Sign In

Guidelines for the Audit Committee

Print this Guideline

 

1. Purpose

The purpose of this guideline is to assist the Audit Committee in discharging their responsibility for risk management.

An Audit Committee is an independent committee constituted to review the control, governance and risk management within the Institution, established in terms of section 77 of the Public Finance Management Act (PFMA), or section 166 of the Municipal Finance Management Act (MFMA).

2. Application

The guideline is designed to:

·      Provide the Audit Committee with information to enable them to fully understand the roles and responsibilities of their office in terms of risk management;

·       Provide templates to assist the Audit Committee to effectively discharge such roles and responsibilities.

3. How to navigate the guideline

The guideline has been structured according to the sections noted below.  Each of the sections contains underlying information that can be accessed by clicking on the title.

·         Legal mandate and corporate governance (Section 4)

·         Strategic value of the Audit Committee in risk management (Section 5)

·         High level responsibilities of the Audit Committee (Section 6)

·         Evaluation criteria (Section 7)

·         Additional reading / reference (Section 8)

4. Legal mandate and corporate governance

4.1 Legal mandate

Legislating the implementation of risk management in public sector institutions is part of a macro strategy of Government towards ensuring the achievement of national goals and objectives.  The following legislative instruments provide the legal foundation for the Audit Committee's responsibility for risk management:

National Departments

·         Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA);

·         Treasury regulations TR3.1.10;

·         Treasury regulations TR3.1.13.

Constitutional Institutions

·         Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA);

·         Treasury regulations TR3.1.10;

·         Treasury regulations TR3.1.13.

Provincial Departments

·         Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA);

·         Treasury regulations TR3.1.10;

·         Treasury regulations TR3.1.13.

Public Entity

·         Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA);

·         Treasury regulations TR27.1.8;

·         Treasury regulations TR27.1.10.

Provincial Entity

·         Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA);

·         Treasury regulations TR27.1.8;

·         Treasury regulations TR27.1.10.

Municipalities

·         Section 166 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA).

Municipal Entity

·         Section 166 of the Municipal Finance Management Act (Act 56 of 2003) (MFMA).

4.2 Corporate Governance

The institution can draw guidance from the following:

·         King III Report on Corporate Governance;

·         Batho Pele principles.

5. Strategic value of the Audit Committee in risk management

The responsibilities of the Audit Committee with respect to risk management should be formally defined in its charter. The Audit Committee is responsible for oversight of the institution’s control, governance and risk management.  Furthermore, the Committee should provide the Accounting Officer / Authority with independent counsel, advice and direction in respect of risk management. The stakeholders rely on the Audit Committee for an independent and objective view of the institution's risk management effectiveness. 

In this way, the Audit Committee provides valuable assurance that stakeholder interests are protected.

6. High level responsibilities of an Audit Committee

To derive optimal benefits, risk management ought to be conducted in a systematic manner, using proven methodologies, tools and techniques. 

The responsibilities of the Audit Committee with respect to risk management should be formally defined in its charter.  The Audit Committee should provide an independent and objective view of the Institution's risk management effectiveness.

The responsibilities of the Audit Committee, where there is a separate Risk Management Committee, should include:

·        reviewing and recommending disclosures on matters of risk in the annual financial statements;

·        reviewing and recommending disclosures on matters of risk and risk management in the annual report;

·   providing regular feedback to the Accounting Officer / Authority on the adequacy and effectiveness of risk management in the Institution, including recommendations for improvement;

·        ensuring that the internal and external audit plans are aligned to the risk profile of the Institution;

·        satisfying itself that it has appropriately addressed the following areas:

o   financial reporting risks, including the risk of fraud;

o   internal financial controls; and

o   IT risks as they relate to financial reporting.

Where there is no separate Risk Management Committee, the risk management responsibilities of the Audit Committee should be identical to those of the Risk Management Committee.

Furthermore, in discharging its oversight responsibilities relating to risk management, the audit committee:

·   Gains thorough understanding of the risk management policy, risk management strategy, risk management implementation plan, and fraud risk management policy of the institution to enable them to add value to the risk management process when making recommendations to improve the process;

·     Reviews and critiques the risk appetite and risk tolerance, and recommends this for approval by the Accounting Authority / Officer;

·        Reviews the completeness of the risk assessment process implemented by management to ensure that all possible categories of risks, both internal and external to the institution, have been identified during the risk assessment process.  This includes an awareness of emerging risks pertaining to the institution.

·       Reviews the risk profile and management action plans to address the risks;

·       Reviews the adequacy of adapted risk responses;

·       Monitors the progress made with the management action plan;

·       Reviews the progress made with regards to the implementation of the risk management strategy of the institution;

·       Facilitates and monitors the coordination of all assurance activities implemented by the institution;

·      Reviews the process implemented by Management in respect of fraud prevention and ensured that all fraud related incidents have been followed up appropriately;

7. Evaluation

Clear objectives and key performance indicators should be set for the Audit Committee in respect of risk management.  These indicators should be able to measure the Audit Committee's effectiveness in the institution's risk management in contributing to the institution's goals and objectives. 

Insofar as it concerns the responsibilities of the Audit Committee for risk management, the Accounting Officer / Authority should evaluate the performance of the Committee through the following and other relevant indicators:

·       The Auditor-General’s report on the effectiveness of the Audit Committee;

·       The results of the Audit Committee’s own 360° assessment;

·    The Committee’s co-ordination of the work of Internal Auditing, External Audit and other assurance providers in respect of risk management; and

·   The quality and timeliness of the Audit Committee’s counsel and recommendations on matters concerning the system of risk management.

·       The Accounting Officer / Authority

8. Additional reading / reference

A catalogue of additional resources is included below assist the Audit Committee to facilitate the implementation of risk management.

Guidelines: Additional reading / reference

 

Print this Guideline


© Maintained by the National Treasury. All Rights Reserved.