Audit Committee

Resource Guide
For related information and guidance, visit the Deloitte Centre for Corporate
Governance website at:

www.deloitte.co.za
Contents
Section 1: Audit committee leading practices and trends......................................3

Section 2: Audit committee composition...............................................................9

Section 3: Key responsibilities................................................................................19

Section 4: Interaction with the independent auditor..............................................46

Section 5: Education and evaluation......................................................................64

Appendix A: Sample audit committee charter...........................................................71

Appendix B: Audit committee planning tool.............................................................84

Appendix C: Audit committee performance evaluation.............................................99

Appendix D: Public sector perspective.......................................................................108

Contacts...............................................................................................115

Audit Committee Resource Guide 1

Section 1

2
Audit committee
leading practices
and trends
Audit Committee Resource Guide 3
The following is a summary of Risk oversight
certain leading practices for audit
committees. It is not all inclusive, • Increase the focus on risk oversight and
assessment.
but it can be used to help assess
• Avoid becoming overly dependent on forms or
audit committee practices and tools for monitoring risk.
to discuss agendas and other • Periodically reassess the list of top risks,
considerations. determining who in management and which
board committee is responsible for each.
• Evaluate information technology (IT) projects,
Committee dynamics including IT milestones and reporting against
them, especially for IT transformation.
• Focus on committee composition, including
• Consider post-acquisition reviews, including
independence, financial expertise, risk
risks, relevant integration milestones, and
management, broad business or leadership
return on investment (ROI) analysis to evaluate
experience, and succession planning.
the reliability of initial acquisition assumptions.
• Limit the number of audit committee members
• Have appropriate leaders in the business
to four or five to optimise effectiveness.
make a presentation at a board or audit
• Oversee and respond to enterprise risk
committee meeting to enhance the members’
management activities.
understanding of the business and risks and to
• Conduct an annual committee self-evaluation.
evaluate the depth of talent.
• Consider periodically rotating audit committee
members, including the chairman.
• Encourage discussion, rather than presentation,
at meetings.
• Participate in audit committee education
activities.
• Engage independent advisers when needed.

4
Self-assessment and Oversight of internal
evaluation of effectiveness controls, financial reporting
• Perform a self-assessment in a thorough
and integrated reporting
manner rather than as a compliance exercise.
• Understand key controls and reporting risk
• Consider using self-assessment results as a
areas as assessed by financial management, the
catalyst to re-engineer processes, procedures,
internal auditors, and the independent auditor.
and agendas, which should influence where
• Emphasise oversight of corporate taxes, an area
the audit committee spends its time.
where high-risk and big-money decisions are
• Communicate with the board on activities and
made.
recommendations.
• Leverage the value of internal controls beyond
• Align audit committee meeting materials and
compliance.
agendas with priority areas:
• Consider levels of authority and responsibility
- Put significant areas first in advance materials
in key areas, including pricing and contracts,
and on the agenda.
acceptance of risk, commitments, and
- Include matters for review and comment.
expenditures.
- Present compliance matters, standard reports,
• Understand complex accounting and reporting
and informational items at the end of advance
areas and how management addresses them.
materials and meetings; they may not need to
• Understand significant judgments and
be discussed at the meeting.
estimates used by management and their
- Meetings should be preceded or followed by
impact on the financial statements, such as fair-
private and executive sessions, absent members
value accounting and related assumptions.
of management.
• Anticipate and understand how regulatory
developments and reporting developments in
the areas of financial, sustainability reporting
and integrated reporting may affect the
company, particularly its talent needs.

Audit Committee Resource Guide 5

Interaction with the Partnership with the CFO and
independent auditor other management
• Exercise ownership of the relationship with the • Focus on the tone at the top, culture, ethics,
independent auditor. and hotline monitoring.
• Get to know the lead partners and meet • Conduct annual evaluations.
periodically with specialists (e.g., tax, IT, • Engage in the identification of potential issues.
actuarial, regulatory). • Understand plans to address new accounting
• Establish expectations regarding the nature and regulatory reporting requirements.
and method of communication, as well as the • Provide input to management’s goal-setting
exchange of insights. process.
• Engage in regular dialogue outside the • Discuss succession planning for the CFO and
scheduled meetings. staff.
• Set an annual agenda with the independent • Conduct pipeline and staff reviews, including
auditor. identification of high potential personnel.
• Focus on independence, including a
preapproval process.
• Provide formal evaluations and regular
Executive (private) sessions
feedback.
• Schedule regular sessions with the internal
auditors, the independent auditor, and
management.
• Provide clear objectives and expectations for
each meeting.
• Prepare specific topics and questions.
• Understand the response to and resolution of
each issue raised.

6
Executive compensation Orientation and continuing
• Periodically conduct meetings with the
education
remuneration committee regarding
• Address board education in the company’s
management incentives.
corporate governance guidelines to be
• Work with the remuneration committee to
consistent with JSE listing requirements.
consider the incentive structure and whether it
• Provide orientation of new members that
contributes to increased fraud risk.
involves company executives, internal audit,
• Increase focus on the compensation of officers
and the independent auditor.
and directors, including the appropriate
• Offer on-going one-on-one or committee-level
use of corporate assets such as planes and
education opportunities.
apartments.
• Consider offering continuing education in
specialised or regulated industry matters,
reporting, operations, and related topics.
Interaction with the internal
auditors
• Assess whether the internal auditors have a
direct reporting line to the audit committee
and an indirect line to management for
administrative activities.
• Be involved with the internal audit risk
assessment and audit plans, including activities
and objectives regarding internal control over
financial reporting.
• Conduct annual evaluations.
• Understand internal audit staffing and
succession planning.

Audit Committee Resource Guide 7

8
Section 2

Audit Committee Resource Guide 9

Audit committees should regularly Appointment of the audit
review their composition and committee
membership to confirm that
they encompass the knowledge The King Code of Governance Principles and the
and experience needed to be King Report on Governance (King III) emphasise
effective. In addition to industry the vital role of an audit committee in ensuring
the integrity of financial controls and integrated
knowledge, committee members reporting, and identifying and managing financial
should have a strong grasp risk. This sentiment is echoed in the Companies
of key financial reporting and Act, 2008 (Act No 71 of 2008) (the Companies
accounting issues, such as going Act or the Act). The appointment of an audit
concern, revenue recognition, committee is regulated as part of the enhanced
accountability and transparency requirements
areas of significant judgment set out in Chapter 3 of the Companies Act
including goodwill measurements (Chapter 3).
and accounting for intangible
assets, pensions and other post- The Companies Act requires certain categories
employment benefits, financial of companies to appoint an audit committee.
Public companies and state owned companies
instruments and other critical must appoint an audit committee. In addition,
accounting policies, including any other types of companies (private company,
how these policies compare to personal liability company or non-profit company)
industry practices. Internal controls that provide for the appointment of an audit
relevant to financial reporting are committee in their Memorandum of Incorporation
must comply with the relevant provisions
particularly important since these of the Act to the extent provided for in the
form the basis for the prevention Memorandum of Incorporation. In our experience,
and detection of fraud or error in very few private companies choose to include a
financial reporting. requirement in its Memorandum of Incorporation
for the appointment of an audit committee.

10
Notwithstanding the requirements of the • be related to anybody who falls within the
Companies Act, King III proposes that ALL above criteria.
companies should have an audit committee.
The requirements of section 94 are prescriptive.
The Companies Act states that, where the It would appear that should the company
appointment of an audit committee is required, appoint an audit committee with persons other
the audit committee must be appointed by the
than those prescribed, it would not be an
shareholders at every annual general meeting.
audit committee as required by the Companies
This means that the appointment of the audit
Act. As a result, any functions undertaken
committee becomes an annual event. This
requirement highlights the importance of by a non-compliant (that is an “improperly
the board’s nomination committee. As all constituted”) audit committee will not have been
audit committee members must be directors performed by the audit committee as required by
(members of the board), it is important that the Companies Act. This may impact the actions
the nominations committee identifies suitably of the committee, and may even result in liability
skilled and qualified individuals to nominate for for the committee members.
appointment to the audit committee. Of course,
the shareholders may appoint any director they The audit committee can consist of as many
deem fit and proper. members as the company wishes to appoint (but
at least three), but each member must meet the
Section 94 of the Companies Act determines
criteria and must be a director of the company.
that the audit committee must consist of at least
The audit committee may utilise advisors and
three members who must be directors of the
obtain assistance from other persons inside and
company and not:
• be involved in the day to day management of outside of the company. The audit committee
the company for the past financial year; may also invite knowledgeable persons to attend
• be a full-time employee for the company for its meetings. However, the formally appointed
the past 3 financial years; members of the audit committee entitled to vote
• be a material supplier or customer of and fulfil the functions of the audit committee
the company such that a reasonable and will have to meet the criteria (non-executive
informed third party would conclude in the independent directors) in accordance with the
circumstances that the integrity, impartiality or prescribed requirements.
objectivity of that director is compromised by
that relationship; and

Audit Committee Resource Guide 11

Ethical leadership and social responsibility is • the dual role (chairman of the board and
highlighted in King III. These same sentiments member of the audit committee) is specifically
are echoed in the Companies Act. Although disclosed to shareholders at the annual general
it may be argued that the provisions of the meeting referred to in Section 94(2) of the Act,
Companies Act are onerous and prescriptive, • shareholders approve the appointment of the
it should be acknowledged that the intention chairman to the audit committee at the annual
is for the audit committee to play a key role general meeting.
in ensuring accountability and transparency.
As an independent, objective body, it should
function as the company’s independent Independence of audit
watchdog to ensure the integrity of financial committee members
controls, combined assurance, effective financial
risk management, and meaningful integrated
The independence of audit committee members
reporting to shareholders and stakeholders alike.
should be subject to review at least annually
and more often as necessary. Companies that
King III proposes that every company appoints
are required, in terms of the Companies Act,
an audit committee comprising at least three
to appoint an audit committee should have
independent non-executive directors.
policies in place to facilitate timely identification
The JSE requires listed companies to appoint an of changing relationships or circumstances that
audit committee in compliance with King III. may affect the independence of audit committee
With regard to the composition of the audit members. Many companies require directors to
committee, the committee must comprise at complete an independence questionnaire when
least three independent non-executive directors. appointed to the board and annually thereafter,
If an issuer has an independent non-executive and to notify the company of any changes that
chairman of the board, he/she may be a member may affect independence. For audit committee
of the audit committee, subject to the following members, these questionnaires should be tailored
provisions: to reflect the independence criteria set out in
• all the other members of the audit committee principle 2.18 of King III and the Companies Act,
(at least two) are independent non-executive as summarised below.
directors
• he/she may not be the chairman of the audit
committee

12
Companies may want to involve legal counsel For listed companies, the definition of
in assessing the independence of directors. independence as set out in King III will apply. The
Regardless, the Companies Act requires the JSE makes it clear that some listed companies
annual appointment of the audit committee, combine the audit and risk committee. (The
which provides an ideal opportunity for the risk committee must have a minimum of three
nominations committee to re-assess the members. Membership of the risk committee
independence of the audit committee members. should include executive and non-executive
directors. The chairman of the board may me a
member of this committee but must not chair
The Companies Act and King it.) Given the difference in the membership
III require audit committee of these committees, companies must ensure
members to be independent that in these instances the membership of the
combined committee meets the more stringent
independence criteria of the audit committee as
In this regard, cognisance should be taken of the set out in King III.
position of shareholders as potential members of
the audit committee. The Companies Act makes
no reference to shareholding as a disqualification
from membership of the audit committee, and
the value judgment pertaining to independence
relates only to suppliers and customers. The mere
fact that a person holds shares in the company
would not, on its own, preclude such a person
from serving on the audit committee. However,
it is proposed that, in line with the best practice
principles set out in King III, the appointment of
shareholders to the audit committee should be
carefully considered. A judgment on the effect of
the shareholding or other relationships is required
in order to establish the likely factual impact on
the independence of a particular person.

Audit Committee Resource Guide 13

 Companies Act – Independent if: King III – Independent if:
The director was not involved in the day-to-day The director is not a representative of a shareholder who has the ability
management of the business for the previous to control or significantly influence management or the board.
financial year.
The director was not a full time employee or The director does not have a direct or indirect interest in the company
prescribed officer of the company or a related (including any parent or subsidiary in a consolidated group with the
company during the previous three financial years. company) which exceeds 5% of the group’s total number of shares in
issue.
The director is not a material supplier or customer of The director does not have a direct or indirect interest in the company
the company such that a reasonable and informed which is less than 5% of the group’s total number of shares in issue,
third party would conclude in the circumstances but is material to his personal wealth.
that the integrity, impartiality or objectivity of that
director is compromised by that relationship.
The director is not related to anybody who falls The director is not a professional adviser to the company or the group,
within the above criteria. other than as a director.
The director has not been employed by the company or the group of
which it currently forms part in any executive capacity, or appointed as
the designated auditor or partner in the group’s external audit firm, or
senior legal adviser for the preceding three financial years.
The director is not a member of the immediate family of an individual
who is, or has during the preceding three financial years, been
employed by the company or the group in an executive capacity.

The director is free from any business or other relationship (contractual

or statutory), which could be seen by an objective outsider to interfere
materially with the individual’s capacity to act in an independent
manner, such as being a director of a material customer of or supplier
to the company.

The director does not receive remuneration contingent upon the

performance of the company.

14
Qualifications and financial Audit committee financial
literacy literacy recommendations
King III requires that the audit committee should, • Self-assessment should be thorough, not
as a collective, have the necessary skill and merely a compliance exercise, and should be
experience to meet its obligations. This should repeated periodically
be considered by the nominations committee • Members should understand auditing,
prior to the AGM when they nominate members accounting, and financial reporting
for appointment to the audit committee. issues relevant to the company and how
management and the independent auditor
As a collective, the audit committee must have a address them
good understanding of: • Committees should anticipate and understand
• integrated reporting, which includes financial how pending financial reporting and regulatory
reporting developments may affect the company, and
• internal financial controls particularly its talent needs
• external audit process • Members should focus on committee
• internal audit process composition, including independence, financial
• corporate law expertise, risk management, broad business or
• risk management leadership experience, and succession planning
• sustainability issues
• information technology governance, and
• the general governance processes within the
company.

The Companies Act requires at least one third

of the members of the audit committee to
have academic qualifications, or experience in
economics, law, corporate governance, finance,
accounting, commerce, industry, public affairs or
human resource management.

Audit Committee Resource Guide 15

In order for the audit committee to function Questions for audit
optimally, it is necessary for the members to be
financially literate. In this regard, it is proposed committees to consider
that at least one member of the audit committee
have a detailed understanding of financial • Are audit committee members completing
reporting, which may include: routine financial literacy self-assessments?
• an understanding of financial statements and • Does the financial literacy self-assessment
financial reporting standards (IFRS) reflect recent developments?
• an ability to assess the general application of • Are modifications to the committee’s education
IFRS in connection with the accounting for plan necessary?
estimates, accruals, and reserves • Are the audit committee’s training and
• experience preparing, auditing, analysing, or education programmes designed to maintain
evaluating financial statements that present a financial literacy?
breadth and level of complexity of accounting
issues generally comparable to what can Director qualification
reasonably be expected to arise in the
company’s financial statements, or experience disclosure requirements
actively supervising those engaged in such
activities King III proposes that the names and
• an understanding of internal control over qualifications of the members of the audit
committee be disclosed in the company’s
financial reporting
integrated report. It is recommended that the
• an understanding of the audit committee’s
disclosure should include information about
functions. the experience, qualifications, and attributes
considered in the nomination process and
the reasons why individuals should sit on
the company’s board. Disclosures regarding
individual board committee qualifications are
required by King III, and companies may want
to consider including the qualifications of the
member as discussed during the committee
selection process as a part of the overall board
qualification disclosure.

