Internal Audit Mandate

1. Introduction
1.1. As per Standard 1000 of the Institute of Internal Auditors (IIA), this mandate outlines the directive of
Internal Audit and serves as the statement of purpose, authority, responsibility and the scope of work
of the outsourced Internal Audit function (Internal Audit) of the Mr Price Group Limited (Mr Price Group).
Mr Price Group has appointed KPMG Services (Pty) Limited (“KPMG”) to provide outsourced Internal
Audit services. KPMG’s role is to assist the Mr Price Group Management team, the Audit and
Compliance Committee (ACC) and Risk and IT Committee (RITC) with risk management assurance by
providing an independent assessment of the business processes, internal controls and the internal
control environment at Mr Price Group.

2. Purpose
2.1. As a vital component of good corporate governance, an independent, out-sourced Internal Audit function
has been established by the Mr Price Group (Company) Board of Directors (Board).
2.2. The purpose of Internal Audit is to provide independent and objective assurance and consulting services
designed to add value and improve the Company’s operations.
2.3. The mission of Internal Audit is to enhance and protect organisational value by providing risk-based and
objective assurance, advice, and insight into the Company’s operations. The Internal Audit function
helps the Company accomplish its objectives by bringing a systematic, disciplined approach to evaluate
and improve the effectiveness of governance, risk management and internal control processes.
2.4. The Internal Audit function derives its authority from the ACC, a committee of the Board.
2.5. The ACC defines the role and associated responsibilities and authority of Internal Audit, as set out in
this mandate.

3. Professional standards
The Internal Audit function governs itself by adherence to the mandatory elements of The Institute of
Internal Auditors' International Professional Practices Framework including its Core Principles for the
Professional Practice of Internal Auditing; the Code of Ethics; the International Standards for the
Professional Practice of Internal Auditing; and the Definition of Internal Auditing (collectively, Standards).
KPMG reports periodically to senior Management, the Board and ACC regarding Internal Audit’s
conformance to the Code of Ethics and the Standards.

4. Independence
4.1. The organisational status and independence of Internal Audit is essential as it facilitates objectivity and
the application of impartial and unbiased judgement.
4.2. KPMG is required to ensure that the Internal Audit function remains free from all conditions that threaten
the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters
of audit selection, scope, procedures, frequency, timing and report content.
4.3. Internal auditors are required to maintain an unbiased mental attitude that allows them to perform
engagements objectively and in such a manner that they believe in their work product, that no quality
compromises are made, and that they do not subordinate their judgment on audit matters to others.
4.4. KPMG will have no direct operational responsibility or authority over any of the activities audited.
Accordingly, internal auditors may not implement internal controls, develop procedures, install systems,
prepare records, or engage in any other activity that may impair their judgment, such as:
4.4.1. assessing specific operations for which they had responsibility within the previous financial year
4.4.2. performing any operational duties for the Company or its affiliates
4.4.3. initiating or approving transactions external to the Internal Audit function
4.5. Where KPMG has or is expected to fulfil roles and/or responsibilities that fall outside the Internal Audit
function, safeguards will be established to limit impairments to independence and objectivity.
4.6. KPMG must report to the CFO and ACC if independence or objectivity is impaired or appears to be
impaired. Impairment to organisational independence and individual objectivity may include, but is not
limited to, personal conflicts of interest, scope limitations, restrictions on access to records or
information, personnel, and properties, and resource limitations, such as funding.
4.7. KPMG will confirm to the Board and the ACC, at least annually, the organisational independence of the
Internal Audit function.

