Exxaro Resources limited
Environmental, social and governance report 2021

Adequate and effective control


To further allow Exxaro's core businesses to thrive in an increasingly dynamic market and industry sector as well as to continue to support the execution of the approved strategy, the group governance was extensively reviewed in 2021. The board has subsequently adopted a new framework that provides an overview of the board's governance structures, principles, policies and practices, which together enable the company to meet its statutory and regulatory requirements as well as direct how people interact with the company and stakeholders.

The legally sound framework guides monitoring and oversight of business affairs with a view to achieving accountability, authority and sound decision making as well as policies to support the group in achieving the Sustainable Growth and Impact strategy. The framework sets out the following:

  • Statutory and regulatory framework of corporate governance
  • Various governance structures and role-players
  • Guiding principles that underpin effective corporate governance and describe the role of the board regarding reserved matters, delegations, policies and frameworks that apply across the group
  • The role of shareholders and stakeholders as well as shareholder reserved matters
  • The role of the company's board, board committees and reserved matters
  • The role of executive management and the executive committee
  • The role of the independent control functions and structures within the group
  • The role of the holding company, subsidiaries and other entities


Exxaro's corporate governance structure supports its ability to create value in the short, medium and long term. Through this structure, the board exercises effective control, and builds and protects the organisation's reputation and legitimacy. We consider good corporate governance the responsibility of our board, executive management and all our employees.

The board committees enable the board to deal with more issues with greater efficiency by having focused expertise considering specific areas on behalf of the board. If approached appropriately, the involvement of a committee should ideally also enhance the objectivity of the board's judgement. Therefore, to assist the board with execution of its functions, the board delegates activities to board committees through formal terms of reference. It should be noted that the board retains full and effective control of the business and company affairs, and does not assume management's functions, which remain the responsibility of the executive directors, prescribed officers and other senior management.

In 2020, board committees embarked on a significant transformation journey, focusing on reimagining the operating model, acquisitions and evolving the broader business strategy. This was driven by a changing business environment and regulatory developments. To this end, Exxaro revisited and enhanced the respective terms of reference of its corporate governance structures, which in line with King IV included:

  • Exxaro's current operating environment and the impact of its activities on public interest
  • Effective collaboration through cross-membership between committees
  • Balanced distribution of power

The terms of reference of the respective committees were updated in 2021 with key focus areas, annual work plans and objectives being revisited. The mandates of three committees were materially revised:

  • The RBR committee (formerly the sustainability, risk and compliance committee)
  • The SERC (formerly the social and ethics committee)
  • The investment committee

The following board committees support the board:

  • Audit committee: to fulfil the statutory functions set out in section 94 of the Companies Act and generally the JSE Listings Requirements and to provide independent oversight of the quality and integrity of the group's financial statements
  • Remuneration and nomination committee: the joined committee terms of reference leverage the benefit of cross- membership for the fulfilment of remuneration matters as well as board governance and nomination matters. It assists the board in ensuring the group remunerates fairly, responsibly and in a transparent manner, and to ensure compliance with the JSE Listings Requirements and its reporting obligations
  • RBR committee: to oversee the company's implementation of an effective policy and plan for risk management that will enhance the company's ability to achieve its strategic objectives and assure business resilience to absorb and adapt in a changing environment
  • SERC: to fulfil the statutory functions set out in Regulation 43 to the Companies Act and to have oversight of the significant impacts of the company on the economy, the environment, society and the broader public interest, and to ensure the negative impacts are mitigated effectively
  • Investment committee: to monitor and report to the board on material acquisition, merger and investment or disposal opportunities, ongoing material transactions and related matters in the scope of the minerals and energy businesses

The board confirms that it is satisfied that the board committees executed on their roles and responsibilities and in this regard it is confirmed that the audit committee has executed the responsibilities set out in 3.84(g) of the JSE Listings Requirements.


Detailed board committee reports are on Remuneration and nomination committee report.

