Combined assurance model

Combined assurance receives deliberate and focused attention at Bidvest. The audit committee ensures that our combined assurance model adequately addresses Bidvest's risks and material matters through the aggregated efforts of assurance providers.

Continually optimising our combined assurance model avoids duplication and rationalises collaboration efforts upstream amongst assurance providers, coupled with effectively managing assurance costs.

The activities are coordinated to maximise the depth and reach of assurance achieved by each of the assurance providers. This enables an effective control environment and ensures the integrity of information used for reporting and decision-making.

 

Internal audit

Internal audit is an independent, value-adding, progressive and responsive service to Bidvest shareholders

Objectively evaluating the business processes

Appropriately manage the risk and support

Supports management components, control environment and operational excellence

A risk-based internal audit (IA) plan is approved by the divisional and group audit committees on an annual basis and is recalibrated quarterly in order for the IA function to provide assurance services against the relevant and elevated risks of the business. The IA function is well-constituted with a professional audit staff (in excess of 25 Chartered Accountants in managerial positions) with sufficient knowledge, skill-set and experience to execute on the board-approved IA Charter that is consistent with the Institute of International Auditors’ definition of IA as well as the principles of King IV.

Given the ever-increasing dependencies of the business on IT, specialised IT audit and consulting skills have become a necessity in the function. Analytics and automation are wellentrenched into the mechanisms of the IA functions with further disruptive robotic initiatives being the focus for the future of IA.

An example of such initiatives is ALICE, Bidvest’s digital auditor. She combines robotics and cognitive intelligence to provide audit-as-a-service to the Group companies. Currently, she performs IT audits on a continuous and near real-time basis within more than of 200 IT environments across the Group companies. This year her audit scope has been of a technical nature, with an elevated focus on cybersecurity. Going forward, her audit scope will be extended to financial, operational and regulatory audits.

IT governance

The board acknowledges technology as a mechanism to access, protect and manage information. In relation to the Group’s IT Governance Framework adjacent, the board governs both technology and information so that these support the organisation in achieving its strategic objectives. The IT Forum is represented by CIOs from each division and is a platform within which to:

Share knowledge, research and experience

Leverage digitalisation and technology trends

Harness the economies of scale and Group purchasing power

Establish subject matter experts and centres of excellence surrounding topical technology issues

Benchmark vendor service delivery and price

 

Each IT environment across Bidvest is subjected to an IT audit as part of the IA Plan. The IT audit assesses the design and effectiveness of the IT environments from a control perspective coupled with providing a view on the strategic enablement of IT by the businesses.

IT resources

Fit-for-purpose in-house operational IT skills, with the necessary strategic IT oversight, are in place. These are complemented by outsourced vendors with specialist networking, telecommunications, and cyber security skillsets.

Business resilience

Business resilience controls (including technical controls) are appropriately implemented by the individual companies, based on the needs of the company.

Technology investment

The IT functions generally run lean with a common philosophy to sweat IT-related assets. However, significant investment continues to be made in the IT innovation and digitisation space across Bidvest

Project assurance

Major IT projects are well-governed, with input from the necessary stakeholders. Major projects are timeously implemented.

IT dependency

Business and IT are continuously enhancing alignment, through IT representation on the various board and executive committees, and in recognition of the key role IT plays in the various businesses.

Management of IT risk exposure

Significant attention is given to this across the IT environments, with an increasing focus on the management of IT risk exposure related to any new acquisitions.

Cyber security

Significant attention has been given to the identification and management of cyber security risks across Bidvest. Implementation and enhancement of the necessary controls are being performed on a case-by-case basis, dependent on the risks identified.

Vendor management

Vendor relationships are effectively managed by the company IT departments. Economies of scale are leveraged where appropriate.

Data governance

Data governance, including the necessary supporting IT architecture, is receiving attention by the various companies, especially those with the greatest exposure to data risks.

Companies have identified the need for leveraging existing data assets to enable business intelligence insights. Understanding the impact of POPI and GDPR on the relevant businesses is work in progress.