Page 186 - SAMRC Annual Report 2023-24
P. 186

INTERNAL CONTROL UNIT






            The SAMRC has a comprehensive risk management      taken promptly. Its audits cover internal controls and
            and internal control system in place. The system is   risk management processes relating to the financial
            designed to identify and appropriately mitigate the   and operational, as well as IT and compliance
            emerging and significant risks of the business and   activities of the SAMRC. The outsourced Internal
            ensure the accuracy and reliability of the SAMRC’s   Audit function reports functionally to the ARIC and
            financial reporting, while facilitating the delivery and   is overseen by the Internal Audit Charter, which sets
            sustainability of the strategic goals.             out the purpose, scope and authority of the Internal
                                                               Audit function and is reviewed annually. Internal Audit
            The Board acknowledges that they are ultimately    has unrestricted access to the Chairperson of the
            responsible for the organisation’s system of internal   ARIC and the SAMRC President. The Internal Audit
            financial control and place considerable importance   function works closely with the Risk Management
            on  maintaining  a  strong  control  environment.  Key   function and engages with the external auditors on
            features of the SAMRC’s financial reporting internal   an ongoing basis.
            controls include:
                                                               The work of Internal Audit focuses primarily on
            •  clearly defined delegations of authority and lines   areas that present the greatest risk to the SAMRC.
               of accountability;                              This is achieved by following a risk-based assurance
            •  policies  and  procedures  governing  financial   approach, focusing on the key risk exposure as
               resource  management,  financial  reporting  and   approved by the Board. An Internal Audit Plan is
               key IT projects;                                prepared annually and set on a three-year rolling
            •  assurance on key processes and audits as part of   basis. Focus areas are determined and updated
               the internal audit coverage;                    annually using a risk-based approach considering
            •  an annual IT general control assessment         the risk assessments conducted in the public entity
               conducted by the external auditors on the       and ensuring the work is appropriately aligned
               business  applications  that  support  the  financial   to  and coordinated  with  the activities  of other
               close process; and                              relevant assurance providers. The SAMRC captures
            •  a detailed review by the Audit and Risk and IT   and  tracks  all  internal  and  external  audit  findings,
               Committee (ARIC) and the Board of the financial   mitigating actions and responsibilities and is
               statements and disclosures within the annual    followed up quarterly by Internal Audit. The ARIC
               report.                                         receives quarterly reports on progress against the
                                                               Internal Audit Plan and corrective actions taken by
            The  ARIC is  required  to  ensure  that  management   management in response to audit findings.
            has adequate controls in place over assets, risk and
            financial systems, and has systems to allow for timely   Based on the results of the planned and adhoc audit
            and accurate financial reporting that complies with   activities undertaken during the financial year, it can
            all applicable requirements and legislation. The   be concluded that for the performed audit activities
            ARIC  therefore  plays  a  key  role  in  the  assurance   the key internal controls were generally effective in
            process and effectiveness of the risk management   all  material  aspects  and  reported  findings  did  not
            process at the SAMRC.                              expose the SAMRC to significant risk.

            Internal audit and                                 The Auditor-General South Africa (AGSA) is
            audit committees                                   responsible for expressing an opinion on the financial
                                                               statements and to report on findings relating to the
            The Internal Audit function is a key element of the   audit predetermined objectives, and material non-
            organisation’s internal control. Its role is to provide   compliance  with  specific  requirements  in  the  key
            assurance that the SAMRC’s risk management and     applicable legislation. The AGSA is invited to all
            internal control systems are well designed and     ARIC meetings and receives copies of all relevant
            operate effectively and that any corrective action is   papers and meeting minutes.





            184         SAMRC  ANNUAL REPOR T 2023-24
   181   182   183   184   185   186   187   188   189   190   191