Audit and Risk Committee Jobs

Job Description

The Audit and Risk Committee has specific roles and responsibilities across various areas.

Integrated Reporting

The Committee oversees integrated reporting. It must consider all factors and risks that affect the integrity, quality, and timing of the integrated report. This includes the Annual Financial Statements, Annual Performance Report, Risk Management Report, and Annual Report.

• Review and recommend the annual financial statements to the Board for approval.
• Review and comment on financial reporting, including quarterly, half-year, and annual statements before Board submission. Focus on changes in accounting policies, major judgments, significant audit adjustments, going concern status, compliance with standards and laws, reliability of financial information, internal controls, and irregular expenditure.
• Review disclosure of sustainability issues in the integrated report to ensure reliability.
• Draft and approve the annual Audit Committee report.
• Oversee assurance of sustainability information in the Integrated Report.
• Disclose technology and information arrangements, key focus areas, changes, acquisitions, remedial actions, monitoring effectiveness, and future focus.
• Recommend engaging external assurance providers for material sustainability issues.
• Recommend the integrated report for Board approval.

Combined Assurance

The Committee ensures a combined assurance model, plan, and framework is approved and applied for coordinated assurance activities.

• Ensure combined assurance addresses significant risks to CSOS.
• Monitor relationships between external assurance providers and management.
• Monitor adequacy and effectiveness of assurance from other providers, including coverage, methodology, and reporting.
• Monitor implementation of the combined assurance plan.

Internal Audit

The Committee oversees internal audit.

• Recommend the internal audit function structure to the Board for approval, whether internal or outsourced.
• Consider recommending outsourcing the Internal Audit function.
• Recommend removal of the Internal Audit service provider if needed.
• Review the rolling strategic internal audit plan based on key risks.
• Monitor internal auditors’ performance against plans quarterly and annually.
• Approve the three-year rolling plan, annual plan, Internal Audit Charter, and policies.
• Assess objectives, activities, qualifications, performance, and resources of internal audit.
• Consider significant audit findings and management’s responses.
• Review and approve internal audit quarterly reports and management’s responses.
• Meet separately with internal auditors at least once a year to discuss issues, difficulties, or disagreements.
• Ensure cooperation between internal and external audit functions per the combined assurance model.
• Annually evaluate independence and effectiveness of Internal Audit; ensure adequate resources and standing.
• Ensure internal audit undergoes independent external quality review per Institute of Internal Auditors Standards.
• Quarterly monitor outcomes of internal and external quality assurance assessments.

External Audit

The Auditor-General serves as the external auditor of CSOS. After consulting the Committee, the Auditor-General determines audit standards, nature, scope, and complaint procedures.

The Committee must:

• Discuss and review audit terms, nature, scope, procedures, and engagement with external auditors before the audit.
• Monitor and report on external auditor independence.
• Review quality and effectiveness of the external audit process.
• Ensure direct access for external auditors to the Committee or Chairperson.
• Ensure no restrictions on auditors’ scope.
• Consult periodically with external auditors on internal controls and financial records.
• Review external audit reports to ensure management takes prompt action.
• Review significant disagreements between management and auditors.
• Meet regularly with external auditors, including at planning and reporting stages.
• Meet external auditors at least once a year without management.

Review audit findings with external auditors, including major issues, judgments, errors, representation letters, management letters, and responses.

• Advise Board on risks from irregular, fruitless, and wasteful expenditure in procurement.
• Review and approve external audit plans, budgets, and scope; compare costs against budget.
• Review management’s responses to ensure alignment with risk management framework.
• Quarterly review implementation of external audit recommendations and remedial actions.

Risk Management

The Committee is key to the risk management process. It oversees financial reporting risks, internal controls, fraud and corruption (related to reporting and supply chain), technology and information risks, sustainability risks (financial, ESG), whistleblower complaints, investigations, Loss Control Committee reports, Investigations Register, and governance risks, including compliance with laws.

• Ensure key risks are managed effectively; determine priorities and inform Board of critical risks with recommendations.
• Recommend overall integrated risk management strategy, including Fraud Prevention Plan, to the Board and oversee implementation.
• Receive assurance from management on risk management effectiveness.

