Audit and Risk Committee

More information on the Audit and Risk Committee can be found here.

Following the Walmart transaction, the reconstituted Audit and Risk Committee now comprises Mr Chris Seabrooke (Chairman), Ms Phumzile Langeni and Dr Lulu Gwagwa, all of whom are independent non-executive directors and who each have the requisite financial and commercial skills and experience to contribute to the Committee's deliberations. The roles and responsibilities of the previously separate Risk and Audit Committees were combined with effect from June 2011. Makro CEO, Mr Kevin Vyvyan-Day, attends the Risk section of this Committee meeting as an invitee.


The Chief Executive Officer, the Chief Financial Officer, senior financial executives of the Group and representatives from the external and internal auditors attend all meetings by invitation.

The internal and external auditors have unfettered access to the Audit Committee and its members and both present formal reports to the Committee.

The Chairman of the Committee meets quarterly with the Chief Audit Executive and at the start of every Committee meeting, the external auditors have a private audience with the Committee.

In specific response to the requirements of the Companies Act, King III and in terms of its charter, the Committee can report as follows:
  • The Committee has reviewed the scope, quality, effectiveness, independence and objectivity of the external auditors and is satisfied with all of these areas. The audit firm Deloitte & Touche and audit partner Mr André Dennis will be proposed to the shareholders at the November 2011 annual general meeting to be the Group's auditor for the 2012 financial year.
  • The Committee is satisfied that the internal financial controls of the Divisions and Group operated effectively throughout the 2011 financial year and can be relied upon. In addition, the Committee is satisfied with the Group's accounting policies and that these have been appropriately and consistently applied throughout the 2011 financial year.
  • The Committee reviewed this integrated annual report and recommended it to the Board for approval.
  • The nature and extent of non-audit services provided by the external auditors is reviewed annually to ensure that fees for such services do not become so significant as to call into question their independence of Massmart. The nature and extent of any future non-audit services have been defined and pre-approved, and the total fee associated with those non-audit services may not exceed 50% of the total audit fee without approval of the Committee. During the 2011 financial year, non-audit services represented 29.3% of the audit fee. If it appears that this guideline will be exceeded on a consistent basis, non-audit services will be outsourced to alternative auditors.
  • No reportable irregularities were identified and reported by the external auditors to the Committee.
  • The Massmart website (www.massmart.co.za) has a link enabling the general public to lodge complaints with the Committee. Since establishing this functionality in 2009, no complaints have been received.

Annually the Committee considers whether it is meeting its duties and responsibilities as set out in the Committee charter and in meeting the requirements of the Companies Act.

As part of the Audit section, the Committee receives reports on Group companies' financial performance, governance, and internal controls, adherence to accounting policies, compliance and areas of significant risk, among others. The Committee also receives written reports by both the external and internal auditors which are accompanied by discussion with Committee members. After considering these reports, the Committee formally reports to the Board, twice each year, regarding the overall control framework and effectiveness of controls.

Each of the four Divisions has a Financial Review Committee which meets twice a year ñ before the finalisation and release of the Group's Interim and Preliminary financial results respectively. These Committees effectively function as Divisional Audit Committees but not strictly in the manner required by the regulators or King III. The attendance at these meetings includes: the Divisional Chief Executive and Finance Director, key finance and accounting staff, members of Internal and External Audit, and Massmart Corporate Finance executives. Minutes from these meetings are included with the papers of the following Group Audit Committee meeting. Annually the Audit Committee reviews the Financial Review Committee minutes, external audit report and annual financial statements to comply with the Companies Act as required of a holding company Audit Committee and its responsibilities in regard to all Company subsidiaries.

The Group's interim reports are always subject to independent review by the external auditors.

The Committee's report in accordance with section 94(7)(f) of the Companies Act, 2008, as amended, can be found in the Directors' Report.

Suitability of the Chief Financial Officer

The detailed Audit Committee report can be found here.

As required by the JSE, the Committee and Board have considered the skills, qualifications and performance of the Chief Financial Officer, Guy Hayward, and are unanimously satisfied of the continuing suitability for the position. His biographical details can be found here.

External audit

During the financial year, Deloitte & Touche were the external auditors for all Group companies, with the exception of:
  • Greenwoods Chartered Accountants who audit De La Rey 1001 Building Materials (Pty) Limited and Thabiletrade 22 (Pty) Limited; and
  • Ernst & Young who audit the Zimbabwean entities of Mercantile Investment Company (1971) (Pvt) Limited and the Dealsave Trust.

During the year, Deloitte & Touche provided certain non-audit services, including tax reviews and advice, and reviews of information technology systems and applications. Total fees paid during the 2011 financial year to Deloitte & Touche were R24.9 million, of which R7.3 million related to non-audit services.

  • Overseeing the effectiveness of the Group's governance, risk and internal control systems.
  • With regard to the external auditor, to nominate their appointment, to determine audit fees payable, to pre-determine fees and scope of non-audit services, and monitor their independence.
  • Reviewing the scope and effectiveness of the external and Internal Audit functions.
  • Ensuring that adequate accounting records have been maintained.
  • Ensuring the appropriate accounting policies have been adopted and consistently applied.
  • Reviewing and reporting on the application of the King III Report.
  • Testing that the Group's going-concern assertion remains appropriate.
  • Overseeing the quality and integrity of the annual financial statements.
  • Ensuring that Internal Audit reports functionally to the Audit Committee, is considered independent, and applies King III and IIA standards. It approves Internal Audit's plan and ensures that Internal Audit has sufficient resource and skill to effectively perform its function.
  • Reviewing the adequacy and effectiveness of combined assurance, compliance and IT.
  • Receiving and reviewing the assurance assertion of Internal Audit and presenting this to the Board.




