External Audit and Risk Committee Members x2

To apply, click on the link at the end of the posts and all the best with your applications.

Position Title: External Audit and Risk Committee Members x2 (Fixed term contract in line
with the current Non-Executive Director’s 3-year term of office ending 24 October 2027)
Organisation: NEMISA
Department: Board of Directors
Location: Gauteng
Salary Range: According to the current NEMISA remuneration for Non-Executive Directors
as determined by the Shareholder
Reference Number: NEM-22/12/2024

PURPOSE OF THE POSITION

• To provide the Board with an independent, structured, systematic oversight and assurance on the status, functionality and adequacy of NEMISA’s audit, finance, risk and compliance management, performance information, Information and Communication Technology (ICT), and overall internal control practices.

OBJECTIVES OF THE POSITION

Financial Statements and other finance matters

• Understand how Management develops financial information and the nature and extent of internal and external auditors’ involvement in this process.
• Review the interim and audited annual financial statements and consider whether they are complete,
  accurate, and consistent with information known to the Committee members and reflect appropriate
  accounting principles.
• Review significant accounting and reporting issues, including complex or unusual transactions and highly judgmental areas and recent professional and regulatory pronouncements, and understand their impact on the financial statements.
• Obtain assurance from Management with respect to the completeness and accuracy of the financial
  statements.
• Review with Management and External Auditors, all matters required to be communicated to the ARC under the generally accepted external auditing standards.
• Exercise the ARC’s responsibility of evaluating the significant judgements and reporting decisions made by Executive Management, including changes in accounting policies, decisions requiring a major element of judgement, and the clarity and completeness of the proposed disclosures.
• Review financial reports and other sections of the annual report with Management and External Auditors (where necessary) before filing with regulators and consider whether they are complete, accurate, and consistent with the information known to ARC members.
• Take into account any factors that might predispose Executive Management to present an incomplete or misleading picture of the organisation’s financial position and performance.
• Consider any evidence that comes to its attention that brings into question any previously published financial information, including complaints about previously published financial information. Where necessary, the ARC shall take steps to recommend that the Board publicly correct the previously published financial information if there was material misrepresentation.
• Be fully informed of regulatory and other monitoring and enforcement requirements designed to ensure that the organisation’s financial information complies with financial reporting and other regulatory requirements.
• Be informed of any monitoring or enforcement activities regarding the organisation on a timely basis so as to allow the ARC to be involved in the organisation’s response to such activities.
• Review a documented assessment of the going concern premise of the organisation in order to assist the Board in making a statement on the going concern status of the organisation.
• Review and recommend banking mandate for approval by the Board, when required.
• Review and recommend the investment of funds to the Board, when required.
• Review any other transactions or financial issues that Executive Management may request ARC to review.
• Review with Executive Management and External Auditors, the results of audit engagements, including any difficulties encountered.
• Evaluate the performance of the CFO and the operational effectiveness of the Finance Unit.

