BANKSETA ANNUAL REPORT 2023

AUDIT AND RISK COMMITTEE REPORT The BANKSETA Audit and Risk Committee (ARC) is pleased to present its report for the financial year ended 31 March 2023. Audit Committee Responsibility

• Annual performance report; • Asset management; • Commitments (interim); • Commitments (final);

• Discretionary grants (incl. site visits); • Financial discipline (incl. investments); • HR and payroll (incl. consequence management); • ICT - Cyber security;

The ARC has complied with its responsibilities arising from sections 51(1) (a) (ii), 76 (4) (d) and 77 of the Public Finance Management Act (PFMA) as well as Treasury Regulation 27.1. Furthermore, the ARC has adopted an ARC Charter and has regulated its affairs in compliance with this Charter as well as discharged

• ICT - Infrastructure review; • ICT - MIS implementation; • Mandatory grants and revenue; • Marketing and communications;

all its responsibilities as contained therein. Effectiveness of Internal Control

• Performance audit; • Performance bonus;

• Performance information Q1; • Performance information Q2; • Performance information Q3; • Performance information Q4; • Risk and compliance management; • Strategy and research; and • Supply chain management (incl. contract management). In-Year Management and Monthly and Quarterly Reports BANKSETA has reported quarterly to the National Treasury and the Executive Authority as is required by the PFMA. The ARC as well as assurance providers provided management with recommendations to improve the quality of financial and non-financial information reporting (performance information, information communication technology, risk management, human resource management, legal and compliance) during the year under review. Evaluation of Financial Statements and Annual Performance Report • The unaudited financial statements with due consideration of the independent assurance provided by IA as well as the assurance provided by Management; • Changes in accounting policies and practices; • Compliance with legal and regulatory provisions; • The basis for the going concern assumption, including any financial sustainability risks and issues; • The unaudited performance information on predetermined objectives with due consideration of the independent assurance provided by IA as well as the assurance provided by Management; The ARC has reviewed:

An assessment of the findings identified by the internal and external auditors presented to the ARC reveals that the control environment is adequate and partially effective requiring improvement. The governance and risk management processes are partially adequate and effective requiring improvement. The ARC in executing its oversight responsibilities in relation to governance, risk management and control at BANKSETA has identified the following key areas of concern that should be addressed: • Combined assurance implementation; • Compliance monitoring; • Delays in conducting forensic investigations; • Ineffective implementation of the audit action plan relating to internal and external audit findings resulting in overdue action items and repeat findings; • Ineffective risk mitigation, as such a culture of risk management needs to be inculcated and embedded into the daily activities of the BANKSETA to ensure effective risk management; • Information technology; and • Quality of the annual financial statements and performance information (material misstatements and material findings respectively). The ARC is satisfied that Internal Audit (IA) provided assurance in terms of governance, risk management and control as per the approved risk-based audit plan. At the end of the financial year, the following audit engagements were reported as complete as per the approved risk-based audit plan: • Annual financial statements quality review; • Annual performance plan and strategic plan (APP and SP);

97

BANKSETA ANNUAL REPORT 2022/23