Audit and Risk Committee Report

The Clicks Group audit and risk committee is a formal committee of the board and functions within documented terms of reference and complies with all relevant legislation, regulation and governance codes. This report of the audit and risk committee is presented to shareholders in compliance with the requirements of the Companies Act No. 71 of 2008, as amended (the Companies Act).

Role of the committee

The audit and risk committee has an independent role with accountability to both the board and to shareholders. The committee’s responsibilities include the statutory duties prescribed by the Companies Act, activities recommended by King lll and the responsibilities assigned by the board.

The responsibilities of the committee are as follows:

Integrated reporting

• Review the annual financial statements, interim report, preliminary results announcement and summarised integrated information and ensure compliance with International Financial Reporting Standards
  
• Consider the frequency of interim reports and whether interim results should be assured
  
• Review and approve the appropriateness of accounting policies, disclosure policies and the effectiveness of internal financial controls
  
• Perform an oversight role on the group’s integrated reporting and consider factors and risks that could impact on the integrity of the integrated report
  
• Review sustainability disclosure in the integrated report and ensure it does not conflict with financial information
  
• Consider external assurance of material sustainability issues
  
• Recommend the integrated report for approval by the board

Combined assurance

• Ensure the combined assurance model addresses all significant risks facing the group
  
• Monitor the relationship between external and internal assurance providers and the group
  

Finance function

• Consider the expertise and experience of the chief financial officer
  
• Consider the expertise, experience and resources of the group’s finance function
  

Internal audit

• Oversee the functioning of the internal audit department and approve the appointment and performance assessment of the group head of internal audit
  
• Approve the annual internal audit plan
  
• Ensure the internal audit function is subject to independent quality review as appropriate
  

Risk management

• Ensure the group has an effective policy and plan for risk management
  
• Oversee the development and annual review of the risk management policy and plan
  
• Monitor implementation of the risk management policy and plan
  
• Make recommendations to the board on levels of risk tolerance and risk appetite
  
• Ensure risk management is integrated into business operations
  
• Ensure risk management assessments are conducted on a continuous basis
  
• Ensure frameworks and methodologies are implemented to increase the possibility of anticipating unpredictable risks
  
• Ensure that management considers and implements appropriate risk responses
  
• Ensure continuous risk monitoring by management
  
• Express the committee’s opinion on the effectiveness of the system and process of risk management
  
• Ensure risk management reporting in the integrated report is comprehensive and relevant
  

External audit

• Nominate the external auditor for appointment by shareholders
  
• Approve the terms of engagement and remuneration of the auditor
  
• Ensure the appointment of the auditor complies with relevant legislation
  
• Monitor and report on the independence of the external auditor
  
• Define a policy for non-audit services which the auditor may provide and approve non-audit service contracts
  
• Review the quality and effectiveness of the external audit process
  
• Ensure a process is in place for the committee to be informed of any reportable irregularities identified by the external auditor
  

Composition of the committee

The committee currently comprises four independent non-executive directors who are all suitably skilled directors, with at least three members of the committee having recent and relevant financial experience. For the first time the committee will be elected by shareholders at the annual general meeting (AGM) in January 2012.

The following directors served on the committee during the period under review:

Independent non-executive director	Qualifications
John Bester (Chairman)	B Com (Hons), CA (SA), CMS (Oxon)
Fatima Jakoet	B Sc, CTA, CA (SA) Higher certificate in financial markets
Nkaki Matlala*	B Sc, M Sc, M D, M Med (Surgery), FCS
David Nurek	Dip Law, Grad Dip Company Law
* Appointed 26 January 2011

Biographical details of the committee members appear here, with supplementary information contained in Annexure 2 to the Notice of Annual General Meeting.

King lII recommends that the chairman of the board should not be a member of the audit and risk committee. The chairman of the board, David Nurek, currently serves on the committee. The board has considered the issue and believes that the chairman’s skills, knowledge and experience allow him to make a significant contribution to the committee and the board has therefore recommended that he continues to serve on the committee.

Dr Nkaki Matlala, also an independent non-executive director, was appointed to the committee during the year.

Fees paid to the committee members for 2011 and the proposed fees for 2012 are disclosed in the Remuneration Report.

The executive directors, group head of internal audit and senior management in the finance department attend meetings at the invitation of the committee, together with the external auditor.

The audit and risk committee also meets separately with the external and internal auditors, without members of executive management being present.

The effectiveness of the committee is assessed as part of the annual board and committee self-evaluation process.

Internal audit

The internal audit function provides information to assist in the establishment and maintenance of an effective system of internal control to manage the risks associated with the business. The role of internal audit is contained in the internal audit charter. The charter is reviewed annually and is aligned with the recommendations of King lll.

