Audit & Risk Committee report

celebrating 20 years Audit & Risk Committee report

Activities, mandate, composition and attendance of the Audit & Risk Committee ("A&R Co")

The table below reflects a summary of the activities undertaken by the A&R Co during the year in terms of its terms of reference and in support of the Board, with the resulting material outcomes from these activities:

Activities     Outcome
Engagement with the Group's external auditors    
  • nominated and recommended to shareholders the appointment of the external auditor of the Company and the Group who is a registered auditor and who, in the opinion of the A&R Co, is independent of the Company and the Group;
  • determined the fees to be paid to the auditor and the auditor’s terms of engagement;
  • ensured that the appointment of the auditor complies with the Companies Act, the applicable JSE listings requirements, and any other legislation relating to the appointment of the auditor;
  • determined the nature and extent of any non-audit services that the auditor may provide to the Group; and
  • pre-approved any proposed agreement with the auditor for the provision of non-audit services to the Group which are of a material nature as provided for in the Group’s non-audit services policy.
Compliance with Companies Act requirements    
  • prepared this report in compliance with section 94(7)(f) of the Companies Act, which report has been included in the Annual Financial Statements by reference;
  • stands ready to receive and deal with any concerns or complaints relating to the accounting practices and internal audit of the Company and the Group, the content or auditing of the Annual Financial Statements, including the Summarised Group Annual Financial Statements contained in the Integrated Report, the internal financial controls of the Company and the Group or any related matter; and
  • made submissions to the Board on matters concerning the Company and the Group’s accounting policies, financial controls, records and reporting.
Internal financial controls, internal audit and combined assurance    
  • assessed internal financial controls and concluded that no material breakdowns in the functioning of the internal financial controls were noted during the year under review and that the results of the audit tests conducted indicate that the internal financial controls provided a sound basis for the preparation of financial statements;
  • considered and confirmed its satisfaction with the effectiveness of the Internal Audit function, as well as the expertise and experience of the Chief Audit Executive;
  • received an external and independent assessment of the Internal Audit function, in the 2017 financial year, in line with Aspen’s requirement for an external review every five years. The assessment indicated positive results and the function’s general conformance with the Institute of Internal Auditors Standards; and
  • ensured that a comprehensive combined assurance model was applied to the Group's key risks so as to provide a coordinated approach to all assurance activities and confirmed that there were no significant areas of overlap or assurance gaps and the levels of assurance were considered appropriate.
Oversight of risk management    
  • monitored the implementation of the Group risk policy and Group risk plan as approved by the Board;
  • reviewed and considered the activities and reports of the Group executive risk forum and Tax Committee;
  • reviewed and considered business unit risk reports presented to the Committee;
  • reviewed and considered the report by Internal Audit on the integrity and robustness of the Group’s risk management processes;
  • reviewed and recommended for approval the Group’s risk appetite framework;
  • reviewed and considered the status of financial, information, technology and cybersecurity measures and internal controls for the year under review, as reported by the Group’s internal and external auditors; and
  • reviewed and approved the adequacy of the Group’s insurance cover.
Integrated reporting and assurance in respect of financial expertise of the Financial Director and finance function    
  • confirmed the expertise and experience of the:
    • Deputy Group Chief Executive who performs the duties of the Company’s Financial Director; and
    • Group's Finance function and the senior members of management responsible for the Group’s Finance function, including the Group Finance Officer;
  • considered financial-related tip-off reports and management actions to address these; and
  • reviewed the Group’s Integrated Report and the sustainability information as disclosed therein to evaluate the integrity of reported information and for consistency with the Annual Financial Statements.

Audit & Risk Committee Terms of Reference

The A&R Co has adopted formal Terms of Reference as incorporated in the Board Charter which have been approved by the Board of Directors. The Terms of Reference are reviewed as necessary. The Committee has conducted its affairs in compliance with these Terms of Reference and has discharged its responsibilities contained therein, as well as in the Companies Act.

Committee members and attendance at meetings

The A&R Co is constituted as a statutory committee in terms of the provisions of section 94 of the Companies Act and has an independent role with accountability to both the Board and shareholders. The A&R Co currently consists of four independent non-executive directors elected by shareholders at the annual general meeting, on the recommendation of the Board. The Board elects the Chairman of the A&R Co.

The Deputy Group Chief Executive, Group Finance Officer, Chief Audit Executive, Group Tax Executive, Company Secretary & Group Governance Officer, Group Risk & Sustainability Manager and representatives of the internal and external auditors attend meetings by invitation. All directors have a standing invitation to attend the Committee’s meetings. From time to time other executives and directors of the Group attend meetings of the A&R Co as requested. The Committee has unrestricted access to the external and internal auditors.

