Download - African Bank
Download - African Bank
Download - African Bank
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Risk review continued<br />
compliance policy and has unrestricted<br />
access to the CEO, various executive<br />
committees, Group Audit Committee<br />
and the chairmen of the board and<br />
Group Audit Committee. The board<br />
regularly reviews the compliance policy<br />
and its ongoing implementation to<br />
assess the extent to which the bank is<br />
managing compliance risk.<br />
Each business unit has a dedicated<br />
compliance champion whose<br />
responsibility it is to assist with the<br />
implementation and monitoring of<br />
compliance in the particular unit. Mini<br />
manuals have been compiled specific to<br />
the activities of the business unit to assist<br />
the unit to focus on its compliance<br />
requirements. A control self-assessment<br />
approach is followed by the business<br />
units. The mini manuals also facilitate the<br />
monitoring of compliance by these units<br />
and assist the internal audit department<br />
who provides the necessary assurances<br />
that the defined controls are<br />
implemented and adhered to.<br />
Compliance bulletins are issued on a<br />
regular basis to inform the business units,<br />
management and board on any new<br />
statutory or regulatory developments.<br />
This provides an opportunity for<br />
management to be proactive and to<br />
address any new requirements to ensure<br />
timeous implementation.<br />
Regular updates or reports are<br />
submitted to the board and the South<br />
<strong>African</strong> Reserve <strong>Bank</strong> on all compliance<br />
related matters. There were no material<br />
issues of non-compliance that had to be<br />
reported during the year under review.<br />
Money laundering<br />
Effective controls have been<br />
implemented and staff trained to comply<br />
with the legislation pertaining to money<br />
laundering. However, as the group does<br />
not offer transactional facilities, the<br />
possibility of the group being used to<br />
launder funds is limited.<br />
Internal audit<br />
With the divisionalisation of certain Theta<br />
subsidiaries into the bank during the<br />
financial year, the risk teams of the<br />
relevant subsidiaries merged to form a<br />
group audit and forensic function with<br />
<strong>African</strong> <strong>Bank</strong> Investments Limited 64<br />
dedicated teams assigned to the major<br />
divisions to ensure specialised knowledge<br />
of the processes and control environment<br />
of the division is maintained.<br />
Internal audit operates in terms of an<br />
approved Audit Committee charter.<br />
The charter was revised to include the<br />
additional activities of the audit and<br />
forensic functions for the entire group.<br />
The internal audit function reports<br />
directly to the Audit Committee and<br />
its staff have full and unrestricted access<br />
to the CEO, chairman of the Audit<br />
Committee and, if required, the<br />
chairman of the board. Operationally,<br />
the function reports to the group risk<br />
officer who in return reports to the<br />
financial director.<br />
All group operations, business activities<br />
and support functions are subject to<br />
internal audit. The audit plan is<br />
determined annually, based on the<br />
relative degree of the inherent risks<br />
identified from the ongoing group-wide<br />
risk assessments. It also provides for ad<br />
hoc assignments and special reviews<br />
requested by management or the Audit<br />
Committee or board. Progress against<br />
the audit plan is reviewed at each Audit<br />
Committee meeting.<br />
The group’s internal audit responsibility<br />
is aimed at providing quality audit<br />
services to assist members of executive<br />
and senior management in the effective<br />
discharge of their duties and<br />
responsibilities. To this end, audits are<br />
planned and executed in such a manner<br />
as to provide management with an<br />
independent assessment and appraisal<br />
of the adequacy and effectiveness of the<br />
systems of internal control in place to,<br />
inter alia:<br />
Minimise potential risks and losses;<br />
Recognise opportunities for<br />
improvement;<br />
Identify strengths and weaknesses in<br />
current processes and procedures;<br />
Evaluate the effectiveness of<br />
business practices.<br />
Internal audit operates closely with the<br />
other risk functions of the group,<br />
including operational risk management<br />
and compliance. This is done so as to<br />
obtain a more holistic view of the<br />
potential risks that require additional<br />
attention, as well as to provide the<br />
compliance officer with the necessary<br />
assurance on the existence and<br />
adequacy of controls in place to ensure<br />
satisfactory compliance with all relevant<br />
laws and regulations. Assurance is also<br />
provided to the Operational Risk<br />
Manager regarding certain risks at a<br />
process level.<br />
Audit reports are formally presented to<br />
executives who are directly responsible<br />
for the functions reviewed and all those<br />
in a position to take corrective action on<br />
any control weaknesses identified.<br />
Internal client surveys are periodically<br />
distributed to obtain comments about<br />
the audit process and management’s<br />
experience with the internal audit team.<br />
This is used to improve the effectiveness<br />
of its services to management on an<br />
ongoing basis.<br />
Forensic investigations<br />
Fraud is an inherent risk of any bank.<br />
The group endeavours to combat acts<br />
of transgression and unethical behaviour<br />
through the implementation of dynamic<br />
and sound fraud prevention practices.<br />
The board has enforced a ZERO<br />
TOLERANCE policy on fraud and all<br />
instances involving a reportable offence<br />
are managed consistently and in a<br />
uniform manner.<br />
Staff at all levels are responsible and<br />
accountable for exercising due diligence<br />
and control to prevent, detect, and<br />
report acts or suspicion of acts of a<br />
reportable nature, as defined in the<br />
bank’s fraud policy. The bank’s policy is<br />
to identify and promptly investigate any<br />
possibility of fraudulent or related<br />
dishonest activities against the group<br />
and, when appropriate, pursue legal<br />
remedies available under the law.<br />
The group has recently invested in a<br />
specialist software system that allows<br />
management to track and analyse<br />
incidents in more detail on an ongoing<br />
basis. The creation of a group-wide<br />
event loss database will also enhance<br />
the forensic management and<br />
reporting process at the various levels<br />
of the group.