The Committee is responsible for:

• Overseeing development and review of risk management framework, policy, and mitigation plan for Board approval.
• Monitoring implementation through systems and processes.
• Ensuring risk management plan is disseminated and integrated into daily activities.
• Ensuring Board reviews key risks register regularly.
• Ensuring management monitors the plan by measuring performance, progress, environmental changes, risk responses, and learning from events.
• Facilitating risk assessments and evaluating strategies for material risks.
• Making recommendations on risk tolerance and appetite; monitoring compliance.
• Reviewing and approving risk management strategy; recommending skills and actions.
• Reviewing environmental changes, new risks, and management’s risk reports.
• Reviewing insurance coverage adequacy.
• Monitoring procedures for information disclosure to third parties.
• Ensuring frameworks anticipate unpredictable risks.
• Evaluating management’s role in integrating risk management.
• Handling other risk matters delegated by the Board.
• Providing formal opinion to Board on risk management effectiveness.
• Reviewing risk management reporting for the integrated report.
• Ensuring business continuity policy, strategy, and plan are developed, implemented, and monitored.
• Reviewing Loss Control Committee reports and monitoring recommendations with HR Committee.

Information and Technology (IT)

The Committee oversees IT risks and controls, including cybersecurity, disaster recovery, information security, and privacy. It covers IT related to audit, financial reporting, and CSOS going concern.

• Receive and review reports on IT control effectiveness for oversight.
• Require regular assurance on IT infrastructure, cybersecurity, and governance.
• Monitor IT controls, financial risks, and fraud risks related to reporting.
• Monitor IT implementation and risks.
• Oversee IT Governance (alignment, risk, performance, resources, value) by assuring policies and frameworks like COBIT, ISO 27001, and King IV.
• Ensure integration of people, technologies, risks, third-party management, value assessment, responsible disposal, ethical use, and legal compliance.

Recommend for Board approval:

• ICT Strategy.
• ICT Governance Terms of Reference.
• IT Governance Policy.
• Cyber Security Strategy.

Stakeholder Engagement

• Periodically engage with stakeholders or review risks, concerns, and complaints, including whistleblower channels.
• Oversee ethical compliance, corporate citizenship, and organizational ethical culture.

Appointment of the Chief Audit Executive

• Approve appointment, employment contract, and remuneration of the Chief Audit Executive.
• Approve performance agreement and appraisals.

Job Requirements

Minimum Requirements – Position 1 (Finance/Audit Focus)

• Bachelor’s degree and postgraduate qualification in finance, auditing, or accounting.
• Chartered Accountant (CA(SA)) registered with SAICA or equivalent.
• 5 to 10 years management experience in strategic management, risk management, auditing/finance, anti-fraud, preferably in corporate, public sector, or state-owned entities.
• At least 2 years serving on an audit committee in public sector/state-owned entity.
• Valid Driver’s License.

Knowledge Required – Position 1

• Knowledge of finance/accounting, risk management, corporate governance, Public Finance Management Act, Treasury Regulations, and public sector governance.
• Knowledge of internal and external audit processes.
• High level of personal and professional ethics.
• Knowledge of Integrated Internal Control Framework.

Minimum Requirements – Position 2 (IT Focus)

• Bachelor’s degree or postgraduate qualification in Information Technology, Computer Science, or Information Systems.
• Certification or membership with a recognized body (e.g., ISACA, IITPSA) is an advantage.
• 5 to 10 years management experience in strategic management, risk management, ICT Governance, anti-fraud, preferably in corporate, public sector, or state-owned entities.
• At least 2 years serving on an audit committee in public sector/state-owned entity.
• Valid Driver’s License.

Knowledge Required – Position 2

• Knowledge of risk management, corporate governance, Public Finance Management Act, Treasury Regulations, IT, and public sector governance.
• Strong understanding of ICT governance frameworks like CGICT, COBIT, ISO 27001, and King IV principles.
• Experience in risk management, cybersecurity oversight, and ICT audit/assurance.
• Knowledge of internal and external audit processes.
• High level of personal and professional ethics.
• Knowledge of Integrated Internal Control Framework.

Added Advantage

• Master’s Degree in relevant fields or Administration.

Closing Date: 06 February 2026