Internal Audit Mandate

Approved November 2020
5. Authority
5.1. In the course of its duties, Internal Audit has full, free and unrestricted access to Management,
associates, any of the Company’s financial and operational activities, physical locations and to all
information/ records considered necessary for the proper execution of Internal Audit's work, at the
discretion of KPMG, subject to strict accountability for safekeeping and confidentiality thereof.
5.2. Internal Audit has unrestricted access, in the presence of Management, to Company assets. When
necessary, special arrangements will be made for the examination of confidential or classified
information.
5.3. Internal Audit may:
5.3.1. allocate resources, set frequencies, select subjects, determine scope of work and apply
techniques required to accomplish audit objectives and issue reports; and
5.3.2. obtain, as necessary, assistance from necessary functions within the Company as well as other
specialised services from within or outside the Company, in order to carry out any Internal Audit
engagement.
5.4. KPMG is required to:
5.4.1. develop a flexible risk-based and agile Internal Audit annual plan, which is informed by Group
strategic risks, input from the ACC and Management, and which is subject to ACC review and
approval
5.4.2. develop the Internal Audit budget and resource plan necessary to support and implement the
annual Internal Audit plan
5.4.3. implement the approved annual audit plan and any special tasks or projects requested by senior
Management and the members of the ACC
5.4.4. annually review this Internal Audit mandate and present changes for ACC review and approval

6. Organisational and Reporting Structure

6.1. KPMG:
6.1.1. functions independently of Management and reports functionally to the chair of the ACC on the
performance of duties and functions that relate to Internal Audit. On other duties and
administrative matters, KPMG reports to the Chief Financial Officer (CFO)
6.1.2. has unrestricted direct access to the chair of the ACC, the ACC, the chair of the Board and the
Board itself, including private meetings without Management present

7. Responsibilities
7.1. KPMG ensures the principles of integrity, objectivity, confidentiality, and competency are applied and
upheld by the audit function.
7.2. KPMG is ultimately responsible for the work performed by all Internal Audit personnel.
7.3. KPMG ensures conformance of the Internal Audit activity with the Standards, with the following
qualifications:
7.3.1. if the Internal Audit function is prohibited by law or regulation from conformance with certain
parts of the Standards, KPMG will ensure appropriate disclosures and will ensure conformance
with all other parts of the Standards; and
7.3.2. if the Standards are used in conjunction with requirements issued by other authoritative bodies,
KPMG will ensure that the Internal Audit function conforms with the Standards, even if the
Internal Audit activity also conforms with the more restrictive requirements of other authoritative
bodies.
7.4. KPMG will share emerging trends and leading practices in Internal Auditing with Management.
7.5. Management has the responsibility of taking the necessary corrective action in a timely manner and
addressing weaknesses and/or inefficiencies in the
governance, risk management and internal control environment, which have been identified and
reported by various assurance providers such as the internal and external auditors, risk management
and compliance functions.

8. Nature and scope of Internal Audit

8.1. The scope of the Internal Audit functions includes, but is not limited to, objective examination of evidence
for the purpose of providing independent assessments to the Board and ACC, Management, and outside
parties on the adequacy and effectiveness of governance, risk management, and control processes for
the Company. The Internal Audit will also provide consulting services, with safeguards, to assist and
support Management in their endeavor to improve processes, manage risk and achieve objectives and
goals. The scope of Internal Audit assessments includes:
8.1.1. evaluation of the Company’s governance processes

Internal Audit Mandate

Approved November 2020
 8.1.2. assessing whether the risks relating to the achievement of the Company’s strategic objectives
are appropriately identified and managed
8.1.3. assessing whether the actions of Company’s directors, employees, and contractors are in
compliance with the Company’s policies and procedures, and applicable laws, regulations,
and good governance standards
8.1.4. assessing whether the results of operations, programs or processes are consistent with
established goals and objectives
8.1.5. assessing whether operations, programs or processes are carried out effectively and
efficiently
8.1.6. assessing whether established processes and systems enable compliance with policies,
procedures, laws and regulations that could significantly impact the Company
8.1.7. assessing whether information and the means used to identify, measure, analyse, classify and
report such information are reliable and have integrity
8.1.8. assessing whether resources and assets are acquired economically, used efficiently and
protected adequately
8.1.9. investigation of significant irregularities and fraud, consideration of the potential for occurrence
of fraud and evaluating how the organization manages fraud risk

Any attempted scope limitation by Management will be reported, preferably in writing, to the CFO and
to the ACC. It will be the judgement of the KPMG to determine what constitutes a scope limitation.

