Corporate Governance Review

AfroCentric aspires to become a leading diversified global healthcare investment company and ensure our clients and other stakeholders benefit from our growth. AfroCentric’s Board adopts an integrated approach to managing the Group to ensure the governance structure actively identifies, responds to and communicates material issues impacting its ability to create value. Corporate governance provides the Board with a framework that supports transparency, sustainability, fairness and ethical conduct. One of the key principles in King IV is establishing a unitary board, which reflects a balance of power, with no individuals yielding unfettered power on the Board. AfroCentric has a Lead Independent Director and four Independent Non-executive Directors. We conclude that corporate governance is integral to our efficiency, growth and investor relations.

The Board adhered to the Board Charter and the Group complied with the JSE Listings Requirements, Companies Act and King IV. The Board ethically executed its responsibilities and reported on the outcomes of its direction in line with King IV.

The King IV application can be viewed at https://afrocentric-online.co.za/reports/afrocentric-ar2021/pdf/king-iv-application.pdf

As the stewards of public trust, the Board acts for the good of the organisation, exercising reasonable care in all decision-making without placing the organisation under undue risk. The Board applies and leverages sound corporate governance in improving performance by:

  • Enhancing accountability at all levels
  • Determining how governance requirements, particularly King IV, can be implemented to add organisational value
  • Guiding decision-making, reinforcing material disclosures and refining risk processes
  • Ensuring certain powers are delegated to management for operational efficiency
  • Implementing integrated reporting of all business aspects
  • Embedding risk controls in day-to-day processes and decision-making
  • Effectively identifying, understanding and managing stakeholders and their expectations to mitigate risk
Company Secretary

Billy Mokale is the Group Company Secretary. The Board is satisfied that he possesses the requisite qualifications and experience to perform his duties as the repository of governance knowledge, advice and assurance for corporate integrity. The Group Company Secretary is independent of the Board and is not a director of the Group. He is responsible for the efficient administration of the Company, particularly for ensuring compliance with statutory and regulatory requirements.

All directors have access to the Group Company Secretary. He continued providing dedicated support to the Board and its subcommittees on all matters of governance, risk, compliance and legal. Along with the Chairman, the Group Company Secretary regularly reviews the Board and AfroCentric’s governance processes to ensure they are fit for purpose. He also recommends or develops initiatives to strengthen AfroCentric’s governance.

The Group Company Secretary is the focal point of directors and employees’ share trading, JSE Listings Requirements, and notification of open and closed periods.

The Board of directors

The Board’s powers and responsibilities are defined in the Board Charter, which is annually reviewed and approved. The Board Charter aligns with the JSE Listings Requirements, the Companies Act and King IV and can be viewed at https://afrocentric-online.co.za/reports/afrocentric-ar2021/pdf/board-charter.pdf

The Board’s leadership and judgement direct the Group to sustainable growth and acting in the best interests of the business and its stakeholders. The Board is responsible to shareholders for creating and delivering sustainable shareholder value by managing the Group’s businesses. Therefore, it determines the strategic objectives and policies required to deliver long-term value. In providing overall strategic direction, the Board ensures management strikes an appropriate balance between long-term growth and short-term objectives.

The Board adheres to the Companies Act stipulations on skill, care and fiduciary duties. This is reflected in the conflicts of interest policy, which also applies to directors. In addition to annual declarations and the schedule 13 declarations to the JSE on new appointments, declarations of interest against the agenda items or contracts are confirmed at each Board and committee meeting and are recorded in the minutes.

Board and committee meetings

During the year, the Board held four scheduled meetings in addition to the AGM and Board strategy session. Before or following a Board meeting, Non-executive Directors have the unrestricted right to request any senior executive to clarify or explain any matter. This facilitates the Board’s discussions and assists in reaching prompt and informed decisions.

Operational responsibility for the Group’s subsidiary companies is delegated to the individual boards, which are accountable to the main Board for managing the businesses. Operational reports are presented to the Board, prompting interactive engagements at meetings.

