INFORMATION SECURITY POLICY
The Board of Directors and management of Scott & Co Ltd are committed to preserving all the physical and electronic information throughout the organisation. In this respect, the Information Security Policy has been devised in compliance with the Data Protection Act 2017 and other applicable Mauritian legal requirements.
The aim of this policy is to ensure:
1. Confidentiality of information is, ensuring accessibility of information only to those authorised to access the information. It also involves preventing both deliberate and accidental unauthorized access to Scott’s information and proprietary knowledge and its systems including its network(s), website, e-commerce systems, etc.
2. Availability of information is, ensuring information is accessible to authorised users when required and physically securing the information.
3. Integrity of information is, to ensure safeguarding the accuracy and completeness of information and the processing methods. Adequate and appropriate contingency and back-up plans and security incident reporting procedures are available within Scott to ensure information is not altered.
Scott & Co Ltd aims to achieve specific, defined information security objectives, which are developed in accordance with the business objectives, the context of the organisation, the results of risk assessments and the risk treatment plan. As such the IS Policy is subject to continuous improvement to respond to changes in the risk assessment and be reviewed at least annually.
Statement of Main Accountabilities
1.1.1 Ensures compliance by Company with applicable legislation, regulation and policies
1.1.2 Safeguards the assets of the Company
1.1.3 Ensures long term interests of the shareholder are being served
2.1.1 Provides overall leadership to the Board
2.1.2 Ensures that the Board is effective in its tasks of setting and implementing the company’s direction and strategy
2.1.3 Ensures that the development needs of the directors are identified and appropriate training is provided to continuously
update their skills and knowledge
2.1.4 Maintains sound relations with the shareholders
3. Chief Executive Officer
3.1.1 Sets direction and oversee operations
3.1.2 Communicates vision and strategy to staff
3.1.3 Ensures efficient utilization of resources
POSITION STATEMENT OF CHAIRMAN
1. The Chairman is elected by his or her fellow directors and shall be a non-executive or an independent director.
2. He/she should be a firm, objective and open-minded leader, assuming his/her role by bringing independence of mind and intellectual honesty. Apart from being fully conversant with the key networks of the organisation and have sound knowledge of the activities of the organisation work, the Chairman is expected to be impartial and objective so as to support or take the right decisions concerning the organisation.
3. The main responsibilities of a Chairman can be summarised under the following areas:
3.1. Strategy and Management of the Company
3.1.1. To ensure that the Board is effective in its tasks of setting and implementing the Company’s direction and strategy.
3.1.2. To co-ordinate the Committees to ensure that appropriate policies and procedures are in place for the effective management of the organisation.
3.1.3. To ensure that the decisions by the Board are executed.
3.1.4. To sign the Statement of Compliance to be filed with the Financial Reporting Council along with a director to confirm whether the Company has complied fully, partially or has not complied with the Code of Corporate Governance.
3.2.1. To provide overall leadership to the Board, be impartial and resolve differences in the most constructive way, whilst encouraging and ensuring the active participation of all directors in discussions and Board matters.
3.2.2. To participate in the selection of the board members whilst ensuring that the board has an appropriate mix of competencies, experience, skill and independence.
3.2.3. To provide support and supervision to the CEO.
3.3 Presiding and conducting meetings
3.3.1. To set the agenda for Board meetings, therefore giving the meetings their direction and scope.
3.3.2. To preside over the Board meetings and shareholder’s meetings of the Company and to ensure the smooth functioning of the meetings.
3.3.3. To ensure that Board meetings take place regularly and that all the relevant information and facts are placed before the Board to enable the directors to reach informed decisions.
3.3.4. To ensure that each meeting is planned effectively, conducted according to the Constitution and that matters are dealt with in an orderly, efficient manner.
3.3.5. To ensure that proper minutes are taken and sign the minutes of Board meetings and shareholder’s meetings jointly with the Secretary. Minutes which have been signed correct by the Chairman of the meeting are prima facie evidence of the proceedings.
3.4 Relations with the Shareholder
3.4.1. To act as the Company’s leading representative and be the spokesperson at functions and meetings to present the aims and policies of the Company.
3.4.2. To maintain sound relations with the Company’s shareholder and ensuring that the effective communication and disclosures are being carried out.
3.4.3. To ensure that all directors be made aware of the main concerns of the shareholder and key stakeholders and that their views be communicated to the Board as a whole.
3.5. Induction, Development, Succession and Performance Evaluation
3.5.1. To ensure that newly appointed directors participate in an induction program with the support of the Company Secretary.
3.5.2. To ensure that the development needs of the directors are identified, and appropriate training be provided to continuously update the skills and knowledge of the directors so that they fulfil their role on the Board and its Committees.
