RTIA Annual Report E-Book

6. INTERNAL CONTROL UNIT Detailed internal audit reviews and testing was undertaken to assess the adequacy and effectiveness of controls relating to the specific audit activities. The objective was to ensure that management’s control strategies are consistent with the organization’s activities and objectives. Recommendations relating to the adequacy and effectiveness of controls were made, where required. All significant findings were reported to the ARC for monitoring. There is constant communication between the risk management and internal audit functions to ensure that the risks identified are utilised by internal audit during audit planning and execution in order to provide assurance that mitigation strategies and controls are being implemented by management. Management through the risk management function also continuously conduct a Controls Self Assessments on the current controls and implemented risk treatments to ensure the controls remain effective. 7. INTERNAL AUDIT AND AUDIT COMMITTEES The Internal Audit department (IAD) is an independent and objective assurance provider. It delivers on its mandate through a risk-based approach methodology, offering reasonable assurance on the effectiveness of the internal controls, risk management, compliance management and governance. All audit activities conform to international standards for the professional practice of internal auditing as provided by the Institute of Internal Auditors (IIA). The Internal Audit department operates according to its charter, which is approved by the Audit and Risk Committee. To remain an objective and independent assurance provider, the Executive: Internal Audit and Risk Management(CAE) reports administratively to the Registrar and functionally to the Audit and Risk Committee. The effectiveness of internal audit activity is assessed through internal and external evaluations. These programmes identify opportunities for improvement that are implemented and monitored by the CAE.

concept that risk ownership and management are everyone’s responsibility, from the Accounting Authority level and throughout the business. The model is summarised below.

Identification & Management of Risks & Controls

Control Self assessment Reports/ Management Reports Risk Analysis Re-port/ Compliance Report/OHS Report Internal Audit Reports, Quarterly IA Activity reports, Report on effectiveness of Controls Risk Assurance Instrument/Report AGSA Audit and Management Reports Publish an assessment of the state of risk management and internal controls as recommended by ARC

Line of Defence

Responsibility

Executive Management/ Senior Management

First Line Owns and manage risk

Risk Identification/ Risk Manage-ment

Second Line Oversee risk

Risk Management/ Compliance/ OHS

Risk Assessment and Support

Third Line Provides Independent Assurance

Risk Assessment, Financial Risk Identification

Internal Audit

Forth line Provides Independent Assurance

Risk Assessment, Financial Risk Identification Oversees the activities of RTIA and accounts to the shareholder for

External Audit (AGSA)

Fifth Line Ultimately Accountable for Risk

Board & Sub-Committee

strategy and performance

5.2 Business Continuity Management Business continuity management (BCM) focus predominantly on minimizing the business disruptions and promoting resilience in the event of an incident that could bring business to a standstill. In order to achieve this, the RTIA implements a Business Continuity Management in line with the approved policy. In an effort to capacitate employees for the implementation and maintenance of the business continuity and to raise awareness on the minimization of the impact of disruptive incidents in the delivery of services, the RTIA conducted employee awareness sessions. The implementation of BCM is currently being rolled out in phases across the Agency.

85

Road Traffic Infringement Agency • Annual Report 2023/24