Provide about a half-page background of the Organisation, e.g.

where (country, province,

city), what products or services the Organisation provides, which markets are being
targeted, and what operations they have. (5)
The organisation to be studied is Marico South Africa (Pty) Ltd which is a business unit of the leading
Fast Moving Consumer Goods (FMCG) company Marico Limited. Marico Limited is an Indian
multinational FMCG which manufactures and sells consumer products and services related to health,
beauty and wellness. The company’s headquarters are in Mumbai and has various business units
present in over 25 countries across Asia and Africa. Marico South Africa (Pty) Ltd is a business unit
based in South Africa in Kwa-Zulu Natal in Durban. The company specializes in the development and
distribution of haircare, healthcare and baby products in South Africa. The company’s mission is to
provide products that help individuals too look and feel great. The company provides a variety of
brands within each division which target specific different markets. The following products are
offered under each division and their specific target markets:
Hair Care Brands
 Caivil – Premium hair care brand especially formulated for ethnic hair to cater to various hair
care needs.
 Blac Chic - Affordable hair care brand especially formulated to colour, relax, nourish, and style
ethnic hair to achieve desired look.
 Caivil Just for kids – Gentle effective hair care brand formulated to wash and style young hair
and scalps.
 Isoplus – Market leader in styling products formulated predominately for salon use. Styling
products do also cater personal home use.
Health Care
• Hercules – Natural oils and remedies derived from plants to cleanse and boost the body’s immune
system. Hercules is targeted at over-the-counter health care market.
• Ingwe - Herbal remedies and antidotes targeted on individuals who prefer ancient African spiritual
remedies over western
Baby Care
 Unscented and scented products formulated for baby’s delicate and sensitive skin

2. Provide a historical reflection of the Organisation, e.g. when it was started, when and what
the key milestones were, and the main stakeholders (shareholders, senior management,
unions, communities). (5)
History
Marico South Africa (Pty) Ltd was officially established in October 2007. This was after the mother
company, Marico Limited acquired a division from Enaleni Pharmaceuticals whose speciality then
was Consumer Products
The establishment of Marico South Africa Pty Ltd was characterized by a series of key events. The
timeline of the key milestones are as follows:
1989 – A local entrepreneur by the name of DJ Modi launches locally manufactured personal care,
launches locally manufactured personal care brands which are sold in his Moddisons stores in Kwa
Zulu Natal

2001 – The Moddisons Stores are bought by the owner (Trevor Edwards) of the Nu-Clicks Group
who are well known for their renowned store called Clicks. The Nu Clicks group keeps Moddisons
rage of personal care products under the trading name of Modex Cosmetics
2004 – Modex Cosmetics acquires a premium hair brand called Caivil which formulated for ethnic
hair to cater to various hair care needs.
2004 – Modex Cosmetics acquires complimentary products from the Health Care division from
Hercules who specialize in natural oils and remedies derived from plants to cleanse and boost the
body’s immune system.
2005 – Nu Clicks group owner, Trevor Edwards acquires Reckit Benckiser factory which
manufactures and sells health, hygiene and home products. He then changes the factory name to
Enaleni Pharmaceuticals
2006 - Modex Cosmetics changes its name to Enaleni Pharmaceuticals (Consumer Division)
2007 – Enaleni Pharmaceuticals Consumer Division is to be sold and put up for bid. Marico Limited
is announced as the successful bidder amongst other major companies. The agreement is finalized
and Marico Limited officially owns Enaleni Pharmaceuticals Consumer Division which is then
registered as Marico South Africa Pty Ltd.
2010 - Marico South Africa Pty Ltd acquires Ingwe which are herbal remedies and antidotes from
Guideline Trading
2017 - Marico South Africa Pty Ltd acquires Isoplus, the market leader in ethnic hair styling
products
The main shareholders, members of board, managers of Marico Limited and Marico South Africa (Pty) Ltd is as follows:

Shareholders -Marico Ltd

Harsh Charandas Mariwala(46.7%) ,First Sentier Investors (Australia) IM Ltd(5.44%) Life Insurance Corporation of India, Others( 48.77%),

Members of Board - Marico Ltd

Harsh Charandas Mariwala(Non-Executive Chairman), Ananth Sankaranarayanan (Independent Non-Executive Director), Milind
Barve(Independent Non-Executive Director), Rajeev Vasudeva(Independent Non-Executive Director), Saugata Gupta (Chief Executive Officer,
MD & Executive Director)