16
Notes:

Audit Committee Resource Guide 17

Section 3

Key
responsibilities

18
Audit Committee Resource Guide 19
Audit committee charter and Concurrent with the charter review, the
committee should examine its calendar of
agenda company activities and consider modifications
based on the changes to the charter. The
An annual review of the charter is recommended committee may also reconsider the frequency
for all audit committees. Updates may be and timing of company’s activities already on the
necessary as a result of: calendar.
• changes in regulatory or legal requirements
• the board’s delegation of new responsibilities In updating the charter and calendar, it may be
to the audit committee or reassignment of helpful to consult with management, the internal
certain responsibilities that are not required of auditors and the independent auditor. When
the audit committee by law or regulation appropriate, the committee should also seek
• changes in the company’s Memorandum of legal counsel in reviewing its charter and the
Incorporation that affect the composition of calendar.
the committee or how members are appointed
• identification of practices the committee wants Deloitte has developed a template to assist audit
to include among its responsibilities. committees in drafting an appropriate charter.
Best practice has been selected from a number
To help execute its role in a timely and efficient of existing charters and relevant literature, such
manner, the audit committee may use the as the Companies Act and King III, has been
responsibilities outlined in the charter to develop considered. The template, which is reflected
an annual calendar and meeting agendas. In as Appendix A, may be used with the calendar
addition to addressing responsibilities prescribed planning tool in Appendix B.
in the Companies Act, the charter should
address the audit committee’s key recurring The Companies Act and King III are silent on the
responsibilities as well as its responsibility for requirements pertaining to the audit committee
significant transactions and unusual events. The charter. However, the King Committee issued a
charter also should allow the committee to meet Practice Note specifically dealing with the terms
outside the official calendar when needed. of reference of the audit committee.

20
When reviewing the audit committee charter, Since the Companies Act prescribes the
care should be taken to include the duties of the appointment process, composition and functions
audit committee as prescribed in the Companies of the audit committee, it can now be described
Act, the JSE listings requirements (for listed as a statutory committee. The audit committee
companies), and King III. will bear sole responsibility for its decisions
pertaining to the appointment, fees and terms of
The legislated duties of the audit committee, as engagement of the auditor. On all other matters
set out in the Companies Act, are: it remains accountable to the board and, as such,
• nominating an auditor that the audit it will function as a board committee.
committee regards as independent
• determining the audit fee The audit committee is obliged to report
• ensuring that the appointment of the auditor to shareholders by including in the annual
complies with the Companies Act and other financial statements a report describing how
relevant legislation the audit committee carried out its functions,
• determining the nature and extent of non-audit stating whether the auditor was independent,
services and commenting on the financial statements,
• pre-approving any proposed agreement with accounting practices and internal financial
the auditor for the provision of non-audit control measures of the company.
services
• preparing a report to be included in the annual In terms of the JSE listings requirements the
financial statements describing how the audit committee is required to set a policy with
committee carried out its functions, stating regard to non-audit services provided by the
whether the auditor was independent, and independent auditor, and consider, on an annual
commenting on the financial statements, basis, the appropriateness of the expertise and
accounting practices and internal financial experience of the financial director. A statement
control measures of the company to this effect must be included in the company’s
• receiving and dealing with relevant complaints integrated report.
• making submissions to the board regarding
the company’s accounting policies, financial
controls, records and reporting, and
• any other function designated by the board.

Audit Committee Resource Guide 21

In addition to the legislative duties set out in the Assessment of the finance
Companies Act, and the considerations of the JSE
listings requirements, King III proposes a number function
of additional functions, including:
• oversight of the internal audit function King III requires the audit committee to satisfy
• playing a key role in the risk management itself of the expertise, resources and experience
process and performing oversight of financial of the company’s finance function. This entails
risks and reporting, internal financial controls an annual consideration of the appropriateness
and fraud and IT risks as they relate to financial of the expertise and adequacy of resources of
reporting the finance function and experience of the senior
• ensuring that a combined assurance model is members of management responsible for the
applied to provide a coordinated approach to financial function. The results of this assessment
all assurance provided on company activities should be disclosed in the integrated report.
(in terms of this model, assurance should be
done on three levels, i.e. management, internal In addition, the JSE listings requirements requires
assurance providers and external assurance the audit committee to evaluate the suitability
providers) of the expertise and experience of the finance
• satisfying itself with regard to the expertise, director and recommend to the board if any
resources and experience of the finance changes are necessary.
function
• oversight of the external audit process, and
• oversight of integrated reporting.

22
The following inquiry may assist the audit • Obtain of the following for General
committee in their assessment of the required Accounting/Financial Reporting:
resources in the finance function: - Number of General Ledger systems and
• What is the total full-time-equivalent respective complexities
headcount utilised in the finance function? - Number of manual General Ledger journal
• Estimate the allocation of total full-time- entries
equivalent headcount between: • Obtain a listing for the following Internal
- Manager Controls within the finance function:
- Non-management/Temporary/Contractor - Total number of key controls
• Estimate the allocation of the total process cost - Number of automated key controls
(personnel cost plus outsourcing cost) - External audit fees
• Obtain the following for Transaction • To what degree is business planning conducted
Processing volumes: through an automated planning tool?
- Number of active suppliers • List the following for the Financial
- Number of vendor invoices processed Management Reporting process.
- Number of vendor invoices processed in a - Number of ad hoc Financial Management
Shared Service Center Reports created for each reporting cycle.
- Number of customer remittances - Number of standard Financial Management
- Number of customer remittances Reports created for each reporting cycle.
automatically posted • To what the degree are Key Performance
- Number of expense reports processed Indicators (KPIs) in Management Reporting
- Cycle time – elapsed business days from linked to drivers of those indicators (i.e. cause
submission to delivery of payment of expense and effect understood by management)?
report
- Number of customer invoices
- Customer invoices generated manually

Audit Committee Resource Guide 23

 Once the audit committee has familiarised itself with the required size
and resources of the finance function, it may proceed to evaluate the
structure, culture, expertise and effectiveness and the finance function

Evaluating the finance • Does the finance function assign authority

and responsibility to provide a basis for
function accountability and control?
• Does management of the finance function
Once the audit committee has familiarised itself properly apply accounting principles in
with the required size and resources of the preparation of the financial statements?
finance function, it may proceed to evaluate the • Is there a process for identifying and
structure, culture, expertise and effectiveness and responding to the changing information and
the finance function. communication needs?
• Does management of the finance function • Can financial reporting and related
demonstrate a commitment to character, application and information systems
integrity and high ethical values through its considered to be reliable?
attitudes and actions? • Is appropriate and necessary information
• Does management of the finance function obtained from and provided to management?
• Is there a process for identifying and
demonstrate a commitment to competence?
responding to the changing information and
Is the level of competence required for
communication needs of management?
particular jobs specified and translated into
• Has a ‘whistle blowing’ programme been
knowledge and skills?
established, and is management’s reaction
• Are human resource policies and procedures
monitored as it relates to financial reporting?
properly developed and communicated
• Is there a process in terms of which
to staff in the finance function regarding management holds internal meetings to
expected levels of integrity, ethical behaviour obtain feedback on whether control activities
and competence? are operating effectively?
• Can the finance function’s management • Does management’s communication across
philosophy and operating style be considered and outside the entity reflect an attitude
to be consistent with a sound control toward sound internal control?
environment? • Does management address issues raised by
• Is the organisational structure of the finance others, specifically external communications,
function appropriately designed to promote a in order to maintain an effective control
sound control environment? structure?
• Are self-assessments conducted to promote
control awareness and accountability?

24
Interaction with Interaction with the internal
management auditors
The audit committee needs to cultivate a An effective relationship between the audit
transparent and constructive relationship with committee and the internal auditors is
management to develop a commitment to fundamental to the success of the internal audit
honesty and integrity, which in turn impacts function. It has become increasingly important
for audit committees to assess whether the
the quality of financial reporting and the
internal auditors are monitoring critical controls
internal controls. Management’s willingness
and identifying and addressing emerging risks.
to communicate potentially significant issues
The specific expectations for internal audit
relating to financial reporting and regulation, functions vary by organisation, but should
including matters relating to accounting policies include, at least, the following elements:
and judgments and the internal controls over • objectively monitor and report on the health of
financial reporting, are heavily dependent financial, operational, and compliance controls
on how open the relationship is between • provide insight into the effectiveness of risk
management and the audit committee. management
Disagreements between management and • offer guidance regarding effective governance
the audit committee are a potential signal of • become a catalyst for positive change in
significant deficiencies in internal control, errors processes and controls
• deliver value to the audit committee, executives
in the financial reporting process and fraud risks.
and management in the areas of controls, risk
management and governance to assist in the
audit committee’s assessment of the efficacy of
programmes and procedures
• coordinate activities and share perspectives
with the independent auditor.

Audit Committee Resource Guide 25

 Questions for audit committees to consider

• Does internal audit have a clearly articulated strategy that is reviewed

periodically and approved by the audit committee?
• Does internal audit have a clear set of performance expectations that
are aligned with the success measures of the audit committee, and that
are measured and reported to the audit committee?
In support of these objectives, audit committees
• Does internal audit have a charter that is periodically reviewed and
should take several steps to facilitate a mutually
approved by the audit committee? Does internal audit operate in
beneficial relationship with the internal auditors:
accordance with its charter?
• hold regular private sessions with the internal
• Is the internal audit plan aligned to the key risks of the organisation and
auditors
other assurance activities? Is internal audit’s risk assessment process
• be available when contacted by the chief
appropriately linked to the company’s enterprise risk management
audit executive (CAE), and facilitate open
activities?
communication between the CAE and the audit
• In delivering the internal audit plan, is internal audit flexible and dynamic
committee
in promptly addressing new risks and the needs of the audit committee?
• engage in discussions regularly; make the
• Does internal audit organise or perform peer reviews or self-assessments
reporting relationship a substantial and
of its performance and report the results to the audit committee?
communicative one
• Is internal audit appropriately funded and staffed?
• be responsible for the appointment,
• Is internal audit staffed with the appropriate mix of professionals to
performance assessment and dismissal of the
achieve its objectives?
CAE or outsourced internal audit function
• Is internal audit sufficiently independent of management?
• actively participate in discussing goals and
• Is the CAE respected as an adviser to the audit committee and
evaluating the performance of the CAE; these
management on emerging risks?
responsibilities should not be delegated solely
• Is internal audit highly regarded and respected in the organisation?
to the CFO or CEO
• Is the level of assurance provided by internal audit and its interaction
• challenge the CAE and the internal audit
with other assurance sources clear and appropriate for the audit
department by setting high expectations,
committee?
communicating those expectations clearly,
• Does internal audit meet regularly with the independent auditors to discuss
and holding the department accountable for
risk assessments, the scope of procedures, or opportunities to achieve
meeting them
greater efficiencies and effectiveness in the company’s audit services?
• see that the internal auditors have appropriate
• Are issues identified and reported by internal audit appropriately
stature and respect and are visibly supported
highlighted to the audit committee, and is the progress toward effective
by senior management throughout the
completed management actions tracked and reported?
organisation
• Is internal audit timely and proactive in the conduct and reporting of
• support the CAE, providing guidance if needed
issues and in addressing them with management?
and assistance when he or she reports potential
• Are reports and other communications from internal audit to the audit
management lapses.
committee of an appropriate standard and do they provide value?

26
Through effective communication, the audit internal audit function. The Institute of Internal
committee can help the CAE fully understand and Auditors (IIA) provides the following checklist
achieve what is expected of him or her. Several of considerations for audit committees in
questions help assess the current or prospective overseeing the internal auditors.
CAE’s ability to perform at a consistently high
level: IIA Ten-point checklist for internal audit oversight
• Was the audit committee involved in selecting 1. The audit committee engages in an open,
the CAE? transparent relationship with the CAE.
• Was the bar set high enough to select the 2. The audit committee reviews and approves the
calibre of candidate needed? internal audit charter annually.
• Does the audit committee have reasonable and 3. The audit committee has a clear
appropriate expectations? understanding of the strengths and
• Does the CAE have the right mix of experience weaknesses of the organisation’s internal
and capabilities, including industry knowledge control and risk management systems.
and business acumen, to understand the 4. The approved plan is carried out by
company’s risks? competent, objective professionals from
• Does the CAE have a professional certification, internal audit.
such as certified internal auditor, and 5. Internal audit is empowered to be
participate in relevant continuing education independent by its appropriate reporting
programs? relationship.
• Does the internal audit function have a quality 6. The audit committee addresses with the
improvement program? CAE all issues related to independence and
objectivity.
When the internal audit function’s direct 7. Internal audit is quality-oriented and has a
reporting line is to the audit committee, it allows robust quality improvement program.
the internal auditors to remain structurally 8. The audit committee regularly communicates
separate from management and enhances with the CAE about performance and
objectivity. This also encourages the free flow improvement opportunities.
of communication on issues and promotes 9. Internal audit reports are actionable and
direct feedback from the audit committee on recommendations are implemented.
the performance of the CAE. There are several 10. The audit committee meets periodically with
ways the audit committee can oversee the the CAE without management.

Audit Committee Resource Guide 27

Internal audit oversights This means that an internal auditor should have
no personal or professional involvement with
the area being audited and should maintain
The audit committee charter must include an impartial perspective on all engagements.
oversight of the internal audit function as one Internal auditors should have access to records
of its purposes. The audit committee’s regular and personnel when necessary, and they should
report to the board of directors should include be allowed to employ appropriate investigative
issues involving the performance of the internal techniques without impediment.
audit function. The audit committee must meet
separately with the internal auditors.
Risk assessment and
The audit committee oversees the accounting oversight
and financial reporting processes of the company.
Note that oversight of internal audit is often one Risk oversight has taken on increased importance
component in meeting this requirement. not only for audit committees, but for full
boards. Many boards are reconsidering the risk
In addition to the suggestions above, the audit governance structure and which committees
committee should review and periodically have the expertise to oversee particular risks.
evaluate the status of the enterprise-wide risk
assessment and the audit plans. The audit King III requires the board to exercise leadership
committee also should periodically evaluate the and to ensure the governance of risk through
progress and results of the audit against the a formal process. Although the board may
original plans and any significant changes made delegate the responsibility of risk management
to those plans. to a board committee, it remains ultimately
responsible. The board should be clear on its
The IIA’s Standards for Professional Practice role in risk oversight. Examples include whether
of Internal Auditing mandate that the internal the entire board is involved or whether risk
auditors maintain a certain level of independence oversight is executed by a particular committee,
from the work they audit. and whether the employees responsible for risk
management report directly to the board.

