OBJECTIVES OF THE POSITION

Financial Statements and other finance matters

• Understand how Management develops financial information and the nature and extent of internal and external auditors’ involvement in this process.
• Review the interim and audited annual financial statements and consider whether they are complete, accurate, and consistent with information known to the Committee members and reflect appropriate accounting principles.
• Review significant accounting and reporting issues, including complex or unusual transactions and highly judgmental areas and recent professional and regulatory pronouncements, and understand their impact on the financial statements.
• Obtain assurance from Management with respect to the completeness and accuracy of the financial statements.
• Review with Management and External Auditors, all matters required to be communicated to the ARC under the generally accepted external auditing standards.
• Exercise the ARC’s responsibility of evaluating the significant judgements and reporting decisions made by Executive Management, including changes in accounting policies, decisions requiring a major element of judgement, and the clarity and completeness of the proposed disclosures.
• Review financial reports and other sections of the annual report with Management and External Auditors (where necessary) before filing with regulators and consider whether they are complete, accurate, and consistent with the information known to ARC members.
• To provide the Board with an independent, structured, systematic oversight and assurance on the status, functionality and adequacy of NEMISA’s audit, finance, risk and compliance management, performance information, Information and Communication Technology (ICT), and overall internal control practices.
• Take into account any factors that might predispose Executive Management to present an incomplete or misleading picture of the organisation’s financial position and performance.
• Consider any evidence that comes to its attention that brings into question any previously published financial information, including complaints about previously published financial information. Where necessary, the ARC shall take steps to recommend that the Board publicly correct the previously published financial information if there was material misrepresentation.
• Be fully informed of regulatory and other monitoring and enforcement requirements designed to ensure that the organisation’s financial information complies with financial reporting and other regulatory requirements.
• Be informed of any monitoring or enforcement activities regarding the organisation on a timely basis so as to allow the ARC to be involved in the organisation’s response to such activities.
• Review a documented assessment of the going concern premise of the organisation in order to assist the Board in making a statement on the going concern status of the organisation.
• Review and recommend banking mandate for approval by the Board, when required.
• Review and recommend the investment of funds to the Board, when required.
• Review any other transactions or financial issues that Executive Management may request ARC to review.
• Review with Executive Management and External Auditors, the results of audit engagements, including any difficulties encountered.
• Evaluate the performance of the CFO and the operational effectiveness of the Finance Unit.

Internal Audit Function

• Play a key role in ensuring that the organisation’s Internal Audit Function is independent and has the necessary resources, standing, and authority within the organisation to enable it to discharge its functions.
• Review and approve the Internal Audit Charter at least annually. The Charter should be reviewed to ensure that it accurately reflects the internal audit activity’s purpose, authority, and responsibility, consistent with the mandatory guidance of the IIA’s International Professional Practices Framework and the scope and nature of assurance and consulting services, as well as changes in the financial, risk management and governance processes of the organisation and reflects development in the professional practice of internal auditing.
• Review and provide input on the internal audit activity’s strategic plan, objectives, performance measures, and outcomes.
• Review and approve the proposed risk-based internal audit plan, and changes to the plan and make recommendations concerning internal audit projects.
• Ensure that the Internal Audit Function:
• Has a quality assurance and improvement programme, and the results of the periodic assessments are presented to ARC; and
• Has an external quality assurance review every five (5) as per the requirements of the IIA Standards.
• Review the results of the independent external quality assurance review and monitor the implementation of the internal audit activity’s action plans to address the recommendations.
• Advise the Board about any recommendations for the improvement of the Internal Audit Function.
• Review reports submitted by Internal Audit detailing its performance against the approved annual internal audit plan.
• Evaluate the overall efficiency and effectiveness of the Internal Audit Function, taking into account the following:
• The audit approach;
• The scope and depth of the internal audit coverage;
• The quality of reports issued;
• Internal audit budget;
• Internal audit compliance with the International Standards for the Professional Practice of Internal Auditing; and
• Executive Management satisfaction.
• Recommend the appointment, including the terms and fees, of an outside service provider for the execution of the internal auditor function to the Board for approval.
• Review significant differences of opinion between Executive Management and the Internal Audit Function.
• Ensure that no Management restrictions are placed upon Internal Auditors.
• Act as a forum for communication between Executive Management, Internal Audit and External Auditors.
• Monitor implementation status of agreed Management corrective action plans as per internal audit reports.
• While acknowledging that the responsibility to create an appropriate organisational structure vests with the Board, it is expected that there shall be consultation with the ARC regarding the appointment or discharge of the CFO, as required in the MoI.
• Oversee cooperation between External and Internal Auditors to avoid overlapping of audit functions; and
• Evaluate the outcome report from Executive Management on the performance and the effectiveness of the Internal Audit Function, including conformance with The International Standards for the Professional Practice of Internal Auditing, the Definition of Internal Auditing, and the Code of Ethics.
• The ARC requires that all internal audit work performed shall comply with the Standards for the Professional Practice of Internal Auditing, as published by the Institute of Internal Auditors. Implementation of internal audit duties shall take place on a progressive basis.
• Recommend the dismissal of the CFO and/or the internal audit service provider to the Board for approval.
• Receive and review the internal audit report at each meeting of the Committee as well as the annual assessment of the effectiveness of NEMISA’s governance, risk management, and control processes;
• Consider the objectives and scope of any additional work undertaken by the Internal Audit to ensure that there are no conflicts of interest, and that independence is not compromised.
• Ensure direct access to the CAE, who will be the Director of the outsourced internal audit service provider, to the Committee as well as the Chairperson of the Audit Committee and the Accounting Officer.
• Meet with the Internal Audit regularly to discuss any matters that the Committee or Internal Audit believes should be discussed privately.
• Monitor on an ongoing basis that Internal Audit follows an approved risk-based internal audit plan and reviews the organisational risk profile regularly and proposes adaptations to the internal audit plan accordingly.
• Obtain confirmation annually from the Internal Audit Service Provider that internal audit conforms to a recognised industry Code of Ethics.

