Audit & Risk Committee report
celebrating 20 years Audit & Risk Committee report
Activities, mandate, composition and attendance of the Audit & Risk Committee ("A&R Co")
The table below reflects a summary of the activities undertaken by the A&R Co during the year in terms of its terms of reference and in support of the Board, with the resulting material outcomes from these activities:
|Engagement with the Group's external auditors||
|Compliance with Companies Act requirements||
|Internal financial controls, internal audit and combined assurance||
|Oversight of risk management||
|Integrated reporting and assurance in respect of financial expertise of the Financial Director and finance function||
Audit & Risk Committee Terms of Reference
The A&R Co has adopted formal Terms of Reference as incorporated in the Board Charter which have been approved by the Board of Directors. The Terms of Reference are reviewed as necessary. The Committee has conducted its affairs in compliance with these Terms of Reference and has discharged its responsibilities contained therein, as well as in the Companies Act.
Committee members and attendance at meetings
The A&R Co is constituted as a statutory committee in terms of the provisions of section 94 of the Companies Act and has an independent role with accountability to both the Board and shareholders. The A&R Co currently consists of four independent non-executive directors elected by shareholders at the annual general meeting, on the recommendation of the Board. The Board elects the Chairman of the A&R Co.
The Deputy Group Chief Executive, Group Finance Officer, Chief Audit Executive, Group Tax Executive, Company Secretary & Group Governance Officer, Group Risk & Sustainability Manager and representatives of the internal and external auditors attend meetings by invitation. All directors have a standing invitation to attend the Committee’s meetings. From time to time other executives and directors of the Group attend meetings of the A&R Co as requested. The Committee has unrestricted access to the external and internal auditors.
In accordance with the Terms of Reference, the Committee meets at least four times annually, but more often if necessary. During the year under review, the Committee met eight times. Each of the scheduled meetings is preceded by a pre-meeting during which the Chairman ascertains the key issues requiring consideration and to be addressed. The minutes of these meetings are made available to all directors by means of a database of documents they can access online. The Chairman of the Committee provides the Board with a verbal report of the Committee’s activities at each Board meeting. During the year, the Committee met with the external auditors and with the Chief Audit Executive without management being present. No matters that required attention arose from these meetings.
The Chairman of the Committee represents the A&R Co at the annual general meeting each year.
The Company Secretary & Group Governance Officer is the secretary of the Committee.
The Remuneration & Nomination Committee ("R&N Co"), through its nomination process, ensures that members are sufficiently qualified and experienced in matters such as financial and sustainability reporting, internal financial controls, external and internal audit processes, corporate law, risk management, financial sustainability issues, IT governance as it relates to integrated reporting and governance processes.
The following table of attendance at A&R Co meetings reflects the Committee’s meetings held during the year and the attendance of these meetings by its members during the year:
|A&R Co||30 August
|John Buchanan (Chairman)#||✓||✓||✓||✓||✓||✓||✓||✓|
|Babalwa Ngonyama (Chairman)##||✓||✓||✓||✓||✓||✓||✓||✓|
The overall average attendance for the A&R Co meetings held during the year was 94.6%.
Roles and responsibilities
The A&R Co has an independent role with accountability to both the Board and our shareholders. The Committee does not assume the functions of management, which remain the responsibility of the executive directors, officers and other senior members of management.
The Committee is, inter alia, responsible for assisting the Board in discharging its duties in respect of the safeguarding of assets, accounting systems and practices, internal control processes and the preparation of the Group and Company Annual Financial Statements in line with the relevant financial reporting standards as applicable from time to time. The Committee’s responsibilities can be divided into two broad categories:
The Committee has satisfied itself that the external auditor, PricewaterhouseCoopers Inc., was independent of the Group, as required by the Companies Act, which includes consideration of compliance with criteria relating to independence or conflicts of interest as prescribed by the Independent Regulatory Board for Auditors. Requisite assurance was sought and provided by the auditor that internal governance processes within the audit firm support and demonstrate its claim to independence.
