Skip to main content
The Group’s Audit, Risk and Compliance Committee (ARC Committee) operates within a Board-approved mandate and terms of reference. In line with the Companies Act of 2008, as amended (the Companies Act), the members of the ARC Committee were appointed at the annual general meeting held on Tuesday 18 July 2017.
The ARC Committee’s responsibilities include the following:
The Chief Executive Officer and Chief Financial Officer, the head of internal audit, the Chief Risk Officer and the external auditors, attend ARC Committee meetings by invitation. The primary role of the ARC Committee is to ensure the integrity of the financial reporting and the audit processes and that a sound risk management and internal control system is maintained. In pursuing these objectives the ARC Committee oversees relations with the external auditors and reviews the effectiveness of the internal audit function.
The internal and external auditors have unlimited access to the Chairman of the ARC Committee. The internal audit department reports directly to the ARC Committee and is also responsible to the Chief Financial Officer on day-to-day administrative matters.
Four ARC Committee meetings and one teleconference meeting is scheduled per financial year. Additional ARC Committee meetings may be convened when necessary.
Attendance for the year ended March 2018 was as follows:
|Name of director||8 May
|1.||PJ Moleketi stepped down on 19 July 2017.|
|2.||SJ Macozoma appointed on 19 July 2017.|
In terms of Section 94(7) of the Companies Act, the ARC Committee discharged all of those functions delegated to it in terms of the ARC Committee mandate, the Companies Act and the JSE Listings Requirements. In the year the ARC Committee:
The Group has applied the principles of King IV, the details of which is set out in the corporate governance statement included in the integrated report.
After discussion with management and the external auditor, being PricewaterhouseCoopers Inc. (PwC), the ARC Committee concurred with the key audit matters as set out in PwC’s report on the audit of the consolidated annual financial statements for the year ended 31 March 2018.
After reviewing the presentation and reports from management and consulting, where necessary, with PwC, the ARC Committee was satisfied that the consolidated annual financial statements appropriately address the critical judgements and key estimates pertaining to the key audit matters contained in PwC’s audit report referred to above, in respect of both amounts and disclosure. The ARC Committee noted that both the consolidated and separate annual financial statements were presented fairly in all material respects.
The significant areas of focus considered and actions taken by the ARC Committee in relation to the 2018 annual report were discussed with the external auditor during the year and, where appropriate, these have been addressed as key audit matters as outlined in the external audit report in the consolidated annual financial statements for the year ended 31 March 2018.
The ARC Committee has primary responsibility for overseeing the relationship with, and performance of, the external auditor. This includes making the recommendation on the appointment, re-appointment and removal of the external auditor, assessing their independence on an ongoing basis and for negotiating the audit fee.
PwC has been the Group’s external auditor since July 2014. At the 2017 annual general meeting, PwC was re-appointed as the Group’s independent external auditor, to hold office until the conclusion of the 2018 annual general meeting. It is noted that the individual registered auditor who undertook the audit during the financial year ended 31 March 2018 was Mr DB von Hoesslin. Further information regarding the tenure of Mr DB von Hoesslin is contained in PwC’s report on the audit of the consolidated annual financial statements for the year ended 31 March 2018. In addition, PwC will be required to rotate the audit partner responsible for the Group audit every five years and, as a result, the current lead audit partner will be required to change from the 2020 financial year onwards.
For the financial year ending 31 March 2019, the ARC Committee has recommended to the Board that PwC be re-appointed as the Group’s independent external auditor, to hold office until the conclusion of the 2019 annual general meeting and the directors will be proposing the re-appointment of PwC at the annual general meeting in July 2018.
At the start of the audit cycle for each financial year the ARC Committee receives a detailed audit plan from PwC, detailing their audit scope, planning materiality and their assessment of significant and elevated risk areas sensitive to fraud, error or judgement. The audit risk identification process is considered a key factor in the overall effectiveness of the external audit process, and the significant key risks for the 2018 financial year are capsulated in their report on the audit of the consolidated annual financial statements for the year ended 31 March 2018.
The detailed audit plan was reviewed by the ARC Committee to ensure the external auditor’s areas of audit focus remain appropriate.
The ARC Committee holds private meetings with the external auditor at each ARC Committee meeting to provide additional opportunity for open dialogue and feedback from the ARC Committee and the auditor without management being present. Matters typically discussed include the external auditor’s assessment of business risks, the transparency and openness of interactions with management, confirmation that there has been no restriction in scope placed on them by management, the independence of their audit and how they have exercised professional scepticism. The Chairman of the ARC Committee also meets with the external lead audit partner, Mr DB von Hoesslin, outside the formal ARC Committee process, throughout the year.
The ARC Committee reviewed the quality of the external audit process throughout the year and considered the performance of PwC, taking into account the ARC Committee’s own assessment, the results of a detailed survey of senior finance personnel across the Group, focusing on a range of factors they considered relevant to audit quality and feedback from PwC on their performance against their own objectives. Based on this review, the ARC Committee concluded that there had been appropriate focus and challenge on the primary areas of audit and that PwC had applied robust challenge and scepticism throughout the audit.
In its assessment of the independence of the auditor, the ARC Committee receives details of any relationships between the Group and PwC that may have a bearing on their independence and receives confirmation that they are independent of the Group within the meaning of the JSE Listings Requirements. As one of the ways in which it seeks to protect the independence and objectivity of the external auditor, the ARC Committee has a policy governing the engagement of the external auditor to provide non-audit services. This precludes PwC from providing certain services such as valuation work or the provision of accounting services and also sets a presumption that PwC should only be engaged for non-audit services where there is no legal or practical alternative supplier.
