All members of the Audit Committee are Independent non-Executive Directors. They each have the requisite financial and commercial skills and experience to contribute to the Committee’s deliberations. The Audit Committee formally met three times in the year ended December 2018. Additionally, the Committee met once in the year to review and consider the quality of the Annual Financial Statements of major subsidiaries to ensure compliance with the Companies Act, 2008.
Discharge of responsibilities for the 2018 financial year:
In the execution of its statutory duties and in accordance with its Charter, the Committee effectively discharged the following responsibilities over the past financial year:
The CEO, the CFO, senior financial Executives of the Group and representatives from the external and internal auditors attend all meetings by invitation. The internal and external auditors have unfettered access to the Audit Committee and its members, and both present formal reports to the Committee. The Chairman of the Committee meets quarterly with the Chief Audit Executive (CAE), and at the start of every Committee meeting the external auditors have a private meeting with the Committee.
Summary of key focus areas in 2018:
Annually the Committee considers whether it is meeting its duties and responsibilities as set out in the Committee Charter and in terms of the requirements of the Companies Act.
As part of the Audit function, the Committee receives reports on Group companies’ financial performance, governance, and internal controls, adherence to accounting policies, compliance and areas of significant risk, amongst others. The Committee also receives written reports by both the external and internal auditors, which are accompanied by discussion with Committee members. After considering these reports, the Committee formally reports to the Board, twice a year, regarding the overall control framework and effectiveness of controls.
Each of the four Divisions has a Financial Review Committee, which meets twice a year, before the finalisation and release of the Group’s interim and preliminary financial results, respectively. These Committees effectively function as Divisional Audit Committees but not strictly in the manner required in terms of King IV and applicable legislation. The attendance at these meetings includes the following invitees: the Chief Financial Officer, Divisional Chief Executive and Divisional head of Finance, key finance and accounting staff, members of internal and external audit, and Massmart Corporate Finance executives. Minutes from these meetings are included with the papers of the following Committee meeting. Twice a year the Audit Committee reviews the Financial Review Committee minutes and the external audit reports. Annually they review the Annual Financial Statements, to comply with the Companies Act requirements of a holding company audit committee and its responsibilities in regard to all Company subsidiaries.
The Group’s interim and provisional reports are always subject to independent review by the external auditors.
Information and technology governance
Ensuring proper system security, data integrity and business continuity is the responsibility of the Board, but is given effect by the Audit Committee, the Massmart Technology Information and Process Forum (TIP Forum) and Massmart’s formally contracted Information Technology (IT) business partners and service providers. There is a comprehensive Information and Technology framework in place that outlines the structures processes and mechanisms that will enable the delivery of value to the business and reduce information and technology risks.
Massmart aligns its IT teams with best practice frameworks including the Information Technology Information Library (ITIL) and Control Objectives for Information Technology (COBIT). Measures are in place to ensure compliance with all relevant laws, information security and the protection of personal information. The TIP Forum is tasked with ensuring proper system security, data integrity and business continuity. Through its link into Walmart Security and Information Security Departments, Massmart receives daily and weekly updates regarding any concerns that are identified internationally.
This information is shared with Massmart’s Divisions through the Divisional IT Operations Managers. Active network monitoring and profiling is managed through industry best-practice tools and firewall traffic is submitted real-time to Walmart’s Security Operations Centre for interrogation.
As a responsible retailer, Massmart is committed to ensuring that all internal e-waste is discarded in a safe, responsible and secure manner, whereby the risk to human health and the environment is minimised and the security of public and private information is maintained. The Board, through the Risk Committee and Massmart’s Compliance department, oversees the protection of privacy and personal information. To ensure that management keeps abreast of changing regulation, regular Protection of Personal Information (“POPI”) meetings are held by management and advanced POPI training is scheduled for high-risk departments.
The Board receives independent assurance on the effectiveness of technology and information internal controls from internal and external auditors. Massmart Audit Services (MAS) not only assess the processes and controls around large projects, but also assess the control environment within existing systems and the Group’s general computer control environment. MAS adopted the COBIT methodology for technology auditing several years ago.
Massmart is committed to the highest level of information and technology governance, as managed by the Group Chief Information Officer (CIO). The Board is satisfied that Massmart complies with the significant governance principles in King IV, and has identified Information and cyber security as an area for future focus.
Responsible tax policy
Massmart understands that it is in society’s best interest to ensure that the public services and infrastructure we rely on remain properly funded through a transparent, fair and effective system of taxation.
Massmart’s tax strategy is to enhance its international tax position by maintaining a highly qualified tax function that is an effective contributor to the overall corporate strategy and plays a pivotal role in supporting the organisation in fulfilling its mandate as a responsible corporate citizen. The Group’s tax policy seeks to define the governance structures and performance management processes necessary to achieve objectives of compliance, responsible corporate citizenship, and transparency.