28
Risk oversight is a key responsibility of the board, At a minimum, the audit committee should
and disclosure of its role will improve investors’ ensure oversight of:
and shareholders’ understanding of this role. • financial reporting risks
• internal financial controls
Audit committees are responsible for financial • fraud risk as it relates to financial reporting, and
risks and for overseeing the process for • IT risks as it relates to financial reporting.
identifying and addressing those risks. However,
the responsibility for other risks can be delegated Deloitte has identified six distinct areas of focus
to other board committees that have the for the full board in helping to enable a risk-
appropriate expertise; for example, human intelligent governance approach:
resource and compensation risks can be overseen 1. Define the board’s risk oversight role.
by the remuneration committee. Nonetheless, 2. Foster a risk-intelligent organisational culture.
the full board has the ultimate responsibility 3. Help management incorporate risk intelligence
for risk oversight and should discuss the into its organisational strategy.
organisation’s most material risks regularly. 4. Help define the risk appetite.
5. Execute a risk-intelligent governance process.
The audit committee should discuss the 6. Benchmark and evaluate the governance
company’s risk assessment and risk management process.
policies with management. Although it is
the responsibility of senior management to
assess and manage the company’s risks, the
audit committee should focus on areas of
major financial risk exposure and discuss the
guidelines and policies for addressing these
areas. Consequently, risk oversight has been on
the agenda of audit committees for a number of
years. King III proposes that the audit committee
should have an understanding of the company’s
process for identifying, managing and reporting
on risk.

Audit Committee Resource Guide 29

 Questions for audit committees to consider

When the audit committee is considering the effectiveness of the company’s enterprise risk
management - the process of planning, organising, leading, and controlling activities to minimise
the effect of downside risk on the organisation - they may consider asking the following
questions:
• What are the company’s policies and processes for assessing and managing major financial risk
exposures on an integrated, enterprise-wide basis?
• What are the key risks, vulnerabilities, and plans to address them?
• Has the company defined its risk appetite with the board’s input and approval?
• How capable is the company of preparing for, responding to, and recovering from major
financial risk exposures?
• How do our various board committees oversee risk? Is there appropriate coordination and
communication?
• Is the full board participating in risk oversight and discussing the most material risks and how
they are being monitored?
• Does the board consider the relationship between strategy and risk?
• Are we getting the information we need across the organisation for key decisions?
• Does the scenario planning include both individual and aggregate risk views?
• What mechanisms does management use to monitor emerging risks? What are the early
warning mechanisms, and how effective are they? How, and how often, are they calibrated?
• Which framework has management selected for the risk management program? What criteria
were used to select it?
• What is the role of technology in the risk management program? How was it chosen, and when
was it last evaluated?
• What is the role of the tax department in the risk management programme? Are we taking steps
to gain a high-level understanding not only of tax risk, but also of the benefits a robust tax risk
management programme can offer?

30
 Nine fundamental principles of a risk intelligence program
1. A common definition of risk addressing both value preservation and value creation is used
consistently throughout the organisation.
2. A common risk framework supported by appropriate standards is used throughout the
organisation to manage risks.
3. Key roles, responsibilities, and authority related to risk management are clearly defined and
delineated.
4. A common risk management infrastructure is used to support the business units and functions in
their risk responsibilities.
5. Governing bodies such as boards and audit committees have appropriate transparency and
visibility into the organisation’s risk management practices.
6. Executive management has primary responsibility for designing, implementing, and maintaining
an effective risk program.
7. Business units are responsible for their business and the management of risks they take within the
risk framework established by executive management.
8. Certain functions (e.g., finance, legal, information technology, human resources) have a pervasive
impact on the business and support the business units in the organisation’s risk program.
9. Certain functions (e.g., internal audit, risk management, compliance) monitor and report on the
effectiveness of an organisation’s risk program to governing bodies and executive management.

Leading practices
• Increase the focus on risk oversight in board and committee agendas, particularly in the current
economic environment.
• Develop a culture where risk is considered in decisions at all levels.
• Periodically reassess the list of most significant risks, determining the management members and
board committees responsible for each.
• Given the importance of information technology to most organisations, focus on IT milestones and
reporting against them, especially in respect of IT transformation.
• Review acquisitions, how they align with the defined risk appetite, relevant integration milestones,
return on investment, and risk scenario planning, including risks associated with value creation and
preservation.
• Have each business unit leader make a presentation at a board or audit committee meeting to
enhance the members’ understanding of the business and risks and to reinforce that the business
unit leaders are primarily responsible for effective risk management

Audit Committee Resource Guide 31

Combined assurance The Deloitte combined assurance framework
consists of seven components. These seven
King III specifies that the audit committee should components form the basis upon which a
ensure that a combined assurance model is combined assurance programme and framework
applied to provide a coordinated approach to all is assessed and benchmarked.
assurance activities.

King III defines combined assurance as

“integrating and aligning assurance processes
in a company to maximise risk and governance
oversight and control efficiencies, and optimise
overall assurance to the audit and risk committee,
considering the company’s risk appetite”.

Combined assurance is a concept that has been

around for a while yet remains an area that a lot
of organisations have not yet fully implemented.
The contributing factors include the dynamic
nature of the risk environment, the reliance
on external assurance providers in directing
assurance scope and the model needs to operate
across business processes.

In adopting the combined assurance process an

entity should adopt the appropriate approach
in developing, designing and implementing
the model. We have developed the Deloitte
combined assurance framework to assist in
assessing companies’ assurance practices and
guide the development of an appropriate
framework.

32
Strategy Setting and Governnace: The first With the development of a combined assurance
assessment component is to determine how the framework the interplay and interdependencies
combined assurance model has been designed within the other governance frameworks need to
to support the organisation’s strategy setting and be clearly articulated and defined. This includes
governance processes. As risk management is an defining elements such as oversight, roles and
integral part of understanding and determining responsibilities, reporting requirements and
the strategic direction of the organisation, integrated assurance plans.
similarly combined assurance needs to be aligned
with the strategic direction, risk and objectives of Scoping and planning: A critical element of
the entity. combined assurance is the understanding of
your environment, setting your risk appetite and
defining the specific scope in order to achieve
In addition, combined assurance is the apex
the desired level of comfort from your combined
upon which the organisations governance turns,
assurance model.
including the tone at the top, the culture, risk
appetite, control environment and assurance
Within the planning stages it is important to
regime.
map the key risks, the defined levels of assurance
and how this practically translates into your
In developing the combined assurance policy the organisation’s first, second and third lines of
relationship between strategy, risk and combined defence. Once the risk and assurance mapping has
assurance should be clearly defined. The role of taken place the level of residual exposure should
the audit committee for ensuring the design and be agreed upon with the audit committee.
implementation of a combined assurance model/
framework should be highlighted in the policy. The planning stage also needs to identify the
key stakeholders. The different types and level of
Compliance, risk and control frameworks: assurance should be defined and included in the
The frameworks defined within an organisation combined assurance framework.
may include compliance, governance, risk and
control frameworks. These frameworks are Clearly defined roles and responsibilities need
developed in line with best practice standards to be defined and understood within the
and guidelines such as COSO, ISO and CoBIT. organisation as combined assurance is not one
unit’s responsibilities but cuts across all areas
within your business.

Audit Committee Resource Guide 33

The level of contribution and the critical success As a consequence of the measurable benefits
of implementation are dependent on clearly that flow from effective combined assurance,
defined roles and responsibilities. organisations that opt for compliance will enjoy a
competitive edge that their less nimble peers will
Coordination: Coordination with both internal eventually be forced to follow.
and external parties is vital to the success of a
combined assurance programme. Within the
defined levels of assurance the audit committee
needs to ensure coordination of assurance from
management through to external assurance
providers. The level of consultation will differ
across the assurance spectrum due to the risk
exposure, assurance coverage and the nature of
the assurance.

Reporting: Having combined assurance in place

will help to ensure that the audit committee has
the information they need, in order to make an
accurate assessment. This provides stakeholders
with more comfort and the confidence that
management can achieve its objectives and
prevent hazards from materially damaging the
business.

The combined assurance pyramid ensures that

the right information is measured and gathered
by the right people in the first layer. The data is
refined in the second and passed on to the top of
the pyramid to the directors, managers and audit
committee members in a readily digested form.

34
Technology: Most business processes in Audit committee members should be aware of
today’s world are supported by technology. The three main areas of fraud:
audit committee should ensure that combined • financial statement fraud, which includes
assurance is appropriately supported with the intentional misstatements in or omissions from
correct infrastructure, tools and technology. The financial statements
level of support may differ depending on the • asset misappropriation, which may include
level of maturity. The support requirements and forgery, theft of money, inventory theft, payroll
needs to your combined assurance model will fraud, or theft of services
be assessed and recommendations made where • corruption, which may include schemes such as
necessary. kickbacks, shell companies, bribes to influence
decision-makers, or manipulation of contracts.
An example of a technology used to support
combined assurance is the management control Although the audit committee should be
self-assessment tool. concerned with all three types of fraud, financial
statement fraud should be their primary focus.
Although it occurs least frequently, it is often the
Fraud and internal control most costly.
over financial reporting
One way the audit committee can help in
In conjunction with risk oversight, the audit overseeing the prevention and detection of
committee should determine that the company financial statement fraud is by monitoring
has programmes and policies in place to management’s assessment of internal control over
prevent and identify fraud. It should work with financial reporting. To oversee internal control
management to oversee the establishment of over financial reporting successfully, the audit
appropriate controls and antifraud programmes committee must be familiar with the processes
and to take the necessary steps when fraud is and controls that management has put in place
detected. The audit committee should also be and understand whether they were designed
satisfied that the organisation has established effectively. The audit committee should work
a complaint hotline. See the Complaint Hotline with management, the internal auditors, and
Procedures section later in the document for the independent auditor to gain the knowledge
more information. needed to provide appropriate oversight.

Audit Committee Resource Guide 35

The audit committee should also have an Leading practices for the oversight of
awareness of the following Acts: financial reporting and internal controls
• Prevention and Combating of Corrupt include the following:
Activities Act
• Financial Intelligence Centre Act • understand key controls and reporting risk
• Prevention of Organised Crime Act areas as assessed by financial management, the
• Protected Disclosures Act internal auditors, and the independent auditor
• Electronic Communications and • emphasise oversight of corporate taxes, an area
Transactions Act where high-risk and high-dollar decisions are
• Promotion of Administrative Justice Act made
• leverage the value of internal controls beyond
The above list highlights those Acts which are compliance
relevant in South Africa. However, where the • consider levels of authority and responsibility
entity has operations in other countries, the laws in key areas, including pricing and contracts,
and regulations of those countries should not acceptance of risk, commitments, and
be forgotten, for example the Foreign Corrupt expenditures
Practices Act (United States). • understand complex accounting and reporting
areas and how management addresses them
The committee should understand the company’s • understand significant judgments and estimates
responsibilities regarding these statutes as well used by management and their impact on
as the policies and practices in place related the financial statements, such as fair-value
to compliance with the statutes. The audit accounting and related assumptions
committee should also ask management what • anticipate and understand how pending
the company’s plans are should a violation occur, financial reporting and regulatory
and it should be made aware of any actual developments may affect the company,
violations, including management’s response. particularly its talent needs.

36
Complaint hotline The audit committee should work with
management to determine that more than one
procedures person in the company is aware of questions or
complaints received from third-party vendors,
Companies use hotlines to report a range of in e-mail, or through other submission vehicles.
compliance issues, including violations of the Responsibility for investigating questions or
internal policies of the business. A thorough, concerns and reporting back to the audit
independent, and objective process should committee often falls on individuals in the ethics
be established by management and the audit and compliance, internal audit, legal, or risk
committee for investigating complaints. management departments. Complaints should
Companies use various procedures, but the be categorised and analysed by root cause, and
most common method of receiving tips from recommendations should be made to the audit
inside and outside the organisation is through committee on how to reduce the risk of similar
a telephone hotline administered by an internal complaints in the future.
department or a third party. Telephone hotlines
have emerged as a preferred mechanism because The audit committee also should be provided
they are interactive, allowing a skilled interviewer with an on-going analysis of the progress of
to elicit details. complaint resolution. Reports should be provided
to the audit committee regularly in accordance
Section 94 of the Companies Act requires with standing instructions. Some complaints
the audit committee to receive and deal may warrant immediate communication to the
appropriately with any concerns or complaints, audit committee, such as those involving senior
whether from within or outside the company, or management and significant amounts. The
on its own initiative, relating to: audit committee should establish a schedule for
• the accounting practices and internal audit of reporting to the board of directors.
the company
• the content or audit of the company’s financial
statements
• the internal financial controls of the company
• any related matter.

Audit Committee Resource Guide 37

It is recommended that complaint hotline A hotline monitored by an independent third
systems feature: party is preferred. However, if the hotline is
• operation by an independent third party administered internally, operators should have
• staffing by trained interviewers rather than fully specific training on where to direct questions
automated systems or complaints, including those related to
• a dedicated phone number that is available at human resources. Whatever the method,
all times, along with other reporting means audit committee members should work with
such as fax, the company’s web site, e-mail, management to make employees, investors,
and regular mail and others aware of the option of confidential
• multilingual systems and operators. disclosure. Employees can be informed in
the code of ethics, the employee handbook,
In addition: human resources orientation, and ethics
• complainants should be allowed to call back training. Instructions for submitting questions or
at a later time, and they should be given the complaints can be posted in company facilities
option to file complaints anonymously and on intranet sites.
• complainants must be protected from any
retaliation as a result of reporting The company website is a natural vehicle for
• protocols should be in place to allow communicating the procedures to individuals
complaints to be channelled to the appropriate outside the organisation. It is good practice for
individual, and complaints involving senior companies to adopt codes of ethics and disclose
management should go directly to the audit them on their websites. Information on the code
committee of ethics and the complaint hotline often is linked
• complaints must be handled in a confidential from the home page under a section called
manner and resolved as quickly as possible “Ethics” or an equivalent.
• complaint procedures should be well known
to all employees, vendors, and other interested Telephone operators working in customer service
parties. and investor relations should be prepared to
answer questions on how to submit concerns
and complaints regarding financial reporting.

38
It is important for the audit committee to It is important though to recognise that
work with management and internal audit to integrated reporting is a journey and reporting
understand: will improve over time.
• opportunities to enhance internal
whistleblowing systems The actual effective ownership by the board
• the potential advantages of implementing
of the integrated reporting process, and the
timely internal whistle-blower cash awards to
integrated report itself, is of significant practical
sustain and encourage internal whistleblowing
importance. Based on our experience of working
• the potential value of transaction monitoring
tools to help promptly identify potential with our clients in this area over the last few
securities fraud issues such as bribery or years, it is one of the key determinants for a
financial statement fraud. good integrated report.

There is indeed an important difference between

Integrated reporting the audit committee and the board actually
setting and owning the agenda in this regard,
Following the incorporation of King III into
or effectively acquiescing to an agenda set and
the Johannesburg Stock Exchange Listing
populated by executive management or those
Requirements, listed companies are required
that report to them and which is submitted
to issue an integrated report for financial years
to the board for approval, very often at a
starting on or after 1 March 2010, or explain
late stage of the process. Due to the evolving
why they are not doing so.
nature of development of integrated reporting
and integrated reports, a greater degree of
Good governance requires transparency and
pro-activeness is indicated than is the case with
therefore we recommend that all organisations
consider the principles of integrated reporting to the more traditional areas of responsibility, where
understand how to best apply it in their specific more mature and generally-accepted frameworks
circumstance. In particular we recommend that are in place. This requires boards and audit
organisations better understand the impact the committees to equip themselves properly in this
ever increasing focus on environmental and area, and/or to seek the appropriate assistance to
social matters will have on their upstream and properly discharge their responsibilities.
downstream supply chain, to ensure that the
opportunity to maximise competitive advantage
is utilised.

