BANKSETA AR 31 AUGUST

AUDIT AND RISK COMMITTEE REPORT

Date Resigned / End of Term

No. of Meetings Attended

Date of Appointment

Name of Member

Qualifications

Mr. Phumudzo Siphuma (Accounting Authority MemberOrganised Labour)

Chartered Accountant (SA), B Compt, Honours Accounting (CTA).

25 Jun 2020 N/A

7 of 7

Effectiveness of Internal Control An assessment of the findings identified by the internal and external auditors presented to the ARC, reveals that the control environment is adequate and partially effective requiring improvement. The governance and risk management processes are partially adequate and effective requiring improvement. The ARC in executing its oversight responsibilities in relation to governance, risk management and control at BANKSETA has identified the following key areas of concern that should be addressed:

• Mandatory Grants and Revenue; • Annual Performance Plan and Strategic Plan (APP and SP); • Discretionary Grants (Including Site Visits); • Risk Management; • Performance Information Q3; • HR and Payroll (Including Consequence • Information Technology - Governance Review; • Quality Assurance Management review; and • Governance and Compliance. BANKSETA has reported quarterly to the National Treasury and the ExecutiveAuthority as is required by the PFMA. The ARC as well as assurance providers provided management with recommendations, which were implemented, to improve the quality of financial and non-financial information (performance information, information communication technology, risk management, human resource management, legal and compliance) and reporting during the year under review. The ARC was satisfied with the content and quality of the financial and non-financial quarterly reports submitted during the year under review, except for the quarterly performance information reports based on reviews by Internal Audit and the AGSA interim audit as well as progress in terms of addressing irregular expenditure previously identified. Evaluation of Financial Statements and Annual Performance Report In-Year Management and Monthly/ Quarterly Reports

• Quality of Performance Information; • Processing and Reconciling Controls; • Record Keeping; • Consequence Management;

• Risk Management; • Compliance; and • Information Technology.

The ARC is satisfied that Internal Audit (IA) provided assurance in terms of governance, risk management and control as per the approved risk-based audit plan. At the end of the financial year, the following audit engagements were reported as complete as per the approved risk-based audit plan: • Annual Financial Statements Quality Review; • Annual Performance Report; • Commitments (Final); • Information Technology - Cyber Security; • Protection of Personal Information (POPI) Act Compliance; • Financial Discipline (incl. Travel Expenditure and Investments); • Information Technology: General Controls (ITGC); • Performance Bonus; • Supply Chain Management (incl. Contract Management); • Commitments (Interim); • Performance Information Q1 and Q2;

The ARC has:

• Reviewed the unaudited financial statements with due consideration of the independent assurance provided by IA as well as the assurance provided by Management;

110

PART C: GOVERNANCE | BANKSETA ANNUAL REPORT 2021/22