Our control environment
Integrated procurement management
- Acquisition Council Terms of Reference.
- Optimally regulated infrastructure-related procurement and delivery management with Acquisitions and Disposals Committee Terms of Reference.
- Infrastructure Procurement and Delivery Management Framework with procurement rules, procedures and processes.
- Procurement Ombudsman.
- Up-to-date compliance assurance for High Value Tender processes.
- Transnet Delegation of Authority.
- Efficient and effective contract management, with SCM Contract Management Procedures Manual and Procurement Procedure Manual.
- SCM Policy and robust, independent complaints handling.
- Adherence to strict set of laws, codes, rules and standards, including (but not limited to):
- Section 217 (1) of the Constitution
and section 51(1)(a)(iii) of the PFMA;
- Promotion of Just Administrative
Action Act, No 3 of 2000, which was issued in terms of section 33
of the Constitution;
- The Construction Industry Development Board Act, No 38 of 2000 (CIDB Act), and the regulations (CIDB regulations) thereto;
- The Promotion of Access to Information Act, No 2 of 2000 (PAIA);
- The Preferential Procurement Policy Framework Act, No 5 of 2000 (PPPFA), and the regulations thereto (PPPFA regulations); and
- Instruction notes are also issued by National Treasury, which regulate Transnet’s procurement processes.
- Section 217 (1) of the Constitution
- Accords with section 51 of the PFMA.
- Governed by the International Standards for the Professional Practice of Internal Auditing of the Institute of Internal Auditors (IIA standards).
- An independent assurance function that is functionally accountable to the Transnet Audit Committee.
- The mandate and terms of reference are included in the Internal Audit Charter – approved annually by the Transnet Audit Committee.
- Transnet Internal Audit is a fully outsourced function operating under strategic leadership of the Chief Audit Executive – a Transnet permanent employee and a Group Leadership Team member.
- The internal audit consortium of firms assists with the implementation of the approved Strategic Audit Plan, and the panel of forensic firms assists with forensic investigations.
- Develops and executes a risk-based audit plan.
- Zero tolerance for fraud, theft, corruption and other economic crimes.
Enterprise Risk Management (ERM) and integrated assurance
- The Board delegates the Group’s Risk Management function to the Risk Committee.
- The strategic risk profile is generated from the Transnet ERM Strategy Framework, based on ISO 31000: 2009.
- Transnet’s Integrated Assurance Model manages risks and controls, and encompasses the assurances provided by management, internal specialists, internal audit, external audit, and external advisers and service providers.
- The Integrated Assurance Model is based on three perspectives:
- Confidence through:
Combination of multipleassurance providers
Various types of assurance activities performed
Frequency of assurance activities performed
- Cost-effective assurance by balancing:
Lines of defence
Nature of assurance activities performed
Frequency of assurance activities performed
- Minimised management burden through:
Spread of assurance activities through the year to ensure a manageable distribution assurance tasks
- Confidence through:
- The first line of defence is based on the assurances provided by direct line management, which is blanket assurance across the full scope of risks and controls.
- The second line of defence encompasses assurance providers that are internal to the Company, yet not directly responsible for the direct management of the process under review.
- The third line of defence relates to assurance providers that act independently from management and the Company’s operations. This implies that management has no influence over the outcomes, opinions and conclusions emanating from the assurance activities performed by the third-line assurance providers.
- The fourth line of defence relates to independent oversight committees with specific roles and responsibilities pertaining to the risk, control and assurance of Transnet’s activities and their impact on other stakeholders.
Strategic execution and performance management
- Transnet’s performance targets are confirmed in the annually negotiated Shareholder’s Compact.
- Transnet manages the execution of its strategic imperatives through the Company’s Strategic Execution Framework.
- The framework is designed to achieve:
- Visibility of strategic execution to identify and close execution gaps;
- Group-wide integration and alignment of the MDS initiatives and critical processes;
- Problem-solving and analytical tools, and follow through with robust solution-driven actions;
- A risk-based execution process to monitor the MDS; and
- A platform for collaboration and seamless execution of strategic initiatives.
Ethics and fraud management
- The Code of Ethics (the Code) enables a culture of entrenched values, principles, standards and norms.
- Integrity Pacts are concluded with all bidders and suppliers.
- Fraud and corruption awareness training is conducted annually with all employees – bargaining and non-bargaining council employees.
- The Company’s service providers, suppliers and trade partners are also subject to the Code.
- The Code is revised every five years or as required.
- The Group Company Secretary is responsible for policy development, review, and Human Resources is responsible for the implementation of the Code.
- Aspects of the Code are included in fraud and corruption awareness training, and are accessible to all employees on the Company’s intranet.
- The Fraud and Corruption Risk Management Strategy provides mechanisms for the prevention, early detection and investigation of irregularities.
Governance of stakeholder engagement and management
- The Board delegates authority to the Group Chief Executive who reports to the Board on all material stakeholder issues, and takes responsibility for incorporating these into Transnet’s strategy and risk management.
- Stakeholder engagement practices align with the Company’s Culture Charter and supporting values.
