RISKS TODAY ARE SO DIVERSE THAT THE INTERNAL AUDIT FUNCTION CANNOT PROVIDE ASSURANCE ON ITS OWN. INSTEAD IN ORDER TO PROVIDE ASSURANCE IT IS NECESSARY TO COMBINE AND COORDINATE THE REPORTING FROM VARIOUS ASSURANCE PROVIDERS.
RBPlat has introduced the combined assurance approach to prevent gaps in or duplication of its assurance efforts, and in order to provide a holistic approach to risk management and assurance.
The Risk and Assurance unit is responsible for maintaining the continued assurance plan, which is in line with the combined assurance framework, in consultation with functional and operational management and our outsourced internal audit service provider.
The outcomes of all assurance activities are compiled in an audit findings tracking tool. Progress on the recommendations is tracked monthly and reported to the Audit and Risk Committee and/or the Social and Ethics Committee every quarter, depending on the nature of the area assured.
Internal audit services at RBPlat, which are outsourced, report administratively to the Executive: Risk, Assurance and Sustainability and functionally to the Audit and Risk Committee. The Executive: Risk, Assurance and Sustainability assumes the role of the Chief Audit Executive (CAE) within RBPlat.
Internal Audit, which is one of the assurance providers to RBPlat, remains pivotal to corporate governance. The role of internal audit at RBPlat has evolved in recent years to become a trusted advisor that adds value through the insights and foresight it contributes. Internal Audit operates in terms of the approved Internal Audit Charter which defines the role and associated responsibilities and authority of internal auditing. Internal Audit and the CAE report to the Audit and Risk Committee on the performance of its duties and the achievement of the internal audit plan.
The RBPlat Board assumes responsibility for compliance with applicable laws and adopted, non-binding rules, codes and standards by setting the direction on how compliance should be approached and addressed within RBPlat. RBPlat's Board-approved compliance policy articulates and gives effect to its direction on compliance. It commits RBPlat to compliance with both the letter and spirit of relevant regulatory requirements.
The primary responsibility of RBPlat's compliance management function is to assist and support management in achieving the development, implementation and management of its compliance framework. RBPlat's uses its compliance risk management framework to manage all categories of compliance risk, including policies and structures, people, systems and process.
Accountability for compliance lies with the Board while day-to-day responsibility for ensuring compliance is delegated to the compliance management function. In order to assist the Board with meeting its compliance obligations, the compliance function informs the Board of the status of compliance in RBPlat, particularly with regard to issues of non-compliance. Reports issued by the compliance management function provide a balanced assessment of significant compliance risks and exposures, as well as the effectiveness of the system of internal control in managing compliance risks.