Famous Brands Logo

Integrated Annual Report

Governance

Technology governance

Technology governance

Famous Brands recognises technology as a key enabler across all areas of the business - enhancing operations, driving digital innovation, and delivering customer-centric experiences. Our IT governance framework ensures that strategic alignment, executive oversight, and portfolio prioritisation are in place to support this vision. Learn more about our consumer-facing and enterprise technology initiatives here.

Governance hierarchy model

The IT governance model provides structured oversight across strategic, portfolio, and operational levels. Anchored by the Executive Committee, the framework includes tiered steering committees and specialist boards to drive alignment, manage risk, and ensure value delivery. It is supported by robust planning, project management, and cybersecurity practices.

In 2025, we reviewed our governance hierarchy model and will be introducing the following committee and boards, which will report to the IT Steering Committee in 2026:

Portfolio Steering Committee

Oversees the project pipeline, resource allocation, risk assessment, and project health, ensuring that investments deliver maximum business value. Ensures that the selection and prioritisation of IT projects are aligned with organisational strategy and resources.

Enterprise Architecture Review Board

Provides a forum for stakeholders to assess and align on architectural decisions, ensuring that proposed solutions support the Group's strategic goals and adhere to established standards.

Technical Review Boards

Evaluate technical proposals and solutions, enabling stakeholders to ensure alignment with best practices, mitigate risks, and support the Group's overall technical strategy.

Processes and procedures

Several policies govern what constitutes the appropriate use of IT resources and infrastructure. They include rules for using the internet, email, company systems, buying and disposing of IT equipment, and creating passwords.

The Group's IT Steering Committee oversees IT governance, with the Board providing direction through the Audit and Risk Committee. This committee meets quarterly to discuss subjects outlined in its Charter document, including the alignment of annual IT strategic objectives with overall business objectives, prioritisation of projects, IT policy reviews and implementation, and our annual IT security plan, among other matters. It also performs bi-annual reviews of the disaster recovery plans and business resumption contingencies.

In addition, the IT Steering Committee holds weekly IT feedback sessions with Exco to facilitate better alignment, update them on current technology team projects, and inform them about the IT security plan, including any potential IT matters that may disrupt business operations. Our IT teams have the following core responsibilities:

  • Application development and support.
  • Data and information.
  • Technology infrastructure and support.
  • IT security and governance.
  • Enterprise architecture and integration.
  • Project management office.

Technology projects for 2025

In 2025, the Audit and Risk Committee monitored the implementation of the following critical technology projects:

  • Execution of the 2025 IT security plan to enhance the Group's cybersecurity profile.
  • Conversion of Wimpy UK to SAGE3 and the SAGE300 HR system.
  • Conversion of several manufacturing plants to SAGE 300.
  • Implementation of the new warehouse management system in the last distribution centre.
  • Introduction on a high-availability data centre solution to build data resiliency.
  • Rolling out consumer-technology initiatives.
Read more here.

" Famous Brands will continue to consolidate and simplify its IT environment to enable innovation and scale. We are working towards becoming a Gartner Level 4 organisation, with a focus on being project-capable, with the expectation that our technology projects and programmes will contribute significant business value. "

The Audit and Risk Committee will monitor critical technology projects planned for 2026. These include:

  • The implementation of the 2026 IT security plan, with a focus on improving the cybersecurity profile in key African markets.
  • Building our data analytics and business intelligence capabilities by introducing best-practice data warehousing.
  • Monitoring the project to review and improve our franchise partner online ordering system.
  • Improve our data resiliency by implementing backup technology enhancements.

Compliance

Our Legal Department ensures compliance with relevant legislation and regulations, as well as anticipated regulatory changes. Famous Brands has a Legal and Regulatory Compliance Framework that maps legislation across each of its business units. The Social and Ethics Committee approved the framework in May 2024. Famous Brands has registered with the Compliance Institute Southern Africa and now receives regular updates on legislative developments. We are implementing a compliance software tool to support our compliance assessments and monitoring of compliance levels.

The Legal Department provides regular reporting (monthly, quarterly, bi-annually and annually) to advise management on:

  • The status of compliance and effectiveness of the compliance programme.
  • Efficacy of controls in high-risk business areas.
  • New, or changes to, regulatory obligations.
  • Identify control issues or potential problems and recommend remedial measures.

