Skip to main content

Internal control

The group’s systems of internal control are designed and operated to support the identification and management of risks affecting the group and the business environment in which it operates. As such, they are subject to continuous review as circumstances change and new risks emerge.

Key features of the systems of internal control are:

  • written policies and procedures within each business, which are detailed in policy manuals, clearly defined lines of accountability and delegation of authority, and comprehensive reporting and analysis against approved standards and budgets
  • group treasury operations control and reduce exposure to interest rate, counterparty, liquidity and currency transaction risks and co-ordinate the activities of group companies in this area. Treasury policies, risk limits and monitoring procedures are reviewed regularly by the audit committee on behalf of the board
  • minimisation of operating risk by ensuring that the appropriate infrastructure, controls, systems and people are in place throughout the businesses. Key policies employed in managing operating risk involve segregation of duties, transaction authorisation, monitoring, financial and managerial reporting
  • business resumption planning, including preventative and contingency measures, back-up capabilities and the purchase of catastrophe insurance to ensure ongoing product and service delivery under adverse conditions.
Assurance on compliance with systems of internal control and on their effectiveness is obtained through regular management reviews, control self-assessment, internal audit reviews and testing of certain aspects of the internal financial control systems by the external auditors during the course of their statutory examinations. The group’s various divisional audit committees consider the results of these reviews regularly, to confirm the appropriateness and satisfactory nature of these systems, while ensuring that breakdowns involving material loss, if any, together with remedial actions, have been reported to the appropriate boards of directors.

At the half year and at the year end the divisional managing directors and finance directors of all the group’s operations are required to submit formal letters of representation on controls, compliance and notification of continuing or potential operational, financial and legal risks or claims. These letters form the subject of reports to the audit committee. These letters, including the review described above, cover all subsidiary companies but do not cover associates, (except for Tsogo Sun, which does submit letters of representation), or joint ventures. Directors, executives, key managers and professionals also make annual written declarations of interests and are obliged to report without delay any potential or actual conflicts of interest which may arise.

The directors are responsible for the group’s systems of internal control and for reviewing their effectiveness and the board has conducted a review of the effectiveness of the company’s internal controls covering all material controls, including financial, operational and compliance controls and risk management systems. The systems of internal control are designed to manage, rather than eliminate, the risk of failure to achieve business objectives and can provide reasonable, but not absolute, assurance against material misstatement or loss. In reviewing these, the board has taken into account the results of all the work carried out by internal and external auditors to audit and review the activities of the group.

Back to top    back to top