- Engagement norms include inclusivity, accountability and responsiveness.
- Stakeholder engagement performance is measured as a key performance indicator in the Balanced Scorecards of Stakeholder Relationship Owners.
- Stakeholder engagement is decentralised, but the Board has overall responsibility for stakeholder engagement.
- The monitoring and evaluation of stakeholder engagement is reported to the Remuneration, Social and Ethics Committee and to the Board.
- Transnet has adopted guidelines from the AA1000 standards (Accountability Principles Standard 2008 and the AA1000 Stakeholder Engagement Standard 2011).
IT management and ICT governance
- The Board, supported by the Audit Committee and Risk Committee, is responsible for IT governance and oversight; and sets and approves the approach and policies for technology and information governance (including adoption of appropriate frameworks and standards), in particular overseeing the relevant business continuity arrangements as required.
- The Board has delegated the responsibility for the implementation of the IT governance framework to management and mandates progress reports on major IT projects. There is integration of people, technologies, information, and processes across the organisation, with a focus on ethical and responsible use of technology and information as well as strict compliance with relevant laws.
- The CIO Council is constituted as a sub-structure of the Group Leadership Team (GLT) and is responsible for directing, controlling and measuring ICT activities and processes within Transnet. The CIO Council’s primary role is to exercise its authority in support of Transnet’s strategic and operational endeavours to achieve expected outcomes. It further periodically evaluates ICT activities of performance and monitors remedial actions to improve such performance. The CIO Council measures, manages and communicates ICT performance to the GLT and regularly demonstrates to the GLT that Transnet has adequate business resilience arrangements in the event of a disaster affecting ICT performance. The Council further recommends business information strategies, policies and strategic frameworks to the GLT for approval.
- As part of the work plan for a new year, various artefacts such as the ICT Governance Framework and the IT Governance Charter are added to the Board agenda for review, approval and assessment for effectiveness. To ensure business resilience, ICT’s disaster recovery plans, tests and reports are regularly submitted to the Board for review.
- The ethical and responsible use of ICT, and compliance with applicable laws, is the overall responsibility of the Board, which is provided with insight on the ICT’s updated regulatory universe each year.
- Transnet IT positions cybersecurity as a top priority and feeds back status to the Board on a regular basis. It further guards against negative publicity and reputational damage resulting from social media risks.
- To monitor third-party and outsourced service provider risks (particularly as it relates to ICT service providers), Transnet calculates the potential risks or vulnerabilities by completing a service provider assessment for each third-party engagement and conducts a thorough due diligence before the relation commences. Contingency plans are in place for terminating vendor contracts if required.
- To monitor and evaluate the value delivered from ICT investments, Transnet IT applies the principles to plan for, monitor and track benefits throughout the project delivery process:
- Pre-Execution Planning: Identify and quantify benefits (FEL 1); value and appraise benefits (FEL 2); value and appraise benefits (FEL 3); and benefits planning (FEL 4).
- Execution Phase (and Closeout): Benefits realisation.
- Post Implementation – User Adoption Reports.
- Management of the disposal of obsolete technology and information is governed by the Acquisitions and Disposals Committee of the Board.
- The Minimum Control Framework for ICT risks includes the following critical resources: Appropriately skilled staff; enterprise architecture management; effective education programmes; measures to minimise business impact through systems recovery; information security; and IT vendor relationship management.
- Transnet has implemented a King IV-aligned governance framework to achieve continuous improvements and to achieve the following:
- Positioned to improve delivery on Transnet’s strategic outcomes;
- Improved achievement of Transnet’s strategic goals;
- Improved ICT enablement of business;
- Improved stakeholder communication;
- Improved effective service delivery through ICT-enabled services;
- Lower costs;
- Increased alignment of investment towards strategic goals;
- Improved return on ICT-enabled investment;
- ICT risks managed in line with the priorities and risk appetite of Transnet;
- Appropriate security measures to protect Transnet and employee information;
- Improved management of business-related ICT projects;
- Improved management of information; and
- ICT executed in line with legislative and regulatory requirements.
- Group Regulatory and Compliance ensures that the outcome of its plan is aligned with the mandates of the Audit Committee and Risk Committee, and executes its areas of focus from an annual Board-approved Compliance Plan.
- Managers are responsible for ensuring compliance as it relates to their areas of accountability.
- More than 200 primary regulatory requirements impact Transnet.
- Compliance is implemented through a risk-based approach using a decentralised model, with Compliance Officers appointed within Operating Divisions and Corporate Centre functions.
- The Compliance function independently monitors and reports on compliance controls relating to high-priority regulatory requirements.
- The Compliance function assists and supports the Board and management to discharge their compliance responsibilities.
Governance of sustainability
- A company-wide Sustainability Forum comprises representatives from the Corporate Centre functions, Operating Divisions and Specialist Units.
- The Sustainability Forum meets quarterly and is tasked with developing key performance indicators in relation to analysing sustainability performance.
- Sustainability committees in the Operating Divisions add impetus to sustainability initiatives.