9. Relations with other assurance providers

An attitude of co-operation, coordination and collaboration will be applied in dealings with other
assurance providers and will be entitled to rely on the work of other assurance providers as necessary.
9.1. Combined Assurance
Internal Audit will consult with the Group Risk Director regarding the compilation of the annual combined
assurance plan. These activities include engaging with all designated assurance owners to obtain
details of planned assurance activities, assurance partners to be used and scope and frequency of
planned assurance activities. The proposed combined assurance plan will be submitted to the ACC on
an annual basis, at the least, for approval. The ACC will be responsible for overseeing the
implementation of the combined assurance plan.
9.2. Relationship with Management
It is the philosophy of Internal Audit to establish an on-going partnership with Management and to
conduct audits in a constructive manner. A spirit of participative teamwork between the auditor and
those being audited will be fostered. Management will be furnished with reports setting forth independent
and objective analyses, appraisals, recommendations and pertinent comments concerning the activities
audited. Internal Audit will procure feedback from Management on the performance of the function
generally and in relation to specific audits and will incorporate such feedback into the audit approach to
ensure that the audit plan is appropriate and risk-based and that issues are addressed timeously.
9.3. Relationship with External Auditors
Internal Audit activities will be coordinated with the external auditors to ensure:
9.3.1. the duplication of effort and expense on routine phases of audit work is minimised
9.3.2. optimal audit coverage of key risk areas is obtained
9.3.3. weaknesses identified by the external auditors are considered in the Internal Audit plan, and
vice versa
9.3.4. there is an exchange of information, audit work papers (including systems documentation), and
Management letters
9.3.5. Internal Audit performs certain audit work to support the external audit process.

10. Reporting
10.1. Detailed Internal Audit Reports
A detailed Internal Audit report will be generated at the end of every audit assignment. This could include
the audit objective, scope, effectiveness rating, executive summary, detailed findings,
recommendations, Management responses and agreed action plans. The detailed report will be
discussed and agreed with the relevant Management teams, and disputes or disagreements will be
resolved prior to the report being released for final distribution. All medium rated and high rated findings
will be electronically maintained and tracked for progress of implementation. Significant findings which
have exceeded the agreed action date, will be reported to the quarterly divisional board and ACC
meetings. Audit reports are division-confidential and therefore have limited distribution. They may not
be reproduced or transmitted to others without the express permission of KPMG.

Internal Audit Mandate

Approved November 2020
10.2. Reporting to Management and the ACC
Internal Audit, through KPMG, is required to report key Internal Audit and risk management matters at
its quarterly divisional board meetings and to the quarterly ACC meetings and RITC meetings (where
necessary). The Internal Audit board meeting is chaired by the CFO and attended by the CEO, CFO,
senior Management and trading and support services Managing Directors, together with the Internal
Audit management team. The following reports will be included in the Internal Audit quarterly update
report:
10.2.1. an action list detailing status of Management action plans on outstanding significant issues
10.2.2. a summary of significant findings, recommendations and related Management action plans
10.2.3. status/ achievement of the annual work plan (quarterly)
10.2.4. status and progress of Internal Financial Control assessments across the group
10.2.5. any response to risk by Management that may be unacceptable to the Company
10.2.6. Internal audit will on an annual basis provide the ACC with an overall statement as to the
effectiveness of the Groups’ governance, risk management and controls processes.

11. Quality assurance and improvement program

11.1. The Internal Audit function will maintain a quality assurance and improvement program that covers all
aspects of Internal Audit. The program will include an evaluation of Internal Audit’s conformance with
the Standards and an evaluation of whether Internal Auditors apply the IIA’s Code of Ethics. The
program will also assess the efficiency and effectiveness of the Internal Audit function and identify
opportunities for improvement.
11.2. KPMG will communicate, annually, to senior management, the Board and the ACC on the Internal
Audit’s quality assurance and improvement program, including results of internal assessments (both
ongoing and periodic) and external assessments conducted at least once every five years by a qualified,
independent and external assessor or assessment team.

12. Review
This mandate will be reviewed annually by Internal Audit and the ACC.

This mandate was approved on 24 November 2020.

…………………… …………………… …………………

U Moodley M Blair D Naidoo
Executive Director – KZN Managing Partner Chief Executive Officer Chair
KPMG Kwazulu Natal Mr Price Group ACC

Internal Audit Mandate

Approved November 2020