified. The Head of Group Finance reports directly to the Group CFO, who is responsible for overall financial control and reporting.

Disclosure standards increased significantly, and internal governance structures and roles were reviewed and, where necessary, improved to reflect best practices. This occurred at Board and management levels. An internal audit charter governs the internal audit function. The charter is reviewed and approved by the Audit and Risk Committee annually.

Internal audit

Internal audit is an independent, objective assurance and consulting function designed to add value and improve the organisation's operations.

The vision of the internal audit department is to add value on a proactive and independent basis to assist in the achievement of the Group’s strategy and objectives while upholding AfroCentric’s core values at all times.

The approved internal audit charter directs and informs the internal audit activities, which include the application of the core principles as listed below to ensure the function is operating effectively:

  • Demonstrates integrity
  • Demonstrates competence and due professional care
  • Is objective and free from undue influence
  • Aligns with the strategies, objectives and risks of the Group and medical schemes
  • Is appropriately positioned and adequate
  • Demonstrates quality and continuous improvement
  • Communicates effectively
  • Provides risk-based assurance
  • Is insightful, proactive and future-focused
  • Promotes improvements

The Chief Audit Executive reports functionally to the Chairperson of the Group Audit and Risk Committee and administratively to the Group CEO (dotted line, with day‑to‑day administration delegated to the Group CFO).

The internal audit team is fully capacitated with 23 professionals who collectively possess the knowledge, skills, experience, tenure and other competencies to effectively and competently fulfil its mandate. When required, specialist skills and additional resources are obtained from third parties.

All audit engagements follow the Standards for Professional Practice of Internal Auditing and Code of Ethics, as contained in the International Professional Practices Framework. The audits are conducted by using and integrating skills available within the team, along with an effective risk-based planning approach and audit tools that facilitate the delivery of the Annual Internal Audit Plan.

Internal audit provides assurance to the Audit and Risk Committee regarding management’s assertions concerning achievements of objectives, effectiveness and efficiency of operations, reliability of financial information and compliance with laws and regulations.

The standards recommend that every audit function have an independent review every five years. Internal audit abides by this, and as such, an independent Quality Assurance Review (QAR) is performed at least once every five years. The objective of a QAR is to determine whether an internal audit function complies with the International Standards of Internal Auditing promulgated by the Institute of Internal Auditors and whether the internal audit function is effectively meeting management’s needs.

AfroCentric’s internal audit was rated as “Generally Conforms” by the three previously completed QAR reviews performed by the Institute of Internal Auditors (and accredited services providers). This is the best possible rating based on the rating convention. The evaluator concluded that the relevant structures, policies and procedures of the activity, and the processes by which they are applied, comply with the requirements of the individual standard or element of the Code of Ethics in all material respects.

Information and security governance

IT governance is defined in King IVTM as the effective and efficient management of IT resources to facilitate the achievement of corporate objectives. It informs and aligns decision-making for IT planning, policy and operations to meet business objectives and manage risks appropriately.

The AfroCentric Group applies the principles of King IVTM in its governance frameworks, as far as they are appropriate, and regards the requirements of Cobit, ISO 27001, ITIL and ISO 38500:2015 in IT governance. The Group adopted a formal IT governance framework to standardise IT practices and formalise the governance requirements stipulated in King IVTM.

In addition to applying appropriate governance across our IT areas, external auditors conducted an extensive review of our ICT controls (ISAE3402) within our governance framework. The report was shared with clients as further assurance.

During the year, two penetration tests were conducted by external providers to inform our processes and mitigate the risks identified. As a result, we experienced zero breaches concerning consumer privacy data. Furthermore, the Group has an appointed information officer according to the Information Regulation Guidelines to comply with the requirements and ensure consumer data protection.