Audit Committee Resource Guide 39

According to King III, the board should ensure If, as is generally accepted, the integrated report
the integrity of the integrated report (Principle indeed reflects the collective mind of the board
2.12), and the audit committee should oversee and the integrated thinking that is essential for
integrated reporting (Principle 3.4). Detailed business in the modern world, a more reactive
requirements for audit committees in King approach by the board would not effectively
III, that directly and indirectly impact on the
enable capturing the essential qualities and
effective ownership of the integrated report
prerequisites for integrated reports.
include:
• the responsibility to consider whether an
unbiased picture of the company’s position, In our opinion, the practical consequences of
performance or sustainability is being presented where the audit committee does not effectively
• the responsibility for evaluating the significant own the integrated reporting process and the
judgments and reporting decisions affecting integrated report result in, amongst other things,
the integrated report the following shortcomings:
• the responsibility to understand how materiality • an overly long report which does not achieve
for the integrated report has been determined, the key requirement of conciseness;
and • a report without a clear and consistent storyline
• the responsibility to ensure that forward- • a report containing a volume of information
looking information provides a proper
that is clearly not material from the perspective
appreciation of the key drivers that will enable
of stakeholders, but which is included to
the achievement of such goals.
accommodate internal political interests within
the company
To discharge these responsibilities properly, as
• a report that does not display evidence of
well as those set out in the Companies Act and
contained in Corporate Law, the board should sufficient interconnectedness and integration;
proactively set and own the integrated reporting • a report where superficial and inadequate
agenda. In this regard, the view from executive attention is paid to describing how the
management is obviously important to take into professed company values are actually lived
account in setting the agenda and framework, and applied
but once these are finalised by the board, the • a report that does not display evidence of the
primary role of executive management and those necessary trade-offs and optimisation that
that report to them is to operationalise and is part and parcel of the modern business
report back to the board within the framework environment
thus established.

40
• a report consisting of marketing-oriented In essence, the framework proposes that the
material without adequate and consistent company should explain to its stakeholders how
depth, and it creates and sustains value in the short, medium
• a report structure, format and content that may and long term. The explanation should adhere to
give a reader the impression that the oversight the fundamental concepts and guiding principles
role of the board is not as strong as it properly
in describing the business model used to create
should be.
value. In doing so, the company should discuss
and link all content elements. This should all be
The purpose of an integrated report is to tell
the unique story of the company and the underpinned by the strategic objectives of the
manner in which it sustains and adds value in business.
the short, medium and long term. The board
is clearly intended to bear the ultimate overall In addition, the framework explains:
accountability for the company and its journey, • the concept of the six capitals (inputs or
and has been placed in a unique position to resources utilized by a company to create and
practically discharge this responsibility by a store value)
variety of formal and informal arrangements. In • the need to describe the company’s business
order to discharge this accountability effectively, model and the manner in which this should be
the audit committee (on behalf of the board)
done, and
should therefore also embrace the proactive and
• the meaning of value created or destroyed by
effective ownership of the integrated reporting
the company.
process and the integrated report.

The International Integrated Reporting Council The IIRC framework makes it clear that any
(IIRC) has developed a framework for an communication purporting to be an integrated
integrated report. The framework makes it report should comply with the minimum
clear that a principle based approach should be reporting standards identified in the framework.
followed in the preparation of the integrated
report. Rather than to provide a list of detailed
disclosures, the framework sets the scene
and provides the underlying principles and
considerations that should guide the approach to
integrated reporting and the publication of the
integrated report.

Audit Committee Resource Guide 41

Assurance of sustainability reporting and There are two assurance standards that are
disclosure generally used, namely the assurance standard
King III (Principle 9.3) recommends that issued by the International Federation of
sustainability reporting and disclosure, or rather Accountants, ISAE 30001 , and that issued
information other than financial information by AccountAbility, AA 1000 AS. The levels of
reported in the annual financial statements, assurance provided by those two standards are
should be independently assured. Assurance depicted in the diagram below:
over the financial disclosure in the integrated
report should be obtained. A formal process of AA 1000 Assurance Standard (2008) vs
assurance with regard to sustainability reporting ISAE 3000
should be established.
Standard Level of assurance
The Global Reporting Initiative (GRI) has
ISAE 3000 Limited Reasonable
designed and published a global sustainability
reporting framework supplemented by sector AA 1000 AS Moderate High
specific guidelines. This voluntary framework
with self-declaration of level of application is King III recommends that:
most commonly used in South Africa to guide • ‘sustainability’ assurance is an on-going,
sustainability disclosure. Application Levels range integral part of the integrated reporting cycle
from C to A, with C indicating the minimum • ISAE 3000 and AA 1000 AS methodologies are
disclosure. used in combination to ensure the needs of the
stakehold¬ers and those of the company are
Some companies seek independent assurance met in a single process. In obtaining assurance,
over their Application Level. This is sourced from the company should be clear on the scope of
a variety of third party service providers and the assurance to be provided and this should
the assurance standard used and the type of also be disclosed.
assurance provided, vary. 1
International Standard on Assurance Engagements (ISAE) 3000,
Assurance Engagements Other than Audits or Reviews of Historical
Financial Information

42
 Notes:

General oversight and reporting disclosure

should be delegated by the board to the audit
committee. The audit committee should assist
the board in reviewing the integrated report to
ensure that the information is reliable and that it
does not contradict the financial aspects of the
report. The audit committee should also oversee
the provision of assurance over sustainability
issues in the same way that it would do with
financial matters. For example, it would consider
whether appropriate policies and processes are in
place, whether they are adhered to, and whether
the information about performance is reliable.
This role of the audit committee is still necessary
with regard to sustainability performance and
reporting, even if there is a separate sustainability
committee, or if sustainability matters are
addressed by another board committee.

Audit Committee Resource Guide 43

 Questions for audit committees to consider in establishing a sound
assurance regime

• What are the key business processes and/or information that need to be assured?
• Which of these key business processes and/or information will we need to make public representations about and
when will this be feasible?
• Is the framework in terms of which representations of these processes and/or information are prepared acceptable
and robust?
• Who are all the actual and potential parties who are relied upon to provide assurance and is a Combined Assurance
Model being followed? Is the assurance process as efficient and effective as it can be? Where there are overlaps or
gaps, are we satisfied that the risks warrant the continuation of such arrangements?
• Has a consistent and appropriate level of materiality been approved and accepted by the company for purposes of
internal assurance providers? Are those levels of materiality compatible and defensible compared to those that will be
used by external assurance providers?
• Are the criteria against which the subject matter(s) must be weighed in the assurance process reliable, neutral,
understandable, complete and relevant?
• Are the standards which will be used by the parties providing assurance consistent and compatible? Are the levels of
assurance to be provided consistent and compatible? Is there a requirement for rationalisation and improvement?

44
With respect to specific disclosures in the • a statement on whether the audit committee
integrated report, King III requires that the complied with its legal, regulatory or other
following information relating to the functioning responsibilities, and
of the audit committee is provided in the • a statement on whether or not the audit
integrated report: committee recommended the integrated
report to the board for approval.
• a summary of the role of the audit committee
• a statement on whether or not the audit It is important that full disclosure of the activities
committee has adopted a formal terms of of audit committee is communicated to the
reference that have been approved by the user, as it impacts the users’ perceptions of
board and if so, whether the committee the involvement of the audit committee, and
satisfied its responsibilities for the year in how the audit committee has fulfilled their
compliance with its terms of reference responsibilities.
• the names and qualifications of all members
of the audit committee during the period
under review, and the period for which they
served on the committee
• the number of audit committee meetings
held during the period under review and
members’ attendance at these meetings
• a statement on whether or not the audit
committee considered and recommended
the internal audit charter for approval by the
board
• a description of the working relationship with
the CAE
• information about any other responsibilities
assigned to the audit committee by the board

Audit Committee Resource Guide 45

Section 4

46
Audit Committee Resource Guide 47
Audit committees of Leading practices for the audit committee’s
relationship with the independent auditor
companies are directly include:
responsible for the • exercise ownership of the relationship with the
independent auditor
appointment, compensation, • discuss with the auditor any potential or
contentious issues in terms of independence/
and oversight of the ethical requirements
independent auditor, • get to know the lead partners and meet
periodically with specialists (e.g., tax, IT,
including the resolution fair value)
of any disagreements • establish expectations regarding the nature
and method of communication, as well as the
with management. It is exchange of insights
optimal that the audit • engage in consistent dialogue outside of the
regularly scheduled meetings
committee, management, • set an annual agenda with the independent
the internal auditors, and the auditor
• focus on independence, including a process for
independent auditor work the preapproval of services beyond the audit
together in a spirit of mutual • provide formal evaluations and regular
feedback.
respect and cooperation. The
active involvement of a high- Private sessions with the independent auditor
are a way to maintain open communication
quality, transparent audit and identify concerns. The audit committee and
the independent auditor typically meet at least
committee will enhance quarterly and engage in thorough discussion.
the perception of the audit
The audit committee should have a process
quality and of the quality of for overseeing management’s resolution of
the financial statements. significant issues raised by the independent
auditor.

48
Communication between - the auditor’s rationale for serving as principal
auditor if significant parts of the work are
the audit committee and the performed by others, and
independent auditor - any significant changes to the original
strategy or significant risks and the reasons
The independent auditor is required by for such changes
the International Standards on Auditing to • fraud or information that indicates that fraud
communicate the following to the audit may exist or other matters relating to fraud
committee: relevant to the responsibilities of the audit
• the auditor’s responsibilities in relation to the committee
audit. This may include an understanding of • suspected or actual non-compliance with laws
the terms of the audit engagement, normally and regulations
outlined annually in an engagement letter, • significant findings from the audit and the
including the objective of the audit and the auditor’s views about significant qualitative
responsibilities of the auditor and management aspects of the entity’s accounting practices,
• the form, timing and expected general content including accounting policies, accounting
of communications with the audit committee estimates and financial statement disclosures.
• an overview of the planned scope and timing
of the audit. This may include Matters to be discussed may include:
- the nature and extent of specialised - management’s initial selection of, or changes
skills necessary to perform planned audit in, significant accounting policies or the
procedures application of such policies in the current
- the extent to which the independent auditor period, and
plans to rely on work performed by the - the effect on financial statements or
company’s internal audit function or others disclosures of significant accounting policies
in the audit of the financial statements and in controversial areas or areas for which
internal control over financial reporting there is a lack of authoritative guidance or
- the names, locations, and anticipated consensus, or diversity in practice
responsibilities of any firm or personnel
performing audit work in the current period
but not employed by the auditor

Audit Committee Resource Guide 49

 - all critical accounting policies and practices • significant matters arising during the audit in
to be used, including (i) the reasons certain connection with related parties
policies and practices are considered critical, • material misstatements of fact contained
and (ii) how current and anticipated events in other information. The auditor may also
might affect the determination of whether communicate their responsibility, including any
certain policies and practices are considered related procedures performed and the results
critical of such procedures when other information
- when applicable, an explanation of why the is presented in documents containing audited
auditor considers a significant accounting financial statements
practice, that is acceptable under the • events or conditions which cast significant
applicable financial reporting framework, doubt on the entity’s ability to continue
not to be most appropriate to the particular as a going concern. The communication
circumstances of the entity may include the auditor’s conclusion about
- critical accounting estimates, including (i) a management’s plans to alleviate substantial
description of the process management used doubt about the company’s ability to continue
to develop critical accounting estimates, (ii) as a going concern and the effects, if any,
management’s significant assumptions used on the financial statements and the auditor’s
in critical accounting estimates that have a report, if substantial doubt remains about
high degree of subjectivity, (iii) any significant the company’s ability to continue as a going
changes management made to the processes concern
used to develop critical accounting estimates • uncorrected misstatements and the effect
or significant assumptions, a description of that they may have on the opinion in the
management’s reasons for the changes, and auditor’s report and the effect of uncorrected
the effects of the changes on the financial misstatements related to prior periods,
statements including those were there was another
- significant unusual transactions, including (i) predecessor auditor, on the relevant classes of
significant transactions that are outside the transactions, account balances or disclosures,
normal course of business for the company and the financial statements as a whole
or that otherwise appear to be unusual due • other matters communicated or discussed with
to their timing, size, or nature, and (ii) the management
policies and practices management used to • written representations the auditor is
account for significant unusual transactions requesting

50
• possible modifications to the auditor’s report • failures by group management to inform
i.e. a modified opinion or an emphasis of component management of matters significant
matter or other matter paragraph, including to the financial statements of the component
the reasons for modifying the opinion and the • matters relating to subsequent events i.e. facts
proposed wording to be used in the auditor’s discovered after the date of the auditor’s report
report but before the financial statements are issued
• any significant difficulties encountered that would have impacted the auditor’s report
during the audit, including, but not limited or are discovered after the financial statements
to, (i) significant delays by management, the have been issued
unavailability of company personnel, or an • other matters arising from the audit that are
unwillingness by management to provide significant to the oversight of the company’s
information needed for the auditor to perform financial reporting process, including
his or her audit procedures, (ii) an unreasonably complaints or concerns regarding accounting
brief time within which to complete the audit, or auditing matters that have come to the
(iii) unexpected extensive effort required by auditor’s attention during the audit and the
the auditor to obtain sufficient appropriate results of the auditor’s procedures regarding
audit evidence, (iv) unreasonable management such matters
restrictions encountered by the auditor on the • certain matters relating to the auditor’s
conduct of the audit, and (v) management’s independence.
unwillingness to make or extend its assessment
of the company’s ability to continue as a going
concern when requested by the auditor
• significant deficiencies in internal control
identified during the audit, including a
description of the deficiencies and an
explanation of their potential effects. This
would also include significant deficiencies
identified by component auditors
• group audit matters i.e. scope of the audit,
involvement in the component auditor’s work,
limitations on the scope of the work, fraud
related matters

Audit Committee Resource Guide 51

In addition, the independent auditor generally Audit committee to communicate with the
communicates the following to the audit independent auditor
committee: • Meet to review and discuss with the
independent auditor the company’s annual
• whether the audit committee is aware of audited financial statements and quarterly
matters relevant to the audit, including, but financial statements, including disclosures in
not limited to, violations of laws or regulations management’s discussion and analysis
• matters that are difficult or contentious for • Periodically, meet separately with the
which the auditor consulted outside the independent auditor, management, and the
engagement team and that the auditor internal auditors
reasonably determined are relevant to the audit • Obtain a formal written communication
committee’s oversight of the financial reporting from the independent auditor regarding
process independence and other matters annually
• management’s consultation with other • Review with the independent auditor any audit
accountants about significant auditing or problems or difficulties and management’s
accounting matters when the auditor has response
identified a concern regarding such matters • Set clear hiring policies for employees or former
• any disagreements with management about employees of the company’s independent
matters, whether or not satisfactorily resolved, auditor.
that individually or in the aggregate could • Review the scope and the extent of non-audit
be significant to the company’s financial services provided (and pre-approved) with the
statements or the auditor’s report. independent auditor.
• Discuss and agree the audit fee with the
independant auditor.