  Meeting attendance
Member
    ARC ICT IC SEC RC NC
Dr Anna Mokgokong
Chairman and Non-executive Director
4/4*           2/2*
Joe Madungandaba
Deputy Chairman and Non-executive Director
4/4     4/4*   5/5  2/2 
Dr Nkateko Munisi
Non-executive Director
4/4     4/4  4/4*    
Ahmed Banderker
Group CEO and Executive Director
4/4 4/4  4/4 4/4  3/4  4/4  2/2 
Hannes Boonzaaier
Group CFO and Executive Director
4/4 4/4  4/4 4/4  4/4     
Willem Britz
Executive Director
4/4     3/4    1/4   
Bruno Fernandes
Lead Independent Non-executive Director
4/4 4/4*   4/4       
Sello Mmakau
Group CIO and Executive Director
4/4 3/4  4/4        
Alice le Roux
Independent Non-executive Director
4/4 4/4           
Mmaboshadi Chauke
Independent Non-executive Director
3/4 4/4           
Dr Shirley Zinn
Independent Non-executive Director
4/4       4/4  5/5*  
Jurie Strydom
Non-executive Director
4/4            
Gary Allen
Non-executive Director
4/4 1/1    1/1    1/1   
* Committee Chairperson.
** The ICT tSeering Committee is ant erinal managemetn ocmmittee.

The Board’s agenda centred mainly on the following key matters for the execution of its oversight role:

  • Approving the Group strategy
  • Overseeing the relationship with key stakeholders of the Group
  • Approval of capital management, financial results, dividend policy, human resource development and application of corporate governance throughout the Group
Board composition

AfroCentric has a unitary Board structure with four Executive Directors, five Non-executive Directors and four Independent Non-executive Directors. The Board’s members have appropriate industry knowledge and qualifications and sufficiently diverse experience to effectively discharge their duties.

The Non-executive Chairman of the Board is Dr Anna Mokgokong. The Chairman is not classified as independent. Therefore, to strengthen good corporate governance as recommended by King IV, Bruno Fernandes is the appointed Lead Independent Nonexecutive Director. The roles and responsibilities of the Chairman and the CEO are separate.

Appointment and retirement of directors

In line with the Group’s MOI, one-third of directors are required to retire by rotation at the AGM and may offer themselves for reelection. Being eligible for re-election, directors offer themselves for reappointment. Directors appointed during the year are required to have their appointments ratified at the following AGM.

Board effectiveness

Board evaluations are critical structural processes for assessing the effectiveness of the Board and its committees. In line with King IV, the Board and sub-committees’ performance was evaluated and reported to the Nomination Committee as part of its adjudication process on effective performance of individual Board members. In consultation with the Chairperson, the Group Company Secretary is responsible for implementing any actions emanating from this evaluation to improve the Board’s effectiveness. The Board is satisfied with the overall execution of its oversight role, and there is a joint effort to ensure the Board adheres to its strategic directive.

Directors’ remuneration

Non-executive Directors do not have a service contract, and all their remuneration for services as directors is in terms of approval by the shareholders at the AGM. Board remuneration is based on a retainer determined by the Remuneration Committee.

The Remuneration Committee determines Executive Directors’ remuneration according to AfroCentric’s policy. AfroCentric’s executive remuneration is based on the principle of ‘pay for performance’, where members are remunerated in line with the success criteria measured against the Group balanced scorecard. Our remuneration policy represents good corporate governance, as outlined in King IV.

Please see directors’ remuneration for further information.

Board committees and attendance

The Board established and delegated specific roles and responsibilities to sub-committees. Each committee’s roles, responsibilities and membership follow their Board-approved charter. The directors have delegated particular responsibilities to committees to assist the boards of AfroCentric Investment Corporation Limited and the major subsidiary, AfroCentric Health (RF) Proprietary Limited, in meeting their oversight responsibilities. However, the delegation of authority does not absolve the Board or its directors of their fiduciary duties. The directors confirm that the committees have functioned within their charters during the financial year. The Board and committee charters embrace the principles of King IV.

The AfroCentric Health Limited (AHL) Executive Enterprise Risk Committee and Transformation Committee do not operate at Group level. The Board relies on the sub-committees of AHL and trusts them to function and perform as intended and update the Board on any material matters.

