The Board is ultimately accountable for the Group’s risk management processes and internal control system. It has delegated responsibility to the Audit and Risk Committee for overseeing and reviewing the efficacy of these arrangements as well as that of the Group’s internal and external auditors. The Board receives regular updates on the activities of the Audit and Risk Committee.

The Group’s Enterprise Risk Management Policy is reviewed annually and follows the framework set by the international Committee of Sponsoring Organisations of the Treadway Commission. The policy defines the risk management objectives, methodology, risk appetite, risk identification, assessment and treatment processes, and the responsibilities of the various risk management role players in the Group. Any policy amendments are subject to the approval of the Audit and Risk Committee.

The objective of risk management in the Group is to establish an integrated and effective risk  management framework wherein important and emerging risks are identified, quantified and managed. An ERM software application supports the Group’s risk management process in all three divisions and at Group level. 

Compliance with all relevant legislation, regulations, accepted standards or codes is integral to the Group's risk management process and is monitored.

Risk Management Reports

The Group’s principal risk items (grouped by category and business process); the movement in risk during the reporting period; and key measures taken to mitigate these risks are reported on in the annual report. Please visit the Investor Relations section for the latest and previous annual reports.


Tax Strategy

Mediclinic’s tax strategy sets out the Group’s commitment to conduct its tax affairs consistent with the objectives of complying with all relevant legislation, rules, regulations and reporting and disclosure requirements in the jurisdictions within which it operates; and maintaining mutual trust and respect in dealings with all tax authorities in the jurisdictions which the Group does business.


Protecting Information Assets

Our operations span multiple geographies, necessitating an adequate international data network and Group approach to threat management. Due to the importance of our information assets, we have an effective Information Security and Data Protection programme to protect our technology, information assets and users.

Dirk Lubbe
Group General Manager: Compliance and Data Protection