1. Corporate Governance

2.  What is risk? ◦ Risks are uncertain future occurrences which, left unchecked, could adversely influence the achievement of a company’s business objectives  Naidoo, Corporate Governance, 2009 page 225

3.  Some of the main types of risk are:  Market risk – exposure to changes in share price, interest rate etc  Credit risk – possibility that 3 rd party may fail to honour its contractual commitments to the company  Operational risk – risk of loss due to inadequate internal processes or unexpected external events

4.  Reputational risk – risk of event damaging company’s goodwill & reputation  Business volume risk – risk of changes in demand or supply or competition  Legal risk – risk of failure to comply with legislation or contractual requirements

5.  Risk management can mean attempting to avoid or reduce exposure to a particular risk  Risk management can also mean increasing exposure to a particular risk to benefit from an anticipated outcome  Company will look at possibility of risk occurring & cost of reducing exposure

6.  The Board will decide in consultation with management which risks to terminate, accept, reduce or transfer.

7.  Define the risk & identify the areas of risk  Determine the capacity to deal with risk using TART  Develop strategies to deal with the risks identified  Develop risk management documentation  Integrate risk management into business plan  Ongoing monitoring of risk

8.  The four approaches to risk management  Terminate – if risk is too great to control & risk exceeds benefits  Accept – if no other controls possible  Reduce – institute appropriate controls  Transfer – move risk to another party (eg: insurer)

9.  Internal control refers to the complex web of reporting systems present within a company in terms of which its business activities are controlled.  Naidoo, Corporate Governance, 2009 page 234

10.  An effective system of internal control should enable the company to: ◦ Identify key objectives & associated risks ◦ Measure overall performance in managing risk ◦ Manage the identification of risk & the mitigation process through timely & meaningful communication ◦ Monitor the effectiveness of identifying, measuing & managing risk  Naidoo, Corporate Governance, 2009 page 235

11.  The Companies Act lays down the requirements for the appointment of an external auditor – see section 90 of the Act  The overriding factor is independence

12.  King III gives the audit committee certain responsibilities relating to the external auditors: ◦ To nominate the auditor ◦ To approve the terms of engagement & remuneration ◦ To monitor & report on the auditors independence ◦ To create a policy relating to non-audit work ◦ To review the quality & effectiveness of the external audit process

13.  The internal audit function must be independent & objective  It may be done internally or may be outsourced  If outsourced, it should not be done by the firm doing the external audit  If done internally, it should be independent of the day-to-day operations  The audit committee is responsible to oversee the internal audit function

14.  To objectively evaluate the company’s risk management, internal control & corporate governance processes & provide assuarnce to the Board of the adequacy & functionality of these processes  If the Board decides not to have an internal audit function the reasons should be disclosed in the annual report (apply or explain)

15.  The Board should ensure that the internal audit function has the necessary status within the company to execute its functions independently and without fear or favour  This can be achieved by: ◦ Appointment of qualified personnel ◦ Head of internal audit given senior management status ◦ Head of internal audit to report to Board & CEO ◦ Board promoting independence of internal audit ◦ Internal audit given adequate funding & resources