The Leeuwpan mine coal beneficiation plant


The board, on behalf of the company, recognises the statutory and fiduciary duties of directors of subsidiary companies and, in particular, their duty to act in the best interests of the subsidiary company at all times whether or not the director is nominated to the board of the subsidiary company (in its capacity as holding company). In the case of a conflict between the duties of a director in a subsidiary company and the interests of the company, as holding company, the duties of the director in the subsidiary company must prevail.

The framework seeks to mitigate possible tension between the holding company and its subsidiary boards through the following measures:

  • The board assumes overall responsibility for organisation and strategic coordination within the group, including its vision, mission and strategic direction, and oversees the group's performance
  • Control of a subsidiary is achieved by implementing various measures including:
    • Approving its memorandum of incorporation (MoI) and any amendments. In this regard, Exxaro's wholly owned subsidiaries have a pre-approved standard MoI applied on establishment and any amendment will be considered for approval by the board
    • Election of directors by the subsidiary shareholder (which may be delegated by the board as representative of the subsidiary shareholder in the delegation of authority policy and framework)
    • Establishment and clear communication of the group's general strategy and its adoption by the subsidiary companies
    • Requiring a shareholder vote or consent rights for specific matters as per the subsidiary MoI and the delegation of authority policy and framework (such as amendment of the MoI or election of directors)
    • Adoption of policies for key matters informed by the corporate governance principles and reflected in the framework
    • Adopting the delegation of authority policy and framework on establishment and when it is updated by the board
    • Financial control through capital allocation and budget approval for the group
    • Having regular monitoring meetings among representatives of Exxaro and its subsidiaries to follow up on implementation of directives and performance through regular reporting into the board committees
    • Setting a corporate-wide independent internal audit function with a direct reporting line to the group audit committee as well as appointment of the group external auditor
    • Implementing group-wide risk and compliance management practices and other independent control functions
    • Establishing an efficient information management system to monitor key strategic indicators

The subsidiary directors are bound to adhere to the framework and adopted group policies. This does not, however, absolve the directors of subsidiary boards from exercising their fiduciary duties. If directors breach their fiduciary duties, they may be held liable under section 77 of the Companies Act. This responsibility is clearly highlighted for subsidiary directors.

Group-wide control functions

The group control and oversight functions consist of the corporate secretariat, risk management, compliance management, legal, strategy, internal audit and assurance, and finance (as it relates to financial compliance), which are responsible for providing enterprise-wide oversight on operational management and consolidated reporting. The heads of these functions have direct access to the board, audit committee and the RBR committee (as appropriate).

The internal audit function does not receive delegations through the CEO but is delegated authority directly by the audit committee to execute responsibilities in terms of the internal audit annual plan. However, the chief audit officer reports administratively to the finance director (FD). The board is ultimately responsible for overseeing the effectiveness of the oversight functions and ensuring an effective internal control environment within the group.

Delegation of authority framework

The company's delegation of authority policy and framework defines the limits of authority designated to specific positions of responsibility in the company and the group's management structure. It also defines commitments and transactions that may include capital amounts approved by individuals on Exxaro's behalf. The final approval of commitments and transactions outlined in the policy must always be made by parties with designated authority.

Exxaro's delegation of authority policy and framework are regularly reviewed to ensure aligned decision making. This also provides direction and clear delegation of power to management. The framework is adopted by our subsidiary company boards and implemented throughout the group as part of the overall group governance framework. A deep dive into the group delegation of authority policy and framework has been scheduled for 2022. In 2021, the energy business-specific delegation of authority was subjected to a rigorous process of review by the executive and the board with various opportunities to provide input around delegations and oversight requirements. A revised energy-specific delegation of authority framework was approved by the board and adopted by the subsidiary company. Following this, a review of sub-processes has been scheduled for 2022 as it is a critical governance pillar to ensure an effective control environment and is a key enabler for the achievement of business objectives.