The Board is satisfied that the sub-committees fulfilled their responsibilities in accordance with their respective mandates for the reporting period.

Audit and Risk Committee

Ensuring adequate accounting and internal controls remains critical to support continued value creation and to protect against value erosion.

This committee is chaired by and comprises only Independent Non-executive Directors.

THE ROLE OF THE COMMITTEE

The role of the Audit and Risk Committee is to provide independent oversight, which includes, among others:

  • The effectiveness of the organisation’s assurance functions and services, focusing on combined assurance processes
  • The integrity of the AFS and, to the extent delegated by the Board, other external reports issued by the organisation
  • Assurance coverage of the internal and external audit function across the Group
  • Confirming the independence of the external audit firm and the designated auditor
Composition
Member Number of meetings Meeting attendance (%)
Bruno Fernandes Lead Independent Non-executive Director (Chairperson) 4/4 100
Alice le Roux Independent Non-executive Director 4/4 100
Mmaboshadi Chauke Independent Non-executive Director 4/4 100
Invitees    
Ahmed Banderker* Group CEO and Executive Director 4/4 100
Hannes Boonzaaier Group CFO and Executive Director 4/4 100
Sello Mmakau Group CIO and Executive Director 3/4 75
Gary Allen** Non-executive Director 1/1 100
* Ahmed Banderker attends the committee in his ex-officio capacity and is a permanent invitee as the Group CEO.
** Appointed as a permanent invitee to the ARC on 8 March 2021.

100%
INDEPENDENCE OF COMMITTEE

KEY MATTERS OF FOCUS

  • Approval of the audit strategy and recommendation of the audit fee for approval
  • Determination of the nature and extent of non-audit services
  • Assessment of the effectiveness of the Chief Audit Executive and the work and processes of the internal audit function
  • Satisfied itself with the appropriateness of the expertise and experience of the Group CFO
  • Reviewed and approved year-end results and announcements (recommended for Board approval)
  • Checked profit announcements and made recommendations to the Board
  • Reviewed and approved all major accounting policy decisions affecting year-end results
  • Examined the risk and opportunities register
  • Reviewed and confirmed the updated authority levels
  • Assessed the Group’s position on contingent liabilities and other claims at financial year-end
  • Reviewed non-audit services fees paid to the external auditors
Investment Committee

With the continued uncertainty within the current context, ensuring investment decisions support resilience and business sustainability is critical.

THE ROLE OF THE COMMITTEE

The Investment Committee oversees the approval processes for investments. These ensure alignment with the Group’s agreed strategies and values.

Composition
Member Number of meetings Meeting attendance (%)
Joe Madungandaba Non-executive Director (Chairperson) 4/4 100
Dr Nkateko Munisi Non-executive Director 4/4 100
Bruno Fernandes Lead Independent Non-executive Director 4/4 100
Gary Allen* Non-executive Director 1/1 100
Invitees    
Ahmed Banderker** Group CEO and Executive Director 4/4 100
Hannes Boonzaaier Group CFO and Executive Director 4/4 100
Willem Britz Executive Director 3/4 75
* Appointed as member of the Investment Committee on 8 March 2021.
** Ahmed Banderker attends the committee in his ex-officio capacity and is a permanent invitee as the Group CEO.

KEY MATTERS OF FOCUS

  • Considered the acquisitions or disposals and first-time investments in the Group
  • Considered the viability of capital projects and/or acquisitions and/or disposals and their potential effect on the Group’s cash flow and overall strategy
  • Monitoring of investment returns post acquisition reviews
  • Managed capital allocation within the Group
  • Ensured due diligence procedures when acquiring or disposing of assets
  • Reviewed and recommended the Group’s dividend policy for Board approval
ICT Steering Committee

We’re leveraging technology to achieve our ultimate aim of making quality healthcare accessible for all.

THE ROLE OF THE COMMITTEE

The ICT Steering Committee oversees all ICT initiatives associated with goals from the Group’s ICT strategy.

Composition
Member Number of meetings Meeting attendance (%)
Sello Mmakau Group CIO and Executive Director (Chairperson) 4/4 100
Ahmed Banderker Group CEO and Executive Director 4/4 100
Hannes Boonzaaier Group CFO and Executive Director 4/4 100

The ICT Steering Committee is an internal management committee.

