OUR RISK MANAGEMENT PROCESS
Altron’s risk governance process is a top-down approach with the board overseeing and approving all risk management processes and activities. For a detailed description of how we govern risk refer to the ‘how we govern our business’(www.altron.com/iar2015/governance/govern.asp) section of this report. Although the board plays a critical role in how we manage our risks, risk identification, management and reporting is achieved via a bottom-up approach. Altron’s risk management process comprises the following three levels of reporting as indicated in the diagram:
Risk management process – level 1 refers to risk management at an operational level. Risks identified and managed at operational level are reported to the executive committees of Altron TMT and Powertech respectively. Altron’s internal audit department performs reviews at the operational levels and their findings are reported to the relevant Altron TMT and Powertech executive committees.
Risk management process – level 2 includes the reporting of risks to the sub-holding group companies’ financial review and risk committees (Altron TMT FRARC and Powertech FRARC). Major risks are elevated to the Altron Group Chief Executive (through the executive committee, which meets monthly); the Altron social and ethics committee (in respect of risks relating to the non-financial aspects of the business); the Altron risk management committee (in respect of all risks, both financial and non-financial); and the Altron audit committee. These committees meet twice a year and also oversee that the mitigation and management of the risks identified are effective and efficient. Altron’s internal audit department also assists with the risk management process at this level as reports are submitted to all the above mentioned committees.
Risk management process – level 3 includes the overall evaluation and management of risks by the Altron board. In addition, the role of internal audit is to provide assurance to the board that appropriate risk management processes and controls are in place. The board is thus ultimately responsible to ensure that the risk governance processes and the risk management processes remain adequate and effective in identifying the group’s risks and opportunities and that there is a system of efficient and effective monitoring, mitigation and management in place.
STATEMENT OF INTERNAL CONTROL
The board recognises the importance of a sound system of internal control which supports the achievement of the Altron group’s policies, aims and objectives while ensuring compliance with statutory duties and responsibilities.
It acknowledges its overall responsibility for the Altron group’s system of internal controls. This includes the establishment of an appropriate control environment and framework and a review of the effectiveness, adequacy and integrity of this system.
Delegation of responsibilities
The delegation of responsibilities for both the Altron group's executive and operating management is clearly defined, which includes authorisation levels for all aspects of the business. The delegation of these responsibilities is reviewed annually.
Policies and procedures
Clearly documented policies and procedures are set out in the Altron group policy manual which is subject to regular review and updating.
Management review meetings
Management review meetings are held regularly for all operating units. Operational, financial and key management issues are identified, discussed and resolved at these meetings.
Monitoring of results
Results against budget are monitored monthly at both operational and at board level. Management follows up and takes action regarding major variances against the budget.
Code of conduct
The Altron group has an established code of ethics and code of conduct (revised in February 2015 and approved by the Altron audit committee), which sets out and reinforces corporate values and ethical behaviour.
The Altron group has in place an anonymous whistle-blowing facility (Tip off Tim), which is independently run by Deloitte. All tip-offs are actively investigated, followed up and resolved. Our whistle-blowing guidelines policy is regularly reviewed and updated when necessary. The ethics office also has a secure email address which employees can use to report unethical behaviour or to seek advice and guidance on ethical dilemmas they may face. This email address is only accessible to the chief ethics officer. Altron regularly publishes SENS announcements in terms of section 159 of the Companies Act.
Independence of the internal audit function
Following its annual review of the internal audit function’s independence, the Altron audit committee concluded that it is satisfied that the independence of the function has not been impaired in any way. Should any significant issues be identified that warrant the removal of the head of internal audit, the matter would be decided by a majority vote of the audit committee.
Both the audit committee and the head of internal audit have reviewed the King III requirements pertaining to internal audits. Both parties agree that the internal audit function complies with the requirements of the King Code.
Compliance with Institute of Internal Auditing Standards
The internal audit function adheres to the International Standards for the Professional Practice of Internal Auditing (IIA Standards). Its compliance is confirmed by means of a review, which was conducted by Deloitte in the year under review.
The audit plan is established by the Altron group internal audit function, approved by the audit committee and communicated to sub-holding executive management and the respective audit and financial review and risk committees.
Special assignments are also undertaken at the request of audit committee members when deemed necessary. In these cases, appropriate arrangements are made to ensure that these additional requests do not compromise the achievement of the audit plan.
The role of internal audit
Altron's internal audit function supports the audit committee, the board and each operation of the group by independently evaluating the adequacy and effectiveness of the controls throughout the Altron group of companies, their financial reporting mechanisms and records, information systems and operations. It also provides additional assurance on the safeguarding of group assets and financial information.
The internal audit department monitors compliance with policies and procedures and reviews the effectiveness of the internal control environment. Significant findings in respect of non-compliance with policies and procedures, or weaknesses in internal controls are highlighted in the department's reports, brought to the attention of management and reported to the Altron audit committee.
Audits are carried out on all significant operating units. The frequency of an audit is determined by the assessment of risk, which includes, but is not limited to, the results of the previous audit review, operational financial contribution, and changes in key employees and systems. High-risk operations are audited annually, medium-risk sites once every 18 months, and low-risk sites once every three years. The audits are conducted in accordance with the International Standards for the Professional Practice of Internal Auditing.
The annual audit plan is reviewed and approved by the Altron audit committee. The plan includes:
- a review of financial systems to assess the adequacy and effectiveness of the internal controls implemented and maintained by management;
- a review of computer systems based on edition 4.1 of the internationally accredited COBIT® framework;
- a production review aimed at assessing the adequacy and effectiveness of internal controls and compliance with these controls;
- a health and safety review to ensure the company is complying with the requirements of the Occupational Health and Safety Act, of 1993, as amended;
- an environmental review to determine the level of compliance with respect to general and specific environmental duties, standards and legal liabilities, including the common law, based on the identified environmental risk and on the pending law and global and local trends;
- an energy review to assess the adequacy and effectiveness of the Altron group’s energy management systems;
- a general security review to ensure the company is complying with the requirements of the Altron group policies and South African legislation, that company property is adequately protected and that the company provides an environment that is safe and secure for its employees; and
- an ethics review to determine the ethical climate at particular operations.
The following standard audit opinions have been defined to allow management to place in context the opinion given in internal audit reports.
|The system of internal control is adequate and effective.
Control weaknesses identified were minimal and of a minor nature, and do not impair the overall system of internal control.
|While for the most part satisfactory, certain controls are missing or are only partial in nature. While other controls compensated in part for the weakness, timely corrective action is required by management.
The system of internal control is not significantly impaired.
|Critical controls are absent or inadequate. The weaknesses identified, taken together or independently, significantly impair the overall system of internal control.
As a result, prompt corrective action by management is necessary to bring controls up to a satisfactory level.
|Control weaknesses are so significant or widespread that there is a high risk of financial loss, business interruption, breach of privacy, non-adherence to company policies or failure to meet contractual or statutory obligations.
mmediate action is required by management to implement effective controls. The overall system of internal control is materially impaired.