HDA Annual Report

ANNUAL REPORT 2023/24

The HDA has an independent Audit and Risk Committee that provides oversight and monitors the effectiveness of the overall system of risk management, especially the integration of risk management into organisational strategy and decision-making, and mitigation of unacceptable levels of risk. The entity has an approved risk appetite and tolerance framework which guides management on the nature and extent of the risks which can be taken in pursuit of its strategic objectives. The HDA risk maturity level was independently assessed during the financial year, and it scored a Level 4 integrated risk maturity on the 5-tier maturity scale, which is above the public sector norm of Level 3. The integration of ERM into strategy setting has positioned risk management as one of the key drivers of organisational performance, and this has contributed to improvements in the entity’s performance and achievement of its strategic objectives. Internal Control Unit The HDA does not have an internal control unit, however the functions of internal control are performed within the Office of the Chief Financial Officer. This includes amongst others, external audit coordination, enabling functionality of the Operation Clean Audit Committee, financial misconduct determination and compliance management. All these functions were successfully performed during the year. Internal Audit Internal Audit is established in terms of section 51(1)(ii) of the Public Finance Management Act (PFMA) Act 1 of 1999, which states that “the Accounting Authority must ensure that the entity has and maintains a system of Internal Audit under the control and direction of the Audit and Risk Committee, complying and operating in accordance the regulations and instructions prescribed in sections 76 and 77”.

The HDA adopted a co-sourced internal audit model where the entity keeps control over the internal audit function while leveraging the third party service provider’s internal audit capabilities, resulting in access to valuable and diversified specialised talents as needed. The key objectives of Internal Audit are to assist the HDA to accomplish its established objectives by providing reasonable assurance on whether: Governance processes are effective in establishing and preserving values, setting goals, monitoring activities, performance and defining the measures of accountability. Risk management system is adequate, effective, and efficient. System of internal controls is adequate, effective, and efficient. Integrity and reliability of financial information is maintained. • • • • The Internal Audit function performed its work according to the International Standards for the Professional Practice of Internal Auditors, published by the Institute of Internal Auditors of South Africa. Its key activities include: Develop risk-based three-year and annual plans which are supported by the Chief Executive Officer and approved by the Audit and Risk Committee. Achieved 100% target on the implementation of the approved risk-based annual plan. Monthly reporting to the Executive Management Committee and quarterly to the Audit and Risk Committee. Develop an integrated combined assurance framework that includes “five lines of assurance” to formalise the approach of assessing the control environment within the HDA. • • • • • Review of the Internal Audit Charter. • Resources are utilised economically, effectively, and efficiently. Assets are safeguarded. • • Rules, regulations, policies, procedures, and laws are complied with.

61