The ARC reviewed the reports from the SARB’s IAD on control weaknesses as well as the corrective actions to be taken by management.
The ARC is satisfied that the internal audit function is independent and appropriately resourced to provide assurance on the adequacy of the internal control environment of the SABN.
Risk management and compliance
The RMCD of the SARB forms an integral part of the three-lines-of-defence model and is responsible for an organisational approach to risk management. Risk management activities are based on an established risk management policy and framework. The ARC has reviewed the reports on the risk management activities and is satisfied that key risks are adequately controlled or mitigated.
The ARC is satisfied that the SABN has implemented appropriate processes and controls for compliance with all applicable laws and regulations as it relates to financial reporting. This is based on the ARC’s review of reports received from external audit, internal audit and management.
Information and communications technology
The ARC is satisfied that the SABN is able to manage its information and communications technology (ICT) capability and is of the opinion that the ICT controls are appropriate to support the integrity of financial reporting. This is based on the ARC’s continual review of reports from the ICT Department as well as reports from external and internal audit.
Whistle-blowing
Based on combined submissions from RMCD and IAD, the ARC is satisfied that procedures have been established to receive, retain and treat complaints regarding accounting, internal controls and auditing matters, including procedures for confidential and anonymous submissions in this regard.
T M Nombembe
Chairperson of the Audit and Risk Committee 20 May 2021
South African Bank Note Company (RF) Proprietary Limited
Annual Report 2021
31