Job Description
The Committee has the following specific roles and responsibilities:
Integrated Reporting
The Committee oversees integrated reporting and in particular the Committee must:
- Have regard to all factors and risks that may impact on the integrity, quality and timing of the integrated report, which includes, inter alia, Annual Financial
- Statements, Annual Performance Report, Risk Management Report and Annual Report of the entity.
- Review and recommend to the Board for approval, the annual financial statements.
- Review and comment on all financial reporting, including the quarterly, half year and annual financial statements before submission to the Board, focusing particularly on:
- Any changes in accounting framework policies and practices.
- Major judgement areas.
- Significant adjustments resulting from the audit.
- The going concern statement.
- Compliance with accounting standards and statutory requirement.
- Reliability and accuracy of the financial information provided by management to the other users of financial information.
- Adequacy of internal controls.
- Compliance with laws and regulations as well as applicable policies and governance frameworks.
- Irregular, fruitless and wasteful expenditure, including actions for consequence management and condonation procedures.
- Review the disclosure sustainability issues in the integrated report to ensure that it is reliable and does not conflict with the financial information.
- Draft and approve the annual Audit Committee report.
- Oversee the assurance process of sustainability information in the Integrated Report.
- The following should be disclosed in relation to technology and information:
- An overview of the arrangements for governing and managing technology and information.
- Key areas of focus during the reporting period, including objectives, significant changes in policy, significant acquisitions and remedial actions taken as a result of major incidents, actions taken to monitor the effectiveness of technology and information management and how the outcomes were addressed and planned areas of future focus.
- Recommend to the Board whether to engage an external assurance provider on material sustainability issues; and
- Recommend the integrated report for approval by the Board.
Combined Assurance
The Committee must ensure that a combined assurance model, plan and framework is approved and applied to provide a coordinated approach to all assurance activities, and in particular the Committee must:
- Ensure that the combined assurance received is appropriate to address all the significant risks facing the CSOS.
- Monitor the relationship between the external assurance provider (s) and Management.
- Monitor the adequacy and effectiveness of combined assurance provided by other assurance providers including assurance coverage, methodology followed and adequacy of reporting.
- Monitor reporting on the implementation of the combined assurance plan.
Internal Audit
The Committee is responsible for overseeing internal audit, and in particular the Committee must:
- Recommend to the Board for approval the structure of the internal audit function whether internal or outsourced.
- Consider whether it is necessary to recommend to the Board that the Internal Audit function be outsourced.
- Recommending to the Board, where appropriate, the removal of the Internal Audit service provider.
- Examine and review a rolling strategic internal audit plan based on the assessment of key areas of risk.
- Monitor quarterly and annually the internal auditors’ performance against the annual internal audit plans and intervene where deemed necessary.
- Approve the three-year rolling plan and annual internal audit plan, Internal Audit Charter and other internal audit policies.
- Assess the objectives, activities, qualifications and adequacy of performance and resources of the internal audit.
- Consider any significant audit findings (including findings or internal investigations) and management’s response thereto.
- Review and approve the internal audit quarterly reports to management and management’s response thereto.
- At least once a year, or as required, meet separately with the internal auditors without management, to discuss any matters that the Committee or internal auditors believe should be discussed separately including but not limited to any significant difficulties, disagreements with management or scope restrictions encountered in the course of the internal audit.
- Review the function of internal audit, ensure that there is co-operation and coordination between the internal and external audit functions in line with the combined assurance model adopted.
- Annually evaluate the independence and effectiveness of the Internal Audit function and ensure that internal audit function is adequately resourced and has appropriate standing within the CSOS.
- Ensure that the internal audit function is subject to an independent external quality review, which is in line with the Institute of Internal Auditors Standards.
- Quarterly monitor the outcomes of both internal and external quality assurance assessments.
External Audit
- The Auditor-General is the external auditor of the CSOS.
- The Auditor-General, after consulting the Committee, must determine:
- The standard to be applied in performing audits.
- The nature and scope of such audits.
- Procedures for the handling of complaints when performing such audits.
The Committee is responsible to:
- Discuss and review, with the external auditor(s) before the audit commences the terms, nature and scope of the audit function, procedure and engagement.
- Monitor and report on the independence of the external auditor in the financial statements.
- Review the quality and effectiveness of the external audit process.
- Ensure direct access by the External Auditors to either the Committee or the Chairperson of the Committee
- Ensure that there are no restrictions or limitation of scope placed on the auditors.
- Periodically consult with the external auditor about internal controls and the completeness and accuracy of financial records.
- Review external audit reports to ensure that prompt action is taken by management in respect of those reports.