In accordance with the Terms of Reference, the Committee meets at least four times annually, but more often if necessary. During the year under review, the Committee met eight times. Each of the scheduled meetings is preceded by a pre-meeting during which the Chairman ascertains the key issues requiring consideration and to be addressed. The minutes of these meetings are made available to all directors by means of a database of documents they can access online. The Chairman of the Committee provides the Board with a verbal report of the Committee’s activities at each Board meeting. During the year, the Committee met with the external auditors and with the Chief Audit Executive without management being present. No matters that required attention arose from these meetings.

The Chairman of the Committee represents the A&R Co at the annual general meeting each year.

The Company Secretary & Group Governance Officer is the secretary of the Committee.

The Remuneration & Nomination Committee ("R&N Co"), through its nomination process, ensures that members are sufficiently qualified and experienced in matters such as financial and sustainability reporting, internal financial controls, external and internal audit processes, corporate law, risk management, financial sustainability issues, IT governance as it relates to integrated reporting and governance processes.

The following table of attendance at A&R Co meetings reflects the Committee’s meetings held during the year and the attendance of these meetings by its members during the year:

A&R Co 30 August
2017
12 September
2017
18 October
2017
25 October
2017
1 December
2017
14 February
2018
6 March
2018
19 June
2018
Roy Andersen
John Buchanan (Chairman)#
Maureen Manyama*       Apology n/a n/a n/a
Babalwa Ngonyama (Chairman)##
Sindi Zilwa Apology

* Ms Manyama did not make herself available for re-election at the Company's AGM held on 7 December 2017.
# Mr Buchanan retired as Chairman of the A&R Co with effect from 1 January 2018, remaining a member of the A&R Co.
## Ms Ngonyama was appointed as Chairman of the A&R Co with effect from 1 January 2018.

The overall average attendance for the A&R Co meetings held during the year was 94.6%.

Roles and responsibilities

The A&R Co has an independent role with accountability to both the Board and our shareholders. The Committee does not assume the functions of management, which remain the responsibility of the executive directors, officers and other senior members of management.

The Committee is, inter alia, responsible for assisting the Board in discharging its duties in respect of the safeguarding of assets, accounting systems and practices, internal control processes and the preparation of the Group and Company Annual Financial Statements in line with the relevant financial reporting standards as applicable from time to time. The Committee’s responsibilities can be divided into two broad categories:

Statutory duties

External auditor

The Committee has satisfied itself that the external auditor, PricewaterhouseCoopers Inc., was independent of the Group, as required by the Companies Act, which includes consideration of compliance with criteria relating to independence or conflicts of interest as prescribed by the Independent Regulatory Board for Auditors. Requisite assurance was sought and provided by the auditor that internal governance processes within the audit firm support and demonstrate its claim to independence.

The A&R Co has also satisfied itself with the quality of the external audit work being performed by PricewaterhouseCoopers Inc., in respect of all of the Group’s subsidiaries, except for Aspen’s South African subsidiaries which are audited by both PricewaterhouseCoopers Inc. and SizweNtsalubaGobodo Inc. on a shared basis, and that the firm and relevant designated auditor are accredited with the JSE list of auditors and the Independent Regulatory Body of Auditors and hold the requisite certifications and registrations. In recommending the appointment of a proposed external auditor, the Committee calls for and requests:

  • the decision letter and findings report of the inspection report issued in respect of the firm by the Independent Regulatory Board for Auditors (“IRBA”) of South Africa on both the proposed external audit firm and the designated individual director;
  • a summary of the proposed external audit firm monitoring procedures; and
  • the outcome and summary of any legal or disciplinary proceedings which may have been instituted by the IRBA against the proposed external audit firm and designated individual auditor.

PricewaterhouseCoopers Inc. has been the Group’s external auditor since the Company’s listing on the JSE in 1998. The A&R Co has agreed to recommend to shareholders the appointment of Craig West of PricewaterhouseCoopers Inc. as the designated auditor, responsible for performing the functions of auditor, for the 2019 financial year – his second year in this role. SizweNtsalubaGobodo Inc. has again been appointed to share in the auditing of the Company’s South African subsidiaries in the forthcoming year. The Committee has initiated a process in terms whereof PricewaterhouseCoopers Inc. will be replaced as the Group’s external auditor by no later than the financial year commencing 1 July 2023 in line with the South African Independent Regulatory Board of Auditors’ rule issued on mandatory audit firm rotation.

