Committing to sustainable,
responsible growth

Passion outlines
our projects

RISK MANAGEMENT REPORT

RISK MANAGEMENT

REPORT

RISK MANAGEMENT AND INTERNAL CONTROLS

Effective risk management is crucial for sustaining growth and protecting our assets. ESG (Environmental, Social, and Governance) factors are increasingly important in the real estate sector, influencing investment decisions, property values, and overall sustainability. In our sector in particular, ESG considerations are not only a matter of compliance or risk management but also a strategic imperative for driving sustainable growth and enhancing value in a rapidly changing market. 

Over the past year, alongside navigating the cost-of-living crisis that has impacted households and consumers across the country, we proactively addressed an anticipated increase in both human resource and competition risks. We enhanced our recruitment and onboarding procedures, reviewed our remuneration policies, and invested in comprehensive training and development programmes to ensure that we remain well-positioned to attract and retain skilled professionals. We continuously engage with our tenants, listening to their concerns and understanding their needs. Since its introduction in 2020, our annual customer satisfaction survey has become a valuable tool in measuring the success of our tenant retention strategy. To further strengthen our stakeholder engagement efforts, we have a Business Process Analyst whose role is to identify areas for improvement in our existing departmental processes and recommend improvements to drive efficiency. 

(Refer to the Top 10 risks in the BRR on page 95) 

Our risk management framework is designed to identify, assess, and mitigate potential risks that could impact our operations and strategic objectives. At Lavastone Properties, we adopted the ISO 31000 risk management framework, which provides a comprehensive approach for managing risks in our industry. Our framework is based on the following principles

Integration: Risk management is integrated in our governance structure and decision-making process. This means that we embed risk considerations in our financial planning, property management and strategic development. 

Holistic approach: We consider all types of risks and how they interact, which is particularly important as various factors can influence current and future property performance. 

Stakeholder engagement: We involve our stakeholders in the risk management process by understanding their perspective to enhance mitigation strategies.

The Framework

The Process

Risk identification and assessment: We regularly conduct comprehensive risk assessments to identify potential threats across various categories, including market, operational, financial, regulatory, and environmental risks. This proactive approach enables us to understand our risk landscape and prioritise our response strategies. This is done through quarterly workshops with the Management Team and Board of Directors. 

Risk treatment: To address identified risks, we implement targeted mitigation strategies, monitor the effectiveness of these strategies, and adjust as needed. Our risk management strategy also includes comprehensive insurance coverage to protect against unforeseen events. We also develop a contingency plan to ensure that we are prepared to respond swiftly to any challenges that may arise. 

Monitoring and review: We maintain a continuous monitoring system to track risk indicators and the effectiveness of our mitigation strategies. The Business Risk Register is reported to senior management and the Board to ensure transparency and facilitate informed decision-making. Regular audits and stakeholder feedback also provide valuable insights. 

Training and awareness: We invest in ongoing training programmes for our employees to foster a culture of risk awareness throughout the organisation. 

Through this risk management framework, Lavastone Properties benefitted from enhanced decision-making regarding its projects, improved resilience, regulatory compliance and sustainable growth by identifying opportunities and mitigating potential threats. 

During this financial year, we identified and seized the following opportunities: 

• We concluded two acquisitive opportunities that have contributed to the diversification of our portfolio, improving our risk profile. 

• We embarked on the journey towards the LEED certification at Absa House, Cim House and Les Cascades Building to improve the buildings’ environmental performance, reinforcing our focus on sustainability in facilities and property management. 

• We implemented the ‘Upkeep’ module to better track and manage repairs and maintenance across our properties. This module is designed to reduce maintenance timelines and allow our teams to address issues before they escalate, maintaining the standards expected by our tenants.

Risk Governance

Our risk governance framework is built on the ‘three lines of defence’ model:

The Board is responsible for risk governance and ensures that the Company develops and executes a comprehensive and robust system of risk management and maintains a sound internal control system.

The Risk Management and Audit Committee (“RMAC”), a sub-committee of the Board, has been delegated the responsibility to provide insights into our risk management and internal control practices. This oversight mechanism also serves to provide confidence in the integrity of these practices. The committee is guided by a formal and approved charter and performs its role by providing independent insight to the Board and assisting the Board and management by providing advice and guidance on the adequacy of our initiatives.

Our RMAC comprises of 3 non-executive directors and is chaired by an Independent Non-Executive Director.

The key role and responsibilities of the Committee is to provide its independent and objective advice on the key components of the controls’ framework:

• Financial statements
• Internal Audit
• External Audit
• Reporting and disclosure
• Risk Management

The Managing Director and Management team are accountable to the Board and the RMAC, and are responsible for the design, implementation, review and report on the risk management process and strategy.

A risk champion has been formally designated to promote a risk management culture across the company.

A Compliance and Legal Officer has been appointed and focuses mainly on the regulatory, compliance and legal risks, including AML/CFT.

Our Internal Audit function provides assurance to the RMAC and Management on the status of the Risk and Control environment. Refer to the below section on Internal Audit.

To remain effective in its risk management process, Lavastone Properties has implemented the following components:

Risk management policy

Our RM policy is approved by the Board of Directors and RMAC. The policy is aligned with our vision and strategic objectives.

Our vision: Lavastone Properties aims to be the preferred partner for commercial real estate solutions, while delivering optimum value to its shareholders.

To achieve our vision, our strategic objectives are centred around our key stakeholders:

Our strategic objectives

Risk appetite statement

The risk appetite is the amount and type of risk that an organisation is willing to take in order to meet its strategic objectives. Lavastone Properties has defined its risk appetite statement, which has been approved by the Board of Directors

We will pursue growth whilst continuously improving customer service and operational excellence.

