The Internal Audit and Risk Management Directorate of the Southern African Development Community (SADC) Secretariat is mainly responsible for providing assurance on internal controls within the Secretariat. It has been structured to address two aspects of its mandate, on one side it is responsible for coordination of risk management for the entire Secretariat and on the other hand provides assurance on risks mitigation measures and internal control environment through internal audit function. The two function of the directorates seeks to ensure efficient governance processes and monitor the achievements of the organisation goals in a manner that is effectively, economically and efficiently.
The scope of the functions of the Directorate extend to all of the property and activities of the SADC Secretariat, its institutions including all activities and programmes funded by Members States and International Cooperation Partners. Internal Audit function is also responsible for conducting investigations if and when a need arises. Through audits, investigations, and its oversight functions, the Directorate plays an advisory role to the SADC Council of Ministers and the Executive Secretary of SADC.
To provide an independent, objective assurance and consulting activity designed to add value and improve SADC Secretariat operations and programs to enable accelerated integration and sustainable development.
The Internal Audit and Risk Management Directorate reports functionally to the Audit Committee and administratively to the Executive Secretary.
The mandates of the Directorate for two main functions of Internal Audit and Risk management are drawn from the SADC Internal Audit Charter and SADC Risk Management Policy respectively.
The mandate of the Internal Audit is stipulated in Article 9 of the SADC Internal Audit Charter approved in February 2011 and this mandate is drawn from Article 30 of the SADC Treaty. The role of the Directorate under its mandate is to assist Management and Council with oversight of the SADC Secretariat in accomplishing its objectives by providing a systematic and disciplined approach of evaluating and improving the effectiveness of SADC’s risk management, control and governance processes.
Assist SADC Secretariat accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.
Objectives for the Units
The overall objectives of the Internal Audit Unit are as follows:
- Provide assurance on the efficiency and effectiveness of the SADC internal control systems, risk management and governance processes;
- Provide assurance that risks are identified and managed in an appropriate and timely manner;
- Foster interaction with the various governance groups of SADC as needed;
- Provide assurance on accuracy, reliability and timeliness of significant financial, managerial, and operational information;
- Foster employee actions in compliance with the policies, standards, procedures and applicable laws and regulations;
- Provide assurance that resources are used economically, efficiently and effectively;
- Provide assurance on whether programs, plans and objectives have been achieved;
- Provide assurance on quality and continuous improvement in the SADC Secretariat internal control environment; and
- Provide assurance on significant legislative or regulatory issues impacting SADC.
A successful audit will present a report indicating the specific findings and recommendations for the relevant departments of SADC.
The overall objective of the Risk Management Unit is as follows:
The unit is responsible for ensuring that Secretariat has methods and processes in place to manage strategic and operational risks, and seize opportunities related to the achievement of SADC and SADC Secretariat objectives.
The responsibilities of the Directorate for the Internal Audit and Risk Management functions
Responsibilities Internal Audit function as stipulated in Article 9 of the SADC Internal Audit Charter are:
- To provide an assessment on the adequacy and effectiveness of the SADC Secretariat and institutions processes for controlling its activities set out in the Regional Indicative Strategic Development Plan (RISDP), Strategic Indicative Plan of the Organ (SIPO) and other strategic policy decisions.
- To review the operations of the management systems established to ensure compliance with those policies, plans, procedures, laws, and regulations and report as to whether the Management is in compliance.
- To conduct investigations of significant suspected fraudulent activities and other irregularities within SADC Secretariat and its Institutions and report to the Audit Committee of the results as appropriate.
- To ensure the work of internal audit is adequately recorded in audit programs, working papers and reports as appropriate for future referencing and follow up
- To ensure all information acquired in the course of executing internal audit function is kept confidential.
Responsibilities Risk Management function as articulated in the SADC Risk Management Policy are:
- Designing and maintaining the Risk Management Framework;
- Developing and regularly reviewing the risk management policy and strategy;
- Facilitating strategic and operational risk assessments;
- Monitoring implementation of risk mitigation strategies;
- Promoting risk management culture within Secretariat through various training and awareness campaigns;
- Providing overall guidance and support on all aspects of Risk Management;
- Mainstreaming whistle-blowing mechanisms;
- Providing guidance and support to ensure identification and management of risks in the design and implementation of projects;
- Monitoring compliance with rules, regulations, rules and policies;
Ensuring Secretariat has processes in place to ensure Business Continuity during disasters, emergencies and disruptions.
The role of the audit committee
The purpose of the Audit Committee is to provide a structured, systematic oversight of the SADC's governance, risk management, and internal control practices. The committee is made up of five (5) non-executive members from Member States to assist the Council of Ministers and Management by providing advice and guidance on the adequacy of the organisation's initiatives for:
- Financial Reporting;
- Internal Controls and Risk Management Systems;
- Internal Audit;
- External Audit;
- Economy, Efficiency and Effectiveness Measures;
- Regulatory, Compliance and Ethical matters,
- Internal Audit Charter
- Audit Committee Terms of Reference
- Risk Management Policy
- Risk Management Strategy
- Risk Management Implementation Procedure
- Risk Management guidelines