The A&R Co has also satisfied itself with the quality of the external audit work being performed by PricewaterhouseCoopers Inc., in respect of all of the Group’s subsidiaries, except for Aspen’s South African subsidiaries which are audited by both PricewaterhouseCoopers Inc. and SizweNtsalubaGobodo Inc. on a shared basis, and that the firm and relevant designated auditor are accredited with the JSE list of auditors and the Independent Regulatory Body of Auditors and hold the requisite certifications and registrations. In recommending the appointment of a proposed external auditor, the Committee calls for and requests:
- the decision letter and findings report of the inspection report issued in respect of the firm by the Independent Regulatory Board for Auditors (“IRBA”) of South Africa on both the proposed external audit firm and the designated individual director;
- a summary of the proposed external audit firm monitoring procedures; and
- the outcome and summary of any legal or disciplinary proceedings which may have been instituted by the IRBA against the proposed external audit firm and designated individual auditor.
PricewaterhouseCoopers Inc. has been the Group’s external auditor since the Company’s listing on the JSE in 1998. The A&R Co has agreed to recommend to shareholders the appointment of Craig West of PricewaterhouseCoopers Inc. as the designated auditor, responsible for performing the functions of auditor, for the 2019 financial year – his second year in this role. SizweNtsalubaGobodo Inc. has again been appointed to share in the auditing of the Company’s South African subsidiaries in the forthcoming year. The Committee has initiated a process in terms whereof PricewaterhouseCoopers Inc. will be replaced as the Group’s external auditor by no later than the financial year commencing 1 July 2023 in line with the South African Independent Regulatory Board of Auditors’ rule issued on mandatory audit firm rotation.
The Committee, in consultation with executive management, agreed to the engagement letter, terms, audit plan and budgeted audit fees for the financial year ended 30 June 2018.
There is a formal procedure that governs the process whereby the external auditor is considered for non-audit services. The Committee approved the terms of the service agreement for the provision of non-audit services by the external auditor, and approved the nature and extent of non-audit services that the external auditor provided in terms of the agreed pre-approval policy. During the year an amount of R9 131 231 was paid to PricewaterhouseCoopers Inc. in respect of non-audit services, which is approximately 22% of the external audit fee paid for the year. The external auditor is invited to and attends all A&R Co meetings and is required to meet independently with the A&R Co at least annually. A schedule of findings by the external auditor arising from the annual statutory audit is tabled and presented at an A&R Co meeting following the audit. The Committee endorses action plans for management to mitigate noted concerns. The external auditor has expressed an unqualified opinion on the Annual Financial Statements for the year ended 30 June 2018.
Internal financial controls
The key internal financial controls in operation for all significant operating businesses within the Group are documented in formalised financial internal control frameworks and these frameworks are maintained and updated by financial management during the course of the year or as part of the year-end process.
Based on the results of the formal documented review of the design, implementation and effectiveness of the Group’s systems of internal financial controls conducted by Group internal audit, supported by approved outsourced internal audit service providers during the 2018 financial year and, in addition, considering information and explanations given by management and discussions with the external auditor on the results of their audits, no material breakdowns in the functioning of the internal financial controls were noted during the year under review.
The results of the audit tests conducted indicate that the internal financial controls provide a sound basis for the preparation of financial statements.
Expertise and experience of the Financial Director and the finance function
The A&R Co has considered and is satisfied with the expertise and experience of the Deputy Group Chief Executive who performs the duties of the Company’s Financial Director, Gus Attridge (CA)SA.
Furthermore, the Committee has considered, and has satisfied itself of the appropriateness of the expertise and adequacy of resources of the Group’s finance function and experience of the senior members of management responsible for the Group’s finance function, including the Group Finance Officer.
Annual Financial Statements
The A&R Co assists the Board with all financial reporting and reviews the Annual Financial Statements as well as trading statements, preliminary results announcements and interim financial information.
The A&R Co has reviewed the Annual Financial Statements as well as trading statements, preliminary results announcements and interim financial information of the Company and the Group and is satisfied that they comply with International Financial Reporting Standards.
The following significant matters were considered by the A&R Co in relation to these Annual Financial Statements:
|Measurement of goodwill and indefinite life intangibles||The A&R Co reviewed and interrogated all elements supporting the valuation and measurement of goodwill and indefinite life intangible assets which included stress testing the process and key assumptions underpinning the valuations. The process of reviewing the classification of intangible assets and the criteria for determining whether these assets met the definition of indefinite life intangible assets was extensively reviewed and the A&R Co was satisfied that the classification and valuation of indefinite life intangible assets was materially correct and fairly presented.|
|Uncertain tax positions||
|Accounting for the purchase of the residual rights to the AstraZeneca anaesthetics portfolio||
The A&R Co reviewed a documented assessment by management of the going concern premise of the Group before recommending to the Board that the Group is a going concern and will remain so for the foreseeable future. The Committee reviews all proposed intercompany funding proposals and distributions to shareholders in terms of sections 44, 45 and 46 of the Companies Act, recommending such funding arrangements to the Board for consideration.
