Internal control framework

Massmart maintains clear principles and procedures designed to achieve corporate accountability and control across the Group. These are codified in the Massmart Governance Authorities that describes the specific levels of authority and the required approvals necessary for all major decisions at both Group and Divisional level. Through this framework, operational and financial responsibility is formally and clearly delegated to the Divisional Boards. This is designed to maintain an appropriate control environment within the constraints of Board-approved strategies and budgets, while providing the necessary local autonomy for day-to-day operations.

Audit Committee

The Audit Committee receives regular reports on Group companies’ financial performance, internal controls, adherence to accounting policies and areas of significant risk, amongst others. The Committee formally reports to the Board twice a year regarding the overall framework and effectiveness of controls, and the Group’s interim reports are always subject to independent review by the external auditors.

Internal Audit

The Committee considers Massmart Internal Audit Services to be an independent, objective body providing assurance to the Group’s governance, risk and control activities. Internal Audit comprises a dedicated team that, although managed from Massmart Corporate, is deployed Group-wide. The team is comprised of appropriately tertiary qualified and experienced personnel, including internal audit and retail/wholesale professionals, to ensure the delivery of a relevant and high-quality risk-based audit service. Pleasingly, 90% of the audit team is African, Coloured or Indian.

The responsibilities of Internal Audit are defined and governed by a charter approved by the Audit Committee and Board. Massmart Internal Audit Services has the unequivocal support of the Board and this Committee and has access to any part of or person in Massmart. All employees are expected to co-operate positively with Massmart Internal Audit Services.

Massmart Internal Audit reviews the significant business, strategic, governance, risk and controls across Massmart. Based on the internal audit results, an assessment is provided to the Committee on the level of assurance that can be placed on governance, control and risk management across the Group. A written assurance assertion is provided to the Committee annually which is then presented to the Board by the Audit and Risk Committee.

To ensure independence, Massmart Internal Audit reports functionally to the Massmart Audit and Risk Committee. Massmart does not apply the King III recommendation that this Committee be responsible for the appointment, remuneration, performance/assessment and where necessary, dismissal of the Chief Audit Executive. This process is conducted jointly by the Committee and the CEO and CFO as this is deemed more effective. The Committee approves the annual Internal Audit plan and the Internal Audit budgets. The CAE has unrestricted access to anyone in the organisation, has frequent and independent discussions and updates with the Committee Chairman and Massmart executive directors. The CAE holds a senior executive position in the organisation and has an influential impact across the business strategically and operationally. The Board provides Massmart Internal Audit with the authority to attend any strategic session, Committee or Board meeting and to have unrestricted access to all information across the Group to assist with its determination of the types and levels of governance, control and risk that exist across Massmart.

The Internal Audit team formally reports any material findings and matters of significance to the Divisional Boards on a quarterly basis and to the Audit and Risk Committee when it meets. The reports highlight whether actual or potential risks to business are being appropriately managed and controlled. Progress in addressing previous unsatisfactory audit findings is monitored until Internal Audit reports the proper resolution of the problem area.

Massmart Internal Audit has had a quality review and was found to ‘generally conform’ (the standard required by the Internal Audit Institute and the highest standard possible).

Risk

The Board’s risk strategy has been established through debate with the executive directors where the Group’s risk tolerance has been considered and balanced against the drive towards the achievement of its strategies and objectives.

Litigation and legal

In the normal course of business, Massmart is subject to various legal proceedings, actions and claims. These matters are subject to risks and uncertainties that cannot be reliably predicted.

Information technology

Protecting Massmart’s electronic assets is increasingly complex as networks, systems and electronic data expand and, in some cases, are shared with third parties and business partnerships. Depending on the internet for communication brings additional risk. Ensuring proper system security, data integrity and business continuity is the responsibility of the Board, but is given effect by the Audit and Risk Committee, the Massmart Technology Information and Process Forum (TIP) and Massmart’s formally contracted information technology business partners and providers and is independently reviewed by the external and internal auditors.

Financial risk and appraisal

Financial targets agreed in Group budgets and strategy processes are predicated on assumptions about the future that are uncertain and may prove incorrect or inaccurate. The monitoring and management of this risk is the responsibility of the Executive Committee. Monthly performance is measured and compared to the budget and prior year, and corrective or remedial action taken as appropriate.

Despite extensive financial, accounting and management controls and procedures, including reviews by internal and external auditors, there are risks arising from the Group’s cash management and treasury operations, direct and indirect taxation, and employee or third-party fraud or economic crime.

In addition to financial reviews, Massmart has implemented voluntary processes that enable independent reviews of its corporate accountability performances. These include a biannual ethics review by the South African Institute of Ethics and an annual Socially Responsible Investment (SRI) Index review that is coordinated by the JSE