72
DURBAN UNIVERSITY OF TECHNOLOGY ANNUAL REPORT 2020
Audit Committee
This committee provides assistance to Council with regard to, inter alia:
(a) Ensuring compliance with applicable legislation, the requirements of regulatory authorities and matters relating to financial management and internal control, accounting policies, reporting and disclosure.
(b) Reviewing and recommending to Council all external audit plans, findings, problems, reports and fees.
(c) Reviewing and recommending to Council all internal audit plans, findings, problems, reports and fees.
(d) Reviewing the Annual Financial Statements for fair presentation and conformity with international financial reporting standards and assessing whether they reflect appropriate accounting practices and principles.
(e) Reviewing accounting policies.
(f) Recommending to Council the appointment of the internal and external auditors.
(g) Ensuring compliance with all areas of risk and the management thereof. The Council Risk Committee reports to the Audit Committee.
(h) Ensuring adherence to the Internal Audit Charter.
Both the internal and external auditors have unrestricted access to the Audit Committee, which ensures unimpaired independence. They attend Audit Committee meetings and are also afforded separate opportunities to meet with the Committee. The Chairperson of Council is not a member of the Audit Committee.
Council Risk Committee
This committee was previously a sub-committee of the Audit Committee. However, as a result of the prominence attached to the management of risk by all entities, as emphasised by the King IV Code of Governance, Council agreed in the course of 2019 to make the Risk Committee a stand-alone Council committee. There is much interaction between the Risk and Audit Committees, nevertheless. The functions of the Risk Committee are:
(a) Recommends to the Audit Committee the risk philosophy, strategy, and policy and ensures compliance with such policy.
(b) Recommends to the Audit Committee concerning the levels of risk tolerance and risk appetite and ensures that risks are managed within the levels of tolerance and appetite.
(c) Reviews and assesses the integrity of the risk
management systems and ensures that the risk policies and strategies result in a thorough understanding of risks faced by the University in the pursuance of its objectives, together with the methods employed to mitigate the impact of those risks.
(d) Monitors the reporting of risk by management, with particular emphasis on significant risks or exposures and the appropriateness of the steps management has taken to reduce the risk to a tolerable level.
(e) Monitors external developments relating to risk management, including emerging risks and their potential impact.
(f) Ensures that management also has a focus on ‘upside risk’, that is, making sure that the University takes advantage of opportunities.
(g) Ensures that a formal Risk Register is maintained with an indication of how the risk is managed and mitigated. (h) Oversees that the Risk Management Plan is widely
disseminated throughout the University and
integrated in the day-to-day activities of the University. (i) Ensures that risk management assessments are
performed on a continuous basis.
(j) Reviews reporting concerning risk management
that is to be included in the integrated report, for
being timely, comprehensive and relevant.
(k) Considers the result of work performed and the conclusions of the internal audit function in
relation to risk management; and
(l) Liaises closely with the Audit Committee to
exchange information relevant to risk.
To fulfil its responsibilities and duties in respect of IT Governance, the Committee:
(a) Reviews the adequacy and effectiveness of the control framework and governance structures implemented within the IT environment.
(b) Satisfies itself that the risk management process covers the IT environment sufficiently and provides appropriate oversight of risks identified within that environment.
(c) Reviews the arrangements management has implemented for disaster recovery and business continuity.
(d) Considers and reviews the reliance of the University on IT systems and obtains assurance that:
- risk assessments were conducted to understand the risks; and
- controls are in place to govern the IT risks within the environments that are highly dependent on systems; and