Managers - Marico Ltd

Saugata Gupta(CEO, MD, Executive Director), Pawan Agrawal (Executive Vice President & Head Finance), Vrijesh Nagathan(Chief IT Officer),
Shilpa Vohra (Chief R & D Officer), M.A Vinay(Compliance Officer), Somasree Awasthi (Chief Marketing Officer)

Managing Director - Marico South Africa Pty Ltd

John Mason is responsible for the FMCG Business in South Africa and Sub-Saharan Africa. He reports to Saugata Gupta, CEO of
Marico Limited.
3. Perform a Porter’s Value Chain Analysis of the Organisation. (5)

4. Perform a SWOT (Strengths, Weaknesses, Opportunities and Threats) analysis for the
Organisation. Use this to describe 5 Opportunities and threats in more detail. Use PESTLE
(Political, Economic, Social, Technological, Legal and Environmental factors) inside each of
the quadrants of the SWOT Analysis. (10)

STRENGTH WEAKNESSES

 Company has Research & Development  Dependence on 1 factory in KZN to

division which ensures products are distribute to the whole of South Africa
constantly improved and new products are  Marico is renowned for ethnic hair
formulated to target new markets. products which might make it difficult to
 Caters to a variety of markets eg hair care, penetrate to other hair type groups or
health care and baby products expensive markets
 Present in more than 25 countries and 3
continents which makes it an internationally
recognized company.
 Loyal customers
Pestle
 Technological – Company currently
prioritizes and invest in R & D to drive
competitive edge and sustain market leader
status.
 Environmental – Marico SA Pty Ltd conforms
to environmental and Health and Safety
statutory requirements.
 Legal - Compliance to statutory requirements
gives a competitive edge.

OPPORTUNITIES THREATS

 Deploy and commission factories in other  Business fluctuates according to seasons.

provinces to curb product transportation
costs which are currently high due to fuel
hikes.
 Acquisitions of complimentary hair
businesses such as wigs, synthetic hair, blow
dryers, straighteners etc
 The company can seek to penetrate male
market as well by creating products for skin
care
Pestle
 Technological – With the world moving to
digitalization, Marico SA Pty Ltd can consider
 Competition from existing and upcoming
ethnic hair care products(eg
Afrobotanics, P & G, Dark & Lovely etc.)
 Emergence of new methods to manage
ethnic hair (e.g silk presses have become
the preferred metjod to straighten ethnic
hair as opposed to traditional hair
chemical relaxers)
 Evolving nature of cosmetic industry
forces the company to be upto date with
new developments. Failure to do so can
result in the company being elliminated
 creating an online store as well social media Pestle
advertising to ensure all markets and spaces
 Social – Customers are becoming more
are occupied
knowledgeable about ethnic hair and
 Social – Customers appreciate hair products
therefore conscious about self-
that are natural and easy to use therefore
formulating suitable hair products.
opportunities exist to expand natural and
 Political – Customers are generally
organic range
gravitating towards brands that share
 Environmental – Take on environmental and
similar values and have increasingly
sustainable solutions within company
become more conscious of political
processes. Such initiatives can include
stances that brands share. This was
packaging FMCG goods in recyclable
evidenced in 2020 when Clicks published
containers instead of plastic.
a racist advert which caused an uprise
 Environmental - Develop and formulate new
within the black community, resulting in
products using less hazardous materials (eg
880 of the stores shutting down
find means to omit peroxides and sulphates
 Environmental – Customers are
in formulations which are hazardous to
gravitating more towards hair products
people)
that are organic and natural. This will be a
 Environmental – Seek for less energy
problem if most or some formulations
intensive processes
still contain harsh chemicals.
 Technological – Given the current state of
 Economic – Unstable fluctuating
electricity crisis in South Africa, Marico can
economy may give rise to higher inflation
investigate on alternative technologies which
rates, tax rates, interest rates, energy
will not affect plant availability and
rates etc. Interest rates directly affect
downtime
capital expenses, while interest

5. Review of textbook, ISO Standard, recent journal or conference papers (at least three) which
you will use to evaluated / audit the existing risk management processes / procedure against.
(10).
 Textbook - CHAPTER 5 AUDITING RISK ASSESSMENT AND RISK MANAGEMENT PROCESSES
William R. Kinney, Jr
The textbook outlines the risk management approach to control the risk that can be
generally applied. Seven components of the risk management are key to create a framework
that organizations can adopt to address risks to achieve the desired objectives. The chapter
emphasizes the role of internal auditors to create and add value to the organisation by
incorporating a risk management process. The chapter also aims to outline the minimum
requirements for an internal auditor to assume this role.
 ISO 31000
The ISO 31000 is an international standard intended to govern risk management activities
within organisations. The standard acts as a guideline on the principles of Risk Management
that allow organisations treat risks, mitigate internal and external threats and improve risk
management. The ISO 31000 can be applied and tailored to suit any country, business and
industry.
. Review the existing risk management processes and procedure against the selected standard (25)
3 Principles

ISO 30001 Standard Requirement How was the Comments on clauses and sub clauses
Clause Nr clause?
addressed

3a Risk management creates

and protects value.