A decision was taken during the year to appoint a suitable independent Non-executive Director with the required ICT skills and experience in due course. The ICT Steering Committee reports to the Audit and Risk Committee, as well as the Investment Committee.

KEY MATTERS OF FOCUS

  • Reviewed all ICT policies, including the business continuity plan
  • Reviewed and recommended the digital ICT strategy
  • Monitored progress of development project
  • Ensured the alignment of the business and technical project management functions
  • Recommend budget spend for ICT infrastructure and software development
  • Monitored cybersecurity threats
Nomination Committee

Determining the appropriate structure and composition of the Board within a constantly evolving context will enable the Group’s ability to create sustainable value.

THE ROLE OF THE COMMITTEE

The Nomination Committee provides recommendations to the Board for all new Board and committee appointments.

Composition
Member Number of meetings Meeting attendance (%)
Dr Anna Mokgokong Non-executive Director (Chairperson) 2/2 100
Joe Madungandaba Non-executive Director 2/2 100
Invitees    
Ahmed Banderker* Group CEO and Executive Director 2/2 100

*   Ahmed Banderker attends the committee in his ex-officio capacity and is a permanent invitee as the Group CEO.

KEY MATTERS OF FOCUS

  • Formulated and adopted a clear process for the selection, nomination and appointment of directors to the Board and monitoring performance
  • Provided recommendations to the Board on appointing new Executive and Non-executive Directors, including poviding recommendations on the composition of the Board and the balance between Executive and Nonexecutive Directors appointed to the Board
  • Ensured succession plans are in place, particularly for the Chairperson and Group CEO positions
  • Liaised with the Board in the preparation of the committee’s report to shareholders, as required
  • Assessed and deliberated the outcome of the Independent Board Assessment report
Remuneration Committee

Remuneration that supports value creation across all six capitals is a critical focus.

THE ROLE OF THE COMMITTEE

The Remuneration Committee’s mandate is to ensure remuneration supports the business’s strategic aims and that remuneration is sufficient to recruit, motivate, and retain senior executives while complying with regulatory and governance principles.

Composition
Member Number of meetings Meeting attendance (%)
Dr Shirley Zinn Independent Non-executive Director (Chairperson) 5/5 100
Joe Madungandaba Non-executive Director 5/5 100
Gary Allen* Non-executive Director 1/1 100
Ronnie Wa-Mundalamo Independent member 5/5 100
Invitees    
Ahmed Banderker** Group CEO and Executive Director 4/4 100
Willem Britz Executive Director 1/4 25
* Appointed as member of the Remuneration Committee on 8 March 2021.
** Ahmed Banderker attends the committee in his ex-officio capacity and is a permanent invitee as the Group CEO.

KEY MATTERS OF FOCUS

  • Agreed and developed the Group’s general policy on executive and senior management and employee remuneration. This general policy will be referred to shareholders to pass a non-binding advisory vote on AfroCentric’s annual remuneration policy
  • Approved the remuneration report for purposes of disclosure as per King IV
  • Determined the specific remuneration packages for Executive Directors of the Company
  • Identified the criteria necessary to measure the performance of Executive Directors in discharging their functions and responsibilities
  • Reviewed the terms and conditions of Executive Directors’ service agreements, taking into consideration information from comparable companies, where relevant
Social and Ethics Committee

Ensuring the Group demonstrated its purpose throughout the Covid-19 pandemic has remained a critical focus for the committee.

THE ROLE OF THE COMMITTEE

The Social and Ethics Committee assists the Board with responsible business practices within the Group. In addition, it monitors Group activities in line with section 72 of the Companies Act as amended, terms of reference and other legal requirements.

Composition
Member Number of meetings Meeting attendance (%)
Dr Nkateko Munisi Non-executive Director (Chairperson) 4/4 100
Dr Shirley Zinn Independent Non-executive Director 4/4 100
Invitees    
Ahmed Banderker* Group CEO and Executive Director 3/4 75
Hannes Boonzaaier Group CFO and Executive Director 4/4 100

*  Ahmed Banderker attends the committee in his ex-officio capacity and is a permanent invitee as the Group CEO.

