Internal audit

Growthpoint's policy is to provide and support an internal audit function that operates as an independent, objective assurance and consulting activity. This assists us to accomplish our objectives through a systematic, disciplined approach to evaluating and improving the effectiveness of our risk management, control and governance processes.

The Board has assumed responsibility for the internal audit function, set the direction for the internal audit arrangements and delegated oversight of internal audit to the Audit Committee.

The internal audit function is provided in-house and is the responsibility of the Head of Internal Audit and Risk Management, whose appointment, remuneration and removal are decided on in consultation with the chairmen of both the Audit and Risk Management Committees. The Head of Internal Audit and Risk Management is a member of The Institute of Internal Auditors and an associate member of the South African Institute of Chartered Accountants and subject to the code of ethics of both professional bodies.

Authority

The internal audit function derives its authority from the Audit Committee to which it reports every quarter. This committee is guided by its Terms of Reference. The objectives, authority and responsibility of the internal audit function are governed by a formal charter. Internal audit personnel are authorised to review all areas of operation. They have complete and unrestricted access to all activities, records, property and employees. Additionally, the Head of Internal Audit and Risk Management has unrestricted access to the chairman of the Audit Committee, as well as committee members in the absence of management, at quarterly meetings, if required.

Responsibilities

The responsibilities of the internal audit function include:

Internal audit processes

The scope of the internal audit function and the assignments planned for the following financial year are presented, discussed and approved at the last Audit Committee meeting of each financial year. The internal audit plan is based on an assessment of Growthpoint's key areas of risk in current operations, which is made as part of the risk management process as well as its stated objectives.

The internal audit plan is, however, subject to change during the financial year depending on:

Both executive and operational management carry the responsibility for establishing and maintaining the systems of internal control necessary to provide the directors of Growthpoint with reasonable assurance that business objectives will be attained. Internal audit's role is to assist the Board and management in assessing whether the systems of internal control are both adequate and effective.

Adequacy is defined as to whether the key controls address the related significant inherent risks. Effectiveness is defined as to whether the key controls are operating as intended.

The Head of Internal Audit and Risk Management reports quarterly to the Audit Committee as to the adequacy of the internal control environment and any significant breakdown in internal control, and to the Risk Management Committee as to the adequacy and effectiveness of risk management processes.