3.5.3. To identify the development needs of the Board as a whole to promote its effectiveness as a team.
3.5.4. To oversee a formal succession plan for the Board, CEO and certain senior management position, in collaboration with the CGC.
NOMINATION AND APPOINTMENT PROCESS OF DIRECTORS
1. The Board identifies the profile for the consideration as director of the company based on the skills and competences that company’s board requires to perform efficiently. Suitable candidates are proposed for consideration by the Board and the Chairman is delegated by the Board to interview the shortlisted candidates.
2. The Chairman carries out interviews of the potential candidate(s) before selecting appropriate candidates.
3. The Chairman then proposes the selected candidate(s) to the Board for assessment.
4. Once Board has reviewed and is satisfied with the profile of the candidates, the Board shall propose the election of the potential candidate/s by way of an ordinary resolution/s to be approved at the Meeting of Shareholder/s.
5. Reappointment of a director at the end of his/her mandate shall be based on the recommendation of the Chairman and subject to approval from the Board of directors and to election by the shareholder.
6. A letter of appointment stipulating the terms and conditions is remitted to the new directors.
7. Necessary filing is effected with regulatory authorities.
8. The Board then ensures that an induction programme is provided to the new Directors covering their roles and responsibilities.
POSITION STATEMENT OF COMPANY SECRETARY
1.1. To ensure that the organisation complies with its constitution, all relevant statutory and regulatory requirements, codes of ethics and procedures established by the Board.
1.2. To inform Board of all legislations relevant to or affecting meetings of shareholders and directors.
1.3. To continually review developments in corporate governance.
members – Appointment, Guidance and Development
2.1. To ensure that procedures for the appointment of directors are properly undertaken.
2.2. To facilitate the proper induction of directors into their role.
2.3. To provide the Board as a whole and directors individually with guidance as to their roles and responsibilities, advising and
assisting the directors with respect to their duties and responsibilities, in particular compliance with prevailing regulations.
2.4. To act as a channel of communication and information for non-executive directors.
2.5. To assist the Chairman in governance processes such as Board and Committee evaluation.
3. Organisation of Meetings of the Company
3.1. To prepare the agenda of Board, Board Committees and shareholder’s meetings in consultation with the Chairman and the CEO and to circulate the agendas and supporting documents in a timely manner.
3.2. To ensure that there is a quorum for meetings.
3.3. To take minutes of Board/Annual meetings and circulate draft minutes to all members and to ensure that minutes of proceedings of Board meetings and meetings of shareholder as well as resolutions of the Board are properly maintained.
3.4. To ensure that Annual and Special Meetings of Shareholder are held in accordance with the requirements of the Companies Act and the Company’s Constitution.
3.5. To ensure that proxy forms are correctly processed and that the voting process whenever applicable is carried out correctly at meetings of shareholders.
4. Communication with the Shareholder
4.1. To ensure that the shareholder’s interests are taken care of and act as a primary point of contact for the shareholder.
4.2. To communicate with the shareholder and arrange payment of dividends and/or interest, issuing documentation regarding corporate events being undertaken by the Company such as rights and bonus issues and maintaining good shareholder relations.
THE RISK MANAGEMENT AND AUDIT COMMITTEE CHARTER
The risk management and audit committee plays an important role in providing insight into the organisation’s governance, risk management and internal control practices. This oversight mechanism also serves to provide confidence in the integrity of these practices. The committee performs its role by providing independent insight to the Board and assists the Board and management by providing advice and guidance on the adequacy of the organisation’s initiatives.
Under the National Code of Corporate Governance for Mauritius (2016), Scott and Company Ltd (‘Scott’) is recommended to establish an Audit committee and a Risk Committee. Scott’s Board has opted for a combined approach, by establishing the ‘Risk Management and Audit Committee’ (RMAC), which oversees the risk and audit- related matters of its subsidiaries.
All audit and risk related matters for the subsidiaries of Scott (collectively referred to as “Scott Group”) are reported at their respective Board.
3.1 The RMAC shall comprise of not less than 3 non-executive directors appointed by the Board, and the majority of the members should be non-executive directors. Members of the committee shall be appointed by the Board, in consultation with the Chairperson of the RMAC.
3.2 The Board shall appoint a Chairperson from the independent non-executive members of the committee and determine the period for which he or she shall hold office.
3.3 The Chairperson of the Board, the Chief Executive Officer, the Chief Financial Officer and any Executive director shall not be eligible to be appointed as Chairperson or member of the committee.
3.4 The Board shall satisfy itself that the Chairperson of the committee and at least one member of the RMAC are financially literate, ideally with a professional qualification from one of the professional accountancy bodies.
