The authority derived from the audit committee provides Group Internal Audit with direct access to the Chairman of the board of directors (“the board”) and Chief Executive of the Company. This relationship, together with the department’s compliance with professional standards, ensures the independence of the internal audit function.
All organisational processes, business operations and support functions are subject to internal audit.
Group Internal Audit has full, free and unrestricted access to activities, records, property and personnel.
Group Internal Audit serves senior management and the audit committee by performing independent appraisals of the adequacy and effectiveness of the Company’s corporate governance, risk management process and system of internal control, thereby assisting executive and senior management in the discharge of their duties and responsibilities.
Audit coverage is established using a risk-based methodology which is continuously updated. The high risk areas, which could have the greatest impact on the Company’s performance, are reviewed more frequently to ensure adequate audit coverage.
Significant control, legislative and regulatory issues, within South Africa and internationally, impacting on the Company are recognised and addressed appropriately.
To serve the Company effectively, Group Internal Audit requires full cooperation from all levels of management. Any restriction of scope will be reported to the Chief Executive and the audit committee.
Group Internal Audit is an independent objective assurance and consulting activity, designed to add value and improve the Company’s operation. It helps the Company to accomplish its objectives by bringing a systematic disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
The primary objectives of the risk management process and internal controls are to:
While the board is responsible for providing effective corporate governance, it is the responsibility of Group Internal Audit to evaluate the adequacy and effectiveness of the risk management process, internal financial controls and the system of internal controls and report thereon to management, the audit committee, the risk committee as well as the board.
Objective results are communicated timeously to operational management. Matters of significance are reported biannually to the audit committee.
Group Internal Audit is responsible for the Company and the Group including the business entities for which the Company or its subsidiaries have management responsibility. This includes all operations within southern Africa and internationally. The internal audit function for international operations may, in consultation with the audit committee, be outsourced to independent service providers in order to achieve cost efficiencies. In these instances the nature, timing and extent of the audits to be conducted will be determined by the Chief Audit Executive. The service provider will submit reports to the management of the unit and the Chief Audit Executive. These will be included in the biannual report to the audit committee. Group Internal Audit will actively coordinate its efforts with the external auditors to optimise overall audit coverage and avoid unnecessary duplication of work.
Group Internal Audit have a responsibility to perform their work in a highly ethical and professional manner and to comply with the Institute of Internal Auditor’s code of ethics and the Standards for the Professional Practice of Internal Auditing. The internal audit function will be subjected to an independent quality assurance review at least once every three years as a measure to ensure the function remains effective. A Group Internal Audit manual, comprising policies and procedures which address quality and consistency in the performance of audit work, is maintained.