The Group’s Enterprise Risk Management Policy follows the International Committee of Sponsoring Organizations of the Treadway Commission’s Internal Control – Integrated Framework and is reviewed annually. The policy defines the risk management objectives, methodology, risk appetite, risk identification, assessment and treatment processes, and the responsibilities of the various risk management role players in the Group.

Through risk management, an integrated and effective framework is established which seeks to identify, assess and manage important and emerging risks which could impact on our ability to achieve strategic, financial and operational goals, and regulatory compliance. The risk management process is fully integrated into the strategic planning process and supports the achievement of our strategy.


Tax Strategy

Mediclinic’s tax strategy sets out the Group’s commitment to conduct its tax affairs consistent with the objectives of complying with all relevant legislation, rules, regulations and reporting and disclosure requirements in the jurisdictions within which it operates; and maintaining mutual trust and respect in dealings with all tax authorities in the jurisdictions which the Group does business.


Protecting Information Assets

Our operations span multiple geographies, necessitating an adequate international data network and Group approach to threat management. Due to the importance of our information assets, we have an effective Information Security and Data Protection programme to protect our technology, information assets and users.

Dirk Lubbe
Group General Manager: Compliance and Data Protection