The Group is committed to complying with all tax laws and regulations in all jurisdictions in which the Massmart operates. Massmart has financial and tax controls in place to ensure a high level of compliance with applicable tax legislation across all the tax jurisdictions in which it operates.
We submit tax filings and other representations to revenue authorities which:
The performance of operational (day-to-day) tax activities ensures compliance with relevant tax legislation and reporting requirements, whilst addressing tax queries and retaining documents.
Massmart is committed to acting as a responsible corporate citizen by avoiding aggressive tax planning strategies and by upholding ethical business practices. The Group has a low risk tolerance in relation to tax matters and does not subscribe to aggressive tax planning strategies.
The commercial needs of the business are paramount in all tax planning opportunities. All transactions are driven by a business purpose or commercial rationale and are aligned to and consistent with Massmart’s overall business strategy. We are committed to acting with integrity and transparency on all tax matters.
Massmart supports the key principles of the Organisation for Economic Co-operation and Development action plans relating to Base Erosion and Profit Shifting. We are committed to maintaining responsible transfer pricing practices in our transactional dealings across jurisdictions.
Through regular and proactive communication with tax revenue authorities across the regions in which Massmart operates, we are committed to promoting professional and collaborative working relationships based on principles of transparency and trust.
Effectiveness of the Chief Financial Officer
As required by the JSE, the Committee and Board have considered the skills, qualifications, experience and performance of the Chief Financial Officer, Johannes van Lierop, and are unanimously satisfied of his suitability for the position. He was appointed in March 2015 and his biographical details can be found on the Massmart website.
Massmart’s combined assurance framework seeks to optimise the assurance obtained from management and internal and external assurance providers on the significant risks and opportunities facing the Group. The model incorporates and enhances all assurance services and functions so that, taken as a whole, they: enable an effective control environment; support the integrity of information used for internal decision making by management and the Board; and support the integrity of Massmart’s external reports.
Massmart applies the five lines of assurance approach to coordinate and optimise our risk and assurance efforts. Combined assurance includes Executive and senior management monitoring and oversight; specialist department monitoring; internal audit and external assurance providers; as well as Board and relevant sub-Committee oversights.
The Audit Committee ensures that the combined assurance model is applied throughout the Group to provide a coordinated approach to all assurance activities and this Committee also monitors the relationship between external service providers and the Group.
Massmart has obtained assurance on the data included in the Integrated Annual Report from the following sources:
During the year ended December 2018, Ernst and Young Inc. were the external auditors for all Group companies, with the exception of:
Total fees incurred to Ernst & Young Inc. during the year ended December 2018 were R32.3 million (2017: R30.0 million).
The Committee considers Massmart Audit Services (MAS) to be an independent, objective body providing assurance to the Group’s governance, risk and control activities. MAS comprises a dedicated team that, although managed from Massmart Corporate, is deployed Group-wide. The team comprises of appropriately tertiary qualified and experienced personnel, including internal audit and retail/wholesale professionals, to ensure the delivery of a relevant and high-quality risk-based audit service.
MAS has the support of the Board and Audit Committee. It has access to any part of, or person, in Massmart.
In accordance with the International Standards for the Professional Practise of Internal Audit standards, it has been determined that MAS will be subjected to an independent external quality assessment review at least once in five years. An independent external audit firm, in collaboration with Global Audit Services, conducted quality review in 2018 and concluded that Massmart’s Internal Audit function ‘generally conforms’ to the standards of the Institute of Internal Audit which is the highest standard possible.
To ensure independence, MAS reports functionally to the Audit Committee and administratively to the CEO, where MAS formally reports any material findings and matters of significance at the quarterly Divisional Boards and at the Audit Committee meetings. The reports highlight whether actual or potential risks to the business are being appropriately managed and controlled. Progress in addressing previous unsatisfactory audit findings is monitored until MAS reports the proper resolution of the problem area.
The responsibilities of MAS are defined and governed by a Charter that is reviewed and recommended by the Audit Committee and approved by the Massmart Board.
The internal audit plan is based on defined risk assessments, inclusive planning engagements, group strategies and input from management. The Audit Committee approves the annual audit plan and the budget. The Chief Audit Executive (CAE) has unrestricted access to anyone in the organisation, has frequent and independent discussions and updates with the Committee Chairman and Massmart Executive Directors. The Board provides MAS with the authority to attend any strategic session, Committee or Board meeting and to have unrestricted access to all information across the Group.
There is significant MAS involvement in IT throughout the Group in order to ensure effective IT governance and assurance. All new major IT systems in the Group require specific MAS involvement.
MAS and external audit’s scope and work-plans, and those of other assurance providers, are properly co-ordinated and, when appropriate, are relied upon in order to provide efficient and effective assurance to the Committee and to reduce the governance burden.
MAS apply the standards of the International Standards for the Professional Practise of Internal Audit and the principles of King IV.
The Committee’s report in accordance with section 94(7)(f) of the Companies Act, can be found in the “Transparency and accountability” section of the Integrated Annual Report.
Chairman of the Audit Committee
04 April 2019