Corporate governance report
Combined assurance
Telkom follows a combined assurance approach, which integrates assurance and risk management activities. Telkom has three lines of defence aimed at improving and monitoring risk management, control and governance across the business. The regulators (ICASA, Competition Commission) may from time to time institute reviews to gain assurance that Telkom complied with regulation and applicable laws. Such reviews may be considered as an additional defense for the board. This framework is outlined as follows:
The audit and risk committees oversee the implementation of the combined assurance model, combining, coordinating and aligning assurance activities across the various lines of defence. They oversee that the scope of combined assurance is informed by the risks and opportunities that materially affect the ability of the group to create value.
Telkom Audit Services (TAS) gives effect to combined assurance through coordinating its work with that of the other assurance providers, including the external auditors, to ensure that Telkom's significant risks are adequately addressed. Telkom will continue its practical approach to combined assurance with a key focus on embedding assurance activities across all lines of defence.
Internal audit
TAS, the internal audit function, provides independent assurance on the adequacy and effectiveness of the system of internal controls and risk management to manage the significant risks of the business down to an acceptable level.
It provides assurance to the group's stakeholders by:
- evaluating Telkom's governance processes including ethics, especially the "tone at the top";
- performing an objective assessment of the effectiveness of risk management and the internal control framework;
- systematically analysing and evaluating business processes and associated controls; and
- providing a source of information, as appropriate, regarding instances of fraud, corruption, unethical behaviour and irregularities.
TAS governs itself by adhering to the Institute of Internal Auditors' mandatory guidance, the code of ethics, and the International Standards for the Professional Practice of Internal Auditing.
TAS follows a risk-based approach in developing an annual audit coverage plan which is reviewed and approved by the audit committee. TAS regularly revises its audit plan to keep it relevant and aligned with key business priorities in a changing business and risk environment. TAS engages with other assurance providers while developing the annual audit plan.
TAS functionally reports to the audit committee and administratively to the chief risk and compliance officer. The group executive: internal audit attends the audit, risk and exco meetings by invitation. This organisational structure promotes the independence of internal audit and allows it to form its judgements objectively.
TAS is subjected to an external quality assurance review at least once every five years, the results of which are communicated to the audit committee. The quality of audit services delivered to Telkom and its subsidiaries is underwritten by the fact that TAS achieved a "generally conforms" rating to the International Internal Audit Standards as per the external quality review conducted by the Institute of Internal Auditors in FY2017. TAS conducts ongoing self-assessments as prescribed by the TAS' Quality Assurance programme.