Internal audit

The Committee considers Massmart Internal Audit Services to be an independent, objective body providing assurance to the Group's governance, risk and control activities. Internal Audit comprises a dedicated team that, although managed from Massmart Corporate, is deployed Group-wide. The team is comprised of appropriately tertiary qualified and experienced personnel, including internal audit and retail/wholesale professionals, to ensure the delivery of a relevant and high-quality risk-based audit service. Pleasingly, 90% of the audit team is African, Coloured or Indian.

The responsibilities of Internal Audit are defined and governed by a charter approved by the Audit Committee and Board. Massmart Internal Audit Services has the unequivocal support of the Board and this Committee and has access to any part of or person in Massmart. All employees are expected to co-operate positively with Massmart Internal Audit Services.

Massmart Internal Audit reviews the significant business, strategic, governance, risk and controls across Massmart. Based on the internal audit results, an assessment is provided to the Committee on the level of assurance that can be placed on governance, control and risk management across the Group. A written assurance assertion is provided to the Committee annually which is then presented to the Board by the Audit and Risk Committee.

To ensure independence, Massmart Internal Audit reports functionally to the Massmart Audit and Risk Committee. Massmart does not apply the King III recommendation that this Committee be responsible for the appointment, remuneration, performance/assessment and where necessary, dismissal of the Chief Audit Executive. This process is conducted jointly by the Committee and the CEO and CFO as this is deemed more effective. The Committee approves the annual Internal Audit plan and the Internal Audit budgets. The CAE has unrestricted access to anyone in the organisation, has frequent and independent discussions and updates with the Committee Chairman and Massmart executive directors. The CAE holds a senior executive position in the organisation and has an influential impact across the business strategically and operationally. The Board provides Massmart Internal Audit with the authority to attend any strategic session, Committee or Board meeting and to have unrestricted access to all information across the Group to assist with its determination of the types and levels of governance, control and risk that exist across Massmart.

The Internal Audit team formally reports any material findings and matters of significance to the Divisional Boards on a quarterly basis and to the Audit and Risk Committee when it meets. The reports highlight whether actual or potential risks to business are being appropriately managed and controlled. Progress in addressing previous unsatisfactory audit findings is monitored until Internal Audit reports the proper resolution of the problem area.

Massmart Internal Audit applies a risk-based approach that aligns its audit methodology and audit universe to the internal and, where applicable, external risks facing Massmart. Every function and role across the Massmart Group is subject to Internal Audit review. The annual Internal Audit plan is determined through a continuous assessment and understanding of risks facing the Group. Where necessary, although infrequent, some audit tasks are outsourced to consultants with appropriate skills, for example, certain forensic work or highly specialised IT reviews.

There is significant Internal Audit involvement in Information Technology (IT) throughout the Group in order to ensure satisfactory IT governance and assurance. All new major IT systems in the Group require specific Massmart Internal Audit sign-off prior to implementation and all significant IT projects are subject to Internal Audit review. The Internal Audit role is twofold: to assess the process and controls around large IT projects at significant phases of these projects; and to assess the control environment within existing IT systems and the Group's general computer control environment. Internal Audit adopted the COBIT methodology for technology auditing several years ago.

  • Massmart Internal Audit Services is an objective body providing assurance concerning the Group's governance, risk and control activities.
  • Internal Audit has the unequivocal support of the Board and Audit and Risk Committee.
  • Internal Audit is considered independent and has been subjected to a quality review.
  • The Internal Audit team formally reports any material findings at the Divisional Boards and the Audit and Risk Committee on a quarterly basis.
  • There is significant Internal Audit involvement in Information Technology (IT) throughout the Group to ensure satisfactory IT governance and assurance.


Massmart Internal Audit and External Audit's scope and work plans, and those of other assurance providers, are properly coordinated and when appropriate are relied upon in order to provide efficient and effective assurance to the Committee and to reduce governance burden.

Massmart Internal Audit has had a quality review and was found to 'generally conform' (the standard required by the Internal Audit Institute and the highest standard possible).

Combined assurance

The Group applies a combined assurance model with a coordinated approach to all the Group's assurance activities. Under this approach, the Audit and Risk Committee has unfettered access to the Internal Auditors, External Auditors, all Group and Divisional executives, all and any documents and reports, and to any assurance providers. Annually, Internal Audit provides a written assurance assertion with regard to governance, control and risk management to the Committee.

The Committee is satisfied that the internal financial controls of the Group operated effectively throughout the 2011 financial year and can be relied upon.


The Board recognises its responsibility to report a balanced and accurate assessment of the Group’s financial results and position, its business, operations and prospects. Aspects of how this is achieved are covered in the section below.

The Board is responsible for the risk management programme that attempts to balance the risks and rewards in achieving the Groups objectives.

On behalf of the Board, the Audit and Risk Committee oversees the Group's risk management programme. Responsibility for risk management and loss prevention however, rests with the Group and Divisional Executive Committees.

Internal control framework

Massmart maintains clear principles and procedures designed to achieve corporate accountability and control across the Group. These are codified in the Massmart Governance Authorities that describe the specific levels of authority and the required approvals necessary for all major decisions at both Group and Divisional level. Through this framework, operational and financial responsibility is formally and clearly delegated to the Divisional Boards. This is designed to maintain an appropriate control environment within the constraints of Board-approved strategies and budgets, while providing the necessary local autonomy for day-to-day operations.