HealthPlus Retail Group — Risk Analysis & Mitigation
A structured risk register and the mitigation measures covering market, operational, financial, regulatory, supply-chain and execution risks.
Section 12 · Business Plan
Risk Analysis & Mitigation
A structured risk register and the mitigation measures covering market, operational, financial, regulatory, supply-chain and execution risks.
12.1 Risk Management Framework
HealthPlus operates an enterprise risk management (ERM) framework
aligned to ISO 31000 and the King IV principles on risk governance.
Risks are identified, scored on a 5×5 likelihood-impact matrix,
mitigated through documented controls, and reviewed monthly by the
executive team and quarterly by the Audit & Risk Committee. The
framework distinguishes between strategic, operational, financial,
regulatory, technology and macro risks.
dominated by three things: regulation, currency, and pharmacist supply.
Everything else is manageable.
12.2 Risk Heat Map
Figure 12.1 plots the twelve principal residual risks
(post-mitigation) on the standard likelihood-impact heat map. Five risks
are classified as High residual (red); seven as Medium (amber); none as
Low (green) — a deliberate framing, since material risks should never be
characterised as Low to a sophisticated investor audience.
12.3 Risk Register
The full risk register is set out below. Each risk is identified by a
unique reference (R1–R12), classified, scored on inherent and residual
basis, and assigned a named mitigation owner. The register is a living
document; this presentation reflects the position at financial
close.
| ID | Risk | Category | Inherent | Residual | Owner |
|---|---|---|---|---|---|
| R1 | NHI implementation alters dispensing economics | Regulatory | High | High | CPO |
| R2 | Single-Exit Price (SEP) regime tightens | Regulatory | High | Med | CPO |
| R3 | Pharmacist labour shortage caps store rollout | Operational | High | High | CPO / CHRO |
| R4 | ZAR depreciation against USD (import inflation) | Macro / FX | High | Med | CFO |
| R5 | Load-shedding disrupts cold-chain & operations | Operational | High | Med | COO |
| R6 | Major data breach / cyber incident | Technology | Med | Med | CTO |
| R7 | Aggressive incumbent price war | Competitive | Med | Med | CCO |
| R8 | Site availability slows expansion | Operational | Med | Med | COO |
| R9 | Private-label quality / recall event | Operational | Med | Med | CPO |
| R10 | Civil unrest / supply chain disruption | Macro | High | High | COO |
| R11 | Funding-market pricing widens | Financial | Med | Med | CFO |
| R12 | Key-person dependency on founding executives | Governance | Med | Med | CEO / Board |
Table 12.1 — Risk register summary
12.4 Principal Risks & Mitigation Strategies
12.4.1 R1 — National Health Insurance (NHI)
The NHI Act, signed in 2024, contemplates a single-payer fund
replacing private medical schemes for “comprehensive” services.
Implementation is phased over 8–12 years and subject to ongoing
constitutional and operational challenges. Net effect on retail pharmacy
is uncertain but plausibly positive (broader population access,
formulary-driven volume) if dispensing fees remain economically
viable.
12.4.2 R3 — Pharmacist Labour Supply
South Africa produces ~800 new pharmacists annually against
retail-sector demand for ~2,400 incremental positions through Y5 across
all chains. This is the single most binding operational constraint on
the rollout plan.
12.4.3 R4 — ZAR Currency Depreciation
Approximately 38% of cost of goods is USD-linked (international
beauty brands, pharmaceutical APIs, technology). A 10% ZAR depreciation
translates to ~3.8 ppt of gross margin pressure if unmitigated.
12.4.4 R5 — Load-Shedding
Eskom load-shedding has been a structural feature of South African
operations since 2008. Pharmacies face dual exposure: cold-chain
integrity (vaccines, insulin, biologics) and point-of-sale
availability.
12.4.5 R10 — Civil Unrest / Supply Chain Disruption
The July 2021 KZN/Gauteng unrest demonstrated the asymmetric impact
of civil disruption on retail. HealthPlus has architected its supply
chain explicitly to absorb this risk class.
12.5 Insurance Programme
A comprehensive corporate insurance programme is procured at
financial close, structured across six policy lines and reviewed
annually by an independent broker.
| Policy | Limit (ZAR) | Insurer Type | Notes |
|---|---|---|---|
| Property all risks | 4.5 billion | Composite local + reinsurance | Including stock and IT |
| SASRIA (riot & strike) | 2.0 billion | Government scheme | Maximum statutory cover |
| Business interruption | 1.8 billion | Composite | 12-month indemnity period |
| Public & products liability | 500 million | Composite | Worldwide ex. US/Canada |
| Directors & officers | 250 million | Composite | Listing readiness aligned |
| Cyber liability | 150 million | Specialist | POPIA + GDPR coverage |
Table 12.2 — Insurance programme structure
12.6 Crisis Management & Business Continuity
A formal Business Continuity Management (BCM) framework — aligned to
ISO 22301 — is implemented in Y1 and tested via tabletop exercises
bi-annually. The framework defines recovery time objectives (RTO) for
each critical business function, named crisis-team roles, and
pre-authorised expenditure thresholds for crisis response.
No business plan eliminates risk; the credible plans price it.
HealthPlus prices each principal risk explicitly into store-level capex,
working-capital buffer, insurance premium, and headroom on the capital
stack. The Downside scenario in Section 10.10 reflects the simultaneous
occurrence of three of the High-residual risks above and still delivers
a 14.2% equity IRR — evidence that the plan is robust to realistic
stress.
Confidential — this business plan is provided to prospective investors and lenders for evaluation purposes only and may not be reproduced or distributed without the written consent of HealthPlus Retail Group (Pty) Ltd.