REPORT OF THE AUDIT AND RISK COMMITTEE
In line with the Companies Act 71 of 2008, as amended (the Act), we have established an audit committee. This committee fulfils the composition and functions as laid out in the Act. In addition, as explained in its terms of reference, Harmony’s audit committee is also tasked with overseeing risk management in the company and thus is known as the audit and risk committee.
PURPOSE AND ROLE
In accordance with the suggestions of King III and the Act the committee’s role comprises:
- Assisting the board in discharging its duties on safeguarding assets
- Monitoring the operation of an adequate system of internal control and control processes
- Monitoring the preparation of accurate financial reporting and statements in compliance with all applicable legal requirements, corporate governance and accounting standards
- Overseeing the governance of both financial and non-financial risks with the assistance of executive management
- Overseeing and ensuring the integrity of integrated reporting
- Ensuring that a combined assurance model is applied to provide a co-ordinated approach to all assurance activities
- Overseeing the internal and external audit processes
These roles are undertaken with accountability to both the board and the company’s stakeholders.
COMPOSITION OF THE COMMITTEE
In terms of the Act the following members, who were serving on the committee at 30 June 2014, will be recommended for appointment as audit and risk committee members for FY15 to shareholders at the company’s annual general meeting:
| Name | Status | Date appointed |
|---|---|---|
| John Wetton (chairman) | Independent non-executive director | 1 July 2011, appointed chairman 30 November 2011 |
| Fikile De Buck | Lead independent non-executive director | 30 March 2006 |
| Dr. Simo Lushaba | Independent non-executive director | 24 January 2003 |
| Modise Motloba | Independent non-executive director | 30 July 2004 |
| Karabo Nondumo | Independent non-executive director | 3 May 2013 |
The proposed individuals satisfy the requirements set out in section 94 of the Act for members of an audit committee, and ensure that the committee has the adequate and relevant knowledge and experience to sufficiently perform its functions. For details on the qualifications, expertise and experience of the members of the audit and risk committee refer to their curriculum vitaes in the section on The Board.
ACTIVITIES OF THE COMMITTEE
In terms of the audit and risk committee’s formal, approved terms of reference, and as part of its function in assisting the board to discharge its duties for the year under review, the committee met six times during the past financial year.
- Reviewed the company’s quarterly results
- Evaluated and considered Harmony’s risks, as well as measures taken to mitigate those risks
- Monitored the internal control environment in Harmony and found it to be effective
- Discussed the appropriateness of accounting principles, critical accounting policies, management judgements, estimates and impairments, all of which were found to be appropriate
- Considered the appointment of the external auditor, PricewaterhouseCoopers Inc., as the registered independent auditor for the ensuing year. The committee noted that the current designated partner, Faan Lombard, will oversee the Harmony external audit process for another year
- Satisfied itself through enquiry that the external audit firm, PricewaterhouseCoopers Inc., was independent from the company
- Evaluated the independence and effectiveness of the internal audit function and external auditors
- Evaluated and coordinated the internal and external audit processes
- Received and considered reports from the external and internal auditors
- Reviewed and approved internal and external audit plans, terms of engagement and fees, as well as the nature and extent of non-audit services rendered by the external auditors
- Held separate meetings with management and the external auditors
- Considered the appropriateness and expertise of the financial director, Frank Abbott, as well as that of the finance function. Both were found to be adequate and appropriate
- Considered whether information technology risks are adequately addressed and that appropriate controls are in place to address these risks
- Going concern
- Risks and mitigation
- Integrated reporting assurance
The audit and risk committee is confident that it complied with its legal, regulatory and other responsibilities assigned to it by the board under its terms of reference.
The internal audit function reports directly to the audit and risk committee, except on administrative details which it reports to the executive: risk management and services improvement. The internal and external auditors attend the committee’s quarterly meetings and have unrestricted access to the chairman of the committee.
The audit and risk committee oversees and monitors the governance of information technology on behalf of the board in accordance with King III – a task it views as a critical aspect of risk management. For more on this see information technology governance in the corporate governance report.
In the year under review, on recommendation from the audit and risk committee, the board approved:
- The annual financial statements for the year ended 30 June 2014. The audit and risk committee reviewed these to ensure they present a true, balanced and understandable assessment of the financial position and performance of Harmony
- The integrated report for the year ended 30 June 2014, in accordance with King III and the Johannesburg Stock Exchange Listings Requirements
- The annual report filed on Form 20-F for subsequent submission to the United States securities and Exchange Commission
- The notice of the annual general meeting to be held on 21 November 2014
In 2012 the committee reported on the comprehensive review of Harmony’s compliance with King III, completed in July 2012 in consultation with the auditing firm KPMG, which highlighted projects under way to further enhance compliance with King III. In 2013 the committee reported on its progress during FY13. Below is a further update:
| Reported in 2012 | Progress |
|---|---|
| Management is revising the roles and responsibilities for various facets of ethics and management (for example: board committee responsibilities, fraud risk management). This will include a review and potential redesign of the ethics management programme to address integration and further improve levels of proactive ethical risk management. | Finalised |
| Although combined assurance was applied throughout the year the process will be formalised into a combined assurance framework and plan. | Finalised |
| A formalised and functional information technology risk register will be enhanced and used by the committee to adequately monitor the company’s information technology risks, in line with the revised risk management roll-out plan. | Finalised |
| We will review the current decentralised application of legislative compliance and consider centralising this and/or integrating it into the risk management function to formally address critical regulatory non-compliance risk. | Finalised |
| The internal audit strategy and associated approach will be revised to align more closely with a risk-based approach and to address enhanced compliance with the Institute of Internal Auditors standards. | Finalised |
For more on the committee and its activities during the year under review see corporate governance.
John Wetton
Audit and risk committee chairman
23 October 2014