External Auditors

• Engage External Auditors on their performance, where required.
• Review and confirm the objectivity and independence of external auditors by obtaining statements from the auditors on relationships between auditors and NEMISA, including non-audit services.
• Review the findings and recommendations and assess Executive Management’s comments on the audit reports issued by the external auditors.
• Review implementation of External Auditor’s ‘recommendations by Executive Management.
• Review the External Auditors’ proposed audit scope, approach, audit fees for the year and coordination of audit effort with the Internal Audit Function.
• Meet with External Auditors on a regular basis to discuss any matters that the Committee or External Audit believes should be discussed privately. 

Combined Assurance Model

• Oversee the coordination of internal audit, external audit and other assurance providers to ensure comprehensive coverage to avoid duplication.
• Be responsible for reviewing and monitoring the appropriateness of NEMISA’s Combined Assurance Model and ensuring that it provides a complete picture of significant risks and the control environment facing NEMISA.
• Oversee the combined assurance efforts at all assurance levels, ensuring effective risk management and governance oversight, and that management actively play their collaborative combined assurance role with Internal audit.
• Provide recommendations for improving the combined assurance model processes to enhance the overall risk management.
• Satisfy itself that the Combined Assurance provided by Internal and External Assurance Providers as well as Executive Management is sufficient to mitigate the identified significant risk areas.
• Monitor the relationship between the External Assurance Providers and NEMISA.
• Uphold the independence of Internal and External Assurance Providers, thus helping to ensure that these functions are carried out effectively.
• Consider assurance reports from regulators when required. 

Compliance Management

• To oversee the organisation’s compliance with the relevant legislation, regulations, and internal policies.
• Review the effectiveness of compliance programmes and procedures to prevent violations and review all recommended governance policies and procedures as follows:
• Compliance Policy;
• Compliance Framework;
• Regulatory Universe, and
• Compliance Risk Management Plan.
• Ensure that appropriate controls are in place to address non-compliance-related risks.
• Assess the effectiveness of the system for monitoring compliance with laws and regulations; the results of Executive Management’s investigation and follow-ups (including disciplinary action) of any instances of non-compliance.
• Assess compliance findings of any regulatory agencies and any auditor’s observations arising therefrom.
• Obtain regular updates from Management and assurance providers regarding compliance matters. 

Risk Management

• Exercise oversight of risk management framework and practices to ensure they are effective and aligned with NEMISA objectives.
• Review the adequacy of the risk management identification, assessment and mitigation processes.
• Evaluate the effectiveness of internal controls in managing key risks and preventing potential issues.
• Review and recommend to the Board for approval, the improvement actions of the risk management policies, processes and procedures as follows:
• Risk Management Framework;
• Risk Management Policy;
• Risk Management Plans;
• Risk Appetite and Tolerance Framework
• Play a key role in ensuring that there are no restrictions placed upon the Risk and Compliance Management Function.
• Provide proper and timely reports to the Board on the state of risk management within NEMISA, identify areas of improvement and recommendations to address such matters reported.
• Ensure adequate provision of resources for the efficient functioning of the Risk Management Function.
• Ensure that the risk management processes and systems are inclusive of fraud prevention strategies.

Reporting Line – Whistle Blowing

• Monitor the arrangements of NEMISA by which staff may in confidence and with total anonymity raise concerns about possible improprieties in matters of financial reporting or any other matters.
• Ensure that the arrangements are in place in order to independently investigate such matters and ensure that adequate controls prevent the impropriety from re-occurring.
• Consider the significant findings of internal investigations and management’s response thereto.

Organisational performance

• Recommend the Annual Performance Plan (APP) to the Board for approval.
• Consider quarterly performance reports.
• Review Annual Reports.

Information and Communication Technology (ICT)

• Consider ICT risks as a crucial element of effective oversight.
• Exercise oversight on the following:
• ICT Governance
• ICT risks and controls.
• Business continuity and Disaster Recovery Solutions.
• Information security and privacy.
• Obtain assurance that ICT controls are adequate and effective in addressing the strategic and operational risks of the ICT environment.
• Ensure that the ICT investments are aligned with the organisation’s strategic objectives and risk appetite.
• Receive regular ICT governance, risk management, and cybersecurity reports.

Education: Formal Qualifications 

Level of Education:

• Honours Degree in ICT or Risk and Compliance or equivalent
• 7+ years’ related experience and must have served as an Audit and Risk Committee member previously, preferably in a State-Owned entity environment