3b Risk management is an Well Reviewed Item 3 - Governance Structure (3). Structure shows how activities, management
integral part of all Defined and risks are integrated
organizational processes.

3c Risk management is part of Inadequate Reviewed item 3- Defined how Ex-Com is responsible for managing risk management and
decision making. other responsibilities however have not addressed how it will help with decisions such as
risks to be accepted or avoided

3d Risk management explicitly

addresses uncertainty.

3e Risk management is Well Reviewed item 4 -Risk management process manages risks in a systematic using ISO
systematic, structured and Defined 31000:2018 as a guideline
timely

3f Risk management is based Well Reviewed Item 4.1 states risk identification of risks is performed based on internal ideation,
on the best available defined industry and market research, scanning the external environment, inputs from Annual
information Operating Plans and Long-term strategy and Leadership inputs

3g Risk management is tailored. Well Reviewed Item 3 - Risk management tailoring illustrated on Governance Structure.
defined Structure shows how activities, management and risks are integrated. The structure
however has not illustrated external context

3h Risk management takes Well Reviewed 1.1: objective states how risk management is integrated in the culture and
human and cultural factors defined strategic decision making in the organization.
into account.
 Reviewed item 3.2 - Ex com responsible to develop risk intelligent culture

3i Risk management is Well Reviewed item 3.1: Board will meet at least once a year and committee will act as forum for
transparent and inclusive. Defined discussion, risk owner reports to risk coordinator

3j Risk management is Inadequate Reviewed Item 4.4: The risk process states Ex- com conducts a risk review on an annual
dynamic, iterative and basis to identify new risks however this may not be an effective way to manage new urgent
responsive to change risks which have a high likelihood of occurring before the annual meeting

3k Risk management facilitates Well Reviewed item 1.3: The Company’s internal audit carries out reviews and the internal
continual improvement of the defined control advisory activities aligned to the key risks and their mitigation plans
organization.

4.Framework

ISO 30001 Standard Requirement Defined Comments

Clause Nr

4.2 Mandate and commitment Inadequate Reviewed Item 3.1: The board shall define the risk management policy and critically review the
risk governance and monitoring mechanism. However, does not state how policy will be
endorsed

Defined Reviewed Item 3.2: Sates that the primary responsibility of the Ex-Com shall be implementing
the Risk Management Policy within the Company and developing a risk intelligent culture that
helps improve organization resilience to critical business risks

Inadequate Reviewed Item 1.1: Organization objectives not defined. Only risk management objectives
defined.

Inadequate Reviewed Item 6: States RMC may conduct a performance evaluation however does not
address what performance indicators/metrices will be used

Defined Reviewed Item 8: Policy complies to Sebi, Companies Act 2013 and ISO 31000:2018

Defined Reviewed Item 8.1.1: Responsibilities assigned to board of directors, RMC, Managers

4.3.1 Understanding of the
organization and its context
4.3.2 Establishing risk
management policy
Not Defined Capital, time and processes resources not allocated to risk management
Not defined Reviewed Item 4.4.1: Meetings are used as source of communication however benefits are not
defined
Defined Reviewed item 5c: states RMC is responsible to periodically review the risk management policy,
at least once in two years, including by considering the changing industry dynamics and evolving
complexity.
Not defined External
4.3.1 a) External context not evaluated.
4.3.2 b) Key drivers not identified not evaluated.
4.3.2 c) Relationships with stakeholders not defined.
Defined Internal
Reviewed Item 3: Governance structure adequately addresses roles and responsibilities
Defined Reviewed Item 1.3: Policies and objectives defined
Not defined Capabilities – Resources not addressed
Information systems not addressed
Organization culture and stakeholder relationships defined under item 3 (Governance Structure)
Reviewed Item 2 and Annexure 8.1: Addresses standards and regulatory requirements
Contractual relationships not included
Inadequate -Reviewed policy: Organizations rationale well defined
-Reviewed Item 1.1: Organization objectives not defined. Only risk management objectives
defined therefore link between the two is not made.
-Reviewed Item 3 and 8.1.1: Responsibilities fully described and assigned to board of directors,
 RMC, Managers
-Conflicting interests not addressed
-Commitment to make resources available not defined
- Reviewed Item 6: States RMC may conduct a performance evaluation however does not
address what performance indicators/metrices will be used and does not state how this will be
reported
- Reviewed item 5c: RMC is responsible to periodically review the risk management policy, at
least once in two years, including by considering the changing industry dynamics and evolving
complexity.