Internal Audit Function

• Play a key role in ensuring that the organisation’s Internal Audit Function is independent and has the
  necessary resources, standing, and authority within the organisation to enable it to discharge its functions.
• Review and approve the Internal Audit Charter at least annually. The Charter should be reviewed to ensure that it accurately reflects the internal audit activity’s purpose, authority, and responsibility, consistent with the mandatory guidance of the IIA’s International Professional Practices Framework and the scope and nature of assurance and consulting services, as well as changes in the financial, risk management and governance processes of the organisation and reflects development in the professional practice of internal auditing.
• Review and provide input on the internal audit activity’s strategic plan, objectives, performance measures, and outcomes.
• Review and approve the proposed risk-based internal audit plan, and changes to the plan and make
  recommendations concerning internal audit projects.
• Ensure that the Internal Audit Function:
  ➢ Has a quality assurance and improvement programme, and the results of the periodic assessments are presented to ARC; and
  ➢ Has an external quality assurance review every five (5) as per the requirements of the IIA Standards.
• Review the results of the independent external quality assurance review and monitor the implementation of
  the internal audit activity’s action plans to address the recommendations.
• Advise the Board about any recommendations for the improvement of the Internal Audit Function.
• Review reports submitted by Internal Audit detailing its performance against the approved annual internal audit plan.
• Evaluate the overall efficiency and effectiveness of the Internal Audit Function, taking into account the following:
  ➢ The audit approach;
  ➢ The scope and depth of the internal audit coverage;
  ➢ The quality of reports issued;
  ➢ Internal audit budget;
• Recommend the appointment, including the terms and fees, of an outside service provider for the execution of the internal auditor function to the Board for approval.
• Review significant differences of opinion between Executive Management and the Internal Audit Function.
• Ensure that no Management restrictions are placed upon Internal Auditors.
• Act as a forum for communication between Executive Management, Internal Audit and External Auditors.
• Monitor implementation status of agreed Management corrective action plans as per internal audit reports.
• While acknowledging that the responsibility to create an appropriate organisational structure vests with the Board, it is expected that there shall be consultation with the ARC regarding the appointment or discharge of the CFO, as required in the MoI.
• Oversee cooperation between External and Internal Auditors to avoid overlapping of audit functions; and
• Evaluate the outcome report from Executive Management on the performance and the effectiveness of the Internal Audit Function, including conformance with The International Standards for the Professional Practice
  of Internal Auditing, the Definition of Internal Auditing, and the Code of Ethics.
• The ARC requires that all internal audit work performed shall comply with the Standards for the Professional
  Practice of Internal Auditing, as published by the Institute of Internal Auditors. Implementation of internal audit
  duties shall take place on a progressive basis.
• Recommend the dismissal of the CFO and/or the internal audit service provider to the Board for approval.
• Receive and review the internal audit report at each meeting of the Committee as well as the annual
  assessment of the effectiveness of NEMISA’s governance, risk management, and control processes;
• Consider the objectives and scope of any additional work undertaken by the Internal Audit to ensure that
  there are no conflicts of interest, and that independence is not compromised.
• Ensure direct access to the CAE, who will be the Director of the outsourced internal audit service provider, to
  the Committee as well as the Chairperson of the Audit Committee and the Accounting Officer.
• Meet with the Internal Audit regularly to discuss any matters that the Committee or Internal Audit believes
  should be discussed privately.
• Monitor on an ongoing basis that Internal Audit follows an approved risk-based internal audit plan and reviews
  the organisational risk profile regularly and proposes adaptations to the internal audit plan accordingly.
• Obtain confirmation annually from the Internal Audit Service Provider that internal audit conforms to a recognised industry Code of Ethics

External Auditors

• Engage External Auditors on their performance, where required.
• Review and confirm the objectivity and independence of external auditors by obtaining statements from the
  auditors on relationships between auditors and NEMISA, including non-audit services.
• Review the findings and recommendations and assess Executive Management’s comments on the audit
  reports issued by the external auditors.
• Review implementation of External Auditor’s ‘recommendations by Executive Management.
• Review the External Auditors’ proposed audit scope, approach, audit fees for the year and coordination of
  audit effort with the Internal Audit Function.
• Meet with External Auditors on a regular basis to discuss any matters that the Committee or External Audit
  believes should be discussed privately.

Combined Assurance Model

• Oversee the coordination of internal audit, external audit and other assurance providers to ensure
  comprehensive coverage to avoid duplication.
• Be responsible for reviewing and monitoring the appropriateness of NEMISA’s Combined Assurance Model
  and ensuring that it provides a complete picture of significant risks and the control environment facing
  NEMISA.
• Oversee the combined assurance efforts at all assurance levels, ensuring effective risk management and
  governance oversight, and that management actively play their collaborative combined assurance role with
  Internal audit.
• Provide recommendations for improving the combined assurance model processes to enhance the overall
  risk management.
• Satisfy itself that the Combined Assurance provided by Internal and External Assurance Providers as well as
  Executive Management is sufficient to mitigate the identified significant risk areas.
• Monitor the relationship between the External Assurance Providers and NEMISA.
• Uphold the independence of Internal and External Assurance Providers, thus helping to ensure that these
  functions are carried out effectively.
• Consider assurance reports from regulators when required.

