Principles: 223. The Board, through the audit committee, should be assisted by a competent internal audit unit to provide assurance on internal controls, risk management and governance processes in accordance with the standards of the Professional Practice of Internal Audit. 224. The audit committee should oversee the internal audit function, evaluate its performance and ensure […]

217. The external auditors should be appointed for a pre-defined period of time. 218. If necessary, the re-appointment of external auditors should be preceded by a formal and documented assessment of their independence and performance. Their re -appointment should be approved annually by a simple majority of the shareholders at an annual general meeting. 219. […]

211. External Auditors are necessary for assessing the soundness of internal financial controls of a company and making recommendations for improvement where required. 212. The external auditors’ report should state their responsibility, the scope of work performed and their opinion on the financial statements. 213. The Board and the audit committee should agree on the […]

Principles: 207. A company’s financial statements must be audited by independent external auditors who should assess whether the financial statements adequately reflect the company’s financial position using the results based and risk based approach. 208. External auditors must be independent in that they should have no material relationship with the company whose financial statements they […]

204. The risk management committee should ensure that in addition to the control measures introduced by “SPAMSOAP labels”(Segregation of duties, Physical controls, Authorisation and approval, Management controls, Supervisory controls, Organisation as a control, Arithmetical and accounting controls, Personnel control), and depending on the demands of the company’s business, additional minimum control measures such as establishing […]

200. The risk management committee should ensure that – (a) risk frameworks or risk methodologies are implemented to increase the probability of identifying unpredictable risks; (b) a systematic, documented, and formal risk assessment exercise is conducted at least once a year; (c) it receives and reviews a register of the company’s key risks; (d) management […]

197. The risk management committee’s responsibility should be clearly set out in its terms of reference, which must deal with the scope of its mandate, its composition, roles and duties and include provisions to the effect that – (a) the risk management committee comprises executive and non-executive directors, with the latter being in the majority, […]

194. The Board should – (a) determine the levels of risk tolerance and the nature and extent of significant risks it is willing to embrace in achieving its strategic objectives; (b) determine whether or not it is desirable to establish a risk management committee to assist it in carrying out its risk related responsibilities or […]

190. The Board must ensure that – (a) risk assessments are performed on a continuous basis; (b) a framework or methodology is established to increase the likelihood of anticipating unpredictable risks; (c) management considers and implements appropriate risk responses; and (d) risk monitoring is carried out continuously by the risk committee and management. 191. The […]

  Preamble: 187. Business leaders should understand risk and how it can be measured, eliminated or mitigated. Risk management systems on an enterprise-wide basis should be independently assured for effectiveness in goal delivery. Risk Management Principles 188. The Board should ensure that principal risks are timely identified or detected and managed in order to mitigate […]