3.5 The Board shall have the power at any time to remove any members from the Committee and to fill any vacancies created by such removal.
3.6 Only members of the Committee have the right to attend committee meetings.
3.7 However, the Chief Executive Officer and the Chief Financial Officer shall be in attendance at meetings of the RMAC. The external auditors and internal auditors shall be invited to attend meetings of the committee on a regular basis and other non-members may be invited to attend all or part of any meeting as and when appropriate and necessary.
3.8 Appointments to the RMAC shall be for a period of up to three years extendable by no more than two additional three-year periods, so long as members continue to be independent.
4.1 The Company Secretary, or his or her nominee, shall act as the Secretary of the RMAC and will ensure that the committee receives information and papers in a timely manner to enable full and proper consideration to be given to issues.
5.1 The quorum necessary for the transaction of business shall be at least two members; one of whom must be an independent director.
6. Frequency of meetings
6.1 The RMAC shall meet at least four times a year at appropriate intervals in the financial reporting and audit cycle and otherwise as required.
6.2 Outside the formal meetings, the RMAC Chairperson will maintain a dialogue with key individuals involved in the Company’s governance, including the Board Chairperson, the Chief Executive Officer, the Chief Financial Officer, the external audit lead partner and the internal auditor. The RMAC Chairperson, at his/her discretion, may invite other executives and independent consultants to attend and to be heard at meetings of the committee.
7. Notice of meetings
7.1 Meetings of the RMAC shall be convened by the Secretary of the committee at the request of any of its members or at the request of the external audit lead partner or internal auditor if they consider it necessary.
7.2 Notice of each meeting confirming the venue, time and date together with an agenda of items to be discussed and supporting papers, shall be forwarded to each member of the committee, any other person required to attend, no later than five working days before the date of the meeting.
8. Minutes of meetings
8.1 The Secretary shall minute the proceedings and decisions of all meetings of the RMAC, including recording the names of those present and in attendance.
8.2 Draft minutes of committee meetings shall be circulated no later than ten working days after the meeting to all members of the committee. Once approved, minutes should be circulated to all other members of the Board unless it would be inappropriate to do so in the opinion of the RMAC Chairperson.
9. Responsibilities of the committee
It is the responsibility of the RMAC to provide the Board with independent, objective advice on the adequacy of the management’s arrangements with respect to the following aspects:
9.1 Financial statements
9.1.1 The RMAC will examine and review the quality and integrity of Scott’s financial statements, including its annual reports and any applicable interim reports.
9.1.2 The RMAC shall review and report to the Board on significant financial reporting issues and judgements which these financial statements contain having regard to matters communicated to the committee by the auditor.
9.1.3 In particular, the RMAC shall review and challenge where necessary:
a. The consistency of, and any changes to, significant accounting policies both on a year on year basis and across the group;
b. Compliance with accounting standards, local and international, compliance with legal requirements;
c. The methods used to account for significant or unusual transactions where different approaches are possible;
d. Significant adjustments resulting from the audit;
e. Whether the Company has followed appropriate accounting standards and made appropriate estimates and judgements taking into account the views of the external auditor;
f. The clarity and completeness of disclosure in the Company’s financial reports and the context in which statements are made;
g. All material information presented with the financial statements, such as the business review and the corporate governance statements relating to the audit and to risk management;
h. Where the committee is not satisfied with any aspect of the proposed financial reporting by the Company, it shall report its views to the Board;
i. The basis on which the organisation has been determined a going concern;
j. internal controls; and
k. Compliance with the financial conditions of any loan covenants.
9.2 Internal audit
The committee shall:
9.2.1 Approve the appointment or termination of appointment of the head of internal audit or the provider of internal audit services;
9.2.2 Review and approve the charter of the internal audit function and ensure the function has the necessary resources, access to information and sufficient authority to enable it to fulfil its mandate;
9.2.3 Ensure the internal auditor has unrestricted access and interact directly with Committee’s Chairperson, including in private meetings without management present;
9.2.4 Ensure that the internal auditor is accountable to the committee;
9.2.5 Review and assess the annual internal audit work plan and request for any adjustments to be made thereto, as necessary, in response to changes in the company’s business, risks, operations, programs, systems and controls;
9.2.6 Receive a report on the results of the internal auditor’s work on a periodic basis;
9.2.7 Review and monitor management’s responsiveness to the internal auditor’s findings and recommendations;
9.2.8 Meet with the head of internal audit or the provider of internal audit services at least once a year without the presence of management; and
9.2.9 Monitor and review the effectiveness of the Company’s internal audit function, in the context of the Company’s overall risk management system.
