Internal Control and Internal Audit
Management is responsible for controlling Foskor’s operations in a manner that provides the Board of directors reasonable assurance that:
- Data and information published is accurate, reliable and made available in a timely fashion;
- The actions of directors, executives and employees are in compliance with Foskor’s policies, standards, plans and procedures, as well as with all relevant laws and regulations;
- Foskor’s resources (including its people, systems, data or information bases, and customer goodwill) are adequately protected;
- Resources are acquired economically and employed profitably;
- The quality of business processes is enhanced, and continuous improvement efforts are ongoing; and
- Foskor’s plans, goals and objectives are achieved.
In terms of company policy, Foskor’s management must:
- Identify and evaluate the potential exposures to loss relating to the operations;
- Specify and establish policies, plans and operating standards, and procedures, systems and other disciplines, to be used to minimise, mitigate and/or limit the risks associated with the exposures identified;
- Establish practical control processes that require and encourage directors, executives and employees to carry out their duties and responsibilities; and
- Maintain effective controls and continually improve these processes.
In accordance with the International Standards for the Professional Practice of Internal Auditing, it is Foskor’s policy to maintain a centralised and independent internal auditing function, named Foskor Group Audit Services (FGAS).
FGAS offers independent, objective assurance and consulting services designed to add value and improve Foskor’s operations. The internal audit department assists Foskor in accomplishing its objectives by bringing a systematic, disciplined approach to evaluating and improving the effectiveness of risk management, control and governance. FGAS has the responsibility of informing and advising management and the Board Audit and Risk Committee (BARC) with regard to deficiencies or other substantive issues noted in the course of its activities. Internal audit assures the BARC that all identified risks that may impact on the achievement of the business objectives are effectively managed. FGAS helps the BARC and management personnel to exercise their responsibilities by providing analyses, appraisals, recommendations, counsel and information concerning the activities reviewed.
FGAS reports to the BARC. The BARC, on behalf of the Foskor Board, determines FGAS’s mandate. The group’s Internal Audit Manager has full and independent access to the CEO and the BARC and attends Exco meetings by invitation. The BARC warrants that the internal audit function is subjected to an independent quality review at least once every three years. The BARC can appoint, remove or replace the group’s Internal Audit Manager at any time deemed appropriate.
FGAS has unrestricted access to all records, properties, functions and personnel necessary for effectively performing its duties. All the divisions of Foskor and its subsidiaries, associates and joint ventures, with their consent, may be subjected to periodic audits by FGAS. In performing its functions, FGAS does not engage in any activities that could reasonably be construed as compromising its independence and objectivity. FGAS has complete auditing independence and is not restricted by operational or executive management; furthermore, the Board does not place any restrictions on the scope of the audits, although the BARC may provide strategic direction. Either the BARC or the CEO may request FGAS to carry out special reviews or audits as deemed necessary.
The scope of FGAS includes, but is not limited to, the following:
Developing and implementing a flexible annual Audit Plan with set deliverables;
Maintaining professional auditing staff with sufficient knowledge, skills, experience and professional certifications to meet the Charter requirements;
Evaluating and assessing the significant merging or consolidating of functions;
Reviewing services, operations and control processes coincident with the development, implementation and expansion of business units;
Informing the BARC of emerging trends and successful practices in internal auditing;
Assisting in the investigation of suspected fraud within the organisation and notifying management, the BARC, the Fraud Prevention and Ethics Committee, and the internal Audit and Risk Committee of the outcomes; and
Considering the scope of work of the external auditors and regulators, for optimal auditing coverage in the organisation.
Internal audit pursues a risk-based approach to planning, assesses the needs and expectations of its key stakeholders, and assures that its reporting meets the approval of management and the BARC.
- Acts as the Risk Management Steering Committee;
- Reviews and evaluates the most significant risks that the company faces in the ordinary course of business;
- Working with management and other relevant personnel, assists in dealing with day-to-day risks and issues;
- Monitors and highlights the various possible impacts of HIV/AIDS;
- Monitors and advises on management’s residual risk; and
- Appropriately addresses misconduct by management.
The group believes that, as at 31 March 2010, Foskor’s system of internal control satisfied all criteria necessary for effective internal control.
Fraud prevention and ethics
Management is accountable for detecting fraud, theft and other irregularities.
Fraud and related crime prevention techniques fall into three disciplines:
Operational control: addresses the operations’ risk exposures and encompasses financial and audit controls, personnel selection and monitoring techniques;
Physical security: deals largely with regulating visitors, restricting access to sensitive areas, and removing firearms, drugs and other harmful objects; and
System security: monitors the improper usage of computer systems and e-mail facilities, and focuses on password control, authorisations, logging off, encryptions and message authentication.
In the first instance, controls should focus on prevention rather than detection, emphasising in all at Foskor an understanding and awareness of the following:
- The ethical values and code of conduct of the organisation;
- The importance of personally contributing to crime prevention;
- Foskor’s business practices, systems and manual or automated controls; and
- Knowledge of the different types of crime that can occur and how to detect them.
Foskor expects its employees to conduct business with the highest levels of professionalism, integrity and excellence aligned to the organisation’s values. This culture is embedded in the company’s reporting and quality testing systems. The Fraud Prevention and Ethics Committee investigates unethical conduct, driving transparency in Foskor.
The organisation is committed to the highest standards of openness and accountability. Foskor recognises that employees, suppliers, business partners, local communities and other stakeholders prefer associating with ethical organisations. The whistle-blowing policy serves to build employee, supplier and business partner loyalty. The policy identifies and eliminates unethical practices, and provides a confidential means of conveying information through existing communication channels. The policy encourages and enables staff to raise concerns within Foskor rather than overlooking a problem or resorting to the use of inappropriate communication channels.
Where information indicating serious malpractice or wrongdoing is discovered, it can be disclosed without fear of reprisal. In line with the Protected Disclosures Act (No. 26 of 2000) Foskor:
- Strives to create a culture that facilitates the responsible disclosure by employees of information relating to criminal and other irregular conduct in the workplace;
- Sets clear guidelines for disclosing such information;
- Protects against reprisals as a result of such disclosure; and
- Promotes the elimination of criminal and other irregular conduct within the company.
- The objectives of Section 2 of the Protected Disclosures Act are:
- To protect from occupational detriment those employees who make disclosures;
- To provide remedies for occupational detriment suffered on account of having made a protected disclosure; and
- To provide employees with procedures to responsibly disclose information on improprieties.
Employees and suppliers are obliged to report suspicions of fraud, corruption, theft or other unethical and/or illegal behavior within Foskor. These types of allegations are investigated by FGAS.
The Vice President (VP) of the Procurement and Logistics Division, in consultation with the Corporate Affairs Division, may obtain an external legal opinion before deciding to terminate a vendor relationship. The VP of Procurement and Logistics, or a person designated by the VP, is responsible for maintaining a database of all blacklisted suppliers.
Any employee who is found guilty of unethical conduct or who resigns prior to a disciplinary hearing is thereafter barred from servicing Foskor as a vendor.