The board is accountable for the group’s system of internal control and has delegated this responsibility to management.
The system of internal control is designed to ensure that the significant risks are being appropriately managed and provide reasonable assurance that:
- business objectives will be achieved in normal and adverse trading conditions;
- operations are efficient and effective;
- management of financial information is reliable;
- company assets and information are appropriately safeguarded; and
- there is compliance with applicable laws and regulations.
Management is focused on continuous improvements to the system of internal control. The newly implemented financial system has been bedded down during the course of the financial year and has further enhanced the end-to-end financial controls and processes within the group.
Independent assurance providers
A key element of the system of internal control is the review conducted by independent assurance providers who assess the adequacy and effectiveness of the controls. These independent assurance providers are outlined in more detail below.
The internal audit function provides independent assurance on the adequacy and effectiveness of the system of internal controls in place to manage the significant risks of the business down to an acceptable level.
Internal audit also engages proactively with management to drive meaningful and sustainable improvements in the control environment. This is achieved by using specialist risk and control knowledge to provide practical recommendations to improve the design of and compliance with key controls. Where necessary, for example highly specialised IT reviews, these reviews are outsourced to specialist consultants.
The annual audit coverage plan is developed applying a risk-based approach and is reviewed and approved by the audit committee in May each year. It is revised quarterly to ensure that it remains relevant to the key business priorities and changing risk environment.
Key audit findings are reported to the audit committee quarterly in the red flag report. Progress in addressing these red flag items is audited quarterly and items are reported to the committee until they have been satisfactorily resolved. This enables the committee to ensure that prompt action has been taken to address the key areas of concern.
Internal audit retains its objectivity and independence by reporting functionally to the audit committee and administratively to the Head of corporate governance. The internal audit executive attends both the audit committee and risk committee meetings by invitation.
The internal audit team has a combination of skills and expertise which include operational, financial, accounting and information technology experience and knowledge.
Ernst & Young Inc and SAB&T Inc, the joint external auditors, provide stakeholders with an independent opinion on whether the annual financial statements fairly present, in all material respects, the financial position of the company and the group.
External audit regularly liaises with internal audit to understand the scope of their work and the results of their audits. Extenal audit has embarked on a programme to move to a more control-based audit approach, thus reducing their substantive testing. Internal audit performs the initial controls-based testing and once it has been sucessfully bedded down, testing will alternate between internal and external audit on an annual basis. Any control work performed by external audit is limited to the work necessary to support their audit opinion.
Other independent assurance providers
Specialist assurance providers have been used to assess the adequacy and effectiveness of controls in certain instances. These include audits on clothing and general merchandise product quality, food saftey and saftey and hygiene in our stores.