9.2.10 Safeguard the organisation’s assets against unauthorised use or disposal;
9.2.11 Direct and supervise investigations into matters within its scope, for example, evaluations of the effectiveness of the organisation’s internal control, cases of employee fraud, misconduct or conflict of interest
9.3 External audit
The committee shall:
9.3.1 Consider and make recommendations to the Board, to be put to shareholders for approval at the AGM, in relation to the appointment, re- appointment and removal of the Company’s external auditor;
9.3.2 If an auditor resigns, investigate the issues leading to this and decide whether any action is required;
9.3.3 Oversee the relationship with the external auditor including (but not limited to):
184.108.40.206 Recommendations on their remuneration, including both fees for audit and non-audit services, and that the level of fees is appropriate to enable an effective and high quality audit to be conducted;
220.127.116.11 Approval of their terms of engagement, including any engagement letter issued at the start of each audit and the scope of the audit;
18.104.22.168 Assessing annually their independence and objectivity taking into account relevant professional and regulatory requirements and the relationship with the auditor as a whole, including the provision of any non-audit services;
22.214.171.124 Satisfying itself that there are no relationships (such as family, employment, investment, financial or business) between the auditor and the organisation (other than in the ordinary course of business) which could adversely affect the auditor’s independence and objectivity;
126.96.36.199 Agreeing with the Board a policy on the employment of former employees of the Company’s auditor, and monitoring the implementation of this policy;
188.8.131.52 Monitoring the auditor’s compliance with relevant ethical and professional guidance on the rotation of audit partner, the level of fees paid by the organisation compared to the overall fee income of the firm, office and partner and other related requirements;
184.108.40.206 Seeking to ensure co-ordination between audit firms (where more than one audit firm is involved);
220.127.116.11 Seeking to ensure co-ordination with the activities of the internal audit function; and
18.104.22.168 Evaluating the risks to the quality and effectiveness of the financial reporting process and consideration of the need to include the risk of the withdrawal of their auditor from the market in that evaluation.
9.3.4 Meet regularly with the external auditor (including once at the planning stage before the audit and once after the audit at the reporting stage) and at least once a year, without management being present, to discuss the auditor’s remit and any issues arising from the audit.
9.3.5 Review and approve the annual audit plan and ensure that it is consistent with the scope of the audit engagement, having regard to the seniority, expertise and experience of the audit team.
9.3.6 Consider whether any significant ventures, investments or operations are not subject to external audit.
9.3.7 Obtain assurance from the external auditor(s) that adequate accounting records are being maintained.
9.3.8 Review the findings of the audit with the external auditor. This shall include but not be limited to the following:
22.214.171.124 A discussion of any major issues which arose during the audit;
126.96.36.199 Key accounting and audit judgements;
188.8.131.52 Levels of errors identified during the audit; and
184.108.40.206 The effectiveness of the audit process.
9.3.9 Review any representation letter(s) requested by the external auditor before they are signed by management.
9.3.10 Review the management letter and management’s response to the auditor’s findings and recommendations and satisfy itself that all identified issues are being properly followed up.
9.3.11 Develop and implement policy on the supply of non-audit services by the external auditor to avoid any threat to auditor objectivity and independence, taking into account any relevant ethical guidance on the matter.
9.4 Narrative reporting
9.4.1 Where requested by the Board, the RMAC shall review the content of the annual report and accounts and advise the Board on whether, taken as a whole, it is fair, balanced and understandable and provides the information necessary for shareholders and other stakeholders to assess the Company’s performance, business model and strategy.
9.5 Internal control and risk management system
The RMAC shall:
9.5.1 Keep under review the adequacy and effectiveness of the systems of internal control of the company and its subsidiaries, including internal financial control and business risk management and maintaining effective internal control systems;
9.5.2 Review and approve the statements to be included in the annual report concerning internal controls and risk management;
9.5.3 Review and approve related party transactions to be disclosed by the Group;
9.5.4 Oversee the identification, assessment, and monitoring of risk on an on- going enterprise-wide basis;
9.5.5 Oversee the development, monitoring and review of a risk management framework and guideline;
9.5.6 Review the risk profile and Business Risk Register (BRR);
9.5.7 Provide oversight and recommendations to the Board on the risk appetite and risk tolerance;
9.5.8 Review and provide recommendations on significant risk exposures and control issues, including fraud risks, governance issues and other matters needed or requested by Senior management and the Board;
9.5.9 Review and provide recommendations on the adequacy of the combined assurance being provided;
9.5.10 Review and provide recommendations on the risk management processes established and maintained and the procedures in place to ensure that they are operating as intended;
9.5.11 Review the adequacy of the Group Insurance covers; and
9.5.12 Receive and review reports on a regular basis from management on Health and Safety matters, credit risk portfolio and Key Performance Indicators (KPI).