The Social and Ethics Committee oversees the Group's governance and compliance matters. In 2025, the Committee considered the implications of the Companies Amendment Act and potential mandatory sustainability regulations.

Read more here.

Department of Labour and Employment and Department of Home Affairs inspections

In September 2024, the Department of Employment and Labour and the Department of Home Affairs conducted unscheduled nationwide labour inspections of more than 2 000 restaurants. The focus of the inspections was to identify possible employee exploitation and employment of illegal non-South African employees.

Leading Brands stores made up 15.7% of the restaurants inspected and had a compliance rate of 99.2%. Any challenge highlighted during the inspections was the high incidence of identity fraud. Support and awareness training on labour compliance was provided to franchise partners. Immediate action was taken with the restaurants that were non-compliant. We also commissioned a third-party to conduct an annual audit of labour practices to improve compliance levels.

JSE Listings Requirements

The Board considered the following changes to the JSE Listings Requirements:

  • Boards are required to conduct a fit and proper assessment of potential Board appointments, including an independent investigation into the background and qualification verification of each person prior to their election to the Board.
  • Trading statements – Listed companies can now approach the JSE to permit a wider range of financial forecasting in trading statements, provided the range translates into a small number.

POPIA compliance

We have processes and procedures to ensure ongoing compliance with POPIA and monitor our POPIA compliance through Data Protection Agreements (DPAs), training and regular reviews. We have implemented data protection activities across all SADC and AME entities' territories, including training. This is supported by a Retention of Records Policy. There are POPIA information officers at all South African subsidiary entities, who are registered with the Information Regulator.

Promotion of Access to Information Act (PAIA)

We reviewed and updated our PAIA manual. There were no requests for information in terms of PAIA recorded for 2025.

Extended Producer Responsibility

South Africa's Extended Producer Responsibility regulations came into effect in May 2021. Famous Brands has registered with various producer responsibility organisations and is paying over levies as per the schedules

Read more here.

NOSA compliance

Famous Brands achieved 100% NOSA compliance across all plants, with no plants receiving a rating lower than three stars.

Focus areas for 2026

Our planned future focus areas include:

  • Implement and roll out the Legal and Regulatory Compliance Framework and Governance, Risk and Compliance tool within the Group.
  • Develop and implement a legal and regulatory compliance programme.

Combined assurance

The Audit and Risk Committee supports the Board in implementing the combined assurance model across the Group.

The Committee monitors Famous Brands' internal control system, which is designed to assess, manage, and offer reasonable assurance against significant misstatement and loss. The Audit and Risk Committee works with the Group Risk Executive to ensure that risks and opportunities are accurately recognised, evaluated and quantified. Divisional management supports the Board through the Group Risk Forum.

The Group's combined assurance model enhances the assurance obtained from management and internal and external assurance providers, while developing a strong ethical environment and mechanisms to ensure compliance.

The Internal Audit and Risk departments ensure adequate controls are in place. As part of the annual external audit, KPMG Inc evaluates certain key controls and the accounting treatment of significant transactions and account balances as determined per their risk assessment and approved audit plana. The Group uses a GRC tool with a built-in combined assurance reporting module.

Internal audit

In 2025, Famous Brands conducted 14 internal assurance audits across the Group (2024: 10). Internal resources were responsible for 71% of these audits (2024: 90%).

The audit approach for the year was narrow and deep, with a key focus on key strategic projects, general financial controls and subsidiaries. Internal audit adopted the new Global Internal Audit Standards that came into effect in January 2025.

Company Secretary

Celeste Appollis, the Company Secretary, ensures that the Board is aware of its fiduciary duties and that the Board and management execute their functions in accordance with the Limits of Authority Framework. The Board and each director have unfettered access to the Company Secretary. She also facilitates the appointment, induction and ongoing training of all directors.

The Board has evaluated the Company Secretary function as set out by the JSE Listing Requirements and the Companies Act. It is confirmed that Celeste has the required experience and expertise to fulfil the role. The Board is confident that there is an arm's-length relationship between her and the Board, allowing her to execute her role properly. The Board has trust in the arrangement for accessing professional governance services. As the Company Secretary, Celeste can contact the Chairman to express any concerns.

Governance In 2025
Audit And Risk Committee Report