KEY MATTERS OF FOCUS

  • Ensured Group compliance to the B-BBEE Act
  • Reviewed the Company’s environmental, health and public safety performance, including the impact of the Group’s activities, products and services
  • Ensuring the Group works towards ESG objectives
  • Reviewed results of the Employee Climate Survey that detailed the Company’s standing in terms of the International Labour Organization’s Protocol on decent work and working conditions, its employment relationships (such as treatment of unions and labour disputes), skills development, the promotion of equality and prevention of unfair discrimination (including policies and interventions)
  • Oversees stakeholder engagement
  • Monitored ethical standards within the Company
Governance policies, procedures and processes
Compliance

During the year, we focused on the following material regulatory developments impacting our business:

  • Group compliance universe: The legislative compliance universe was reviewed, monitored and reported on. A critical framework that facilitates a compliance environment is our approved compliance universe containing applicable legislation. The legislation is categorised according to significance, namely core/primary, secondary and topical.
  • POPIA: We complied with legislative requirements and the General Data Protection Regulation. To effectively manage this project, the AfroCentric Group adopted a three-step approach to track progress. Firstly, discover as much information as possible; secondly, conduct workshops or interviews to assess the AfroCentric Group’s compliance with POPIA; and thirdly, document findings by drafting and delivering responses on the gap analysis report, including actions required to ensure compliance.
Conflicts of interest
Declaration of interest

The Group has policies in place to manage potential conflicts of interest. Directors sign a declaration stating that they are unaware of any undeclared conflicts of interest due to their interest in, or association with, any other company. In addition, directors disclose interests in contracts and related-party transactions for the Board to assess whether such transactions are conducted on arm’s length commercial terms. In such instances, the directors in question will recuse themselves from deliberations. All information acquired by directors while performing their duties, which is not disclosed publicly, is treated as confidential. Directors may not use, or appear to use, such information for personal advantage or the advantage of third parties.

Dealings in shares

Directors and officers are prohibited from dealing directly or indirectly in AfroCentric’s ordinary shares based on unpublished price-sensitive information regarding its business or affairs. Similarly, no director or officer may trade in the Company’s shares during a closed period, as determined by the Board according to JSE Listings Requirements. The Group’s closed periods are between the last day of the reporting period and the publication of the results and during those periods when the Group trades under a cautionary note. The Group Company Secretary regularly disseminates written notice to all directors and executive management throughout the Group, highlighting the provisions of the Financial Markets Act and JSE Listings Requirements, and informing them that dealing in AfroCentric’s shares during specific restricted periods may not be undertaken. The Board reviews its current share policy and updates the policy to improve processes. This was carried out during the year under review.

No compliance concerns were raised during the year in respect of directors’ dealings. An information and share dealings policy exists and other controls are in place. The Board was inducted on the JSE rules regarding share dealings. Updates are provided to the Board via the Group Company Secretary.

Enterprise risk management

Our robust approach to risk management supports the implementation of our strategy and enables the Group to mitigate risks through identification of solutions and opportunities.

AfroCentric’s risk management is overseen by the Board and its sub-committees and managed by governance structures. These structures are chaired by senior members of the management team and are accountable to Board sub-committees. Risk management systems are effectively governed and managed by the Group risk management function.

Enterprise Risk Management framework

AfroCentric’s Enterprise Risk Management (ERM) framework is aligned with King IV principles, the Committee of Sponsoring Organisations of the Treadway Commission’s (COSO’s) ERM framework, and the International Organization for Standardization (ISO) 31000:2018 risk management framework. The ERM framework provides a structured and systematic enterprise-wide approach to risk management within the Group.

We gain insight into our risk landscape by considering external and internal factors that could positively or negatively influence our strategic objectives.

Reporting, communication and consultation

The Board and senior management receive regular reports on the risk profile.

Training promotes risk management across the Group.

Identification

Strategic risks are identified at Group level and cascaded down to business units, which identify operational risk through their respective risk registers.

IT, cybersecurity, economic/growth, people, regulatory and compliance, financial, legal, and internal fraud and external fraud risks and opportunities are identified.