4.3.3 Accountability Inadequate -Reviewed Item 3.3: states that ownership of risk identification, monitoring and mitigation shall
rest with the respective functional heads.
-Reviewed Item 3 and 8.1.1: Responsibilities fully described and assigned to board of directors,
RMC, Managers
-Reviewed Item 6: States RMC may conduct a performance evaluation however does not
address what performance indicators/metrices will be used and does not state how this will be
reported
- Reviewed Item 3: Governance structure with levels of recognition from board of directors to
functional heads well identified

4.3.4 Integration into Well Reviewed Item 3 - Risk management well incorporated in Governance Structure. Structure
organizational processes defined shows how activities, management and risks are integrated.

4.3.5 Resources Not defined -Skills, experience and competence not defined
-Resources not defined. Resources adreesed in plan is only people. Capital, time , processes
not explicitly addressed
-Reviewed Item 4 – company follows Enterprise Risk Management framework as per ISO 31000:
2018.
-Reviewed Item 1.3 – States company also has well defined polices, standard operating
procedures and controls in place to minimize and mitigate the financial and operational risks.
- Information systems not addressed

4.3.6 Establishing internal
communication and reporting
mechanisms
4.3.7 Establishing external
communication and reporting
mechanisms
4.4.1 Implementing the framework
for managing risk
4.4.2 Implementing the risk
management process
-Training programmes not defined
Well -Reviewed Item 8.2 (4a) – states the RMC shall be responsible, for compiling and circulating the
defined agenda and papers for the meeting
-Reviewed Item 8.2 (4 f) – States RMC shall report the outcome of all its meetings to the Board
periodically
-Reviewed Item 8.2 (4 e) – states secretary to RMC shall prepare minutes of all meetings of
RMC and shall promptly circulate to RMC and the Board
-Reviewed Item – 4.4.1 – Risk Management activity calendar shows dates for meetings with
different internal stakeholders
Not defined -Reviewed Item5 – states that Business Continuity Plans will be in place as crisis response
mechanisms however does detail reporting actions to stakeholders in event of crisis
Inadequate -Time and strategy for implementing the framework is not defined.
-Reviewed item 3: Governance structure details how risk management will be applied in
functional processes and assigned risk ownership to functional heads
-Reviewed Item 2 and 8: Policy complies to Sebi, Companies Act 2013 and ISO 31000:2018
-Reviewed Item 4 – company follows Enterprise Risk Management framework as per ISO 31000:
2018 to ensure decision making is aligned with the outcome of risk management processes
-Information and training sessions not defined
-Reviewed Item – 4.4.1 – Risk Management activity calendar shows periodic dates for meetings
with different internal stakeholders to ensure risk management framework remains appropriate
Clause 5
 4.5 Monitoring and review of the - Reviewed Item 6: States RMC may conduct a performance evaluation however does not
framework address what performance indicators/metrices will be used
-Reviewed item 8 (5c) – states the company will periodically review the risk management policy,
at least once in two years, including by considering the changing industry dynamics and evolving
complexity.
-Reviewed item 3.1 – states audit committee shall be entrusted with the responsibility of periodic
evaluation of risk management program

4.6 Continual improvement of the Well Reviewed item 6b states the Board may critique evaluations done by RMC and suggest suitable
framework defined changes to improve effectiveness

5. Process
ISO 30001 Standard Requirement Definition
Clause Nr
5.2 Communication and consultation Not defined -Consultative team and their responsibilities not defined

5.3.2 Establishing the external context Not defined External

4.3.1 a) External context not evaluated.
4.3.2 b) Key drivers not identified not evaluated.
4.3.2 c) Relationships with stakeholders not defined.