- Review any significant disagreement between management and the external auditors in connection with any external audit report.
- Meet regularly with the external auditors, including once at the planning stage before the audit and once after the audit at the reporting stage.
- Meet the external auditors at least once a year, without management being present, to discuss their remit and any issues arising from the audit.
Review the findings of the audit with the external auditor. This shall include but not limited to the following:
- A discussion of any major issues which arose during the audit.
- Any accounting and audit judgements.
- Levels of errors identified during the audit.
- Review any representation letter(s) requested by the external auditor before they are signed by management.
- Review the management letter and management’s response to the auditor’s findings and recommendation.
- Advise the Board of potential risks in irregular and fruitless and wasteful expenditure emanating from procurement practices.
- Review and approve external audit plans, budget and scope for the current year, comparing actual costs against budget.
- Review responses provided by Management to ensure they are in line with the risk management framework.
- Review on a quarterly basis the implementation of external audit recommendations accepted and remedial action plans to resolve findings committed to by Management. Where issues remain unresolved ensure that satisfactory progress is being made to mitigate the risk associated with audit’s findings.
Risk Management
The Committee is an integral component of the risk management process and specifically the Committee must oversee the:
- Financial reporting risks.
- Internal control risks.
- Fraud and corruption risks as it relates to reporting.
- Technology and information risks.
- Sustainability risks as it relates to financial sustainability of the CSOS, environmental, social, and governance (ESG) issues.
- Fraud and corruption risks as it relates to supply chain management processes.
- Whistleblower complaints and fraud and corruption investigations.
- Reports from the Loss Control Committee
- Investigations Register
- Governance and any other organizational risks, including compliance with environmental laws and other laws.
- The Committee must satisfy itself that the key risks are managed effectively and to an acceptable level and determine the priorities for risk management activity and bring to the attention of the Board the critical risks with recommendations.
- The Committee shall recommend to the Board overall integrated risk management strategy, including Fraud Prevention Plan and oversee the implementation thereof.
- Receive assurance from management regarding the effectiveness of the risk management processes.
The Committee is responsible for:
- Overseeing the development and review of a risk management framework and policy and mitigation plan for risk management to recommend for approval to the Board.
- Monitoring implementation of the policy and plan through the developed risk management systems and processes
- Overseeing that the risk management plan is widely disseminated throughout the CSOS and integrated in the day- to-day activities.
- Ensuring that the Board regularly receives and reviews a register of the CSOS’ key risks.
- Ensuring that management monitors the risk management plan effectively and continually by performing the following measures:
- Measuring risk management performance against risk indicators; the risk indicators should be periodically reviewed for appropriateness.
- Periodically measuring progress against and deviation from the Risk Management Plan.
- Monitoring changes in the external and internal environment.
- Determining the impact of environmental changes on the strategic risk profile of the CSOS.
- Ensuring the risk responses are effective and efficient in both design and operation.
- Tracking the implementation of risk responses.
- Analysing and learning lessons from changes, trends, successes, failures and events.
- Identifying emerging risks.
- Facilitating risk assessments and measurements to determine the material risks to which the CSOS may be exposed and to evaluate the strategy for managing those risks.
- Making recommendations to the Board concerning the levels of tolerance and appetite and monitoring that risks are managed within the levels of tolerance and appetite as approved by the Board.
- Reviewing and approving the risk management strategy to prioritise and direct the audit effort, and recommendations regarding the skills and actions required to manage these risks.
- Reviewing the changes in the internal and external environment and the emergence of new risks.
- Reviewing and assessing the report on risk management submitted by management.
- Reviewing of the adequacy of insurance coverage.
- Monitoring of procedures to deal with and review the disclosure of information to third parties in so far as these disclosures could pose a risk to the CSOS.
- Ensuring that risk management frameworks and methodologies are implemented to increase possibility of anticipating unpredictable risks.
- Evaluating whether the roles of management in the integration of risk management into decision-making and other organisational processes, is effectively achieved.
- Undertaking all other matters relating to issues of risk management delegated to it by the Board.
- Expressing its formal opinion to the Board on the effectiveness of the system and process of risk management.
- Reviewing reporting concerning risk management that is to be included in the integrated report for it being timely, comprehensive and relevant.
- Ensuring that a business continuity policy, strategy and plan are developed, implemented and regularly monitored. Reviewing the determination or investigation reports of the Loss Control Committee, and monitoring the implementation of Recommendations in conjunction with the Human Resources and Remuneration Committee.
Information and Technology (“IT”)
The Committee will be responsible to exercise oversight over reviewing:
- IT risks and controls, including cyber security matters.