Compliance Management

• To oversee the organisation’s compliance with the relevant legislation, regulations, and internal policies.
• Review the effectiveness of compliance programmes and procedures to prevent violations and review all
  recommended governance policies and procedures as follows:
  ➢ Compliance Policy;
  ➢ Compliance Framework;
  ➢ Regulatory Universe, and
  ➢ Compliance Risk Management Plan.
• Ensure that appropriate controls are in place to address non-compliance-related risks.
• Assess the effectiveness of the system for monitoring compliance with laws and regulations; the results of
  Executive Management’s investigation and follow-ups (including disciplinary action) of any instances of noncompliance.
• Assess compliance findings of any regulatory agencies and any auditor’s observations arising therefrom.
• Obtain regular updates from Management and assurance providers regarding compliance matters.

Risk Management

• Exercise oversight of risk management framework and practices to ensure they are effective and aligned with
  NEMISA objectives.
• Review the adequacy of the risk management identification, assessment and mitigation processes.
• Evaluate the effectiveness of internal controls in managing key risks and preventing potential issues.
• Review and recommend to the Board for approval, the improvement actions of the risk management policies,
  processes and procedures as follows:
  ➢ Risk Management Framework;
  ➢ Risk Management Policy;
  ➢ Risk Management Plans;
  ➢ Risk Appetite and Tolerance Framework
• Play a key role in ensuring that there are no restrictions placed upon the Risk and Compliance Management
  Function.
• Provide proper and timely reports to the Board on the state of risk management within NEMISA, identify
  areas of improvement and recommendations to address such matters reported.
• Ensure adequate provision of resources for the efficient functioning of the Risk Management Function.
• Ensure that the risk management processes and systems are inclusive of fraud prevention strategies.

Reporting Line – Whistle Blowing

• Monitor the arrangements of NEMISA by which staff may in confidence and with total anonymity raise
  concerns about possible improprieties in matters of financial reporting or any other matters.
• Ensure that the arrangements are in place in order to independently investigate such matters and ensure that
  adequate controls prevent the impropriety from re-occurring.
• Consider the significant findings of internal investigations and management’s response thereto.

Organisational performance

• Recommend the Annual Performance Plan (APP) to the Board for approval.
• Consider quarterly performance reports.
• Review Annual Reports.

Information and Communication Technology (ICT)

• Consider ICT risks as a crucial element of effective oversight.
• Exercise oversight on the following:
  ➢ ICT Governance
  ➢ ICT risks and controls.
  ➢ Business continuity and Disaster Recovery Solutions.
  ➢ Information security and privacy.
• Obtain assurance that ICT controls are adequate and effective in addressing the strategic and operational
  risks of the ICT environment.
• Ensure that the ICT investments are aligned with the organisation’s strategic objectives and risk appetite.
• Receive regular ICT governance, risk management, and cybersecurity reports

Level of Education:

• Honours Degree in ICT or Risk and Compliance or equivalent
• 7+ years’ related experience and must have served as an Audit
  and Risk Committee membe

Position-related Knowledge
Position-related knowledge is typically gained through formal or informal training programs (this excludes programs
through which Formal Qualifications are attained). It includes knowledge of facts, data and information and
understanding the rationale behind models, theories and principles.

• Internal audit and assurance practices
• Business Continuity Management
• Corporate governance
• ICT Governance
• Risk assessment and risk control measures
• Enterprise risk management concepts and frameworks
• Companies Act 71 of 2008
• Public Finance Management Act (PFMA)
• National Treasury Regulations
• King Code IV
• Tax Laws

Position related Skills
Position-related skills are typically gained through formal or informal training programs. (This excludes programs
through which Formal Qualifications are attained. Skills refer to how to do things. They are demonstrated in the
application of techniques and procedures.

• Exceptional attention to detail
• Presentation
• Ability to read, analyse, and interpret professional journals, technical procedures, and governmental
  regulations
• Ability to write reports, business correspondence, and procedure manuals
• Excellent analytical ability

Important note:

• Please email through comprehensive CV and certified copies of Qualifications/Supporting documents to:
  arcposition@nemisa.co.za
• Preference will be given to historically disadvantaged applicants.
• Only candidates who meet the minimum requirements should apply.
• NEMISA reserves the right not to make an appointment.
• Correspondence will be limited to shortlisted applicants only.
• Closing Date: 10 January 2025

We wish you all the best with your applications.