VODACOM

2013 KINGIII REPORT

CORPORATE GOVERNANCE REPORT

PHEEANE TEBA
4/10/2014




1

Table of Contents
Executive summary ........................................................................................................................................ 3
1. Effective Ethical Leadership and Corporate Citizenship ....................................................... 4
1.1. Responsible Leadership ............................................................................................................. 4
1.2. Ethical foundation ........................................................................................................................ 4
2. GOVERNANCE OF RISK ..................................................................................................................... 6
2.1. The Boards Responsibility For Risk Governance ................................................................ 6
2.2. Managements Responsibility for Risk Management .......................................................... 6
2.3. Risk assessment ........................................................................................................................... 6
2.4. Risk response ................................................................................................................................ 6
2.5. Risk monitoring ............................................................................................................................. 7
2.6. Risk assurance .............................................................................................................................. 7
2.7. Risk disclosure .............................................................................................................................. 7
3. Governance of Information Technology ......................................................................................... 8
3.1. The Board should be responsible for information technology (IT) governance ....... 8
3.3. The Board should delegate to management the responsibility for the
implementation of an IT governance framework ............................................................................. 8
3.4. The Board should monitor and evaluate significant IT investments and expertise ... 8
3.5. IT should form an integral part of the Companys risk management ............................. 8
3.6. The Board should ensure that information assets are managed effectively ................ 8
3.7. A Risk Committee and Audit Committee should assist the Board in carrying out its
IT responsibilities ..................................................................................................................................... 9
4. GOVERNANCE WITH LAWS, RULES, CODES AND STANDARDS .......................................... 9
4.1. The Board should ensure that the company complies with applicable laws and
considers adherence to non-binding rules, codes and standards ............................................. 9
4.2. The Board and each individual director should have a working understanding of the
effect of the applicable laws, rules, codes and standards on the Company and its
business ...................................................................................................................................................... 9
4.3. Compliance risk should form an integral part of the Companys risk management
process ........................................................................................................................................................ 9
4.4. The Board should delegate to management the implementation of an effective
compliance framework and processes ............................................................................................... 9
5. GOVERNING STAKEHOLDER RELATIONS ................................................................................. 10
5.1. The Board should appreciate that stakeholders perceptions affect a companys
reputation.................................................................................................................................................. 10
5.2. The Board should delegate to management to proactively deal with stakeholder
relationships ............................................................................................................................................ 10
5.3. The Board should strive to achieve the appropriate balance between its various
stakeholder groupings, in the best interests of the company .................................................... 10
5.4. Companies should ensure the equitable treatment of shareholders ........................... 11
2

5.5. Transparent and effective communication with stakeholders is essential for
building and maintaining their trust and confidence .................................................................... 11
5.6. Dispute Resolution ..................................................................................................................... 11
6. IMPLEMENTAION STRATEGIES AND ACTION PLANNING ..................................................... 11
7. SUMMARY, CONCLUSION AND RECOMMENDATIONS ........................................................... 12
7.1. Summary ....................................................................................................................................... 12
7.2. Conclusion ................................................................................................................................... 12
7.3. Recommendations ..................................................................................................................... 12


