The Committee, in consultation with executive management, agreed to the engagement letter, terms, audit plan and budgeted audit fees for the financial year ended 30 June 2018.

There is a formal procedure that governs the process whereby the external auditor is considered for non-audit services. The Committee approved the terms of the service agreement for the provision of non-audit services by the external auditor, and approved the nature and extent of non-audit services that the external auditor provided in terms of the agreed pre-approval policy. During the year an amount of R9 131 231 was paid to PricewaterhouseCoopers Inc. in respect of non-audit services, which is approximately 22% of the external audit fee paid for the year. The external auditor is invited to and attends all A&R Co meetings and is required to meet independently with the A&R Co at least annually. A schedule of findings by the external auditor arising from the annual statutory audit is tabled and presented at an A&R Co meeting following the audit. The Committee endorses action plans for management to mitigate noted concerns. The external auditor has expressed an unqualified opinion on the Annual Financial Statements for the year ended 30 June 2018.

Internal financial controls

The key internal financial controls in operation for all significant operating businesses within the Group are documented in formalised financial internal control frameworks and these frameworks are maintained and updated by financial management during the course of the year or as part of the year-end process.

Based on the results of the formal documented review of the design, implementation and effectiveness of the Group’s systems of internal financial controls conducted by Group internal audit, supported by approved outsourced internal audit service providers during the 2018 financial year and, in addition, considering information and explanations given by management and discussions with the external auditor on the results of their audits, no material breakdowns in the functioning of the internal financial controls were noted during the year under review.

The results of the audit tests conducted indicate that the internal financial controls provide a sound basis for the preparation of financial statements.

Expertise and experience of the Financial Director and the finance function

The A&R Co has considered and is satisfied with the expertise and experience of the Deputy Group Chief Executive who performs the duties of the Company’s Financial Director, Gus Attridge (CA)SA.

Furthermore, the Committee has considered, and has satisfied itself of the appropriateness of the expertise and adequacy of resources of the Group’s finance function and experience of the senior members of management responsible for the Group’s finance function, including the Group Finance Officer.

Annual Financial Statements

The A&R Co assists the Board with all financial reporting and reviews the Annual Financial Statements as well as trading statements, preliminary results announcements and interim financial information.

The A&R Co has reviewed the Annual Financial Statements as well as trading statements, preliminary results announcements and interim financial information of the Company and the Group and is satisfied that they comply with International Financial Reporting Standards.

The following significant matters were considered by the A&R Co in relation to these Annual Financial Statements:

Activities     Outcome
Measurement of goodwill and indefinite life intangibles     The A&R Co reviewed and interrogated all elements supporting the valuation and measurement of goodwill and indefinite life intangible assets which included stress testing the process and key assumptions underpinning the valuations. The process of reviewing the classification of intangible assets and the criteria for determining whether these assets met the definition of indefinite life intangible assets was extensively reviewed and the A&R Co was satisfied that the classification and valuation of indefinite life intangible assets was materially correct and fairly presented.
Uncertain tax positions    
  • The Group operates in a complex tax environment which has been and will continue to be subject to significant change as a consequence of the Organisation for Economic Co-operation and Development’s Base Erosion and Profit Shifting (“BEPS”) project. BEPS gave rise to many recommended changes to international tax law and further recommended greater transparency through enhanced documentation (master file, country-by-country report and local files). The changes to international tax law and the more detailed documentation requirements has led to greater scrutiny of the Aspen Group by a number of tax jurisdictions.
  • The Group has considered this increased scrutiny and the uncertainty arising from changes in the interpretation of international tax principles and has applied its judgement to determine if provisions are required for any uncertain tax positions.
  • The A&R Co has considered the level of tax provisioning to be acceptable in the context of the Group’s financial statements, taken as a whole.
Accounting for the purchase of the residual rights to the AstraZeneca anaesthetics portfolio    
  • The Group acquired the commercialisation rights to products from AstraZeneca in specified territories in the prior financial year. This transaction was accounted for as a business combination in terms of IFRS 3. During the current financial year, the Group acquired the remaining rights from AstraZeneca to these products, including trademarks, patents, domain names, manufacturing know-how and regulatory information. Judgement is required to determine whether the transaction is a business combination in terms of IFRS 3 or an asset acquisition in terms of IAS 38.
  • The A&R Co was satisfied that no additional outputs, nor employees, were acquired and that the treatment of this transaction as an asset acquisition rather than a business combination was appropriate.