Duties assigned by the Board
The duties and responsibilities of the members of the Committee are set out in the A&R Co Terms of Reference included in the Board Charter, which is approved by the Board.
Integrated and sustainability reporting
The A&R Co fulfils an oversight role regarding the Group’s Integrated Report and the reporting process, including the system of internal financial controls. It is responsible for ensuring that the internal audit function is independent and has the necessary resources, standing and authority within the Group to enable it to discharge its duties. Furthermore, the A&R Co oversees cooperation between the internal and external auditors. During the 2018 financial year, the A&R Co considered the results of the sustainability audits conducted by Environmental Resources Management and limited assurance engagements performed on selected key performance indicators by Environmental Resources Management, PricewaterhouseCoopers Inc., as the Group’s external auditors, and Internal Audit. The Committee is satisfied that the sustainability information, as presented in the 2018 Integrated Report, is reliable, consistent and fairly presented.
Tax and treasury oversight
The Committee also receives regular feedback from both our Group Tax Committee and Group Treasury Committee. The Group Tax Committee is charged with ensuring all Group companies implement the Group’s tax philosophy and policies and comprises the Deputy Group Chief Executive, Group Finance Officer, the Group Financial Executive and Group Tax Executive, who meet on a regular basis to discuss the status of the Group’s tax affairs. The Group Treasury Committee is charged with monitoring the Group’s performance in managing the risks identified in the Group Treasury Policy and comprises the Deputy Group Chief Executive, Group Finance Officer, Group Financial Executive, Group Corporate Finance Executive and Group Treasury Manager. The executives responsible for the Group’s tax and treasury functions attend the quarterly meetings of the Committee to report on notable matters arising within the areas of their responsibility during the quarter.
Significant tax and treasury matters are brought to the attention of the A&R Co should they be raised between regular meetings.
The A&R Co is responsible for overseeing the internal audit and has considered and approved the internal audit charter and internal audit’s annual risk-based audit plan.
Internal audit reports centrally with responsibility for reviewing and providing assurance on the adequacy of the internal control environment across all of the Group’s significant operations. Various financial internal control audits were outsourced to an auditing firm, ensuring that specialist resources are utilised for financial internal control assessments. The internal audit plan follows a three-year cycle and is revised regularly in accordance with the risk profiles as discussed and tabled at the A&R Co meetings with any changes to the internal audit plan being approved by the Committee.
Each internal audit conducted is followed up by a detailed report to operational and senior management, including recommendations on aspects requiring improvement. The Chief Audit Executive is responsible for reporting the findings of the internal audit work against the agreed internal audit plan to the A&R Co at each Committee meeting. Copies of the detailed reports are also provided to the A&R Co together with an overall summary of the audit result for each audit.
The Chief Audit Executive has direct access to the A&R Co, primarily through its chairman, and attends A&R Co meetings by invitation.
The A&R Co is responsible for the appointment and removal of the Chief Audit Executive. The Committee is also responsible for the assessment of the performance of the Chief Audit Executive and the Internal Audit function. The Committee has considered and is satisfied with the effectiveness of the Internal Audit function. The A&R Co has also considered and is satisfied with the expertise and experience of the Chief Audit Executive.
An external and independent assessment of the Internal Audit function was performed during the prior financial year in line with our requirement for an external review every five years. The assessment indicated positive results and the function’s general conformance with the Institute of Internal Auditors Standards.
We apply a combined assurance approach to the Group’s key risks to validate the effectiveness of controls related to risk responses and mitigation activities and thereby corroborate management’s self-assessment of the effectiveness of existing risk responses. This provides the Board with a corroborated evaluation of the risk responses and mitigation controls through a combination of the following five lines of assurance:
- the organisation’s line functions that own and manage risks – first line of assurance;
- specialist functions that facilitate and oversee risk management and compliance – second line of assurance;
- internal assurance providers – third line of assurance;
- independent external assurance providers – fourth line of assurance; and
- governing body and committees – fifth line of assurance.
The required level of combined assurance is determined by the effectiveness of the risk response activities and the impact of such risk to the Group. No significant areas of overlap or assurance gaps have been identified during the year and the levels of assurance are considered appropriate.