52
Auditor Independence The Companies Act sets out the duties of
the audit committee. The majority of the
statutory duties are aimed at ensuring that the
Independence is governed primarily by the
independent auditor is and remains independent.
requirements of section 290 of the International
Cognisance should be taken of the provisions of
Ethics Standards Board for Accountants (IESBA)
section 90(2) and (3) of the Companies Act in
Code of Ethics for Professional Accountants (the
which requirements for the appointment of the
IFAC Code). Furthermore, auditors are required
auditor is set out. Both the person responsible
to comply with the Independent Regulatory
for the audit as well as the audit firm are
Board for Auditors (IRBA) Code of Professional
prohibited from providing accounting, book-
Conduct for Registered Auditors, which is similar
keeping and related secretarial services on a
to the IFAC Code.
regular or habitual basis, and may not engage
for more than one year in the maintenance of
Locally, the Companies Act and King III
any of the company’s financial records or the
provide guidance to ensure that the auditor’s
preparation of any of its financial statements.
independence is guaranteed. These rules
Where such services were provided at any time
recognise the critical role of audit committees
in the five years preceding the appointment of
in financial reporting and their unique position
the auditor, such auditor will be disqualified
in monitoring auditor independence. The
from appointment. In this regard, it should be
Companies Act makes it clear that the audit
noted that the Regulatory Board for Independent
committee’s main responsibly is to ensure that
Auditors (IRBA) and the Companies and
the auditor is, and remains independent. As such
Intellectual Property Commission (CIPC) enforce
the appointment of the auditor is dependent
the said provisions from 1 January 2014 on a
on the audit committee’s confirmation that the
prospective basis, i.e. they only consider the
auditor is independent of the company.
services listed in section 90(2) rendered after 1
January 2014.

Audit Committee Resource Guide 53

 Audit committee’s statutory duties to ensure the independence of the
independent auditor
Section 94(7) of the Companies Act

An audit committee of a company has the following duties:

(a) To nominate, for appointment as auditor of the company under section 90, a registered auditor who, in the opinion
of the audit committee, is independent of the company;
(b) to determine the fees to be paid to the auditor and the auditor’s terms of engagement;
(c) to ensure that the appointment of the auditor complies with the provisions of this Act and any other legislation
relating to the appointment of auditors;
(d) to determine, subject to the provisions of this Chapter, the nature and extent of any non-audit services that the
auditor may provide to the company, or that the auditor must not provide to the company, or a related company;
(e) to pre-approve any proposed agreement with the auditor for the provision of non-audit services to the company;
(f) to prepare a report, to be included in the annual financial statements for that financial year—
(i) describing how the audit committee carried out its functions;
(ii) stating whether the audit committee is satisfied that the auditor was independent of the company; and
(iii) commenting in any way the committee considers appropriate on the financial statements, the accounting practices
and the internal financial control of the company;
(g) to receive and deal appropriately with any concerns or complaints, whether from within or outside the company, or
on its own initiative, relating to—
(i) the accounting practices and internal audit of the company;
(ii) the content or auditing of the company’s financial statements;
(iii) the internal financial controls of the company; or
(iv) any related matter;
(h) to make submissions to the board on any matter concerning the company’s accounting policies, financial control,
records and reporting; and
(i) to perform such other oversight functions as may be determined by the board.

54
Assessment of independence
Section 94(8) of the Companies Act

In considering whether, for the purposes of this Part, a registered auditor is independent of a company, the audit
committee of that company must—
(a) ascertain that the auditor does not receive any direct or indirect remuneration or other benefit from the company,
except—
(i) as auditor; or
(ii) for rendering other services to the company, to the extent permitted in terms of subsection (7) (d);
(b) consider whether the auditor’s independence may have been prejudiced—
(i) as a result of any previous appointment as auditor; or
(ii) having regard to the extent of any consultancy, advisory or other work undertaken by the auditor for the company
(c) consider compliance with other criteria relating to independence or conflict of interest as prescribed by the
Independent Regulatory Board for Auditors established by the Auditing Profession Act, in relation to the company, and
if the company is a member of a group of companies, any other company within that group.

Audit Committee Resource Guide 55

The independence rules are different for entities Financial interests. Holding a financial
governed by the Securities Exchange Commission interest in an audit client may create a threat
(SEC). For such entities the SEC rules should be to independence depending on the (a) role of
studied on what is applicable. the person, (b) whether the holding is direct or
indirect and (c) the materiality of the financial
For the purpose of this section, we will focus on interest. Examples of such threats can include
the independence principles per the IFAC code. investment in the audit client’s debt or equity
The independence rules address the following securities, loans, collective investment funds and
issues: other financial interest products, or financial
• relationships between the auditor and its audit interests held by trusts or estates of which certain
client arising from: of its people (and or their immediate family
- personal financial interests members) are trustees or executors . (In some
- family and personal relationships audit firms the rules regarding investments in
- employment relationships audit clients can be more restrictive than the IFAC
- business relationships with audit clients and rules and the audit committee should enquire
consultants from the auditor if they have more restrictive
• non-assurance services provided by auditors policies on financial interest).
• contingent fees and commissions
• long association of senior personnel with Family and personal relationships. Threats to
the audit client, which incorporates partner independence occur when family and personal
rotation relationships exist between the audit team
• the audit committee’s administration of the and a director or officer or certain employees
audit engagement (depending on their role) of the audit client.
• compensation of audit partners Depending on the closeness of the relationship
safeguards could reduce the threat to an
acceptable level otherwise the individual who has
such a relationship shall not be a member of the
audit team.

56
Employment relationships. The rule states that Business relationships. The rule prohibits an
independence is impaired if a current partner, independent auditor from having a direct or
principal, shareholder, or professional employee material indirect business relationship with an
of the independent auditor has an employment audit client, or with persons associated with
relationship with, or serves as a member of the the audit client in a decision-making capacity,
board of directors or similar management or such as an audit client’s officers, directors, or
governing body of, the audit client. substantial stockholders. This prohibition does
not preclude the independent auditor from
Independence can be impaired if former partners providing permissible services to the audit client or
or members of the audit engagement team are purchasing goods or services from the audit client
employed as directors or officers or employees as a consumer in the ordinary course of business.
in positions to exert significant influence over
the preparation of the audit client’s accounting There are rules for different types of business
records of the financial statements on which relationships between the audit firm and the
the audit firm express an opinion on. Such audit client or its personnel that should be
individuals should not be employed by the audit considered. For example:
client unless certain criteria are met such as the • Vendor Business Relationships
position offered to the person, the former role • Marketplace Business Relationships (including,
of the person as the audit client, continuous Alliances, Teaming, prime / subcontracting,
involvement at the audit client and the time that reseller, investment, commission or referral
has passed from last audit prior to position being fee, sponsorships, co-publishing and speaking
filled. engagements.

Partners of the audit firm should not act

temporarily as a director, officer or employee of
an audit client. Lending of professional staff to
an audit client for a short period of time may in
certain instances be provided. The temporary
lending of staff is not allowed for audit clients
that are SEC Registrants or affiliates of SEC
Registrants.

Audit Committee Resource Guide 57

Non-assurance services provided by The phrase “audit services” would refer to those
auditors. Providing non-audit services to the activities performed under the supervision and
audit client may create threats to independence. direction of the auditor in order to support an
The rules permit an auditor to provide certain opinion on the annual financial statements, a
non-audit services and in other cases it may review opinion on interim financial information,
be possible to eliminate or reduce the threats and, where applicable, other matters which are
created by the application of safeguards. consequential on the audit appointment and
Non-audit services are required to be which arise from statute (for example, the capital
preapproved by the audit committee; adequacy (Basel II) reports issued by an auditor
The terms “audit” or “audit services” would bear of a registered bank in terms of the Banks Act).
the same meaning as elsewhere in the Companies
Act or the statute which requires the appointment As the audit committee determines the audit
of an auditor. The exact extent of “audit services” fee and terms thereof; and also the nature and
is not entirely clear. In the event that the auditor extent of any non-audit services, and as both
intends to perform services for the company of are ordinarily the subject of an engagement
which their inclusion in the meaning of “audit letter, there should be little risk arising from
services” could be contentious, the auditor should the definition as, whether the auditor includes
clearly set out such services in a document and a service as an audit service or a non-audit
obtain preapproval from the audit committee for service, the audit committee would have input in
the performance of such services, prior to the approving such a service.
conclusion of a formal contract with the company
in this regard. This situation would typically arise The interpretation of the phrase “pre-approve
where a company, as a matter of policy, imposes any proposed contract with the auditor for the
certain procedures on itself which are not strictly provision of non-audit services to the company”
speaking required as part of the audit. is difficult. However, it is important to consider
both the intent of the legislation and also other
practice in markets which have similar provisions.

58
On this basis it is possible for there to be a master The auditor should never take up a management
service agreement in place governing the auditor’s responsibility when providing any permissible
provision of non-audit services, provided the non-audit services to the audit client.
agreement includes all material terms governing
the provision of such non-audit services. Where The independence rules include certain
an auditor has such pre-approval in place it would prohibitions on the following list of services
nonetheless be incumbent on the auditor to depending if the non-audit services is being
table for approval from time to time the extent provided to the audit client, or any of its
of fees to be paid or paid in respect of actual subsidiaries, affiliates or divisions. Some of the
non-audit services provided. Further, the master non-audit services are completely prohibited for
public interest entities.
service agreement should include the terms under
which the services are provided, the nature of
List of non-audit services with specific
services which can be provided, and the extent
independence rules to be considered include:
of such services, which is pre-approved by the • tax services as follows:
audit committee. If services are provided under - tax return preparation services
different terms to those pre-approved by the - tax calculations for purpose of preparing the
audit committee, then these terms should be accounting entries
pre-approved by the audit committee. - tax planning and other tax advisory services
- assistance in resolution of tax disputes
A pre-approval policy drafted by the audit • design and implementation of financial
committee will not be sufficient to discharge information systems
the obligation on the audit committee to • appraisal or valuation services, fairness
opinions, or contribution-in-kind reports
pre-approve all non-audit services. The provisions
• actuarial services
of section 94(7)(d) that the audit committee
• internal audit services
must determine the “nature and extent” of any • human resources ( including recruiting senior
non-audit services to be provided by the auditor management)
appear, however, to require that the audit • corporate finance services (including broker-
committee formulates a policy in this regard. dealer, investment advisory, or investment
Amongst other things, the audit committee banking services)
could consider a list of services which the auditor • legal services
would not, as a matter of principle, be allowed • litigation support and expert services
to render or certain limitations on fees to be paid • bookkeeping
for non-audit services received from the auditors. • temporary staff assignments

Audit Committee Resource Guide 59

 Useful tips when considering auditor independence

This is not a comprehensive list, but can be used when dealing with the auditor on various aspects:
• obtain confirmation from the auditor on the audit team’s independence in respect of financial interests of both the
team members and their immediate family members
• consider independence prior to offering a position to a member of the audit team and communicate this to the audit
partner in time
• consider the list of prohibited services when requesting services from the auditor
• the audit team should never act in a capacity of management / perform a management function when providing
permissible non-audit services to the audit client
• temporary staff placements from the audit team, are not in all instances possible
• when requesting certain non-audit services that may be allowed with safeguards, please be aware that this will not be
a member of the audit team
• partners of an audit client, may not be appointed as a director of the audit client
• directors of the audit client, may not be contracted by the audit firm for any services, therefore if a new director is
elected ensure this person is not in contract with the audit client

60
Auditor rotation individual may not be appointed again as the
auditor or designated auditor of that company
The Companies Act provides for the regular until after the expiry of at least two further
rotation of auditors. The designated auditor (not financial years (“cooling off period”).
the firm) must be rotated every five years. The
same individual (designated auditor) may not The audit committee should take cognisance
serve as the auditor or designated auditor of a of developments internationally pertaining
company for more than five consecutive financial to mandatory audit firm rotation, and the
years. In terms of the transitional provisions set prohibition of certain non-audit services.
out in the Companies Act the five consecutive Although mandatory firm rotation is not effective
financial years contemplated in section 92 must in South Africa, the auditor of a group of
be calculated from the date of commencement companies may be affected where the holding
of this Act. company (in, for example Europe) is obliged
to change audit firms, and decides to change
The effect of the transitional provision is that a the audit firm with respect to all its subsidiaries
designated auditor (the audit partner) only needs across the globe.
to rotate off a particular audit in five years’ time
(or earlier, if required in terms of the IFAC rules, Quality of the audit
which requires rotation after seven years). This
applies even if the audit partner had been the The audit committee can positively influence the
designated auditor of any number of years prior quality of the audit through actively engaging
to the commencement of the new Act. with the auditor and questioning the auditor
where there is concern that the audit quality
In terms of the provisions of the Act, an audit is inappropriate. The motivation of the audit
partner will be disqualified from serving as committee should not be on minimising cost
designated auditor as soon as he or she had since this may impact audit quality, but rather
served as designated auditor for more than five focusing on ensuring that sufficient, appropriate
years. In effect, a partner that was appointed on resources, including experts, have been involved
1 May 2011 may only serve until 1 May 2016. on the audit and risks adequately addressed. The
audit committee should consider evaluating audit
quality and defining criteria for measuring the
Where an individual has served as the auditor
or designated auditor of a company for two or quality of the audit.
more consecutive financial years and then ceases
to be the auditor or designated auditor, the

Audit Committee Resource Guide 61

Evaluation of the The party responsible for coordinating the
evaluation should obtain information not
independent auditor only from the audit committee, but from
senior financial management and the internal
Because there is no formal guidance regarding auditors. Depending on the size and structure
the evaluation of the independent auditor of the company, it may be appropriate
and because needs and preferences vary by to obtain input from the management of
company and audit committee, practices for significant operating locations or business units.
evaluating the independent auditor range from • Form and nature of the assessment. Some
highly formalised processes with extensive independent auditors have assessment
documentation to more informal processes. questionnaires for evaluating client service.
Factors the audit committee may consider in Audit committees can use these questionnaires,
developing an evaluation process include: tailor them to fit their needs, or create their
• Frequency and timing of the evaluation. Many own. The assessment can be done by having
audit committees perform the evaluation the relevant parties complete the questionnaire
annually, immediately following the fiscal-year in writing or by holding interviews. They may
financial reporting. also have a discussion about the experience the
• Parties involved in the assessment. Although audit committee and others at the company
Section 94 of the Companies Act does not have had in working with the independent
require the audit committee to evaluate the auditors.
independent auditor, many conduct some
form of evaluation to make decisions on
auditor appointment and retention. As noted
previously, Section 94 of the Act established
the audit committee’s responsibility for the
appointment, compensation, and oversight of
the independent auditor. However, it may not
be practical for the audit committee to oversee
and coordinate the entire evaluation. In many
instances, the audit committee delegates the
coordination responsibility to the internal audit
department or another group in the company.

62
 Notes:

• Assessment criteria. The criteria for evaluating

the independent auditor vary. Common criteria
specific to the engagement team include
technical competence, industry knowledge,
frequency and quality of communication,
cohesiveness as a team, and the level of
support provided to the audit committee in
fulfilling its responsibilities. Audit committees
may consider information about the
characteristics of the audit firm itself, such as
size, financial strength and stability, presence
in key markets, approach to professional
development, technological capabilities, nature
of the audit approach, quality of thought
leadership, and eminence in the marketplace.