Going concern

The A&R Co reviewed a documented assessment by management of the going concern premise of the Group before recommending to the Board that the Group is a going concern and will remain so for the foreseeable future. The Committee reviews all proposed intercompany funding proposals and distributions to shareholders in terms of sections 44, 45 and 46 of the Companies Act, recommending such funding arrangements to the Board for consideration.

Duties assigned by the Board

The duties and responsibilities of the members of the Committee are set out in the A&R Co Terms of Reference included in the Board Charter, which is approved by the Board.

Integrated and sustainability reporting

The A&R Co fulfils an oversight role regarding the Group’s Integrated Report and the reporting process, including the system of internal financial controls. It is responsible for ensuring that the internal audit function is independent and has the necessary resources, standing and authority within the Group to enable it to discharge its duties. Furthermore, the A&R Co oversees cooperation between the internal and external auditors. During the 2018 financial year, the A&R Co considered the results of the sustainability audits conducted by Environmental Resources Management and limited assurance engagements performed on selected key performance indicators by Environmental Resources Management, PricewaterhouseCoopers Inc., as the Group’s external auditors, and Internal Audit. The Committee is satisfied that the sustainability information, as presented in the 2018 Integrated Report, is reliable, consistent and fairly presented.

Tax and treasury oversight

The Committee also receives regular feedback from both our Group Tax Committee and Group Treasury Committee. The Group Tax Committee is charged with ensuring all Group companies implement the Group’s tax philosophy and policies and comprises the Deputy Group Chief Executive, Group Finance Officer, the Group Financial Executive and Group Tax Executive, who meet on a regular basis to discuss the status of the Group’s tax affairs. The Group Treasury Committee is charged with monitoring the Group’s performance in managing the risks identified in the Group Treasury Policy and comprises the Deputy Group Chief Executive, Group Finance Officer, Group Financial Executive, Group Corporate Finance Executive and Group Treasury Manager. The executives responsible for the Group’s tax and treasury functions attend the quarterly meetings of the Committee to report on notable matters arising within the areas of their responsibility during the quarter.

Significant tax and treasury matters are brought to the attention of the A&R Co should they be raised between regular meetings.

Internal audit

The A&R Co is responsible for overseeing the internal audit and has considered and approved the internal audit charter and internal audit’s annual risk-based audit plan.

Internal audit reports centrally with responsibility for reviewing and providing assurance on the adequacy of the internal control environment across all of the Group’s significant operations. Various financial internal control audits were outsourced to an auditing firm, ensuring that specialist resources are utilised for financial internal control assessments. The internal audit plan follows a three-year cycle and is revised regularly in accordance with the risk profiles as discussed and tabled at the A&R Co meetings with any changes to the internal audit plan being approved by the Committee.

Each internal audit conducted is followed up by a detailed report to operational and senior management, including recommendations on aspects requiring improvement. The Chief Audit Executive is responsible for reporting the findings of the internal audit work against the agreed internal audit plan to the A&R Co at each Committee meeting. Copies of the detailed reports are also provided to the A&R Co together with an overall summary of the audit result for each audit.

The Chief Audit Executive has direct access to the A&R Co, primarily through its chairman, and attends A&R Co meetings by invitation.

The A&R Co is responsible for the appointment and removal of the Chief Audit Executive. The Committee is also responsible for the assessment of the performance of the Chief Audit Executive and the Internal Audit function. The Committee has considered and is satisfied with the effectiveness of the Internal Audit function. The A&R Co has also considered and is satisfied with the expertise and experience of the Chief Audit Executive.

An external and independent assessment of the Internal Audit function was performed during the prior financial year in line with our requirement for an external review every five years. The assessment indicated positive results and the function’s general conformance with the Institute of Internal Auditors Standards.

Combined assurance

We apply a combined assurance approach to the Group’s key risks to validate the effectiveness of controls related to risk responses and mitigation activities and thereby corroborate management’s self-assessment of the effectiveness of existing risk responses. This provides the Board with a corroborated evaluation of the risk responses and mitigation controls through a combination of the following five lines of assurance:

  • the organisation’s line functions that own and manage risks – first line of assurance;
  • specialist functions that facilitate and oversee risk management and compliance – second line of assurance;
  • internal assurance providers – third line of assurance;
  • independent external assurance providers – fourth line of assurance; and
  • governing body and committees – fifth line of assurance.

The required level of combined assurance is determined by the effectiveness of the risk response activities and the impact of such risk to the Group. No significant areas of overlap or assurance gaps have been identified during the year and the levels of assurance are considered appropriate.

