KEY RISKS

We conduct ongoing assessments of our strategies, plans and models to ensure that the business is flexible enough to adapt to the impact of crises and changing operating conditions.

We have a Recover and Sustain Strategy, a Growth Strategy, a Commercial Strategy, and an in-depth Corporate Plan in place to provide a framework for managing our post-COVID-19 pandemic recovery and growth to 2030. The principles in the Corporate Plan inform our response to all adverse events.

We have established and well-defined corporate governance structures, systems and procedures that are aligned with the guidelines given in King IV™. These enable us to respond quickly to all sustainability threats and risks. We have proven long-term financial planning capabilities as well as the ability to adapt our financial planning to accommodate unforeseen events.

We actively manage costs and liquidity.

All our airports are ISO 14001: 2015 certified for compliance with international environmental management standards.

We are currently reviewing and updating our Environmental, Social and Governance (ESG) Framework. All management measures currently in place are being adhered to.

Our environmental management programme focuses on energy conservation, climate change mitigation, water usage, waste management, air quality, noise management and biodiversity. It is a key strategic aim for the Group to become carbon neutral as soon as financially and technologically possible.

Environmental risk is closely monitored and a report on this area of risk is presented to the Board on a quarterly basis.

We have well-established and proven long-term financial planning capabilities.

We have strong economic regulatory specialist capabilities.

We adhere to a constructive engagement process that complies with and goes beyond the requirements of the economic regulator.

We actively participate in the Economic Regulatory Review Process led by the Department of Transport (DoT).

We have a conservative approach to financial planning.

We conduct regular, in-depth scenario planning to mitigate financial risk.

Extensive on-site back-up generators are in place to provide power during the periods in which we do not have grid electricity.

Our capex budgets will include provision for additional generator capacity, as needed, and our operating budgets will allow for the purchase of the diesel required to run them.

Four of our airports have extensive solar farms specifically designed to reduce our reliance on grid electricity and enable us to manage the impact of load-shedding.

The Enterprise Asset Management Department has developed a framework to mitigate the risk of the national grid collapsing, should this happen. The framework outlines a six-point response consisting of: (i) prioritising load requirements, (ii) sustaining the load, (iii) maintaining availability, (iv) securing and sustaining supply, (v) engaging with stakeholders, and (vi) monitoring responsibilities and accountability.

Carbon Neutrality: Our Roadmap to Carbon Neutrality includes medium- to long-term solutions intended to enhance our energy security through the use of various forms of renewable energy.

The South African Petroleum Industry Association Fuel Forum has been reformed to ensure that all stakeholders are kept fully informed of the constraints affecting the supply of jet fuel at airports. Supply is vulnerable for a number of reasons including reduced local refining capacity, changing international market dynamics, the impact of load-shedding, intermittent logistics and labour issues, and the fact that South Africa does not hold strategic reserves of jet fuel.

ACSA mitigates this risk by identifying and making use of multiple jet fuel suppliers including the only refinery in South Africa that still produces jet fuel.

We have also recently increased jet fuel storage capacity at our busiest airports, namely Cape Town International and O.R. Tambo International by 7 and 8 million litres respectively.

There is a strong legislative framework to support business diversification.

We are in the process of implementing our Recover and Sustain Strategy and our Growth Strategy, both of which focus strongly on revenue diversification.

We have a Board-approved Commercial Strategy, which is reviewed regularly and updated if and as necessary.

We are reviewing all infrastructure development plans that were shelved during the pandemic in order to ensure that the business is suitably equipped to diversify its revenue streams not only in the short-term, but also in the medium- and long-term.

We have standardised processes and procedures for rental case negotiations.

We have a Digital Strategy in place that is aligned with the Knowledge and Innovation Strategy, the Enterprise Security Strategy, the Enterprise Risk Management Strategy, and the Business Continuity Framework.

We also have an Information Management Plan in place, which is monitored by our Information Management Committee, which provides the Board with quarterly reports.

We have a secure and fit-for-purpose IT architecture in place. This is regularly assessed and updated in order to keep pace with rapid technological developments.

Our digitalisation journey focuses on building, securing, maintaining, and developing an integrated system that is compliant, secure, and resilient.

We have a Cyber Security Strategy in place and implementation is constantly monitored.

We have best-of-breed digital security systems, both on-site at all of our airports and in the Cloud.

We have a team of cyber security experts on permanent staff, led by a Chief Information Security Officer (CSIO).

We monitor for cyber security threats 24/7/365.

We undertake biannual assurance assessments to supplement the annual cyber security audits undertaken by the Auditor General.

We have cyber security insurance to mitigate against the threat posed by increasingly sophisticated cyber criminals.

We comply fully with the Protection of Personal Information Act (POPIA), the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standards (PCI DSS) and the Minimum Information Security Standards (MISS).

We have technology security tools in place to prevent data leakages and connectivity incidents.

We use unique usernames and passwords to authenticate and authorise access to systems and information.

We have a Board-approved People and Culture Strategy in place.

The implementation of the strategy is closely monitored and reports are made to the Social and Ethics Committee on a quarterly basis.

Training and refresher courses on ACSA’s values are regularly provided for all staff.

We also have a Change Management Framework in place, which provides all of the appropriate tools for implementing the change management process that was put into place in response to the COVID-19 pandemic.

Awareness of both the framework and the change management process is closely monitored and measured.

Capacity modelling has been allowed for in our new Operating Model and Governance Framework and this will be used to develop a strategic workforce plan.

We have fully mapped our compliance universe.

We conduct training and awareness programmes regularly.

Policies, frameworks, manuals, and procedures are carefully monitored and regularly reviewed.

We have compliance risk management and compliance assurance plans in place.

We have a compliance management system in place.

We have a comprehensive Communications Strategy, a Partnership Strategy, and a Stakeholder Engagement Strategy in place to support and protect our brand and reputation.

We proactively profile ACSA from an external perspective in order to monitor our reputation with all stakeholder groups, including the general public.

We conduct focused engagements with all critical stakeholders.

We have strong stakeholder risk intervention policies and procedures in place.

We have a proactive internal and external stakeholder communications programme in place.

We conduct airport stakeholder feedback surveys.

We have a proactive programme of brand communications in place.

We have approved social media procedures in place and a strong social media presence.

We have formal external communications procedures in place.

We have formal crisis management procedures in place.

We have approved ethics and anti-corruption policies in place.

We have ethics risk assessment and a management plan in place.

We conduct an annual internal communications survey.

Various strategies are in place to provide a framework for business recovery and growth to 2030.

Our Operational Plan is fully aligned with our Recover and Strategy and our Growth Strategy.

We review performance against the Operational Plan on a biannual basis and submit reports to the Board for review.

We have reviewed all our business processes to allow for the impact of the COVID-19 pandemic and other external events and they have been adapted to enable us to deliver on our strategic objectives.

We have well-established operational governance procedures.

Our governance structures and the delegation of authority is regularly reviewed.

We conduct regular customer and stakeholder surveys to continuously align our infrastructure and services with changing demand.