Page 42 - SAMRC Strategic Plan
P. 42

Good governance practices such as the King Code of   assurance that the SAMRC’s risk management
            Corporate Governance for South Africa, 2016 (King   and internal control systems are well designed
            IV) is also applicable – Risk Governance Principle 11,   and operate effectively and that any corrective
            stating that the governing body should govern risk   action is taken in a timely manner. Its audits cover
            in a way that supports the organisation in setting   internal controls and risk management processes
            and achieving its strategic objectives.            relating  to  the  financial  and  operational,  as  well
                                                               as IT and compliance activities of the SAMRC.
            The SAMRC has adopted a common and integrated      The outsourced Internal  Audit  function  reports
            approach to monitor the SAMRC’s strategic,         functionally to the SAMRC Board Committee, Audit
            research, clinical trial and other operational risks.   Risk and Information Technology Committee (ARIC),
            The  purpose to  embed  the practice  of enterprise   and is overseen by the Internal Audit Charter, which
            risk management at the SAMRC is to:                set out the purpose, scope and authority of the
            (a)  Realise “value” for the stakeholders, medical   Internal Audit function and is reviewed annually.
               and health care institutions and the population   Internal Audit has unrestricted access to the
               of South Africa.                                Chairperson of the ARIC and the SAMRC President.
            (b)  Set strategies and action plans in place to limit   The Internal Audit function works closely with the
               and decrease the risk exposures of the SAMRC.   Risk Management function and engages with the
            (c)   Place management in a position to deal       external auditors on an ongoing basis.
               proactively with potential emerging risks that
               may create uncertainty.                         The work of Internal Audit focuses primarily on
            (d)  Support management with a mechanism to        areas that present the greatest risk to the SAMRC.
               reduce the likelihood of downside outcomes and   This is achieved by following a risk-based assurance
               increase the potential for upside opportunities  approach, focus on the key risk exposure as approved
                                                               by the Board. An Internal Audit Plan is prepared
            The realisation of SAMRC’s Strategic Plan depends   annually and set on a three-year rolling basis. Focus
            on its management being able to manage risks       areas are determined and updated annually using a
            in  a  way  that  does  not  jeopardise  the  interests   risk-based approach considering the risk assessments
            of stakeholders. Sound management of risk will     conducted in the public entity and ensuring the work
            enable the SAMRC to anticipate and respond to      is appropriately aligned to and coordinated with the
            changes in the environment, as well as to take     activities of other relevant assurance providers. The
            informed decisions under conditions of uncertainty.   SAMRC captures and track all internal and external
            The features of the risk management process are    audit findings, mitigating actions and responsibilities
            outlined in the SAMRC’s Risk Management Strategy   and is followed up quarterly by Internal Audit. The
            and Risk Management Framework, as updated from     ARIC receives quarterly reports on progress against
            time-to-time.                                      the Internal Audit Plan and corrective actions taken
                                                               by management in response to audit findings.
            As the SAMRC, we understand that risk management
            is not there to impede the management of the entity   10.4.2.14.  Managing Conflicts of Interest
            but to assist with the achievement of organisational   The SAMRC’s commitment to high standards of
            objectives.  We  believe  that  a  commitment  to   business conduct and ethics is set out in the SAMRC’s
            the philosophy of risk management will ensure a    values and is supported by the Code of Business
            safer, healthier and quality driven environment for   Conduct Framework Policy (Code). In this regard
            employees, and the preservation of assets and value   the SAMRC’s commitment to the Code provides a
            for the benefit of all stakeholders.               framework of ethical practices and business conduct
                                                               that are applicable to the Board, employees and
            10.4.2.13.  Internal Audit and Audit Committee     external stakeholders.
            The Internal Audit function is a key element of the
            organisation’s internal control. Its role is to provide



                                     SAMRC   STRATEGIC PLAN 2025/26 – 2029/30                             41
   37   38   39   40   41   42   43   44   45   46   47