Whistle-blowing

Our whistle-blowing arrangements are approved and monitored by the A&R Co and the Social & Ethics Committee (“S&E Co”). The Group Ethics Committee (a management committee consisting of four senior functional executives) receives and deals with any concerns or complaints, whether from within or outside Aspen, through an independent specialised tip-offs call centre, and tables this information and the results of follow-ups at each S&E Co meeting. Financial- and internal control-related tip-offs are then also tabled at the A&R Co meetings.

Both committees are satisfied that instances of whistle-blowing received during the year were appropriately dealt with.

Risk governance

Oversight of the Group’s Risk Management function has been assigned to the A&R Co.

The Board considers risk management to be a key process in the responsible pursuit of strategic objectives and in the effective management of related material issues across the Group. Our management culture is underpinned by effective risk identification and mitigation activities which are applied, on a day-to-day basis, through a system of internal controls, monitoring mechanisms and relevant stakeholder engagement activities. In accordance with the Group’s risk philosophy, business activities and business plans are aligned to the Group’s governance, economic, environmental and social aspirations.

The Board of Directors is responsible for the governance of risk across the Group, for setting the risk appetite and for monitoring the effectiveness of our risk management processes. This responsibility is delegated to the A&R Co.

The Group’s integrated risk management model considers strategic, operational, financial and compliance risks. Reputational risks and uncertain risks, which are inherent to our business and to the pharmaceutical industry in general, are also identified, monitored, recorded and appropriately managed. Risk indicators and risk appetite are reviewed and approved by the Board on an annual basis or more frequently where required. The boards of directors of our subsidiary companies are responsible for oversight of the risk management processes implemented at the relevant business units and for monitoring the effectiveness of the implemented risk management systems to ensure business continuity. Evaluations of material risks and of the effectiveness of the risk management process were conducted during the year by the Group Executive Risk Forum and the findings of these evaluations were reported to the A&R Co. Following a comprehensive review of risks and mitigating controls at the A&R Co meeting, the Committee formulated an overall conclusion and submitted a formal risk review report to the Board. The Committee’s report included an opinion on the overall status of material residual, reputational and uncertain risks with reference to the adequacy of related mitigating controls and to the approved risk appetite. The report also presented an opinion on the effectiveness of the risk management process implemented in the Group, supported by the internal audit report.

In arriving at its opinion, the A&R Co undertook the following activities:

  • monitored the implementation of the Group Risk Policy and Group risk plan as approved by the Board;
  • reviewed and considered the activities and reports of the Group Executive Risk Forum;
  • reviewed and considered business unit risk reports presented to the Committee;
  • reviewed and considered the report by Internal Audit on the integrity and robustness of the Group’s risk management processes;
  • reviewed and considered the status of financial, IT and internal controls, for the year under review, as reported by the Group’s internal and external auditors; and
  • reviewed and approved the adequacy of the Group’s insurance cover, after having considered the claims for the prior year, a summary of the proposed insurance arrangements for the ensuing year and the insurable, but uninsured risks.

At year-end, the Board was satisfied with the status and effectiveness of risk governance in the Group and adequacy of mitigation plans for material risks. Internal Audit found the implemented risk management process to be effective and has made recommendations for improvement which will be implemented as part of the continuous improvement process.

IT governance

The Committee periodically reviews the Group’s maturity in respect of IT governance by considering reports from the Group’s Chief Information Officer and assurance as provided by the Internal Audit function in accordance with the approved internal audit plan.

The governance and management of technology and information is based on a federated operating model where Aspen businesses and functional departments are responsible for the implementation, management and operation of technology and information considered appropriate to enable those businesses and functional departments. Opportunities for standardisation and to achieve procurement synergies continue to be explored from a Group perspective.

Business system implementation by various Aspen businesses and functional departments across the Group are in progress and are being monitored by the IT Steering Committee. A programme to mitigate infrastructure technology security risks is being coordinated centrally and includes the introduction of a supporting policy. Mitigation plans have been introduced to address the risk of material operational and disruptive incidents. No incidents of this nature occurred during the year.

Recommendation of the Integrated Report and related sustainability information for approval by the Board

At its meeting held on 24 October 2018, the A&R Co reviewed and recommended the Integrated Report and related sustainability information, as well as the Annual Financial Statements for approval by the Board of Directors.

The A&R Co is satisfied that it has complied with its statutory responsibilities and the responsibilities assigned to it by the Board.

Babalwa Ngonyama (CA)SA

A&R Co Chairman