To improve our commitment to sustainability, we will strive to meet the criteria for a LEED certification in our new development projects.

We aim to grow regionally and have 10% of our portfolio outside of Mauritius in 10 years’ time.

However, we will not engage in and tolerate activities which create safety, regulatory and quality concerns.

We will not make decisions which pose a financial risk impact of 10% or more on our revenue or increase
our loan to value ratio to above 40%. Our exposure is limited to:

–   25% of Net Asset Value for any one sector (Retail, Hospitality, Office, Industrial, Residential etc)
–   20% of Investment Property Value for any single building
–   20% of Rental Revenues for a single tenant

As outlined in our 2023 Annual Report, the office segment accounted for 32% of our property portfolio value in FY 24. For this coming year, we have taken strategic steps to mitigate concentration risks associated with this segment by identifying and moving forward with a new industrial project for acquisition and development, as well as initiating the development of another industrial building at Montebello. 

To support these diversification efforts, while staying within our established loan-to-value parameters, we have decided to strategically divest a yielding asset at Plaine Lauzun and a parcel of land in Trianon. Part of the capital generated will be redirected to fund these industrial developments and other superior long term value creation projects. 

Lavastone Properties is committed to adhering to its risk appetite statement, with ongoing monitoring by Management and a quarterly review by the Board.

Risk criteria

Our risk criteria take into consideration the two elements of probability and impact and is defined on a scale of 1 to 5.

PROBABILITY

IMPACT

Our impact criteria include aspects such as financial, legal & regulatory, health and safety, reputation and business continuity.

Risk champion

The Head of Finance is identified as our risk champion. His role is to raise awareness on the risk environment across the organisation, and coordinate risk meetings.

Business Risk Register

As part of the Monitoring and Review process, Lavastone Properties has developed a Business Risk Register (“BRR”), which consists of risk identification, assessment and response. The BRR is a recording and monitoring tool designed to assist the Management team of Lavastone Properties for informed decision-making. 

Our BRR is reviewed and updated on a quarterly basis through risk management workshops and reported to the RMAC. 

Our risk management meetings consist of the Management Team, the Risk Champion and the Internal Auditor. The purpose of these meetings is to identify any changes in existing risks, as well as new and emerging risks.

Refer to the Risk Heatmap and Top 10 risks below

Risk Indicators

Measuring performance is a key monitoring activity to assess how effective risk management is at supporting our strategic objectives. The approach to measuring performance must be a data-driven exercise. To remain agile, risk data should be shared throughout the organisation. At Lavastone Properties, we have defined risk indicators which enable our team to objectively evaluate the risk environment on a regular basis.

SYSTEM OF INTERNAL CONTROLS

The system of internal controls is a crucial component for effective governance and risk management. It encompasses policies, procedures, and practices designed to ensure the integrity of financial reporting, compliance with laws and regulations, and operational efficiency. The foundation of an effective internal control system is the control environment, which includes the organisational culture, values, and commitment to ethical behaviour. A strong control environment fosters accountability and integrity among employees.

Key components of Internal Controls

The Board is committed to its responsibility to keep under review the adequacy and effectiveness of the system of internal controls. The purpose of such a system is to protect the Company, preventing and detecting frauds, and contributing to the achievement of its objectives. The Board, through the RMAC, reviews and challenges the following components:

• Financial statements
• Internal Audit
• External Audit
• Reporting and disclosure
• Internal control and risk management system

INTERNAL AUDIT

The Internal Audit function of the Group is outsourced to SmarTree Consulting Ltd (also referred to as ‘SCL’ or ‘the Internal Auditor’), since 2018. The Internal Audit team consists of professionals who are either Certified Internal Auditors (‘CIA’), ACCA-qualified or degree/diploma holders. As part of their continuous professional development and education, the internal auditors attend regular training sessions on key topics. 

The mission of Internal Audit is to provide independent, objective assurance and consulting services, designed to add value and improve our operations. The Internal Auditor is not responsible for the implementation of controls or the management and mitigation of risk, responsibilities which remain at the Board and management levels.

The internal audit function is governed by the mandatory elements of the Institute of Internal Auditors’ (IIA) International Professional Practices Framework, including the Core Principles, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing. 

A formal internal audit charter is approved by the RMAC and describes Internal Audit’s role, responsibilities, scope, authority and reporting structure, amongst others. 

An internal audit plan is approved by the RMAC on an annual basis and uses a risk-based approach. During the FY 2024, the Internal Auditor covered the following scope:

The objectives of the internal audit assignments were to:

• Provide assurance to the Board, RMAC and Management that risks are mitigated through control measures and adequate procedures.
• Evaluate the controls design.
• Provide risk insights and recommendations on the improvement of the control environment.
• Evaluate adherence to the internal policies and procedures and regulatory framework.

As part of its key responsibilities, the RMAC:

• Reviews and approves the internal audit charter
• Reviews and approves the annual internal audit plan
• Reviews and monitors management’s responses and actions to internal audit findings
• Reviews and monitors the effectiveness of the internal audit function

As part of the internal audit process and methodology, the Internal Auditor monitors and assesses their audit recommendations with the Management on a monthly basis, until they are fully implemented. The Internal Auditor reports to the RMAC on a quarterly basis and the status of audit recommendations and Management action plans
are reported to the RMAC. The Internal Auditor has unrestricted access to and communicates and interacts directly with, the RMAC.

Risk Heatmap September 2024

Comparison FY 22-23 to FY 23-24

Top 10 risks