- Disaster data recovery.
- Information security and privacy.
- IT as it relates to audit coverage and efficiency, financial reporting and the going concern of the CSOS through the following:
- Receiving and reviewing reports on control effectiveness and efficiency within IT for providing oversight, guidance and input.
- Requiring regular assurance on the IT infrastructure processes and practices implemented across the CSOS including Cyber Security and IT Governance.
- IT controls, financial reporting risks, internal financial controls and fraud and IT risks, as they relate to financial reporting.
- Monitor the elements of IT implementation and related risks.
- Oversight responsibilities for IT Governance (i.e., strategic alignment between business and IT, IT risk management, IT performance management, IT resource management and IT value delivery) by assuring the development of policies and procedures for the monitoring of IT Governance and consider IT Governance frameworks for appropriateness and adequacy.
- Exercise ongoing oversight of technology and information management and in particular oversee that it results in the following:
- Integration of people, technologies, information and processes across the organisation.
- Integration of technology and information risk into organisation-wide risk management arrangements to provide for business resilience, proactive monitoring of intelligence to identify and respond to incidents, including cyber-attacks and adverse social media events.
- Management of performance of, and the risks pertaining to, third party and outsourced service providers.
- The assessment of value delivered to the organisation through investment in technology and information including evaluation of projects throughout their life cycle and their expenditure.
- The responsible disposal of obsolete technology and information in a way that has regard to environmental impact and information security.
- Ethical and responsible use of technology and information.
- Compliance with relevant laws.
Recommend the following for approval by the Board:
- ICT Strategy.
- ICT Governance Terms of Reference.
- IT Governance Policy that articulates and gives direction on technology and information.
- Cyber Security Strategy which describes how the CSOS will carry out its cyber security responsibilities and address the evolving security needs. The Strategy will also establish the guiding principles and strategic approach needed to drive both short and long-term priorities for the CSOS.
Stakeholder Engagement
- The Committee must periodically engage with stakeholders or review stakeholder related risks, concerns, and complaints, such as those reported via whistleblower channels.
- The Committee must oversee the ethical compliance, corporate citizenship and the organisation’s ethical culture.
- Appointment of the Chief Audit Executive
- The Committee should approve the appointment, employment contract and remuneration of the Chief Audit Executive.
- The Committee should approve the performance agreement and appraisals of the Chief Audit Executive.
Job Requirements
Minimum Requirements - Position 1:
- A minimum of a bachelor Degree and post-graduate qualification in finance, auditing and/or accounting.
- A Chartered Accountant (CA(SA)) registered with the South African Institute of Chartered Accountants (SAICA) or an equivalent professional body.
- 5 to 10 years management experience gained from strategic management, risk management and/or an auditing / financial, anti-fraud and corruption environments, preferably in a corporate organization, public sector or state-owned entities/organ of state.
- Minimum 2 years’ experience serving in an audit committee in the public sector/ state owned entity environment.
- Valid Driver’s License.
Knowledge required - Position 1:
- Knowledge of Finance/ Accounting, Risk Management, Corporate Governance, Public Finance Management Act , Treasury Regulations and public sector governance environment.
- Knowledge of Internal and External Audit processes.
- Ability to demonstrate a high level of personal and professional ethics.
- Knowledge of Integrated Internal Control Framework.
Minimum Requirements - Position 2:
- A minimum of a bachelor degree or postgraduatequalification in Information Technology, Computer Science, or Information Systems.
- Certification or membership with a recognized professional body (e.g. ISACA, IITPSA, or equivalent) will be an added advantage.
- 5 to 10 years management experience gained from strategic management, risk management, ICT Governance and/or an, anti-fraud and corruption environments, preferably in a corporate organization, public sector or state-owned entities/organ of state.
- Minimum 2 years’ experience serving in an audit committee in the public sector/ state owned entity environment.
- Valid Driver’s License.
Knowledge required - Position 2:
- Knowledge of Risk Management, Corporate Governance, Public Finance Management Act, Treasury Regulations, Information Technology, and public sector governance environment.
- Strong understanding of ICT governance frameworks such as CGICT, COBIT, ISO 27001, and alignment with King IVor V principles.
- Experience in risk management, cybersecurity oversight, and ICT audit or assurance.
- Knowledge of Internal and External Audit processes.
- Ability to demonstrate a high level of personal and professional ethics.
- Knowledge of Integrated Internal Control Framework.
Added advantage:
- A Master’s Degree in any of the fields listed above or in Administration will be an added advantage.
Closing Date: 06 February 2026
go to method of application »
Gmail
Yahoomail