The board is satisfied that the delegations in place contribute to role clarity and the effective exercise of authority and responsibilities.


The board governs technology and information management (IM) in a way that supports the organisation setting and achieving its strategic objectives.

The risk of data theft ranks as the most pertinent risk that IM is addressing due to previous lack of adequate controls. At present, there are several treatment efforts underway to help mitigate the risk. Data discovery and classification, roll out of Intune solution for mobile devices and data encryption have been completed. A data loss prevention tool has been deployed and policies applied, which will be ongoing. The company's security posture is continually monitored and reported to the RBR committee.

A review of the IM governance space has been conducted with the following outcomes:

  • The IM value realisation framework has been completed and is being applied to new projects and retrofitted to projects in delivery and completed. Benefits are being reported at the IM investment review committee (a management committee) meetings
  • A new IM delegation of authority, covering aspects such as a new demand management process, will be implemented using ServiceNow
  • IM policy documents were reviewed and updated
  • The architectural review and approval process has been updated to be more dynamic

The information management programme, including document information management and implementation of the data privacy programme in compliance with the POPIA is in full force and effect.

Digital dashboard at the conneXXion, Exxaro's head office in Centurion


Our ERM approach provides a framework and process for all types of risk management, regardless of risk or impact type at all levels of the organisation. The same terminology and assessment mechanisms are used for finance, projects, safety and operational risk management. We have a set of risk names, one impact and one likelihood scale used across different disciplines to ensure management concentrates efforts and resources on material activities.

The company linked all assurance activities and material issues to reduce assurance costs and derive greater value from auditing controls. A tracking and monitoring system is applied for transparency in audit findings to be closed out.

The risk management function, through the combined assurance model, coordinates with internal audit to obtain evidence on the effectiveness of treatment and control activities in achieving the desired and planned risk treatment outcome. Assurance providers (internal audit, sustainability KPI audits, external assurance providers, self-assessments and accreditation reviews) monitor effectiveness of significant risk treatments and compliance with regulatory requirements, non- binding rules, codes and standards as well as policies and procedures.

The ERM framework and process are based on principles published by the Committee of Sponsoring Organisations of the Treadway Commission, the ISO 31000 international guideline on risk management and King IV. It also considered applicable codes of best practice such as ISO 9001, 14001 and 18001. The ERM framework was reviewed to update changes in reporting structures and role designations, and to align with current governance practice and standards.

The board is satisfied that the company and group have a mature risk process that ensures risks potentially impacting its strategic objectives are pursued by management to create shareholder value.

In terms of our governance framework, risk management is an independent control function across the group and our chief risk officer is a standing invitee to the RBR committee and group executive committee.

Please refer to the integrated report for further details on our risks.


The group is committed to maintaining high standards of integrity, professionalism and ethical behaviour in its relationships. While Exxaro complies with relevant legal requirements in its jurisdictions, the law serves as a minimum standard of conduct. Beyond complying with the law, it is important that every director and employee is sensitive to the appearance of improper conduct, and establishes whether or not our actions are honest and responsible.

The group's compliance philosophy is captured in a compliance policy. It supports ethical and responsible corporate citizenship, and seeks to create sustainable value for all stakeholders by striving for operational efficiency, growth and regulatory compliance with applicable laws.

The regulatory environment in which the group operates is regularly revisited to assess its robustness. It is refocused to ensure regulatory instruments are prioritised from a licence to operate perspective.

Electronic control self-assessments (CSAs) prioritise legislation included in the regulatory universe. These CSAs are high-level questionnaires providing a view of compliance at functional and BU levels. The results provide a base for the company's compliance assurance plan and intervention efforts that assist the functions and BUs in improving compliance.

Exxaro conducted an audit of its compliance function in 2020 to ensure effective compliance management was applied and key areas were addressed in 2021.

A specific focus area for 2021 was the roll out of the POPIA project implementation plan across the organisation to ensure compliance by the group, which included review of policies and adopting new policies, review of systems and processes as well as training throughout the organisation.