Per the Group’s policy for non-audit services, the external auditors may only be considered as a supplier for such service where:
The nature and extent of such services rendered during the financial year include:
The total fees earned during the year by the external auditors for non-audit services were R1 094 290.
Internal controls comprise systematic measures, policies, procedures and business rules adopted by management to provide reasonable assurance that: assets are safeguarded; error is prevented and detected and accounting records are accurate and complete. The internal audit function is governed by the internal audit charter, as approved by the ARC Committee. The internal audit function serves management and the Board by performing independent evaluations of the adequacy and effectiveness of the Group’s internal controls, financial reporting mechanisms and records, information systems and operations.
Monitoring and review of the scope, extent and effectiveness of the activity of the Group’s internal audit department is an agenda item at each ARC Committee meeting. The ARC Committee approves the annual audit plan prior to the start of each financial year and receive updates from the head of internal audit on audit activities, progress against the approved Group audit plan, the results of any unsatisfactory audits and the action plans to address these areas. The ARC Committee plays a major role in setting the internal audit annual objectives and the Chairman of the ARC Committee regularly meets with the head of internal audit to discuss the team’s activities and any significant issues arising from their work. The level of skill and experience of the internal auditors are presented to the ARC Committee on an annual basis.
In accordance with King IV requirements, the ARC Committee has concluded that Ms J Naidoo, the current Group head of internal audit, possesses the appropriate expertise and experience to meet the responsibilities of this position and that arrangements of the internal audit are adequately resourced with technically competent individuals, and that it is effective.
The internal audit department assessed the key internal financial controls by using the internal financial controls framework. Key controls assessed were based on the financial statement account balances and disclosures that are deemed quantitatively and qualitatively significant to the Group. The key controls in place to mitigate the risk of material misstatement of these balances in the financial statements were reviewed as at 31 December 2017. Based on the review performed nothing has come to our attention that would indicate a material breakdown of internal financial controls. The internal financial controls reviewed appeared to be adequately designed and are operating as intended.
Vodafone Group Plc (Vodafone) is required to comply with section 404 of the Sarbanes-Oxley Act (SOX) due to its listing on the NASDAQ stock exchange. With combined efforts between the Group and Vodafone, specific processes were identified that had to be brought in line with SOX requirements as part of the Group’s South African SOX compliance efforts. To be SOX compliant, the processes, systems and controls identified were reviewed for adequacy and tested to prove the effectiveness and ongoing operation thereof. Management has concluded that overall, as at 31 March 2018, these internal controls over financial reporting were effective.
Reviews of the Group’s risk management, enterprise risk management programmes, business continuity and forensic services are performed by the Group’s Risk Management Committee, which reports to the ARC Committee through the Chief Risk Officer. The top principal risks, those risks that will prevent the Group from achieving its strategic objectives in the short and medium term, are presented to the ARC Committee twice a year and reported to and considered by the Board. Critical and high macro strategic risks, those risks that will affect the strategic objectives in the long term, are also presented to the ARC Committee twice a year and reported to and considered by the Board. All principal risks are currently managed within the risk appetite statements. The key focus areas, risk appetite and further details of the Group’s principal risks are reported in the risk management report included in the Group’s integrated report and online at www.vodacom.com.
The internal audit department has conducted a review on the effectiveness of the risk management function in accordance with the approved risk management framework. The results of the review indicated that the risk management process was satisfactory as at 31 March 2018. There has been further development on the risk appetite framework that facilitates quantification of principal risks for the organisation.
From 1 April 2017 to 31 March 2018, the Group’s corporate security divisions investigated over 13 723 cases of potential fraud, of which 13 322 related to external cases and 401 to internal cases. These cases were reported through various channels, including direct reports received from customers, service providers, online reports, referrals from business and external whistleblowing. Over the same period, 164 reports were received via the formal whistleblowing line.
The ARC Committee has satisfied itself that the risk management function operates effectively.
The Group assessed risks based on principal risks. These are a high level category of risks, made up of macro and sub risks. The current combined assurance model in place is representative of how the risks are currently being managed between the three lines of defence. Vodafone Group Risk Management and Vodafone Group Internal Audit have implemented a coordinated structure for planning, executing and reporting on internal audit, compliance and risk activities. The committee is satisfied that the Group has optimised the assurance obtained from the three lines of assurance in accordance with the approved combined assurance model and that the model is effective in achieving the following objectives:
In accordance with King IV requirements, the ARC Committee has concluded that the finance function is resourced with appropriately skilled and technically competent individuals, and that it is effective.
In alignment with King IV, the ARC Committee has satisfied itself that the following areas have been appropriately addressed:
The ARC Committee is responsible for the oversight of the Group’s compliance programme and held a number of deep dive sessions on compliance related matters in the year. These focused on:
The ARC Committee confirms that it is satisfied that Dr T Streichert, the current Chief Financial Officer, possesses the appropriate expertise and experience to meet the responsibilities of this position.
The ARC Committee has overseen the integrated reporting process, reviewed the report and has recommended the 2018 integrated report and consolidated annual financial statements for approval by the Board on 1 June 2018.
Audit, Risk and Compliance Committee