Analysis

The Group assesses the likelihood of the risks in the absence of controls and provides a residual risk rating. The Group has Board-approved risk quantification levels to measure the potential impact of risks.

Evaluation

The risk management system is regularly assessed by the Group, which implements internal controls for each risk. The BarnOwl risk management system is used to evaluate each control.

Categorising residual risks

Each residual risk is categorised as high, medium or low impact.

Formulation of risk mitigation strategies

The Board approves the risk management policy and framework that define the Group’s risk appetite and tolerance levels.

Monitoring and reviewing risks

We consistently monitor ERM and regularly conduct comprehensive risk assessments.

Overview of our top risks

For information on how we are responding to our risks and identifying related opportunities, please see material matter discussion.

1. IT RISKS

Trend   Risk rating
People risk: Skills shortage or inability to attract necessary dedicated resources.   20
IT infrastructure: Obsolete and legacy IT infrastructure that has reached end-of-life and is no longer supported.   12
System stability/availability: Unavailability and unreliability of critical IT systems leading to business disruption.   9
Cybersecurity: Ineffective cyber defence controls and mechanisms to protect critical infrastructure, systems and data against malicious cyber attacks.   4
Technologies: Remaining relevant in the face of new disruptive technologies.   4

2. ECONOMIC/GROWTH RISKS

     
NHI: Uncertainty surrounding implementation could impact investor perception, and Medscheme’s client base may be affected once implemented.   12
Transformation: Maintaining level 1 B-BBEE status.   16
Membership: Attracting/retaining members for our clients.   16
Loss of clients: Reduction of client base.   12
Slower than desired integration of new acquisitions: Timeous integration of new acquisitions into the Group to extract the synergistic value as intended.   9

3. BUSINESS/REPUTATIONAL RISK

     
COVID-19 risk: Failure to implement COVID-19 regulations and ensure continuity of the business.   9
CMS Section 59 investigation: The current CMS investigation into forensic practices (see Our stakeholders for more information).   9
Business continuity management: Failure to ensure proper business continuity in the event of a disaster/crisis in the organisation.   8

4. EXTERNAL FRAUD AND INTERNAL FRAUD

     
External fraud: Fraud, waste and abuse – losses due to acts by a third-party healthcare professionals, facilities and members defrauding schemes and escalating healthcare costs.   12
Internal fraud: Losses resulting from internal employees involved in unauthorised activity with the intention to defraud the Company, including any form of bribery, corruption, dishonesty or unethical behaviour.   9

5. PEOPLE RISKS

     
Organisational culture risks: The current organisational culture may inhibit individual and Company performance and may lead to the loss of critical skills.   12
Staff retention: Failure to attract/retain critical staff and scarce skills.   12

6. REGULATORY AND COMPLIANCE RISKS

     
POPIA :Non-compliance to POPIA regulatory requirements.   9

7. FINANCIAL RISKS

     
Budget/growth target: Highly stretched target of 15% growth resulting in high-risk projects/clients/acquisitions being made.   8

8. LEGAL RISKS

     
Contractual agreements: Failure to prevent, detect contraventions of the terms and provisions of contractual agreements and related documents entered into with clients, counter parties or suppliers.   12
NHA litigation: Alleged Breach of Copyright claim against Medscheme (see Our stakeholders for more information).   12
Risk appetite and tolerance

A detailed Board-approved risk appetite statement for individual risk categories applies to all Group entities. The Group did not experience any material breaches or undue, unexpected or unusual risks beyond risk appetite levels in 2021.

Business continuity planning

Throughout the COVID-19 pandemic, increased focus was placed on business risk in relation to business continuity management to ensure our services, which were deemed as essential, continued. We invoked business continuity plans (BCPs) at the start of the pandemic and enabled remote working across the Group as we continued to deliver these essential services. Additionally, we focused on ensuring that our IT systems were stable and available, and undertook stress-testing scenarios and modelling potential economic outcomes to determine strategic direction and whether changes to the BCPs were necessary. We continue to institutionalise BCP within our processes, including audited BCP tests for mitigating against any potential disruptions to operations.