King III introduced combined assurance as a recommended governance practice, understanding that more can be done to improve assurance coverage and quality, through better coordination of assurance providers. We apply a combined assurance model to optimise assurance by management, as well as internal and external service providers, while fostering a strong ethical climate and mechanisms to ensure compliance. Using our board-approved ERM approach, management identifies key risks facing Exxaro and implements the necessary internal controls with comparable information for trend analysis where possible.

The audit committee is responsible for overseeing the use of a combined assurance model to achieve the following objectives:

  • Enabling an effective internal control environment
  • Integrity of information used for internal decision making by management, the board and its committees
  • Supporting the integrity of external reports

The board and audit committee assessed the effectiveness of controls for the year ended 31 December 2021 as satisfactory, principally through a process of management self-assessment (including formal confirmation by executive management), reports from internal audit, independent external audit and other assurance providers.

Exxaro defines assurance broadly to cover all sources, including external assurance, internal audit, management oversight and regulatory inspections.

Our combined assurance model includes and optimises all assurance services and functions to collectively provide an effective control environment and support integrity of information used for internal decision making by management, the board and its committees, and in our external reports including:

  • Corporate governance disclosures in terms of King IV
  • Financial statements and other external reports including our integrated and ESG report

The forum's activities and outcomes of assurance reports are presented quarterly to the audit committee.

See our combined assurance report for effective governance in our integrated report.


To ensure independence of our audit and assurance functions, the following measures have been put in place:

  • Change in independent external auditor: Exxaro and its subsidiaries completed a tender process in 2020 for the appointment of a new independent external auditor, effective for the financial year ending 31 December 2022, and approved the appointment of KPMG and its delivery partner, AM PhakaMalele. PwC was Exxaro's independent external auditor for the financial year ended 31 December 2021. A plan has been agreed for a smooth transition
  • Change in internal audit service provider: We have completed a tender for the appointment of new internal audit support services, and appointed PwC and its service delivery partner, Ngubane & Co, commencing on 1 July 2022. Similarly, a transition plan has been agreed with the outgoing EY internal audit team
  • A framework for engagement of auditors to supply non-audit services has been adopted with the following objectives:
    • Ensure that neither the nature of the service nor the level of reliance placed on it by the board could, or could be seen to, impair the objectivity, independence and impartiality of the auditors
    • Establish a straightforward and transparent process and reporting to enable the audit committee to monitor policy compliance
    • Avoid unnecessary restrictions on the purchase of services from the auditors where they are able to demonstrate provision of a higher-quality and more cost-effective service than other providers
  • In addition to the above, our group governance framework confirms that the internal audit function is an independent control function across the group. The chief audit officer therefore provides reasonable, independent and objective assurance services throughout the group, including the appointment of any internal audit service provider
  • An Internal Audit Charter guides the organisation on the role and scope of work of the internal audit function. In addition, the internal audit function reports directly to our audit committee and is administratively overseen by the FD
Report SelectorReport Index

Generate your own report

You can create your own custom PDF version of the report.

Select your areas of interest from the list below and submit your selection to create a PDF ready for you to download.

Add section
About this report
About Exxaro
Evolution of a 21st century company
Our ESG perspective
Measuring our performance
Strategic key performance indicators
Stakeholder management

Add section
Air quality
Climate change resilience
Energy management
Water security management
Waste management
Environmental liabilities and rehabilitation
Add section
Ethical culture
Performance and value creation
Adequate and effective control
Trust, good reputation and legitimacy
Board of directors
Our executive team
Remuneration and nomination committee report
Remuneration committee report
Nomination committee report
Risk and business resilience committee report
Social, ethics and responsibility committee report
Audit committee report
Investment committee report
King IV application register
Remuneration report
Add section
Human rights

Add section
GRI index
SASB index
Task Force for Climate-Related Financial Disclosures (TCFD)
Assurance report
Appendix A: Criteria