Audit Committee Resource Guide 63

Section 5

Education
and evaluation
64
Audit Committee Resource Guide 65
Board education When designing a program of continuing
education, the board should identify risks and
complex issues facing the organisation. Directors
With the enhanced focus on the responsibilities
can then evaluate their knowledge in these areas.
of boards and audit committees, continuing
This self-assessment can help the board gain a
education for directors is an area of increasing
better picture of the issues it should include in
importance. There are many options; for
the program. Depending on the organisation’s
instance, public forums on corporate governance
size and complexity, the board may want to enlist
are offered by many professional services firms,
the internal auditors or outside consultants in the
universities, and not-for-profit organisations.
self-assessment process.
Benefits include the opportunity to meet with
peers and share experiences, and these programs
For the audit committee, the focus is more
can be invaluable for gaining knowledge from
specific, centred on financial reporting and
experts on trends in corporate governance. These
accounting issues such as revenue recognition,
forums often feature speakers who would not be
pensions and other post-employment benefits,
available otherwise. However, boards should be
financial instruments, critical accounting policies,
careful not to rely completely on public programs
and internal controls.
designed for a broad audience, because they
may not address the dynamics of a specific
Once a curriculum is set, the board, the audit
company and its industry.
committee, and management should assess
the resources available to create and deliver the
An increasingly popular option is a customised
program. The program should be developed
program of continuing education focusing on
using a mix of individuals—some with company
topics such as roles and responsibilities, risk
knowledge and others with an external
oversight, industry expertise, and financial
perspective.
literacy. Customised courses can address subjects
relevant to the company’s needs and incorporate
company-specific policies, processes, and
objectives.

66
 Notes:

In addition to continuing education, the

company should consider orientation programs
for new directors and audit committee members.
Materials should include information on the
company’s history and operations, corporate
governance, industry trends, accounting policies
and practices, company policies and the code of
ethics, and major business and financial risks.

Leading Practices

• Provide orientation of new members with

executives and independent auditors
• Consider offering continuing education
programs in specialised or regulated industries,
industry trends, reporting, operations, and
related topics as well as particular issues
relevant to the company and its business
• Offer one-on-one and committee-level
education

Audit committees also benefit from periodically

inviting subject-matter specialists to participate
in audit committee meetings to enhance the
committee’s knowledge and effectiveness.
For example, specialists in international tax,
governance, or a particular industry could
provide valuable insight in addressing risks or
new requirements. Independent auditors or
outside consultants can assist in identifying
appropriate specialists.

Audit Committee Resource Guide 67

Audit committee • whether the audit committee raises the
right questions with management and the
performance evaluation independent auditor, including questions that
indicate its understanding of critical accounting
King III requires the board to perform an annual policies and judgments
performance evaluation, and it recommends • whether the audit committee has been
that this requirement be included in the audit responsive to issues raised by the independent
committee’s charter. The Companies Act does auditor.
not require audit committees to assess their
performance, but the legislation itself may be Because there are no specific guidelines for
the strongest argument for a robust evaluation assessing an audit committee’s performance,
process. members and directors have the benefit and
the burden of collaborating on an appropriate
Performance assessment also provides process. When advisable, this should be done in
information that the audit committee can use consultation with legal counsel.
to improve processes. This is important because
the independent auditor must consider the There are several considerations in shaping
effectiveness of the audit committee’s oversight the assessment process. First, there are various
of financial reporting when evaluating the control parties that may lead the assessment: the audit
environment. It is proposed that the following committee; the entire board or its nominating/
factors should be included in the consideration of governance committee; or the internal auditors.
the audit committee’s effectiveness: Some audit committees have found it useful to
• independence of the audit committee members engage an objective third party to assist with the
from management evaluation process. A combination of these may
• clarity with which the audit committee’s prove optimal. For example, a committee may
responsibilities are articulated and the degree choose to engage an adviser every two or three
to which they are understood by management years, and facilitate the process internally in the
and the audit committee other years.
• interaction of the audit committee and the
independent auditor, the internal auditors, and
senior financial executives

68
The format of the evaluation is another A well-crafted performance assessment process
consideration. In the case of a self-assessment, can provide a number of benefits to the audit
audit committee members may complete a committee, including:
questionnaire collectively or individually. If the • prioritising the audit committee agendas and
internal auditors, the board, or management meeting structure to focus on the most critical
conducts the assessment, the format may issues
consist of evaluation forms, interviews, or both. • shifting compliance oversight into the time
The party leading the evaluation may consider between live meetings
soliciting information from individuals who have • considering the committee’s composition in
significant interaction with the audit committee. the context of current and future financial
The committee may want to consider changing reporting challenges
the process periodically to keep it fresh. • revisiting the timing, level of detail, and quality
of materials provided by management
Documentation is another significant concern, • identifying topics for continuing education
and the advice of corporate counsel is important
in this matter. Regardless of the level of Tools and resources. See Annexure C for
documentation in the evaluation process, the a sample audit committee performance
audit committee should identify and address evaluation.
opportunities for improvement.

Developing and executing a plan for

improvement is the ultimate objective of the
assessment. A performance evaluation may
highlight the need to examine issues such
as the audit committee’s composition and
qualifications, information related to key financial
reporting areas, members’ understanding of
complex accounting and financial reporting
issues, and meeting agendas.

Audit Committee Resource Guide 69

70
Sample audit committee charter

Appendix

A Audit Committee Resource Guide 71

Sample audit committee This template is designed for SA public
companies; exceptions to the requirements
charter noted below may apply for certain companies,
including investment companies, small-business
This sample audit committee charter is based issuers, and foreign private issuers. All companies
on a review of selected company charters, as should consult with legal counsel regarding the
well as the requirements of the Companies Act applicability and implementation of the various
and the King Report on Governance for South requirements identified.
Africa 2009 (King III). Deloitte does not accept
any responsibility for any errors this publication Charter of the audit committee of the board of
may contain, whether caused by negligence or directors
otherwise, or for any losses, however caused,
sustained by any person that relies on it. The 1. Purpose
information presented can and will change;
we are under no obligation to update such 1.1. The audit and risk committee (the
information. Deloitte makes no representations committee) is constituted as a statutory
as to the sufficiency of these tools for your committee of [insert the name of the
purposes, and, by providing them, we are company] (the Company) in respect of
not rendering accounting, business, financial, the statutory duties in terms of section
investment, legal, tax, or other professional 94(7) of the Companies Act, 2008 and a
advice or services. These tools should not be committee of the board in all other duties
viewed as a substitute for such professional assigned to it by the board.
advice or services, nor should they be used as 1.2. Except with respect to the appointment,
a basis for any decision that may affect your fees and terms of engagement of the
business. Before making any decision or taking independent auditor, the decisions of the
any action that may affect your business, you committee do not reduce the individual
should consult a qualified professional adviser. and collective responsibilities of board
Deloitte does not assume any obligations as a members in regard to their fiduciary duties
result of your access to or use of these tools. and responsibilities. Directors must ensure
that they meet the standards of director’s
conduct as provided for in section 76 of
the Companies Act to act in good faith

72
 and for a proper purpose, in the best 1.5.8. Oversight of internal controls and financial
interest of the company, and with the reporting
necessary care, skill and diligence. 1.5.9. Risk assessment and oversight
1.3. This charter is subject to the provisions of 1.6. Consistent with these functions, the audit
the Companies Act and the company’s committee should encourage continuous
Memorandum of Incorporation, as well as improvement of, and should foster
and any other applicable law or regulatory adherence to, the company’s policies,
provision. procedures, and practices at all levels.
1.4. The duties and responsibilities of the The audit committee should also provide
members of the committee as set out in for open communication among the
this document are in addition to those independent auditor, financial and senior
duties and responsibilities that they have management, the internal audit function,
as members of the board. and the board of directors.
1.5. The audit committee is appointed by
the shareholders of the company for the 2. Membership
primary purpose of assisting the board in:
1.5.1. Ensuring the continued independence of 2.1 The committee shall be appointed
the independent auditor annually by the shareholders and shall
1.5.2. Overseeing the external audit process comprise at least three members.
1.5.3. Overseeing integrated reporting 2.2 The board, through the nominations
1.5.4. Applying the combined assurance model committee, shall identify and nominate
to ensure a coordinated approach to all suitably skilled and experienced directors
assurance activities for appointment by the shareholders.
1.5.5. Reviewing, the expertise, resources and 2.3 The board shall fill a vacancy on the
experience of the finance function committee within 40 business days, to be
1.5.6. Considering the appropriateness of the ratified by shareholders at the next annual
expertise and experience of the financial general meeting.
director 2.4 The audit committee must consist of at
1.5.7. Overseeing the internal audit function least three members. Each member of
the committee must be a director of the
company and not:

Audit Committee Resource Guide 73

2.4.1 be involved in the day to day 2.7 Only members of the committee shall
management of the company for the past have the right to vote. However, other
financial year individuals such as the Chairman of
2.4.2 be a full-time employee of the company the board, the Chief Executive Officer,
for the past 3 financial years the Chief Financial Officer, the Head of
2.4.3 be a material supplier or customer of Internal Audit and other representatives
the company such that a reasonable and from the finance department may
informed third party would conclude be invited to attend for all or part of
in the circumstances that the integrity, any meeting as and when considered
impartiality or objectivity of that director is appropriate by the committee.
compromised by that relationship, and 2.8 The independent auditors shall be invited
2.4.4 be related to anybody who falls within the to attend meetings of the committee on a
above criteria. regular basis.
2.5 All members of the committee shall have
general financial knowledge, at least one 3. Secretary
of whom shall have recent and relevant
financial experience. Collectively, the 3.1 The company secretary of the company,
committee should have an understanding or its nominee, shall act as the secretary
of all matters that are integral to the of the committee.
company’s integrated report.
2.6 The board shall appoint the chairman 4. Quorum
of the committee. In the absence of the
chairman of the committee and/or an 4.1 The quorum necessary for the transaction
appointed deputy, the remaining members of business shall be constituted by
present shall elect one of themselves to a majority of the members of the
chair the meeting. committee. A duly convened meeting
of the committee at which a quorum is
present shall be competent to exercise
all or any of the authorities, powers and
discretions vested in or exercisable by the
committee.

74
5. Frequency of Meetings 7. Minutes of Meetings

5.1 The committee shall meet at least 7.1 The secretary shall minute the proceedings
four times a year at appropriate times in the and resolutions of all meetings of the
reporting and audit cycle and additionally committee, including the names of those
as the chairman of the committee considers present and in attendance.
necessary. The external or internal auditors 7.2 The secretary shall ascertain, at the
may request a meeting, if they consider one beginning of each meeting, the existence
is necessary, as may any committee member. of any conflicts of interest and minute
them accordingly. If any conflict of interest
6. Notice of Meetings and exists, the director subject to the conflict
Agenda shall not participate or vote on the issue
giving rise to the conflict.
6.1 Meetings of the committee shall be 7.3 Minutes of committee meetings shall be
convened by the secretary of the circulated promptly to all members of
committee at the request of the chairman the committee and, once agreed, to all
of the committee. members of the board, unless a conflict
6.2 Unless otherwise agreed, notice of each of interest exists, and to the independent
meeting confirming the venue, time and auditors and the CAE.
date, together with an agenda of items 7.4 The minutes of the committee shall be
to be discussed, shall be forwarded to formally approved at its next scheduled
each member of the committee, and meeting.
any other person required to attend,
no later than one week prior to the 8. Annual General Meeting
meeting. Supporting papers shall be sent
to committee members, and to other 8.1 The chairman of the committee shall
attendees as appropriate, at the same attend the Annual General Meetings of
time. the company and be prepared to respond
6.3 The chairman will approve the agenda to any shareholder questions on the
for committee meetings and any member committee’s activities.
may suggest items for consideration.

Audit Committee Resource Guide 75

9. Duties 9.1.3.3 assessing their independence and
objectivity annually taking into account
9.1 Independent (External) Audit relevant professional and regulatory
The committee shall: requirements and the relationship with
9.1.1 consider and make recommendations the auditor as a whole, including the
to the board, to be put to shareholders provision of any non-audit services;
for approval at the Annual General 9.1.3.4 satisfying itself that there are no
Meetings of the company, in relation to relationships (such as family, employment,
the appointment, re-appointment and investment, financial or business) between
removal of the company’s independent the auditors and the company (other than
auditors. The committee shall oversee the in the ordinary course of business);
selection process for new auditors and 9.1.3.5 agreeing with the board a policy on the
if an auditor resigns the committee shall employment of former employees of the
investigate the issues leading to this and company’s auditors, then monitoring the
decide whether any action is required; implementation of this policy;
9.1.2 ensure that the appointment of the 9.1.3.6 monitoring the auditors’ compliance
auditor complies with the Companies Act, with relevant ethical and professional
the Auditing Profession Act and other guidance on the rotation of audit
relevant legislation; partners, the level of fees paid by the
9.1.3 oversee the relationship with the company compared to the overall fee
independent auditors including (but not income of the firm, office and partner and
limited to): other related requirements;
9.1.3.1 determining their remuneration, 9.1.3.7 assessing annually their qualifications,
whether fees for audit or non-audit expertise and resources and the
services; effectiveness of the audit process
9.1.3.2 approving their terms of engagement, which shall include a report from the
including any engagement letter issued at independent auditors on their own
the start of each audit and the scope of internal quality procedures;
the audit; 9.1.3.8 considering the risk of the withdrawal
of the company’s auditors from the
market; and

76
9.1.3.9 at least annually, obtaining and 9.1.6.1 a discussion of any major issues which
reviewing a report by the independent arose during the audit;
auditor describing: 9.1.6.2 a discussion and review of any
9.1.3.9.1 the independent auditor’s internal problems or difficulties with
quality-control procedures; management’s response to audit
9.1.3.9.2 any material issues raised by the most issues, and oversee any disagreements
recent internal quality-control review between management and the auditors
or peer review, or by any inquiry or if they arise;
investigation conducted by governmental 9.1.6.3 any accounting and audit
or professional authorities during the judgements; and
preceding five years with respect to 9.1.6.4 levels of errors identified during
independent audits carried out by the the audit.
independent auditor, and any steps taken 9.1.7 review the effectiveness of the audit
to deal with such issues process annually;
9.1.3.9.3 all relationships between the 9.1.8 review any representation letter(s)
independent auditor and the company requested by the independent auditors
9.1.4 meet regularly with the independent before they are signed by management;
auditors, including once at the planning 9.1.9 review the management letter and
stage before the audit and once after management’s response to the auditors’
the audit at the reporting stage. The findings and recommendations;
committee shall meet the independent 9.1.10 distinguish between audit and non-audit
auditors at least once a year, without services, and develop and implement a
management being present, to discuss policy on the supply of non-audit services
their remit and any issues arising from the by the independent auditors, taking into
audit; account any relevant ethical guidance on
9.1.5 review and approve the annual audit plan the matter;
and ensure that it is consistent with the
scope of the audit engagement;
9.1.6 review the findings of the audit with the
independent auditors. This shall include
but not be limited to, the following:

Audit Committee Resource Guide 77

9.1.11 pre-approve the contracts for 9.2.2 review summary financial statements,
non-audit services to be rendered by significant financial returns to regulators
the independent auditor and consider and any financial information contained
whether the auditor’s provision of in certain other documents, such as
non-audit services is compatible with the announcements of a price sensitive
auditor’s independence; and nature, provided that such monitoring
9.1.12 recommend to the board to engage an and review is not inconsistent with
external assurance provider to provide any requirement for prompt reporting
assurance over material elements (such under the listing requirements of the
elements should be determined by the Johannesburg Stock Exchange;
relevant committee responsible for 9.2.3 ensure that a combined assurance model
overseeing the sustainability reporting) is applied to provide a coordinated
of the sustainability part of the approach to all assurance activities, and in
integrated report. The audit committee particular:
should evaluate the independence and 9.2.3.1 ensure that the combined assurance
credentials of this external assurance received is appropriate to address all the
provider. significant risks facing the company; and
9.2.3.2 monitor the relationship between the
9.2 Financial Reporting external assurance providers and the
The committee shall: company;
9.2.1 monitor the integrity of the financial 9.2.4 understand the scope of the internal
statements of the company, including and independent auditors’ review of
its annual and half-yearly reports, internal control over financial reporting
preliminary results announcements and and obtain reports on significant findings
any other formal announcement relating and recommendations, together with
to its financial performance, reviewing management responses;
significant financial reporting issues and 9.2.5 receive and review any disclosure from
judgements which they contain; and the company’s CEO or CFO made in
connection with the certification of the
company’s quarterly and annual reports of:

78
9.2.5.1 significant deficiencies and material 9.2.9 assist the board in reviewing the
weaknesses in the design or operation integrated report to ensure that the
of internal control over financial information is reliable and that it does
reporting which are reasonably likely to not contradict the financial aspects of the
adversely affect the company’s ability to report.
record, process, summarise, and report
financial data; and The committee shall review and challenge
9.2.5.2 any fraud, whether or not material, where necessary:
that involves management or other 9.2.10 the consistency of, and any changes to,
employees who have a significant role in accounting policies both on a year on year
the company’s internal controls; basis and across the company;
9.2.6 review major issues regarding accounting 9.2.11 the methods used to account for
principles and financial statement significant or unusual transactions where
presentations, including any significant different approaches are possible;
changes in the company’s selection or 9.2.12 whether the company has followed
application of accounting principles; appropriate accounting standards
major issues as to the adequacy of the and made appropriate estimates and
company’s internal controls; and any judgements, taking into account the views
special audit steps adopted in light of of the independent auditors;
material control deficiencies; 9.2.13 the clarity of disclosure in the company’s
9.2.7 review analyses prepared by management financial reports and the context in which
and/or the independent auditor setting statements are made; and
forth significant financial reporting issues 9.2.14 all material information presented
and judgments made in connection with the financial statements, such
with the preparation of the financial as the operating and financial review,
statements; the corporate governance statement
9.2.8 review the effect of regulatory and (insofar as it relates to the audit and
accounting initiatives, as well as risk management) and the disclosure on
off-balance-sheet structures, on the sustainability issues (to ensure no conflict
financial statements of the company; and with financial information).

