KEY RISKS

The risk of inability to adapt, recover and sustain operations after adverse external events, such as a pandemic or exposure to macro-economic or geopolitical events.

Continuous alignment and ongoing assessments of our strategies, plans and models to ensure that the business is future pandemic and crises proof.

Leveraged on our Recover and Sustain Strategy and an in-depth Corporate Plan in place to provide a framework for managing our post‑Covid-19 recovery and growth to 2030. The principles in the Corporate Plan inform our response to all adverse events.

Established and defined corporate governance structures, systems and procedures that are aligned with the guidelines given in King IV™. These enable us to respond quickly to all sustainability threats and risks.

Long-term financial planning capabilities as well as the ability to adapt our financial planning to accommodate unforeseen events.

Actively manage costs and liquidity.

Partnerships in place to facilitate trade and promote both local and international tourism.

The risk of lack of ability to manage and/or recover from an adverse event with serious environmental, social and/or governance impact.

All our airports are ISO 14001:2015 certified to comply with international environmental management standards.

ESG Framework in place and this is regularly reviewed and updated. All management measures currently in place are being adhered to.

Recover and Sustain Strategy and an in-depth Corporate Plan in place to provide a framework for managing our post-Covid-19 recovery and growth to 2030. The principles in the Corporate Plan inform our response to all adverse events.

Our environmental management programme focuses on energy conservation, climate change mitigation, water usage, waste management, air quality control, noise management and biodiversity. It is a key strategic aim for the Group to become carbon neutral as soon as financially and technologically possible.

Environmental risk is closely monitored and a report on this is presented to the Board on a quarterly basis.

The risk of not being able to maintain ageing infrastructure or develop new infrastructure to enable ACSA to proactively meet demand.

Our infrastructure maintenance and capex programmes, which only had sufficient budget for essential maintenance and pre-contracted capex projects during the Covid-19 pandemic and in the immediate post-pandemic phase, have been resumed.

A total of 1 158 infrastructure refurbishment and maintenance projects are now in progress at all our airports.

Key infrastructure development projects are in progress at all our airports.

The risk of inability to continuously receive supply jet fuel and/or failure to cater Jet fuel to meet the growing demand for air travel and transportation.

Strategic interventions for jet fuel supply have been adopted, and are currently being implemented to ensure supply security across our airports.

We continue to engage with key stakeholders such as airline operators, the Petroleum Industry Association Fuel Forum and state agencies to ensure coordinated efforts.

Jet A1 is predominantly imported into South Africa to bypass refinery constraints.

The risk of acts of unlawful interference with aviation operations.

• In the process of implementing a National Command Centre to monitor aviation security throughout our network.
• Established Multidisciplinary Task Teams to manage aviation security at airport level.
• Deployed a Tactical Crime Prevention and Intervention Unit for the protection of critical assets and infrastructure.
• Conduct threat and vulnerability assessments and criminal network analyses in partnership with the SAPS and other security agencies.
• Continuously scrutinise and follow up on any potential or actual security breaches.
• In the process of replacing the x-ray machines at our boarding gates with Smart Security solutions.
• Implementing behaviour detection screening at all our airports.
• Developing Memorandums of Agreement with law enforcement agencies to detect potential acts of unlawful interference.

The risk of inability to respond to and/or mitigate the impact of electricity disruption (loadshedding, national grid collapse) impacting our airports and stakeholders.

Energy Management Strategy in place and have Energy Management Forums at all of our airports.

In line with our strategic objectives, we are investing heavily in energy and demand management projects.

Large on-site back-up generators in place at all of our airports to provide power during the periods in which we do not have grid electricity.

Our capex budgets include provisions for additional generator capacity, if and as when needed, and our operating budgets allow for the purchase of the diesel required to run them.

All six local airports have solar plants – the last one to be commissioned was KPA in March 2024. Solar farms were designed to reduce reliance on grid electricity and to enable us to manage the impact of loadshedding.

Our Roadmap to Carbon Neutrality includes medium- to long-term solutions intended to enhance our energy security through the use of various forms of renewable energy.

All of our airports will be equipped with alternative energy generation capabilities by 2030.

The Enterprise Asset Management Department has developed a framework to mitigate the risk of the national grid collapsing, should the risk materialise. The framework outlines a six-point response consisting of: (i) prioritising load requirements, (ii) sustaining the load, (iii) maintaining availability, (iv) securing and sustaining supply, (v) engaging with stakeholders, and (vi) monitoring responsibilities and accountability.

The risk of not being able to adopt and deliver innovative, resilient and secure IT platforms and technologies that support our digital transformation and business growth objectives.

IT Infrastructure and Digital Strategy in place, which is aligned with our Knowledge and Innovation Strategy, Enterprise Security Strategy, Enterprise Risk Management Strategy and Business Continuity Framework.

Digital transformation roadmap in place to support this strategy and implementation is ongoing.

Information Management Plan in place, which is monitored by our Information and Communication Technology Committee, and which provides the Board with quarterly reports.

A secure and fit-for-purpose IT architecture in place. This is regularly assessed and updated in order to keep pace with rapid technological developments.

Our digitalisation journey focuses on building, securing, maintaining, and developing an integrated system that is compliant, secure and resilient.

The risk of not being able to protect our digital systems and data from the growing threat of cyber attacks, which could comprise both our ability to operate and our reputation as a trusted airports operator.

Cybersecurity Strategy in place and implementation is constantly monitored.

Best-of-breed digital security systems, both on-site at all of our airports and in the Cloud.

A team of cybersecurity experts on permanent staff, led by a Chief Information Security Officer (CISO).

Monitoring of cybersecurity threats 24/7/365.

Undertake biannual assurance assessments to supplement the annual cybersecurity audits undertaken by the Auditor-General.

Cybersecurity insurance to mitigate against the threat posed by increasingly sophisticated cyber criminals.

Comply fully with the Protection of Personal Information Act (POPIA), the General Data Protection Regulation (GDPR), the Payment Card Industry Data Security Standards (PCI DSS) and the Minimum Information Security Standards (MISS).

Technology security tools in place to prevent data leakages and connectivity incidents.

Use unique usernames and passwords to authenticate and authorise access to systems and information.

Cybersecurity Operations Centre is operational.

The risk of not being able to proactively manage compliance with tax legislation, which could lead to adverse consequences and/or missing out on tax saving opportunities.

New tax compliance and management plan in place that provides for the tax management function to operate effectively and efficiently.

In the process of sourcing the services of a specialised consulting firm to conduct a tax function maturity assessment and to provide recommendations on tax compliance and management.

The risk of inability to manage ACSA contracts and lack of capacity to meet the expected contractual obligations.

Service level agreements in place with all contractors and suppliers. These and all other legal instruments are aligned to the relevant Acts and regulations.

All our service level agreements contain a standard clause that clearly articulates the responsibilities of suppliers and contractors.

Developed procedures for defining, developing and monitoring the delivery of goods and services from contractors and suppliers.

The risk of not being able to protect the business from criminality caused by insiders who have privileged access and are seeking financial gain through fraud and corruption.

Our Enterprise Security Strategy provides for the assessment and management of insider threats.

Continuously assess and update the investigative capacity of our Enterprise Security division.

Stringent vetting procedures for all employees.

Loss Control Policy in place and are in the process of establishing a Loss Control Committee.

Established a fully capacitated Consequence Management Department.