RAND WATER ANNUAL REPORT 2023

Combined Assurance Rand Water has adopted a combined assurance model to strengthen the internal control environment and enhance the assurance obtained from management as well as internal and external assurance providers. A combined assurance framework is in place to support the embedding of combined assurance across the Group, the results of which are submitted to the Group Audit and Risk Committee for consideration. The Combined Assurance Forum (CAF) comprises of nominated representatives from across the business including, but not limited to: Integrity and Probity Assurance (IPA); Risk Advisory Services (RAS); Group Legal Services (GLS); Group Regulatory Compliance Services (GRCS); Group Internal Audit (GIA) and the Auditor General of South Africa (AGSA). Rand Water’s combined assurance responds to risks effected through the five lines of defence model. The responsibility for combined assurance is delegated to Group Internal Audit, which facilitates and coordinates the execution of combined assurance activities. The Group Audit and Risk Committee receives quarterly reports on the status of combined assurance activities and the adequacy and effectiveness of internal controls. Governance of Risk The Group Audit and Risk Committee oversees the implementation of the policy and plan for risk management taking place by means of risk management systems and processes. The Committee oversees the financial risk management aspects and is satisfied that appropriate and effective systems are in place for risk management. Internal Controls The Committee is satisfied that internal controls and systems have been implemented and that they provide reasonable assurance that the entity’s assets are safeguarded, transactions are properly authorised and recorded, and material errors and irregularities are either prevented or detected in a timely manner. These controls are monitored throughout the organisation by management and employees, with the necessary delegation of authority and segregation of duties. Internal control deficiencies and some non-compliance were noted by the Committee through the Group Internal Audit reports. The Committee further noted with concern the close out rate of internal and external audit findings. Corrective measures are being implemented by management to address these.

The Committee is satisfied with the content and quality of quarterly reports prepared and issued by the Group during the year under review. The outcomes of these audits form the basis for the Committee’s recommendation to the Board to enable the Board to report thereon. Internal Audit In line with the PFMA and the King IV, the Group Audit Executive provides the Group Audit and Risk Committee and management with objective and reasonable assurance, thereby contributing to the effectiveness of governance, risk management and control processes. The Committee is responsible for ensuring that the Group Internal Audit function is independent and has the necessary resources, standing and authority within the Group to enable it to discharge its duties. Furthermore, the Committee oversees co-operation between internal and external auditors and serves as a link between the Board and these functions. The Committee reviewed and approved the internal audit charter, the internal audit function’s annual audit plan and the three year strategic plan. The Group Internal Audit function reports administratively to the Chief Executive and functionally to the Committee, and has the responsibility for reviewing and providing assurance on the adequacy and effectiveness of the internal control environment across all the Group’s operations. The Group Audit Executive has direct access to the Committee primarily through its chairperson. The Committee notes that the internal audit function was effective. Group Internal Audit provides reasonable assurance about the state of internal financial controls and the level of maturity of the control environment in general, which were found to be adequate and effective for the current financial year except in the procurement of goods and services. External Auditor’s Report The Committee accepts the audit opinion of the external auditors on the consolidated annual financial statements and recommends that the audited consolidated annual financial statements be accepted and read together with the report of the external auditors.

7