Combined assurance

Our combined assurance framework is supported by the three lines of defence model that specifies and delegates accountability for managing, overseeing and independently assuring risk mitigation across the Group. The duties of each line of defence are described below.

The combined assurance framework provides principles and guidelines used in implementing combined assurance across the Group and continues to evolve as this process is embedded and matures.

Internal controls

Organisational policies, procedures, structures and approval frameworks provide direction, accountability and segregation of responsibilities and contain self-monitoring mechanisms. Operational and executive management closely monitor the controls and actions taken to correct weaknesses as they are identified. The Head of Group Finance reports directly to the Group CFO, who is responsible for the overall financial control and reporting.

Standards of disclosure increased significantly, and internal governance structures and roles were reviewed and, where necessary, improved to reflect best practices. This occurred at Board and management levels. An internal audit charter governs the internal audit function. The charter is annually reviewed and approved by the Audit and Risk Committee.

Internal audit

Internal Audit is an independent, objective assurance and consulting function that is designed to add value and improve the organisation’s operations.

The vision of the internal audit department is to add value on a proactive, and independent basis to assist in the achievement of the Group’s strategy and objectives while upholding AfroCentric’s core values at all times.

The approved internal audit charter directs and informs the internal audit activities, which includes the application of the core principles as listed below to ensure the function is operating effectively:

  • Demonstrates integrity
  • Demonstrates competence and due professional care
  • Is objective and free from undue influence
  • Aligns with the strategies, objectives and risks of the Group and Medical Schemes
  • Is appropriately positioned and adequate
  • Demonstrates quality and continuous improvement
  • Communicates effectively
  • Provides risk-based assurance
  • Is insightful, proactive and future focused

The Chief Audit Executive reports at each Audit and Risk Committee meeting and has a direct reporting line to the Chairman. Internal Audit operates independently of executive management and is not authorised to perform any operational duties within the Group. For administrative purposes, the Chief Audit Executive reports to the Group CFO.

The internal audit team is fully capacitated with 24 professionals who collectively possess the knowledge, skills, experience, tenure and other competencies to effectively and competently fulfil its mandate. Specific specialist skills and additional resources are obtained from third parties, where required.

All audit engagements are performed in accordance with the Standards for Professional Practice of Internal Auditing (Standards) and Code of Ethics, as contained in the International Professional Practices Framework. The audits are performed by the utilisation and integration of skills available within the team, along with an effective risk-based planning approach and audit tools that facilitates the delivery of the Annual Internal Audit Plan.

Internal Audit provides assurance to the Audit and Risk Committee regarding management’s assertions in relation to internal controls and processes, achievement of objectives, effectiveness, and efficiency of operations, reliability of financial information and compliance with laws and regulations.

The Standards recommend that every audit function must have an independent review performed once every five years. Internal Audit abides by this, and as such an independent Quality Assurance Review (QAR) is performed at least once every five years. The objective of a QAR is to determine whether an internal audit function is compliant with the International Standards of Internal Auditing promulgated by the Institute of Internal Auditors and to determine whether the internal audit function is effectively meeting management’s needs.

AfroCentric’s internal audit was rated as “Generally Conforms” by the three previously completed QAR reviews performed by the Institute of Internal Auditors. This was the best possible rating based on the rating convention in place at the time of the reviews. The evaluator has concluded that the relevant structures, policies and procedures of the activity, as well as the processes by which they are applied, comply with the requirements of the individual Standard or element of the Code of ethics in all material respects.

Information and security governance

IT governance is defined in King IV as the effective and efficient management of IT resources to facilitate the achievement of corporate objectives. It exists to inform and align decisionmaking for IT planning, policy and operations to meet business objectives and to ensure risks are managed appropriately.

The AfroCentric Group applies the principles of King IV in its governance frameworks, as far as it is appropriate, and regards the requirements of Cobit, ISO 27001, ITIL and ISO 38500:2015 in IT governance. The Group adopted a formal IT governance framework to standardise IT practices and formalise the good governance requirements stipulated in King IV.

In addition to applying appropriate governance across our IT areas, external auditors conducted an extensive review of our ICT controls (ISAE3402) within our governance framework. The report was shared with our clients as further assurance.