To support the vision for enhanced Corporate Governance integral to the “Bapco of Tomorrow,” the Bapco Board of Directors established a “Corporate Governance Division” bringing together the Internal Audit, Enterprise Risk Management, and a newly formed Compliance Department under one umbrella. While the Departments continue to maintain independence in line management, work processes and outputs, they will benefit from enhanced sharing of Risk, Compliance and Controls matters to ensure Bapco’s Internal Audit Department is informed by robust Risk Assessment processes and Compliance requirements.

The Corporate Governance Division is headed by a newly appointed “Chief Audit, Risk and Compliance Officer” (CARCO) role reporting to the Bapco Board Audit and Risk Committee (BBARC) to maintain independence from Executive Management.

With support from the BBARC and Executive Management, the Corporate Governance Division has made significant progress in enhancing Bapco’s Governance, Risk and Controls through:

1. Development of a 3-Year Internal Audit and Cyber/Information Security Audit Plan with a sustainable Risk Model to analyse Bapco Divisional risks.
2. Completion of Risk Workshops across all Bapco’s Departments and Divisions to enhance Enterprise Risk Management (ERM) across the company.
3. Development of Risk and Control registers and Risk Matrices at Divisional and Enterprise Levels.
4. Establishment of a joint Risk Management Task Force to oversee Bapco Modernization Programme (BMP) risks.
5. Completion of a Compliance Gap assessment against all applicable laws and regulations affecting Bapco, along with a Compliance self-assessment process and reporting process.
6. Review of Cyber Security risks across Information Technology (IT) and Operating Technology (OT) and development of a Bapco Cyber Audit Plan.
7. Development of key Governance Policies, Procedures and Systems covering Whistleblowing, Conflict of Interest, and Counterparty Due Diligence (Know Your Customer).

The Corporate Governance Division was fully resourced by the end of 2022, and begins 2023 with a Board-approved Audit Plan to evaluate the effectiveness of Internal Controls, Risk Management, and Governance processes across Bapco.