5.3.3 Establishing the internal context Inadequate a) Reviewed Item 1.1: Organization objectives not defined. Only risk management
objectives defined therefore link between the two is not made.
b) -Reviewed Item 1.1: states risk policy ensures achievement of the Company’s
vision and strategic priorities in line with its core values;
c) No procedure incorporated to ensure opportunities are recognized
--Reviewed Item 3: Governance structure with responsibilities adequately
addresses roles and responsibilities
-Reviewed Item 1.3: Policies and objectives defined
-Capabilities – Resources not addressed
-Information systems not addressed
-Organization culture and stakeholder relationships defined under item 3
(Governance Structure)
-Reviewed Item 2 and Annexure 8.1: Addresses standards and regulatory
requirements
-Contractual relationships not included

5.3.4 Establishing the context of the - Reviewed Item 1.1: Risk management objectives and goals defined
risk management process
- Reviewed Item 3:Governance structure adequately addresses roles and
responsibilities
-Reviewed item 4.2 – states risks are rated in terms of High, Medium and Low
scales based on two parameters (impact and likelihood)
-Scope of risk management activities with inclusions and exclusions not defined
 -Products and services not defined in terms of time and location
-Reviewed Item 3: Governance structure adequately addresses relationships
between processes and activities of the organization
- Reviewed Item 4 – company follows Enterprise Risk Management framework as
per ISO 31000: 2018 to ensure decision making is aligned with the outcome of risk
management processes
- Reviewed Item 6: States RMC may conduct a performance evaluation however
does not address what performance indicators/metrices will be used
-Decisions to be made not specified and identified

5.3.5 Defining risk criteria -Reviewed Item 8.3 states risk impact is measured in terms of financial and non-
financial parameters
-Reviewed Item 8.3 states risk likelihood is measured by probability of occurrence
of risk event
-Timeframe of the likelihood and consequence not defined
-Risk level and levels at which risks become acceptable or tolerable not defined
-Views of stakeholders not defined
-Combinations of multiple risks not defined

5.4.2 Risk identification Defined -Reviewed Item 4.1 states risk identification of risks is performed based on internal
ideation, industry and market research, scanning the external environment, inputs
from Annual Operating Plans and Long-term strategy and Leadership inputs

5.4.3 Risk analysis Defined Reviewed Item – 4.2 states risk assessment is based on two parameters – risk
impact and risk likelihood which are then rated in terms of High, Medium and Low
scales

5.4.4 Risk evaluation Inadequate Reviewed item 4.2 and Annexure 8.3: states at the end of the risk assessment and
evaluation, top 10 risks at prioritized for monitoring and review however risk criteria
 does not shows outcome criteria of the combined impact and likelihood.

5.5.2 Selection of risk treatment Not Defined Risk treatment plan, risk levels and effectiveness of treatment not defined
options

5.5.3 Preparing and implementing risk Inadequate Reviewed Item 4.3 states who is accountable for implementing plan, proposed
treatment plans actions to be taken, result metrices which represent outcome of the efforts on risk
plan, reporting of status by risk owner to risk coordinator and time (3 years) in
which each metric is feasible. The treatment plan however does not include
resource requirements including contingencies

5.6 Monitoring and review -Reviewed Item 4.4 states status of mitigation of the top 10 strategic and business
risks are monitored by the Ex-Com
-Reviewed Item 4.4 states the Ex-Com also conducts a risk review exercise on an
annual basis. Risk reviews ensures identifying any new risk, modifying existing
risk, scanning external environment for emerging risk and accordingly updating the
priority for risks.
-Reviewed item 4.4 states The Risk Coordinator tracks status of mitigation plan for
key risks which is reported to senior management. This however does not state
how it will be recorded and reported

5.7 Recording the risk management Not defined Records to be used in recording risk management process not defined
process

The Risk Management Policy of Marico is reviewed against the selected standard
7. Identify the gaps and make recommendations to improve the risk management plan. (25)
8. Provide conclusions for your analyses. (12)
9. References and referencing. (3)
Fig. 2. Porter’s value chain of manufacturing.

The primary subsystems are:

1. Inbound logistics – involve relationships with suppliers and include all the activities required to
receive, store, and

disseminate inputs.

2. Operations – are all the activities required to transform inputs into outputs (products and
services).

3. Outbound logistics – include all the activities required to collect, store, and distribute the output.

4. Marketing and sales – activities inform buyers about products and services, induce buyers to
purchase them, and facilitate their purchase.

5. Service – includes all the activities required to keep the product or service working effectively for
the buyer after

it is sold and delivered.

The support subsystems are:

1. Procurement – is the acquisition of inputs, or resources, for the firm.

2. Human resource management – consists of all activities involved in recruiting, hiring, training,
developing,

compensating and (if necessary) dismissing or laying off personnel.

3. Technological development – pertains to the equipment, hardware, software, procedures and

technical knowledge

brought to bear in the firm’s transformation of inputs into outputs.

4. Infrastructure – serves the company’s needs and ties its various parts together, it consists of
functions or departments

such as accounting, legal, finance, planning, public affairs, government relations, quality assurance
and general management

SWOT