Audit Committee Resource Guide 79

9.3 Whistle blowing and fraud 9.4.3 consider and approve the remit of the
The committee shall: internal audit function and ensure it has
9.3.1 review the company’s arrangements adequate resources, skills, qualifications
for its employees to raise concerns, in and appropriate access to information
confidence, about possible wrongdoing to enable it to perform its function
in financial reporting or other matters. effectively and in accordance with the
The committee shall ensure that these relevant professional standards. The
arrangements allow proportionate and committee shall also ensure the function
independent investigation of such matters has adequate standing and is free from
and appropriate follow up action; management or other restrictions;
9.3.2 ensure that there is a process in place 9.4.4 approve the internal audit charter and
to be informed of any reportable perform an annual review of the charter,
irregularities (as identified in the Auditing making recommendations for changes if
Profession Act, 2005) identified and required;
reported by the independent auditor; and 9.4.5 review and approve the annual internal
9.3.3 review the company’s procedures audit plan;
for detecting and preventing fraud 9.4.6 evaluate the formal review of financial
and bribery and receiving reports on controls conducted annually by the
non-compliance. internal audit function on behalf of
the board and report to the board and
9.4 Internal Audit shareholders on the effectiveness of the
The committee shall: company’s internal controls;
9.4.1 monitor and review the effectiveness of 9.4.7 review all reports on the company
the company’s internal audit function from the CAE, including managements
in the context of the company’s overall responsiveness to findings and
internal controls and risk management recommendations;
systems, including giving consideration to
periodic independent quality review of the
function as deemed appropriate;
9.4.2 approve the appointment and removal of
the CAE;

80
9.4.8 meet the CAE at least once a year, 9.5.4 The committee shall compile a report
without management being present, to to shareholders on its activities to be
discuss their remit and any issues arising included in the company’s annual financial
from the internal audits carried out. In statements:
addition, the CAE shall have the right of 9.5.4.1 describing how the audit committee
direct access to the chairman of the board carried out its functions
and to the committee; and 9.5.4.2 stating whether the audit committee is
9.4.9 perform an annual assessment of the satisfied that the auditor was independent
internal audit function’s responsibility, of the company, and
budget and staffing, with input from the 9.5.4.3 commenting in any way the committee
independent auditor. considers appropriate on the financial
statements, the accounting practices
9.5 Reporting Responsibilities and the internal financial control of the
9.5.1 The chairman of the committee company.
shall report formally to the board on
its proceedings after each meeting 9.6 Other Matters
on all matters within its duties and The committee shall:
responsibilities. 9.6.1 have access to sufficient resources in order
9.5.2 The committee shall make whatever to carry out its duties, including access to
recommendations to the board it deems the Company secretary of the company
appropriate on any area within its remit for assistance as required;
where action or improvement is needed. 9.6.2 be provided with appropriate and timely
9.5.3 The committee shall consider, on an training, both in the form of an induction
annual basis, and satisfy itself of the programme for new members and on an
appropriateness of the expertise of on-going basis for all members;
the chief financial officer (acting as 9.6.3 at least once a year, review the
the financial director) and will report appropriateness of the expertise,
to shareholders in the company’s experience and adequacy of resources of
Annual Report that it has executed this the company finance function;
responsibility.

Audit Committee Resource Guide 81

9.6.4 oversee any investigation of activities 10.4 to require the chairmen of the other
which are within its terms of reference board committees, any of the executive
and act as a court of the last resort; and directors, any officer of the company,
9.6.5 at least once a year, review its own company secretary or assurance providers
performance, constitution and terms to provide it with information;
of reference to ensure it is operating at 10.5 to call any employee to be questioned at
maximum effectiveness and recommend a meeting of the committee as and when
any changes it considers necessary to the required;
board for approval. 10.6 to have the right to publish in the
company’s integrated report details of any
10. Authority issues that cannot be resolved between
the committee and the board; and
The committee derives its authority from the 10.7 to form, and delegate authority to,
statutory duties as contained in section 94 of the subcommittees and may delegate
Companies Act, as well as from the delegated authority to one or more designated
authority of the board as contained in this members of the committee.
document. The committee is authorised:
The committee has decision-making authority
10.1 to conduct investigations into any matters in regard to its statutory duties of verifying
within its scope of responsibility; the independence of the independent auditor,
10.2 to seek any information it requires from determining the fee for the independent
any employee, officer or director of any auditor, and for the terms of engagement of the
company in the company or external party independent auditor.
in order to perform its duties;
10.3 to obtain, at the company’s expense, any
outside legal or other professional advice
it shall reasonably require in connection
with the performance of its duties;

82
Notes:

Audit Committee Resource Guide 83

 B
Audit committee planning tool

Appendix
84
Audit Committee Resource Guide 85
Audit committee calendar This document is not an all-inclusive list of
activities that an audit committee should or must
of activities execute. The planning tool contains general
information only and does not constitute, and
Audit committees can use this tool to help plan should not be regarded as, legal or similar
their annual activities and meeting agendas. professional advice or service. Deloitte does
It considers the requirements for the audit not accept any responsibility for any errors
committees as per the Companies Act, 2008, this publication may contain, whether caused
King III and the JSE Listings Requirements, as by negligence or otherwise, or for any losses,
well as common practices in the marketplace however caused, sustained by any person that
and is subject to change if additional guidance relies on it. The information presented can and
is issued. The “Results From:” section indicates will change; we are under no obligation to
if the action or responsibility results from a update such information. Deloitte makes no
requirement of the Companies Act, 2008, King III representations as to the sufficiency of these
and the JSE Listings Requirements, or a common tools for your purposes, and, by providing
or emerging practice. The action or responsibility, them, we are not rendering accounting,
as described, may not be an explicit legislative business, financial, investment, legal, tax, or
or regulatory requirement or proposal, but other professional advice or services. These
may be an action that logically results from tools should not be viewed as a substitute for
other legislative or regulatory requirements or such professional advice or services, nor should
proposals. The “Suggested Frequency” section they be used as a basis for any decision that
offers a benchmark for how often the activity may affect your business. Before making any
should be performed, while the “Meeting decision or taking any action that may affect
Month” section provides an area where the your business, you should consult a qualified
audit committee can mark the months in which professional adviser. Deloitte does not assume
an activity should be performed. The audit any obligations as a result of your access to or
committee should use this tool in conjunction use of these tools.
with the “Sample Audit Committee Charter,” and
it should be tailored to reflect the responsibilities This planning tool is designed for South African
in the company’s audit committee charter. companies. All companies should consult
with legal counsel regarding the applicability
and implementation of the various activities
identified.

86
 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
General Responsibilities
Review audit committee Annually and
as needed
members’ compliance with
•
applicable independence rules
and regulations.
As necessary, engage outside As needed

legal, accounting, or other

• •
advisers and provide funding to
compensate those advisers.
Report regularly to the board Each board
meeting
of directors regarding the
• •
execution of duties and
responsibilities.
Review the financial literacy and Annually

expertise of all audit committee

members. Determine audit
committee financial expert • • •
status and determine that
members are in compliance with
applicable rules and regulations.
General Responsibilities
Conclude each regular audit Each audit
committee
committee meeting with meeting
•
an executive session of the
committee, without members of
management.
Periodically, meet with Quarterly

management privately to discuss • •

any necessary matters.

Audit Committee Resource Guide 87

 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Consider and plan for succession Annually
•
of audit committee members
Review, with management, Annually

the company’s finance

function, including its budget, • •
organisation and quality of
personnel
Review of Financial/Controls Information
Review and discuss with Annually

management and the

• •
independent auditors the
company’s annual financial
statements prior to filing.
Review the internal auditor’s • Annually

assessment of internal controls.

Review other reports rendered As needed

by the independent auditors

•
and submitted by the company
to any governmental body or
the public.
Discuss the financial information Annually

and earnings guidance provided

• •
to analysts and ratings agencies.
This discussion may be in
general terms.

88
 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Review the regular internal Semiannually

reports to management
•
prepared by the internal audit
function and management’s
response.
Independent Auditor Relationship
Nominate an independent Annually

auditor for appointment by the • •

shareholders.
Compensate, retain, and Ongoing

oversee the work of the

independent auditor for the • •
purpose of preparing or issuing
an audit report or related work.
Review the performance of the Annually

independent auditor, including

the lead audit partner. Ensure • • •
that partners are rotated in
accordance with applicable
requirements.
Pre-approve audit and non-audit In accordance
• with policy
services provided by the • (as necessary)
independent auditor.

Audit Committee Resource Guide 89

 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Consider the independence Annually and
as needed
of the auditor, including
engaging in dialogue with
the independent auditor
with respect to any disclosed • • •
relationships or services that
may affect the independence
and objectivity of the auditor
and take appropriate actions to
oversee independence.
Oversee the resolution of As needed

disagreements between
management and the •
independent auditor if they
arise.
Review with the independent Annually

auditor any problems or

difficulties encountered in •
the course of the audit and
management’s response.
Review the audit plan and scope Annually
•
with the independent auditor.
Review written communications As reported
by the
between the independent independent
auditor and management, auditor
including (but not limited •
to) the management letter
and schedule of unadjusted
differences.

90
 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Periodically, meet with the Quarterly

independent auditor privately to • •

discuss any matters necessary.
Financial Reporting Processes, Accounting Policies, and Internal Control
In consultation with the Quarterly

independent auditor and the

internal audit function, review
the integrity of the company’s
financial reporting processes
•
(both internal and external) and
the internal control structure
(including disclosure controls
and procedures and internal
control over financial reporting).
In consultation with the Annually

independent auditor and the

internal audit function and •
management, review the
combined assurance model.

Audit Committee Resource Guide 91

 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Review with management major Quarterly

issues regarding accounting

principles and presentation
of the financial statements,
including any significant
changes in the company’s
selection or application of •
accounting principles, major
issues as to the adequacy of the
company’s internal controls, and
any special audit steps adopted
in response to material control
deficiencies.
Review management’s analyses Quarterly

of financial reporting issues and

•
judgments made in connection
with the preparation of the
financial statements.
Review with management As needed

the effect of regulatory and

accounting initiatives, as well as •
off-balance-sheet structures, on
the financial statements of the
company.
Review and approve all related- Quarterly
•
party transactions.

92
 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Review the adequacy of Annually

procedures for the receipt,

retention, and treatment
of complaints regarding
accounting, internal control, • • •
or auditing matters, including
procedures for confidential,
anonymous submissions by
company employees.
Receive and review reports or Semiannually
or quarterly
complaints of questionable
• • •
accounting, auditing, or internal
control matters.
Internal Audit Activities
Review and advise on the As needed

selection or removal of the Chief • •

Audit Executive.
Periodically, meet with Internal Quarterly

Audit privately to discuss any • •

necessary matters.
Periodically, review with Annually

Internal Audit any significant

difficulties, disagreements
•
with management, or scope
restrictions encountered in the
course of the function’s work.

Audit Committee Resource Guide 93

 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Review the activities and Annually

organisational structure of
•
the internal audit function, as •
well as the qualifications of its
personnel.
Review the internal audit charter Annually

and plan and recommend any • •

necessary changes.
Periodically review, with Annually

Internal Audit, the internal

• •
audit function’s responsibilities,
budget, and staffing.
Risk Management
Discuss with management Annually

significant risk exposures,

including major financial and
• •
accounting risk exposures, and
the steps taken by management
to control them.
Other Responsibilities

94
 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Prepare a report, to be
included in the annual financial
statements for that
1. financial year
2. describing how the audit
committee carried out its
functions
3. stating whether the audit
committee is satisfied
that the auditor was • •
independent of the
company, and
4. commenting in any way
the committee considers
appropriate on the financial
statements, the accounting
practices and the internal
financial control of the
company

Audit Committee Resource Guide 95

 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Oversee the integrated reporting
process:
1. Consider all factors and
risks that may impact
on the integrity of the
integrated report
2. review the annual financial
statements
3. comment in the annual
financial statements on the
financial statements, the
accounting practices and
the effectiveness of the
internal financial controls
•
4. review the disclosure of
sustainability issues in
the integrated report to
ensure that it is reliable and
does not conflict with the
financial information
5. recommend to the board
whether or not to engage
an external assurance
provider on material
sustainability issues
6. recommend the integrated
report for approval by the
board

96
 Results From: Meeting Month

JSE Listings Requirements

Suggested Frequency
Companies Act 2008

Other Requirement

Common Practice
Action/Responsibility

September

November
December
February

October
January

August
King III

March
April

June
May

July
Review the audit committee Annually

charter; recommend to the

board of directors any necessary • •
amendments, as conditions
dictate.
Review, with the independent Annually

auditors, the internal audit

function, and management,
the extent to which changes
or improvements in financial •
or accounting practices,
as approved by the audit
committee, have been
implemented.
Participate in appropriate As needed
•
continuing education.
Assess performance relative to Annually

the audit committee’s purpose, • •

duties, and responsibilities.

Audit Committee Resource Guide 97

98
Audit committee performance evaluation

Appendix

C Audit Committee Resource Guide 99

Audit committee For each of the following statements, select a
number between 1 and 5, with 1 indicating that
performance evaluation you strongly disagree and 5 indicating that you
strongly agree with the statement. Select 0 if
The following questionnaire is based on the point is not applicable or you do not have
emerging and leading practices to assist in enough knowledge or information to rank the
the self-assessment of an audit committee’s organisation’s audit committee on a particular
performance. It is not intended to be all-inclusive. statement.