Our whistle-blowing arrangements are approved and monitored by the A&R Co and the Social & Ethics Committee (“S&E Co”). The Group Ethics Committee (a management committee consisting of four senior functional executives) receives and deals with any concerns or complaints, whether from within or outside Aspen, through an independent specialised tip-offs call centre, and tables this information and the results of follow-ups at each S&E Co meeting. Financial- and internal control-related tip-offs are then also tabled at the A&R Co meetings.
Both committees are satisfied that instances of whistle-blowing received during the year were appropriately dealt with.
Oversight of the Group’s Risk Management function has been assigned to the A&R Co.
The Board considers risk management to be a key process in the responsible pursuit of strategic objectives and in the effective management of related material issues across the Group. Our management culture is underpinned by effective risk identification and mitigation activities which are applied, on a day-to-day basis, through a system of internal controls, monitoring mechanisms and relevant stakeholder engagement activities. In accordance with the Group’s risk philosophy, business activities and business plans are aligned to the Group’s governance, economic, environmental and social aspirations.
The Board of Directors is responsible for the governance of risk across the Group, for setting the risk appetite and for monitoring the effectiveness of our risk management processes. This responsibility is delegated to the A&R Co.
The Group’s integrated risk management model considers strategic, operational, financial and compliance risks. Reputational risks and uncertain risks, which are inherent to our business and to the pharmaceutical industry in general, are also identified, monitored, recorded and appropriately managed. Risk indicators and risk appetite are reviewed and approved by the Board on an annual basis or more frequently where required. The boards of directors of our subsidiary companies are responsible for oversight of the risk management processes implemented at the relevant business units and for monitoring the effectiveness of the implemented risk management systems to ensure business continuity. Evaluations of material risks and of the effectiveness of the risk management process were conducted during the year by the Group Executive Risk Forum and the findings of these evaluations were reported to the A&R Co. Following a comprehensive review of risks and mitigating controls at the A&R Co meeting, the Committee formulated an overall conclusion and submitted a formal risk review report to the Board. The Committee’s report included an opinion on the overall status of material residual, reputational and uncertain risks with reference to the adequacy of related mitigating controls and to the approved risk appetite. The report also presented an opinion on the effectiveness of the risk management process implemented in the Group, supported by the internal audit report.
In arriving at its opinion, the A&R Co undertook the following activities:
- monitored the implementation of the Group Risk Policy and Group risk plan as approved by the Board;
- reviewed and considered the activities and reports of the Group Executive Risk Forum;
- reviewed and considered business unit risk reports presented to the Committee;
- reviewed and considered the report by Internal Audit on the integrity and robustness of the Group’s risk management processes;
- reviewed and considered the status of financial, IT and internal controls, for the year under review, as reported by the Group’s internal and external auditors; and
- reviewed and approved the adequacy of the Group’s insurance cover, after having considered the claims for the prior year, a summary of the proposed insurance arrangements for the ensuing year and the insurable, but uninsured risks.
At year-end, the Board was satisfied with the status and effectiveness of risk governance in the Group and adequacy of mitigation plans for material risks. Internal Audit found the implemented risk management process to be effective and has made recommendations for improvement which will be implemented as part of the continuous improvement process.
The Committee periodically reviews the Group’s maturity in respect of IT governance by considering reports from the Group’s Chief Information Officer and assurance as provided by the Internal Audit function in accordance with the approved internal audit plan.
The governance and management of technology and information is based on a federated operating model where Aspen businesses and functional departments are responsible for the implementation, management and operation of technology and information considered appropriate to enable those businesses and functional departments. Opportunities for standardisation and to achieve procurement synergies continue to be explored from a Group perspective.
Business system implementation by various Aspen businesses and functional departments across the Group are in progress and are being monitored by the IT Steering Committee. A programme to mitigate infrastructure technology security risks is being coordinated centrally and includes the introduction of a supporting policy. Mitigation plans have been introduced to address the risk of material operational and disruptive incidents. No incidents of this nature occurred during the year.
Recommendation of the Integrated Report and related sustainability information for approval by the Board
At its meeting held on 24 October 2018, the A&R Co reviewed and recommended the Integrated Report and related sustainability information, as well as the Annual Financial Statements for approval by the Board of Directors.
The A&R Co is satisfied that it has complied with its statutory responsibilities and the responsibilities assigned to it by the Board.
Babalwa Ngonyama (CA)SA
A&R Co Chairman