3

Executive summary
Boards of directors are confronted with many difficult decisions on a regular basis. The
right choice is not always obvious. The King Report on Governance for South Africa 2009
(King III) was published in September 2009 and became effective on 1 March 2010, it
provides a list of best practice principles to support and guide directors to make the right
choice for their company. These principles have become a necessary guide on Corporate
Governance to directors, executives and regulators equally. King III provides guidance to
all corporate entities on various governance related aspects, including:
Ethical leadership and corporate citizenship
The governance of risk
The governance of information technology (IT)
Compliance with laws, rules, codes and standards
Governing stakeholder relationships
Below is the 2013 King III report for Vodacom PTY (LTD) which is in conjunction with the
new Companies Act which classifies the standard for directors conduct and regulates the
liability of directors where the standard is not met. The report explains how the King III is
implemented and how the companys directors are obliged to act in good faith, in the best
interest of the company and with the required level of skill and diligence. These standards
must be enforced by the Companies and Intellectual Property Commission, and
shareholders and other stakeholders of a company will hold the company and its directors
accountable. In contrast, there is no statutory obligation on companies to comply with King
III. The underlying intention of King III is not to force companies to comply with
recommended practice (King II required companies to comply or explain), but rather for
companies to apply or explain. Directors are accountable for the governance and
wellbeing of the company, and to the body of shareholders. Where directors opt not to
implement the recommended practices as set out in King III, they should be able to explain
their reasoning and motivation to the shareholders with their statutory duties as set out in
the Companies Act; they need to ensure that each and every decision is taken with care,
as every decision counts. Most, if not all of the recommended best practice principles set
out in King III relate to the legislative duties of directors to exercise powers to perform their
functions in good faith and for a proper purpose in the best interest of the company. In
addition, this should be done with the degree of care, skill and diligence that may
reasonably be expected of a director. As such, King III constitutes a valuable guide to
directors and other office bearers to ensure compliance with the provisions of the
Companies Act. The below report explains how the companys directors pay close
4

attention to the principles, and ambition to apply all such principles and of course, where
they chose not to apply a particular principle, they should be able to explain that decision.
In regards with King III principles application within the company three personnel were
interviewed from different business units i.e. Management personnel, Supervisory
personnel and ground level personnel.

1. Effective Ethical Leadership and Corporate Citizenship
1.1. Responsible Leadership
The Board should provide effective leadership based on an ethical foundation.
Implication: The Board has put in place appropriate structures and processes to
ensure that the business is conducted in an ethical manner, taking into account the
impact of the organisations business on the economy, society and the environment
and balancing the interests of its various stakeholders.
Also the board directs the companys activities with integrity, by the tone it sets
through its actions, decisions, policies and codes, the culture it instils and the
example of its directors, thereby demonstrating transparency, accountability,
fairness, honesty and responsiveness to stakeholders.
1.2. Ethical foundation
The Board should ensure that the Company is and is seen to be a
responsible corporate citizen.
Implication: To instil an ethical culture, Vodacom has implemented an ethics
management programme. A Code of Conduct is also in existence and communicated to all
staff. In addition, online training on the Code of Conduct was rolled out to staff. Their Code
of Conduct gives employees basic guidance on how to implement the business principles
in practice, and refers them to more detailed policies and guidelines for business
behaviour. These documents cover a range of topics from declarations of interests to the
receiving and giving of gifts and hospitality. Vodacom employees have a duty to report any
suspected breaches of the Code and other Company policies.
Vodacom has implemented an anti-corruption programme and requires all its employees
and business partners to abide by anti-corruption laws in the conduct of Vodacoms
business
Through the Vodacom Foundation, Vodacom has contributed to various social
development projects in the areas of mobile education, mobile health and through the
Vodacom Change the World campaign.
5

Vodacom has implemented various initiatives and programmes to ensure that we promote
and protect the environment and maintain the health and safety of our people, suppliers
and the general public.
To this end Vodacom has implemented or engaged in the following initiatives:
A health and safety programme;
Monitoring and reporting on our resource consumption;
Participation in the Carbon Disclosure Project and have set targets to reduce
our carbon footprint;
Obtained ISO 14001 certification;
Recently set up an environmental management review committee/working
group;
Developed an innovation centre that does research into efforts that Vodacom
can implement to operate in a more environmentally friendly manner.
Finally, Vodacom Group has a Social and Ethics Committee that maintains oversight on
various sustainability and good corporate citizenship matters.
The Board should ensure that the Companys ethics are managed
effectively.
Implication: Vodacom Group has implemented an ethics management programme called
Ethics Along the Way. The Group Social and Ethics Committee and audit committees of
our operating companies provide oversight of the Ethics Along the Way programme. The
company conduct Ethics, People and Reputation Surveys, and review information from
internal investigations and disciplinary actions to assess key ethics risks. These risks are
reduced and managed as part of their risk management strategies. During the course of
this year the Vodacom Code of Conduct was refreshed and communicated to all staff. All
executives (Level 2) had to issue certifications that they have read and understood the
training. In addition, online Code of Conduct training has been rolled out to all employees.
The ethics department also provides advice to employees on general ethics topics such as
giving and receiving gifts and conflicts of interest.
To facilitate the handover and continued implementation of the programme to the boards
and management of the individual operating companies, ethics committees have been
established in their International mobile operations in DRC, Lesotho, Mozambique and
Tanzania as well as Vodacom Business Africa in Nigeria. The membership of these
committees includes both management and employees. The committees review the
results of ethics risk assessments and other risk indicators, assist in highlighting and
implementing key ethics-related policies and procedures, and bring concerns and
complaints to the attention of the respective company. The Managing Directors of these
6

