2008 Annual report - Sappi
2008 Annual report - Sappi
2008 Annual report - Sappi
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Corporate governance // continued<br />
resources and financial forecasts. The group’s results are<br />
reviewed prior to submission to the board as follows:<br />
• All four quarters and financial year end – by the disclosure<br />
committee and audit committee; and<br />
• Interim and final quarters – by the group’s external auditors.<br />
Internal controls<br />
The board is responsible for the group’s systems of internal<br />
financial and operational control. The group’s internal controls<br />
and systems are designed to provide reasonable assurance as<br />
to the integrity and reliability of external financial <strong>report</strong>s, that<br />
assets are adequately safeguarded against material loss and<br />
that transactions are properly authorised and recorded. Such<br />
controls are based on established written policies and<br />
procedures which are monitored throughout the group and<br />
are applied by trained, skilled personnel with an appropriate<br />
segregation of duties through clearly defined lines of accountability<br />
and delegation of authority. The control system includes<br />
comprehensive <strong>report</strong>ing and analysis of actual results against<br />
approved standards and budgets. All employees are required<br />
to maintain the highest ethical standards in ensuring that the<br />
company’s business practices are conducted in a manner<br />
which in all reasonable circumstances is above reproach. As<br />
part of an ongoing process, reviews were undertaken across<br />
the group of the effectiveness of various elements of the group’s<br />
internal controls, procedures and systems. Where potential<br />
improvements are identified, they are being addressed. The<br />
reviews enabled management to further strengthen the group’s<br />
controls and the results of the reviews did not indicate<br />
any material breakdown in the functioning of these controls,<br />
procedures and systems during the year under review. A material<br />
breakdown is defined as a critical weakness in process<br />
or financial systems which could result in a material loss,<br />
contingency or uncertainty requiring disclosure in the published<br />
annual financial statements. Section 404 of the US Sarbanes-<br />
Oxley Act requires companies listed on the NYSE to complete<br />
a comprehensive evaluation and <strong>report</strong> on the effectiveness<br />
of their internal controls over financial <strong>report</strong>ing. <strong>Sappi</strong> has<br />
conducted its third evaluation at the end of fiscal <strong>2008</strong> and will<br />
include its section 404 <strong>report</strong> in its Form 20-F to be filed with<br />
the United States Securities and Exchange Commission.<br />
Disclosure controls<br />
Disclosure controls and procedures include controls and<br />
procedures designed to ensure that information required to be<br />
disclosed by the group in the <strong>report</strong>s that it files or submits is<br />
accumulated and communicated to the group’s management,<br />
including the chief executive officer and chief financial officer,<br />
as appropriate to allow timely decisions regarding required<br />
disclosure. The group has implemented disclosure controls<br />
and procedures as deemed appropriate by management. The<br />
disclosure committee meets to review all <strong>Sappi</strong> Limited external<br />
financial <strong>report</strong>s prior to their release. On occasion, these<br />
meetings are held jointly with the audit committee.<br />
Internal audit<br />
The group’s internal audit department has a current complement<br />
of 20 persons, of which 15 are experienced and qualified and<br />
five are in training. It has a specific mandate from the audit<br />
committee and independently appraises the adequacy and<br />
effectiveness of the group’s systems, financial internal controls<br />
and accounting records, <strong>report</strong>ing its findings to local and<br />
divisional management, the external auditors as well as the<br />
respective audit committees. The head of internal audit <strong>report</strong>s<br />
to the audit committee on a functional basis and to the chief<br />
financial officer on a daily operational basis and has direct<br />
access to the chief executive officer. The internal audit coverage<br />
plan is based on a risk assessment performed for each operating<br />
unit. This incorporates risks identified by management during<br />
the group risk assessment process as well as the results of<br />
audit work performed. This process ensures that the audit<br />
coverage is focused on identified high risk areas. During <strong>2008</strong><br />
internal audit focused on expanding the IT audit scope<br />
to provide additional assurance to management in the IT<br />
security audit area, application control reviews and forensic IT<br />
audit. Internal Audit also started to focus more resources on<br />
operational audits and the inclusion of the top risks per region<br />
in the determination of the audit coverage plan. Internal audit<br />
meets privately with the audit committee and individual board<br />
members on a regular basis. The <strong>report</strong> submitted by Internal<br />
Audit to the audit committee includes amongst other things<br />
an overview of hotline allegations and forensic activities, a<br />
summary of potentially significant control issues identified, audit<br />
risk assessments, audit coverage plans, actual performance<br />
against planned activities, the periodic evaluation of the system<br />
of internal controls and details of any scope restrictions as well<br />
as audit resource developments.<br />
Company secretary<br />
All directors have access to the advice and services of the<br />
company secretary and are entitled and authorised to seek<br />
independent and professional advice about affairs of the group<br />
at the group’s expense. The company secretary is responsible<br />
for the duties set out in section 268G of the South African<br />
Companies Act of 1973. Specific responsibilities include the<br />
provision of guidance to directors as to how to discharge their<br />
duties in the best interests of the company as well as arranging<br />
for the induction of new directors.<br />
Code of ethics<br />
<strong>Sappi</strong> requires its directors and employees to act with the<br />
utmost good faith and integrity in all transactions and with all<br />
68