When completing the performance evaluation,

consider the following process:

• Select a coordinator and establish a timeline

for the process.
• In addition to audit committee members
completing the form as a self-evaluation,
ask individuals who interact with the audit
committee members to provide feedback.
• Ask each audit committee member to
complete an evaluation by selecting the
appropriate rating that most closely reflects
the audit committee’s performance related to
each practice.
• Consolidate into a summarised document for
discussion and review by the committee.

100
 5 - Strongly agree
Strongly disagree
- Not applicable

3 - Acceptable
Rank each of these statement

2 - Disagree

4 - Agree
Composition and Quality
1. Qualified audit committee members are identified by sources independent of management
(e.g., independent board members assisted by an outside search firm).
2. Audit committee members have the appropriate qualifications to meet the objectives of the
audit committee’s charter, including appropriate financial literacy.
3. The audit committee demonstrates integrity, credibility, trustworthiness, active participation,
an ability to handle conflict constructively, strong interpersonal skills, and the willingness to
address issues proactively.
4. The audit committee demonstrates appropriate industry knowledge and includes a diversity
of experiences and backgrounds.
5. Members of the audit committee meet all applicable independence requirements.
6. The audit committee participates in a continuing education program to enhance its
members’ understanding of relevant accounting, reporting, regulatory, auditing, and
industry issues.
7. The audit committee monitors compliance with the Companies Act, King III and other
relevant corporate governance regulations and guidelines.
8. The audit committee reviews its charter annually to determine whether its responsibilities are
described adequately and recommends changes to the board for approval.
9. New audit committee members participate in an orientation program to educate them on
the company, their responsibilities, and the company’s financial reporting and accounting
practices.
10. The audit committee chairman is an effective leader.
11. The audit committee, in conjunction with the nominations committee (or its equivalent),
creates a succession and rotation plan for audit committee members, including the audit
committee chairman.

Audit Committee Resource Guide 101

 5 - Strongly agree
Strongly disagree
- Not applicable

3 - Acceptable
Rank each of these statement

2 - Disagree

4 - Agree
Composition and Quality
Understanding the Business, including Risks
12. The audit committee considers or knows that the full board or other committees take into
account significant risks that may directly or indirectly affect financial statement reporting.
Examples include:
• Regulatory and legal requirements
• Concentrations (e.g., suppliers and customers)
• Market and competitive trends
• Financing and liquidity needs
• Financial exposures
• Business continuity
• Company reputation
• Financial strategy execution
• Financial management’s capabilities
• Management override
• Fraud control
• Company pressures, including “tone at the top”
13. The audit committee considers, understands, and approves the process implemented by
management to effectively identify, assess, and respond to the organisation’s key risks.
14. The audit committee understands and approves management’s fraud risk assessment and
has an understanding of identified fraud risks.
15. The audit committee considers the company’s performance versus that of its peers in a
manner that enhances comprehensive risk oversight by using reports provided directly
by management to the audit committee or at the full board meeting. These may include
benchmarking information comparing the company’s financial performance and ratios
with industry competitors and peers, industry trends, analyst estimates, and budget
analysis with explanations for areas where significant differences are apparent.

102
 5 - Strongly agree
Strongly disagree
- Not applicable

3 - Acceptable
Rank each of these statement

2 - Disagree

4 - Agree
Composition and Quality
Process and Procedures
16. The audit committee reports its proceedings and recommendations to the board after each
committee meeting.
17. The audit committee develops a calendar that dedicates the appropriate time and
resources needed to execute its responsibilities.
18. Audit committee meetings are conducted effectively, with sufficient time spent on
significant or emerging issues.
19. The level of communication between the audit committee and relevant parties is
appropriate; the audit committee chairman encourages input on meeting agendas from
committee and board members, management, the internal auditors, and the independent
auditors.
20. The audit committee sets clear expectations and provides feedback to the full board
concerning the competency of the organisation’s CFO and senior financial management.
21. The audit committee has input into the succession planning process for the CFO.
22. The agenda and related information (e.g., prior meeting minutes, press releases, and
financial statements) are circulated in advance of meetings to allow audit committee
members sufficient time to study and understand the information.
23. Written materials provided to audit committee members are relevant and concise.
24. Meetings are held with enough frequency to fulfill the audit committee’s duties and at least
quarterly, which should include periodic visits to company locations with key members of
management.
25. Regularly, audit committee meetings include separate private sessions with financial
management and the internal and independent auditors.
26. The audit committee maintains adequate minutes of each meeting.
27. The audit committee and the remuneration committee regularly review management
incentive plans to consider whether the incentive process is appropriate.

Audit Committee Resource Guide 103

 5 - Strongly agree
Strongly disagree
- Not applicable

3 - Acceptable
Rank each of these statement

2 - Disagree

4 - Agree
Composition and Quality
28. The audit committee meets periodically with the committee responsible for reviewing the
company’s disclosure procedures.
29. The audit committee respects the line between oversight and management of the financial
reporting process.
30. Audit committee members come to meetings well prepared.
Oversight of the Financial Reporting Process, including Internal Controls
31. The audit committee considers the quality and appropriateness of financial accounting and
reporting, including the transparency of disclosures.
32. The audit committee reviews the company’s significant accounting policies.
33. The audit committee understands and approves the process used by management to
identify and disclose related-party transactions.
34. The audit committee oversees the organisation’s external financial reporting and internal
control over financial reporting.
35. The audit committee receives sufficient information to assess and understand
management’s process for evaluating the organisation’s system of internal controls (e.g.,
financial reporting and disclosure controls, operation controls, compliance controls) and
also believes that management’s scope of internal control testing adequately supports its
internal control assessment.
36. The audit committee understands and gives appropriate consideration to the internal
control testing conducted by management, the internal auditors, and the independent
auditors to assess the process for detecting internal control issues or fraud (combined
assurance model). Any significant deficiencies or material weaknesses that are identified
are addressed, reviewed, and monitored by the audit committee.
37. The audit committee makes inquiries of the independent auditors, internal auditors, and
management on the depth of experience and sufficiency of the company’s accounting and
finance staff.

104
 5 - Strongly agree
Strongly disagree
- Not applicable

3 - Acceptable
Rank each of these statement

2 - Disagree

4 - Agree
Composition and Quality
38. The audit committee reviews the management recommendation letters written by
the independent and internal auditors and monitors the process to determine that all
significant matters are addressed.

Circle one number for each statement

39. The audit committee oversees that management takes action to achieve resolution when
there are repeat comments from auditors, particularly those related to internal controls.
40. Adjustments to the financial statements that resulted from the audit are reviewed by the
audit committee, regardless of whether they were recorded by management.
41. The audit committee is consulted when management is seeking a second opinion on an
accounting or auditing matter.
Oversight of Audit Functions
42. The audit committee understands the coordination of work between the independent and
internal auditors and clearly articulates its expectations of each.
43. The audit committee regularly reviews the adequacy of the internal audit function (e.g.,
the charter; audit plan; budget; compliance; and number, quality, and continuity of staff).
44. The audit committee oversees the role of the internal audit director from selection to
termination (e.g., appointment, evaluation, compensation, and retention) and provides
feedback at least annually.
45. The internal audit reporting lines established with the audit committee promote an
atmosphere where significant issues that might involve management will be brought to
the attention of the audit committee.
46. The audit committee appropriately considers internal audit reports, management’s
responses, and steps toward improvement.
47. The audit committee oversees the role of the independent auditors from selection
to termination and has an effective process to evaluate the independent auditors’
qualifications and performance.

Audit Committee Resource Guide 105

 5 - Strongly agree
Strongly disagree
- Not applicable

3 - Acceptable
Rank each of these statement

2 - Disagree

4 - Agree
Composition and Quality
48. The audit committee considers the independent audit plan and provides
recommendations.
49. The audit committee determines the audit fees paid to the independent auditors
50. The audit committee comprehensively reviews management’s representation letters to the
independent auditors, including making inquiries about any difficulties in obtaining the
representations.
51. The audit committee pre-approves all audit and non-audit services provided by the
independent auditors and considers the scope of the non-audit services provided.
52. The audit committee reviews other professional services that relate to financial reporting
(e.g., consulting, legal, and tax strategy services) provided by outside consultants.
53. The audit committee monitors the process to determine that the independent auditors’
partners are rotated in accordance with applicable rules.
54. The audit committee has private executive sessions with management and the internal and
independent auditors that result in candid discussion of pertinent issues.
Monitoring Activities
55. An annual performance evaluation of the audit committee is conducted and any matters
that require follow-up are resolved and presented to the full board.
56. The company provides the audit committee with sufficient funding to fulfill its objectives
and engage external parties for matters requiring external expertise.

106
Notes:

Audit Committee Resource Guide 107

 D
Public sector perspective

Appendix
108
Audit Committee Resource Guide 109
Public sector perspective • the relevant portfolio Minister under which the
Public Entity resorts (known as the Executive
In terms of the Public Finance Management Authority) must concur with any premature
Act (PFMA) and related Treasury regulations termination of services of a member of the
applicable to Public Entities [Sections 51(1)(a)(ii) audit committee
and 76(4)(d) of the PFMA], the board of directors • the audit committee must operate in terms of
(known as the Accounting Authority in terms of written terms of reference, which must deal
the PFMA) of such Public Entities must establish adequately with its membership, authority
an audit committee as a subcommittee of the and responsibilities. The terms of reference
accounting authority. A shared audit committee must be reviewed at least annually to ensure
may be established for a public entity and any its relevance. It must further be disclosed in
subsidiaries under the ownership and control of the entity’s integrated report whether or not
that entity. the audit committee has adopted a formal
terms of reference and if so, whether the
The following are specific requirements in committee satisfied its responsibilities for the
relation to the constitution and activities of an year, in compliance with its terms of reference.
Audit Committee of a Public Entity: The audit committee of a Public Entity has
• the chairperson of the audit committee must explicit authority to investigate matters within
be independent, be knowledgeable of the its powers, as identified in the written terms of
status of the position, have the requisite reference
business, financial and leadership skills and • the audit committee must be provided with the
may not be the chairperson of the accounting resources it needs to investigate such matters
authority or a person who fulfils an executive and shall have full access to information. The
function in the public entity audit committee must safeguard all information
• the majority of the members of an audit supplied to it within the ambit of the law
committee of a Public Entity shall consist of • should a report from internal audit (or any
non-executive members appointed by the other source) to the audit committee implicate
accounting authority, although committee any member(s) of the accounting authority
members need not all be members of the in fraud, corruption or gross negligence, the
accounting authority. The majority of persons chairperson of the audit committee must
serving on an audit committee must be promptly report this to the relevant executive
financially literate authority and the Auditor-General

110
• the audit committee must communicate • where relevant, the independence and
any concerns it deems necessary to the objectivity of the external auditors.
executive authority, the Auditor-General and if
appropriate, to the external auditor The audit committee of a Public Entity must –
• the audit committee must meet at least • report and make recommendations to the
annually with the Auditor-General or the accounting authority
external auditor, whichever applicable, to • report on the effectiveness of internal controls
ensure that there are no unresolved issues of in the integrated report of the institution
concern • comment on its evaluation of the financial
statements in the annual report.
The audit committee of a Public Entity must,
amongst others, review the following: Similar to the requirements of the PFMA on
• the effectiveness of the internal control systems the Accounting Authorities of Public Entities
• the effectiveness of internal audit to establish audit committees, the Municipal
• the risk areas of the entity’s operations to be Finance Management Act (MFMA), does also
covered in the scope of internal and external require the establishment of audit committees
audits in terms of its section 166 (1) which states that
• the adequacy, reliability and accuracy of each municipality and each municipal entity
financial information provided to management must have an audit committee. A single audit
and other users of such information committee may be established for a district
• any accounting and auditing concerns municipality and the local municipalities within
identified as a result of internal and external that district municipality; or a municipality and
audits municipal entities under its sole control.
• the entity’s compliance with legal and
regulatory provisions
• the activities of the internal audit function,
including its annual work programme,
coordination with the external auditors,
the reports of significant investigations and
the responses of management to specific
recommendations

Audit Committee Resource Guide 111

The members of an audit committee must be - compliance with this Act, the annual Division
appointed by the council of the municipality or, of Revenue Act and any other applicable
in the case of a municipal entity, by the council legislation
of the parent municipality. One of the members, - performance evaluation
who is not in the employ of the municipality - any other issues referred to it by the
or municipal entity, must be appointed as the municipality or municipal entity.
chairperson of the committee. No councillor may • review the annual financial statements to
be a member of an audit committee. An audit provide the council of the municipality or,
committee of a municipality must: in the case of a municipal entity, the council
• consist of at least three persons with of the parent municipality and the board of
appropriate experience, of whom the majority directors of the entity, with an authoritative
may not be in the employ of the municipality or and credible view of the financial position
municipal entity, as the case may be of the municipality or municipal entity, its
• meet as often as is required to perform its efficiency and effectiveness and its overall
functions, but at least four times a year. level of compliance with this MFMA, the
annual Division of Revenue Act and any other
In terms of the MFMA an audit committee is an applicable legislation
independent advisory body which must: • respond to the council on any issues raised by
• advise the municipal council, the political the Auditor-General in the audit report
office-bearers, the accounting officer and the • carry out such investigations into the financial
management staff of the municipality, or the affairs of the municipality or municipal entity as
board of directors, the accounting officer and the council of the municipality, or in the case
the management staff of the municipal entity, of a municipal entity, the council of the parent
on matters relating to— municipality or the board of directors of the
- internal financial control and internal audits entity, may request.
- risk management
- accounting policies
- the adequacy, reliability and accuracy of
financial reporting and information
- performance management
- effective governance

112
 Notes:

In performing its functions, an audit committee:

• has access to the financial records and other
relevant information of the municipality or
municipal entity
• must liaise with:
- the internal audit unit of the municipality
- the person designated by the Auditor-
General to audit the financial statements of
the municipality or municipal entity.

A shared audit committee may be established

for a public entity and any subsidiaries under
the ownership and control of that entity.

Audit Committee Resource Guide 113

114
Contacts
Dr Johan Erasmus Nina le Riche

Tel: 082 573 2536 Tel: 082 331 4840

[email protected] [email protected]

Audit Committee Resource Guide 115

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by
guarantee, and its network of member firms, each of which is a legally separate and independent entity.
Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche
Tohmatsu Limited and its member firms.

Deloitte provides audit, tax, consulting and financial advisory services to public and private clients spanning
multiple industries. With a globally connected network of member firms in more than 150 countries, Deloitte
brings world-class capabilities and high-quality service to clients, delivering the insights they need to address
their most complex business challenges. The more than 200 000 professionals of Deloitte are committed to
becoming the standard of excellence.

This communication contains general information only, and none of Deloitte Touche Tohmatsu Limited,
its member firms, or their related entities (collectively, the “Deloitte Network”) is, by means of this
communication, rendering professional advice or services. No entity in the Deloitte Network shall be
responsible for any loss whatsoever sustained by any person who relies on this communication.

© 2014 Deloitte & Touche. All rights reserved. Member of Deloitte Touche Tohmatsu Limited

Designed and produced by Creative Services at Deloitte, Johannesburg. (807472/ryd)