companies have also appointed a number of employees as ethics champions to further
raise the profile of, and encourage adherence to, business ethics.

2. GOVERNANCE OF RISK
2.1. The Boards Responsibility For Risk Governance
The Board should be responsible for the governance of risk: Vodacom boards
charter reflects its responsibility for risk governance, and it discharges this responsibility by
receiving reports from the Chairman of the Risk Committee at its quarterly meetings, and
by making recommendations to management on its risk management programme.
The Board should determine the levels of risk tolerance: The board has adopted the
levels of risk tolerance utilised by the Risk Committee and management in determining the
companys risk management framework and the methodology for rating risks in the
companys risk registers and this is reviewed by the Board on an annual basis.
The Risk committee or Audit committee should assist the board in carrying out its
risk responsibilities: The charters of both the Risk and Audit Committees require these
Committees to assist the board in carrying out its risk governance responsibilities, and
they provide this assistance by monitoring the companys risk management activities and
the board has appointed the ARC committee to assist with its risk responsibilities.
2.2. Managements Responsibility for Risk Management
The Board should delegate to management the responsibility to design,
implement and monitor the risk management plan: Vodacom has appointed a
Chief Risk Officer who assists in identifying, assessing and recording the strategic
risks facing the company and, where appropriate, monitors mitigating actions.
2.3. Risk assessment
The Board should ensure that risk assessments are performed on a continual
basis: The board receives assurance from the Risk Committee that risk
assessments are carried out continually and that the companys risk registers are
updated at least annually by management.
The Board must ensure that frameworks and methodologies are implemented
to increase the probability of anticipating unpredictable risks: The board
receives assurance from the Risk Committee that the process of continual risk
assessment by management takes in to account emerging and unusual risks not
typical of normal operating and environmental conditions.
2.4. Risk response
The Board should ensure that management considers and implements
appropriate risk responses: The board receives assurance from the Risk
7

Committee and the Company Risk Manager that management appropriately
identifies, manages, transfers and mitigates risks facing the company.
2.5. Risk monitoring
The Board should ensure continual risk monitoring by management: The
board receives assurance from the Risk Committee that it and management
continually monitor risks facing the company.
2.6. Risk assurance
The Board should receive assurance regarding the effectiveness of the risk
management process: The board receives assurance from the Internal Audit
Department and management, via the Audit Committee and from the Risk
Committee, as to the adequacy of the risk management process.
2.7. Risk disclosure
The Board should ensure that there are processes in place enabling
complete, timely, relevant, accurate and accessible risk disclosure to
stakeholders: The board ensures that the companys Integrated Annual Report, as
well as its public announcements where necessary, appropriately discloses risk-
related information of importance to stakeholders.
The below implication applies to principles covered in elements 3.3 to 3.7:

Management continuously develops and enhances its risk and control procedures, aiming
to improve risk identification, assessment and monitoring. The directors consider business
risks when setting strategies, approving budgets and monitoring progress against budgets.
Risks are managed at three distinct levels Risk Management Committees, the Risk
Group and line management. The Group Risk Management Committee (GRMC) which
meets four times a year and which is chaired by the Chief Financial Officer has been in
existence for eight years. Current membership comprises the Group Executive Committee
members, the Chief Risk Officer and the Managing Directors of each of the local markets.
The two main functions of the GRMC are:
To filter and approve the list of strategically high and critical risks and to
present these risks to the Group Board yearly; and
To oversee and monitor the various projects and structures designed to
manage specific identified risks for example Business Continuity
Management.
The GRMC also acts as the Risk Management Committee (RMC) for Vodacom South
Africa. The risk management committees in each country of operation are chaired by the
respective Managing Director and the remaining members are the Executive Committee of
8

the local operation. The mandate of each committee is identical to that of the GRMC.
Risks are identified and managed at five levels within the Group: project, process,
operational, tactical and strategic levels. Risks are periodically reviewed and updated. For
strategic risks, a filtering and reporting process ensures that the relevant items are
reported to the Risk Management Committees and are then reviewed by the relevant
boards.