Internal audit facilitates the combined assurance process and is responsible for the following:

• Evaluating governance processes, including ethics
  
• Assessing the effectiveness of the risk methodology and internal financial controls
  
• Evaluating business processes and associated controls in accordance with the annual audit plan and combined assurance model
  

The internal audit function is established by the board and its responsibilities are determined by the audit and risk committee. Administratively the group head of internal audit reports to the chief financial officer who in turn reports to the chief executive officer. The group head of internal audit has direct and unrestricted access to the chairman of the audit and risk committee. The group head of internal audit is appointed and removed by the audit and risk committee, which also determines and recommends remuneration for the position. The chairman of the audit and risk committee meets with the group head of internal audit on a monthly basis.

Internal control

Systems of internal control are designed to manage, rather than eliminate, the risk of failure to achieve business objectives and to provide reasonable, but not absolute, assurance against misstatement or loss.

While the board of directors is responsible for the internal control systems and for reviewing their effectiveness, responsibility for their actual implementation and maintenance rests with executive management. The systems of internal control are based on established organisational structures, together with written policies and procedures, and provide for suitably qualified employees, segregation of duties, clearly defined lines of authority and accountability. They also include cost and budgeting controls, and comprehensive management reporting.

The committee has considered the results of the formal documented review of the company’s system of internal financial controls and risk management, including the design, implementation and effectiveness of the internal financial controls conducted by the internal audit function during the 2011 year. The committee has also assessed information and explanations given by management and discussions with the external auditor on the results of the audit. Through this process no material matter has come to the attention of the board that has caused the directors to believe that the company’s system of internal controls and risk management is not effective and that the internal financial controls do not form a sound basis for the preparation of reliable financial statements.

External audit

The audit and risk committee appraised the independence, expertise and objectivity of KPMG Inc. as the external auditor, as well as approving the terms of engagement and the fees paid to KPMG Inc. (refer to note 6 of the annual financial statements).

The external auditor has unrestricted access to the group’s records and management. The auditor furnishes a written report to the committee on significant findings arising from the annual audit and is able to raise matters of concern directly with the chairman of the committee.

The group has received confirmation from the external auditor that the partners and staff responsible for the audit comply with all legal and professional requirements with regard to rotation and independence.

The committee is satisfied that the external auditor is independent of the company.

Policy on non-audit services

Non-audit services provided by the external auditor may not exceed 25% of the total auditor’s remuneration. These services should exclude any work which may be subject to external audit and which could compromise the auditor’s independence. All non-audit services undertaken during the year were approved in accordance with this policy.

During the year KPMG received fees of R505 750 (2010: R303 653) for non-audit services, equating to 17.9% (2010: 11%) of the total audit remuneration. These services related mainly to providing an independent fairness opinion and advising on the accounting treatment of the employee share ownership plan, an accounting opinion on the group share award scheme and conducting sustainability risk workshops.

KPMG satisfied the audit and risk committee that appropriate safeguards have been adopted to maintain the independence of the external auditor when providing non-audit services.

Activities of the audit and risk committee

The committee met five times during the financial year. Members of the committee, the external auditor and the group head of internal audit may request a non-scheduled meeting if they consider this necessary. The chairman of the audit and risk committee will determine if such a meeting should be convened.

Minutes of the meetings of the committee, except those recording private meetings with the external and internal auditors, are circulated to all directors and supplemented by an update from the audit and risk committee chairman at each board meeting. Matters requiring action or improvement are identified and appropriate recommendations made to the board.

The chairman of the committee attends all statutory shareholder meetings to answer any questions on the committee’s activities.

The committee performed the following activities relating to the audit function during the year under review, with certain of these duties being required in terms of the Companies Act (and in terms of section 270 of the Companies Act No. 61 of 1973 for the period prior to 1 May 2011, being the implementation date of the Companies Act):

• Recommended to the board and shareholders the appointment of the external auditors, approved their terms of engagement and remuneration, and monitored their independence, objectivity and effectiveness
  
• Determined the nature and extent of any non-audit services which the auditor may provide to the group and pre-approved any proposed contracts with the auditors
  
• Reviewed the group’s internal financial control and financial risk management systems
  
• Monitored and reviewed the effectiveness of the group’s internal audit functions
  
• Reviewed and recommended to the board for approval the Integrated Annual Report and annual financial statements
  
• Evaluated the effectiveness of the committee
  

Refer here on the Corporate Governance Report for an overview of the risk management process and function.

Evaluation of chief financial officer and finance function

The audit and risk committee is satisfied that the expertise and experience of the chief financial officer is appropriate to meet the responsibilities of the position. This is based on the qualifications, levels of experience, continuing professional education and the board’s assessment of the financial knowledge of the chief financial officer.

The committee is also satisfied as to the appropriateness, expertise and adequacy of resources of the finance function and the experience of senior members of management responsible for the finance function.

Approval of the audit and risk committee report

The committee confirms that it has functioned in accordance with its terms of reference for the 2011 financial year and that its report to shareholders has been approved by the board.

John Bester
Chairman: Audit and risk committee

Cape Town
17 November 2011