10 Whistleblowing and fraud
The RMAC shall:
10.1 Review the adequacy and security of the organisation’s arrangements for its employees and contractors to raise concerns, in confidence, about possible wrongdoing in financial reporting or other matters. The committee shall ensure that these arrangements allow proportionate and independent investigation of such matters and appropriate follow up action;
10.2 Review the Group’s procedures for detecting fraud;
10.3 Review the Group’s systems and controls for the prevention of bribery and receive reports on non-compliance;
10.4 Enquire with management, internal and external auditors to ensure that the Company has appropriate anti-fraud programs and controls in place to identify potential fraud and ensure that investigations are undertaken if fraud detected.
10.5 Review significant cases of employee conflicts of interest, misconduct or fraud, or any other unethical activity by employees or the organisation
11 Reporting responsibilities
11.1 The RMAC Chairperson shall report formally to the Board on its proceedings after each meeting on all matters within its duties and responsibilities and shall also formally report to the Board on how it has discharged its responsibilities. This report shall include:
11.1.1 The significant issues that are considered in relation to the financial statements and how these were addressed;
11.1.2 Its assessment of the effectiveness of the internal audit and external audit process and its recommendation on the appointment or reappointment of the external auditor; and;
11.1.3 Any other issues on which the Board has requested the Committee’s opinion.
11.2 The RMAC shall make whatever recommendations to the Board it deems appropriate on any area within its remit where action or improvement is needed.
11.3 The RMAC shall compile a report on its activities to be included in the Company’s annual report. In compiling the report, the RMAC should exercise judgement in deciding which of the issues it considers in relation to the financial statements are significant, but should include at least those matters that have informed the Board’s assessment of whether the Company is a going concern.
Having regard for the functions performed by the members of the RMAC in addition to their functions as directors in relation to the activities of the Committee, members of the RMAC may be paid such special remuneration in respect of their appointment as shall be fixed by the Board.
The RMAC is authorised to:
13.1 Seek any information it requires from any employee of the organisation in order to perform its duties;
13.2 Obtain, at the organisation’s expense, independent legal, accounting or other professional advice on any matter it believes it necessary to do so; and
13.3 Call any employee to be questioned at a meeting of the committee as and when required.
14 Other matters
The RMAC shall:
14.1 Have access to sufficient resources in order to carry out its duties, including access to the Company secretariat for assistance as required;
14.2 Establish and communicate its requirements for information, which will include the nature, extent and timing of information. Information will be provided to the RMAC at least 1 week prior to each meeting.
14.3 Be provided with appropriate and timely training, both in the form of an induction programme for new members and on an on-going basis for all members;
14.4 Give due consideration to laws and regulations, the Code, and any other applicable rules, as appropriate;
14.5 Be responsible for co-ordination of the internal and external auditors;
14.6 Oversee any investigation of activities which are within its terms of reference;
14.7 Work and liaise as necessary with all other Board committees; and
14.8 Arrange for periodic reviews of its own performance to ensure it is operating at maximum effectiveness and recommend any changes it considers necessary to the Board.
14.9 Review this charter as and when required, subject to the approval of the Board.
REVIEWED BY SCOTT’S RMAC ON 09 September 2021
ADOPTED BY SCOTT’S BOARD OF DIRECTORS ON 07 October 2021
The Position Statement of the CEO
The Chief Executive Officer is responsible for providing strategic leadership for Scott and Company Limited (the “Company” or “Scott”) by working with the board of directors (“Board”) of Scott and Company Limited and the executive management team of the Company to define long-term strategies, plans and policies.
The duties of the Group Chief Executive Officer shall include but shall not be restricted to:
- Leading and directing the implementation of business strategy, performance delivery and compliant execution of the Company’s business in line with the policies set by the Board;
- Delivering long-term value for shareholders through consistent performance delivery while maintaining the confidence of other key stakeholders such as employees, customers, investors and regulators;
- Ensuring the maintenance of a sound internal control system;
- Protecting, building and enhancing the brand value of the Company;
- Ensuring that the structure required for the identification, assessment and mitigation of risks has been identified;
- Recommending for the approval of the Board of Scott and Company Limited a detailed succession plan for designated executives and critical positions that report directly to the Chief Executive Officer, including having detailed succession plans in place in case any such individual becomes unavailable or fails to meet performance expectations; and
Maintaining a close working relationship with the Board to keep them informed of key developments and opportunities, performance, risk and human resourcing