3. Governance of Information Technology
3.1. The Board should be responsible for information technology (IT)
governance
The written charter of the board records its responsibility for IT governance, and it
discharges this duty by monitoring reports on IT governance related matters
provided by the Audit and Risk Committees.
3.2. IT should be aligned with the performance and sustainability objectives of
the Company
As an ICT company, technology is core to the business of Vodacom.
3.3. The Board should delegate to management the responsibility for the
implementation of an IT governance framework
A Board approved technology governance framework is in place as well
as a Technology Governance Charter. The Board has delegated to
management the responsibility for the implementation of technology
governance. The CEO is the individual responsible for the management
of technology governance.

3.4. The Board should monitor and evaluate significant IT investments and
expertise
Vodacom has a capital expenditure review board which reviews and
considers capital expenditure investment, which includes investment in
technology. A summary of investments considered by the capital
expenditure board is reviewed by the ARC Committee as an when
investments in technology are required.
3.5. IT should form an integral part of the Companys risk management
This is embedded in Vodacoms risk management programme and risks
are reviewed on a quarterly basis at the Risk Management Committee
meetings.
3.6. The Board should ensure that information assets are managed effectively
9

Technology assets are managed through the sponsorships of the office of
the Chief Technology Officer who has the responsibility to manage
technology assets effectively.

3.7. A Risk Committee and Audit Committee should assist the Board in
carrying out its IT responsibilities
Both the Risk and Audit Committees assist the board in carrying out its IT
governance responsibilities, as required by their written charters.

4. GOVERNANCE WITH LAWS, RULES, CODES AND STANDARDS
4.1. The Board should ensure that the company complies with applicable laws
and considers adherence to non-binding rules, codes and standards
Compliance with laws, standards and codes forms part of
Vodacoms key business principles: The board has determined that
compliance with laws is the minimum standard of conduct, is made aware
of applicable laws and regulations and voluntary codes by the company
secretary, and monitors compliance/adherence through the Audit
Committee which receives reports from the internal audit department
following its annual legal compliance audit.
4.2. The Board and each individual director should have a working
understanding of the effect of the applicable laws, rules, codes and
standards on the Company and its business
Vodacom has a dedicated legal and regulatory division who assists the
board in its understanding of applicable laws, rules and codes as these
affect the business of Vodacom.
4.3. Compliance risk should form an integral part of the Companys risk
management process
Compliance risk is a key area of focus of the companys risk management
programme, and business unit heads actively consider regulatory
compliance when compiling and annually reviewing the risk registers for
their business units.
4.4. The Board should delegate to management the implementation of an
effective compliance framework and processes
A Chief Officer: Legal and Regulatory has been appointed and he and his team
assist with the management and implementation of an effective compliance
framework. This includes the following:
10

Engaging with the various communications administrations and regulatory
authorities;
Advising and assisting the organisation with the management of
applications for new licences and overseeing compliance with licence
conditions and obligations;
Commenting on communications legislations and other laws relevant to
the industry;
Monitoring, developing and providing awareness training on policies and
procedures to ensure compliance with laws, regulations, codes and
various standards applicable to the Groups operating companies; and
The legal compliance programme includes anti-corruption, money
laundering and terrorist financing (anti-CMT) compliance.

