Internal audit

The Board of Directors (“Board”) of RFS (”the Company”) is ultimately responsible for overseeing the establishment of effective systems of internal control in order to provide reasonable assurance that the Company’s financial and non-financial objectives are achieved whilst the management is responsible for the integrity of financial information, operating information and business controls.  The Board discharges this responsibility through the establishment of an Internal Audit Function (“IAF”).

The IAF’s objective is to objectively evaluate the business processes and internal controls so as to appropriately manage risk and support management’s commitment to a strong control environment and operational excellence. In this regard the IAF is responsible for identifying improvements in the control environment that impact financial, operational and compliance issues faced by the Company. Specifically, the IAF is responsible to:

  • Review the reliability and integrity of financial and operational information and the means used to identify, measure, classify and report such information.
  • Review the means of safeguarding assets and, as appropriate, verifying the existence of assets.
  • Review the implementation and operation of computer-based systems to determine whether objectives are achieved.
  • Evaluate the Company’s governance processes.
  • Systematically analyse and evaluate business processes and associated controls.
  • Review the systems established by management to ensure compliance with policies, procedures, laws and regulations which could have a significant impact on operations.
  • Appraise the adequacy of the action to be taken by management to correct reported weaknesses, including continuing reviews until there has been a satisfactory resolution of the matter.
  • Perform an assessment of the effectiveness of the risk management process.
  • Provide a source of information, as appropriate, regarding instances of fraud, corruption, unethical behavior, irregularities and errors and omissions.
  • Conduct special examinations at the request of management and/or the Board of Directors.

The IAF is established and its responsibilities are defined by the Board.  The Board is therefore responsible to maintain a professional audit staff complement with sufficient knowledge, skills, experience and professional certifications to meet the requirements set by the Board.  This include specifically a suitably qualified individual who has internal audit as his/her express work responsibility to perform the role of Internal Audit Manager and providing staff with sufficient continuing professional development to ensure that the IAF continues to be suitably staffed with qualified individuals who possess the appropriate knowledge and experience in order to ensure adequate coverage of the audit environment.

To maintain adequate independence to allow the IAF to form its judgments objectively, the IAF reports administratively to the Director: Support Services but reports functionally to the Board via the Internal Audit Committee. The IAF is therefore also not required to perform any operational duties, including initiating or approving accounting transactions, for the Company or to direct the activities of any employee in the Company or to assume any role other than an advisory function in the design, installation or operation of control procedures.
 
The IAF has free and unrestricted access to management, employees, activities, physical locations and to all information considered necessary for the proper execution of the approved annual internal audit plan.  The IAF is however subject to strict accountability for safekeeping and confidentiality of any information accessed in the performance of its duties.  Any attempted scope limitation by management of the IAF in performing its duties in the execution of the Board approved internal audit plan must be reported to the Board.

The annual allocation of internal audit resources to the different possible activities is established on the basis of an approved internal audit plan.  The Board is responsible for approving the plans based on the scope of work agreed with the Internal Audit Committee and the Exco.  Progress against the plan is reviewed at quarterly Board meetings and monthly Internal Audit Committee and Exco meetings. The internal audit plan is compiled to ensure coverage of the operations, risks and processes over a maximum of a three-year rolling period and the identification and prioritisation of audit areas is based on the assessment of risks pertaining to the achievement of the Company’s objectives and the related audit significance.

All IAF reports are agreed with management of the process/department being audited in terms of factual findings and proposed action before they are submitted to higher management levels, the Internal Audit Committee, Exco and finally, the Board. The only possible exception is where management fraud is suspected.