Report of the Audit, Risk and Compliance Committee

 

For the year ended 31 March

Mandate and terms of reference

The Group’s Audit, Risk and Compliance Committee (‘ARC Committee’) operates within a Board approved mandate and terms of reference. In line with the Companies Act of 2008, as amended, the members of the Committee were appointed at the annual general meeting that was held on Thursday 17 July 2015.

The ARC Committee’s responsibilities include the following:

  • Reviewing the Group’s consolidated interim results, preliminary results, integrated report and annual financial statements;
  • Monitoring compliance with statutory and the JSE Listings Requirements;
  • Reporting to the Board on the quality and acceptability of the Group’s accounting policies and practices, including, without limitation, critical accounting policies and practices;
  • Providing oversight of the integrated reporting process;
  • Considering the appointment and/or termination of the external auditors, including their audit fee, independence and objectivity and determining the nature and extent of any non-audit services;
  • Approving the internal audit plan for the year;
  • Receiving and dealing appropriately with any complaints, internally and externally, relating either to the accounting practices and internal audit or to the content or auditing of all entities within the Group’s annual financial statements or related matters;
  • Reviewing and monitoring the management and reporting of tax-related matters;
  • Monitoring the risk management function and processes and assessing the Group’s most significant risks;
  • Monitoring the technology governance framework and associated risks; and
  • Monitoring the effectiveness of the processes to create awareness and develop an understanding of relevant legislation and regulation to ensure compliance by management.

Membership

Members: DH Brown (Chairman), BP Mabelane, PJ Moleketi

The Chief Executive Officer and Chief Financial Officer, as well as the head of internal audit, the Chief Risk Officer and the external auditors, attend ARC Committee meetings by invitation. The primary role of the ARC Committee is to ensure the integrity of the financial reporting and the audit process and that a sound risk management and internal control system is maintained. In pursuing these objectives the ARC Committee oversees relations with the external auditors and reviews the effectiveness of the internal audit function.

The internal and external auditors have unlimited access to the Chairman of the ARC Committee. The internal audit department reports directly to the ARC Committee and is also responsible to the Chief Financial Officer on day-to-day administrative matters.

Four ARC Committee meetings and one teleconference are scheduled per financial year. Additional Committee meetings may be convened when necessary. One special meeting was held during the current year.

Attendance for the year ended March 2016 was as follows:

Name of director 11.5.2015 29.5.2015
Telecon
2.6.2015
Special
4.9.2015 3.11.2015 8.3.2016 17.3.2016
Telecon
 
DH Brown  
BP Mabelane  
PJ Moleketi  

Statutory duties

The ARC Committee discharged all of those functions delegated to it in terms of its mandate, section 94(7) of the Companies Act of 2008, as amended, (‘the Act’) and the JSE Listings Requirements as listed below:

  • Considered and satisfied itself that the external auditors are independent;
  • Nominated the external auditors for appointment for the 2016 financial year;
  • Determined the fees paid to the external auditors for the 2016 financial year;
  • Reviewed the nature of non-audit services that were provided by the external auditors during the year;
  • Confirmed the payment of non-audit services which the external auditors performed during the year under review;
  • Approved the internal audit plan for the year;
  • Monitoring and providing oversight of the internal audit function;
  • Held separate meetings with management and the external auditors to discuss any reserved matters;
  • Ensured the ARC Committee complied with the membership criteria as set out in the Act;
  • Considered the appropriateness and experience of the Chief Financial Officer as required by the JSE Listings Requirements;
  • Reviewed the consolidated and Company annual financial statements of Vodacom Group Limited;
  • Reviewed the appropriateness of any amendments to accounting policies and internal financial controls; and
  • Reviewed the integrated reporting process.

Internal control

Internal controls comprise systematic measures, policies, procedures and business rules adopted by management to provide reasonable assurance in safeguarding assets, prevention and detection of error, accuracy and completeness of accounting records, and reliability of annual financial statements of all entities within the Group. In addition, Vodafone Group Plc (‘Vodafone’) is required to comply with Section 404 of the Sarbanes-Oxley Act (‘SOX’) due to its listing on the NASDAQ stock exchange. With combined efforts between the Group and Vodafone, specific processes were identified that had to be brought in line with SOX requirements as part of the Group’s South African SOX compliance efforts.

During the year, management revisited the accounting judgements applied in accounting for finance deals, which resulted in the restatement of certain lines in the consolidated annual financial statements (Note 21). Management has adequately responded to the restatement and with the exception of the aforementioned, concluded that the internal controls over financial reporting as at 31 March 2016 were effective

The internal audit function is governed by the internal audit charter, as approved by the ARC Committee. The internal audit function serves management and the Board by performing independent evaluations of the adequacy and effectiveness of the Group’s internal controls, financial reporting mechanisms and records, information systems and operations.

Risk management

Reviews of the Group’s risk management, enterprise risk management programmes, business continuity and forensic services are performed by the Group’s Risk Management Committee which reports to the ARC Committee through the Chief Risk Officer. Critical and high strategic risks which are ranked in relation to a scale from catastrophic to negligible, are presented annually to the ARC Committee and are then reported to and considered by the Board. Further details of the Group’s key risks are reported in the risk management report included in Vodacom’s Integrated Report and online at www.vodacom.com.

From 1 April 2015 to 31 March 2016, the Group’s forensic services department investigated over 6 344 cases of which 5 983 related to external cases and 361 to internal cases. These cases were reported through various channels, including direct reports received from customers, service providers, online reports, referrals from business and external whistle blowing. Over the same period, 51 reports were received via the whistle blowing line.

Combined assurance

The integrated assurance model aims to optimise the assurance coverage attained from management (first line of defence), internal assurance providers (second line of defence) and independent assurance providers (third line of defence) in mitigating the risk areas affecting the Group. The Group has adopted an integrated assurance model which identifies the key risk areas affecting the Group, and maps the level of assurance being provided by the different lines of defence to mitigate these risks.

Effectiveness of the finance function

In accordance with King III requirements, the ARC Committee has concluded that the finance function is adequately resourced with technically competent individuals, and that it is effective.

Effectiveness of the risk management function

In alignment with King III, the ARC Committee has satisfied itself that the following areas have been appropriately addressed:

  • Financial reporting risk;
  • Internal financial controls;
  • Fraud risk as it relates to financial reporting; and
  • Information technology risk as it relates to financial reporting.

Appropriateness and experience of Chief Financial Officer

The ARC Committee confirms that it is satisfied that Dr. phil. T Streichert, the current Chief Financial Officer, possesses the appropriate expertise and experience to meet the responsibilities of this position.

Non-audit function policy

Per the Group’s policy for non-audit services, the external auditors may only be considered as a supplier for such service where:

  • There is no other alternative supplier for these services;
  • Where there is no other commercially viable alternative; or
  • Where the non-audit service is related to and would add value to the external audit.

The total amount of fees earned during the year by the external auditors in respect of non-audit services was R626 642.

Integrated report

The ARC Committee has overseen the integrated reporting process, reviewed the report and has recommended the 2016 Integrated Report and consolidated Annual Financial Statements for approval by the Board on 3 June 2016.

DH Brown
Chairman
Audit, Risk and Compliance Committee