5. GOVERNING STAKEHOLDER RELATIONS
5.1. The Board should appreciate that stakeholders perceptions affect a
companys reputation
Vodacoms brand and its reputation as a company is of paramount importance to
the Board. The Social and Ethics Committee, a committee of the Board, focuses on
efforts in relation to:
Maintaining good relations with consumers
Maintaining good relations with employees
Protecting the environment and promotion of health and safety in the
workplace.
Preventing and combating bribery and corruption
5.2. The Board should delegate to management to proactively deal with
stakeholder relationships
The board has tasked management with the responsibility of engaging with the
companys key stakeholders, being customers, shareholders and employees, as
well as suppliers, regulators and community organisations, of devising suitable
forums and communication channels for such interaction and of responding
appropriately following such engagements, in the interests of the Group.
5.3. The Board should strive to achieve the appropriate balance between its
various stakeholder groupings, in the best interests of the company
The board aims to ensure that the interests of the companys different stakeholders
are suitably considered and appropriately balanced, with a view to ensuring the
companys relevance and sustainability.
11


5.4. Companies should ensure the equitable treatment of shareholders
This is also a JSE requirement and every effort is made to treat all
shareholders equitably. Related party transactions with the controlling
shareholder, Vodafone, are handled at Board level where the Vodafone
representatives on the Board are precluded from voting and the Board is
mindful of the JSE Listings Requirements concerning related party
transactions
5.5. Transparent and effective communication with stakeholders is essential
for building and maintaining their trust and confidence
The board and management work to ensure that communication with the
Groups stakeholders is frequent, substantive, transparent and credible,
recognising that such communication leads to trust and mutual respect and
helps to ensure the sustainability of the Group.

5.6. Dispute Resolution
The Board should ensure that disputes are resolved as effectively,
efficiently and expeditiously as possible: The board encourages
management to resolve disputes with customers, suppliers, employees and
regulators in an effective and reasonable manner and in appropriate forums
including alternative dispute resolution mechanisms, having due regard for
contractual and legislative obligations and the best interests of the company.

6. IMPLEMENTAION STRATEGIES AND ACTION PLANNING
Regarding the implementation practices of corporate governance, senior management
was considered to be responsible for corporate governance structures and processes, with
the majority of respondents either agreeing or strongly agreeing with this statement. One
respondent was of the opinion that it is not the job of management to provide oversight of
the implementation of governance measures, but rather to implement these measures
after which it remains the responsibility of the board to ensure that this has been done
properly.
In general, the majority of respondents noted that the cost of ensuring application of
corporate governance measures has been budgeted for. Fourteen percent of respondents
either disagree or strongly disagree that these costs have been budgeted for.
Continued formal learning on corporate governance at board level appears to take place
within a company, with an average of 58 percent of respondents agreeing and 16 percent
12

strongly agreeing that this is the case in the company. It is interesting to note that 53
percent of respondents strongly agree and a further 35 percent agree with this statement,
indicating high levels of learning on corporate governance taking place in the company.
High numbers of respondents either agreed or strongly agreed that the value of good
corporate governance is understood and integrated at all levels in the organisation.

7. SUMMARY, CONCLUSION AND RECOMMENDATIONS
7.1. Summary
Overall, there has been a marginal decrease in the perceived net value of King III in
comparison with King II. 85 % of respondents agreed that the value added to the
organisation by King III has outweighed the effort and resources that application
required in comparison with King II. The format of King III is perceived to be
marginally more user friendly and accessible which the respondents felt it provided
practical examples and contributed to the organisations understanding of the value
of governance
7.2. Conclusion
The King Codes of Governance principles are clearly implemented by the
companys board and has found them to have added value to both the organisation
and to the economy of South Africa as a whole. The primary driver for Vodacom to
apply King III is to demonstrate commitment to corporate governance to external
stakeholders, followed by motivations to enhance the effectiveness and confidence
in the performance of the organisation.
7.3. Recommendations
It is suggested that King III is both user-friendly and accessible, but could
benefit from practical examples and supporting resources.
It is recommended that more detailed guidelines, examples and training
should be specific to the areas of integrated reporting and IT governance.
Also corporate governance should be integrated into companys
management programme curriculum across the board, from the detailed
application of governance principles through to the foundation of ethics and
values that underpin such principles.
Finally, the focus of the board should be making sure that where the
principles are not applied they should be able to explain why, supporting its
decision with companies Act.