FASSET ANNUAL REPORT

AUDIT AND RISK COMMITTEE REPORT Report of the Audit and Risk Committee in terms of Regulations 27 (1) (10) (b) and (b) of the Public Finance Management Act (PFMA).

• Reviewed the ARC charter; • Consideredandapproved the Strategic andoperational risk registers as part of the risk management processes; • Considered and approved the internal audit plan and monitored implementation thereof through the quarterly progress reports and made recommendations as appropriate; • As part of the management of compliance with policies and applicable legislation, the Committee introduced a compliance checklist to assist the organisation to monitor compliance with the organisation’s regulatory universe, statutory reporting, and organisational policies; • Conducted separate informal meetings with management, internal and external audit; • Considered reports from internal and external audit including audit plans, reports, and management’s follow-up of matters requiring attention; and • Provided guidance on the development of the IT governance framework and policies. The effectiveness of internal control In line with the PFMA, Internal Audit is expected to provide the Audit and Risk Committee and Management with the assurance that the internal controls are appropriate and effective. This is to be achieved through the risk management process, the identification of corrective actions, and suggested enhancements to controls and processes. The internal audit function provided status progress reports every quarter to the Committee. The progress reports provided status updates on the implementation of the audit plan, some audit findings, and status updates on the implementation of recommendations.

We are pleased to present our report for the financial year ended 31 March 2021. Audit and Risk Committee responsibility The Audit and Risk Committee (ARC) reports that it has complied with its responsibilities arising from Section 51 (1)(a)(iii) and 76 (4)(d) of the Public Finance Management Act and Treasury Regulation 27.1.7 and 27.1.10(b) and (c). The ARC also reports that it has adopted appropriate formal terms of reference as its ARC Charter, has regulated its affairs in compliance with this charter, and has discharged all its responsibilities as contained therein. The ARC also developed an annual work plan that assisted in carrying out its responsibilities and monitoring progress thereto. The ARC is accountable to the Board and has reported to the Board every quarter on how the Audit and Risk Committee discharged responsibilities contained in its charter, which amongst others as an oversight function for: • Financial management • Information Technology (IT) governance • Risk management and internal audit • Compliance with laws, regulations, and good ethics • Reporting practices, and • External audit Report on the activities of the Audit and Risk Committee During the period under review, the following activities were undertaken and demonstrate the commitment of the Audit and Risk Committee to achieve its mandate:

FASSET Annual Integrated Report 2020/21

71