2019 Integrated Report

CORPORATE GOVERNANCE REPORT | 61 PRINCIPLES AND PRACTICES OF FINANCIAL MANAGEMENT PPS Insurance issues insurance policies with a discretionary element of bonuses and is required to establish and maintain a document setting out its Principles and Practices of Financial Management (PPFM) and provide this document to policyholders. This document outlines PPS Insurance’s principles and practices of financial management, in order that policyholders can better understand the profit distribution principles and practices in place at PPS Insurance, as well as the investment strategy adopted by the PPS Insurance Board. The PPFM document is available to all policyholders on the PPS Group website at www.pps.co.za . INFORMATION TECHNOLOGY (IT) GOVERNANCE Key Information Technology focus areas for 2019 have been the provision of enhanced secure engagement platforms for members and their financial advisors as well as investments in future-proofing core operating environments. The various digital platforms that stakeholders use to engage with us have been redesigned and upgraded towards consistent and intuitive customer experiences whilst, at the same time, remaining steadfastly focused on the security of member data. Information security and privacy is maintained through proactive measures taken to protect the confidentiality, integrity, and availability of information systems and data in the landscape of constantly evolving threats. During the year, PPS became one of the first South African financial services firms to successfully migrate our core applications into the Cloud. Aside from removing the obvious capital expenditure burden of maintaining physical hardware, the migration has facilitated a significant improvement in our software development activities. The availability of multiple cloud- based environments has rendered a far more nimble and scalable software development life cycle, providing the capability to engage with multiple projects. Favorable impacts on business continuity have also been noted in the recent disaster recovery exercise and audits. The alignment between business functions and the Information Technology across the Group has been strengthened with the mid-year appointment of a Group Chief Operating Officer whose focus lies in aligning capabilities across the various operating divisions in support of our long-term strategies. As the Group has expanded in both divisional and geographical context, the imperative for alignment has become paramount to the future success of both our run and grow strategies. In further recognition of the increasing complexity of the technology environment, and to provide additional guidance to the management team, the Board has established a Group Technology Steering Committee (GTSC) as a sub-committee of the Group Risk Committee. This new structure, in addition to the existing Architecture Review Board and the Strategic Change Council, plays an important role in the overall governance and prioritisation of Information Technology Initiatives. The mandate of the GTSC includes ongoing review of the PPS Group IT strategy against which progress is tracked regularly along with any adjustments that may have resulted from changed business strategies or environmental developments. PPS continues to apply the standards recommended by the Information Technology Infrastructure Library (ITIL) which is a set of goodpractices for IT servicemanagement that focuses on aligning IT services with the needs of business. These standards describe procedures, tasks and checklists that are not organisation-specific, and are recommended to be used for establishing a minimum level of competency. They allow the organisation to establish a baseline from which it can plan, implement and measure. They are used to demonstrate compliance and to measure improvement. Annual ITIL maturity reviews are conducted and Internal Audit and other independent assurance providers regularly perform, inter alia , IT control audits, King IV governance audits and an internal security ethical hack. These reviews are intended to provide the PPS Insurance Board with independent assurance on the effectiveness and state of internal controls, as well as confidence in the ability of IT to deliver the approved strategies. REGULATORY DEVELOPMENTS During the year under review, there was a significant volume of proposed legislation and amendments to existing legislation, all of which will impact the governance and reporting of governance within the PPS Group. This has placed additional responsibilities on the boards and management to ensure adherence to, and compliance with, the new requirements. The most important legislative changes for PPS are highlighted below: