The board, supported by the audit committee, is ultimately responsible for Exxaro’s system of internal controls, which has been designed to evaluate, manage and provide reasonable assurance against material misstatement and loss.
We apply a combined assurance model to optimise assurance by management, as well as internal and external providers, while fostering a strong ethical climate and mechanisms to ensure compliance. Using our board-approved ERM approach, management identifies key risks facing Exxaro and implements the necessary internal controls with comparable information for trend analysis where possible.
The board and audit committee assessed the effectiveness of controls for the year ended 31 December 2023 as satisfactory, principally through a process of management self-assessment (including formal confirmation by executive management), reports from internal audit, independent external audit and other assurance providers.
Exxaro defines assurance broadly to cover all sources, including external assurance, internal audit, management oversight and regulatory inspections. Our combined assurance model includes and optimises all assurance services and functions to collectively provide an effective control environment and support the integrity of information used for internal decision making by management, the board and its committees, and in our external reports including:
The forum's activities and outcomes of assurance reports are presented quarterly to the audit committee.
For the year under review, the sources, level and focus area of assurance, commissioned and performed, are summarised below:
Function assured | ||||
Focus area | Assurance provider |
Tier/level of assurance* |
Corporate | BU |
External/statutory audit | KPMG | 3 | Yes | Yes |
Sustainable development/KPIs | KPMG | 3 | Yes | Yes |
Environmental liability provisioning | KPMG | 3 | Yes | |
Mining rights and environmental legal compliance | Inlexso | 3 | Yes | |
B-BBEE dtic code compliance | Empowerdex | 3 | Yes | Yes |
Mining Charter III compliance | Ngubane | 3 | Yes | Yes |
Insurance risk surveys | IMIU | 3 | Yes | |
Major and mega capital projects | PwC/EY | 3 | Yes | Yes |
Mineral Resources and Mineral Reserves statement | PwC/EY | 3 | Yes | |
Governance, risk and internal controls | PwC/EY | 3 | Yes | Yes |
Employee benefits | Ngubane | 3 | Yes | Yes |
SLP projects | Ngubane | 3 | Yes | |
ISO and OHSAS certifications | Various | 3 | Yes |
As at 31 December 2023, there were 450 open findings, reflecting an increase of 56 open findings in the year. Of the 450 open findings, 283 (63%) are classified as “ready for audit” (a three-month waiting period is applied before performing follow-up procedures for the control to be fully embedded). The split by status of findings is depicted below:
Current period reporting | |||
Status of findings | Internal audit | Other assurance providers |
Total for the current period |
Follow-up in progress | 62 | 0 | 62 |
Ready for audit | 65 | 218 | 283 |
Within timelines | 70 | 25 | 95 |
Overdue | 10 | 0 | 10 |
Total | 207 | 243 | 450 |
Overdue findings have been classified by ratings assigned in the final audit report and split into sources below.
Source | Level 1 (high) |
Level 2 (medium) |
Level 3 (low) |
Not rated | Total |
Internal audit | 1 | 6 | 3 | 0 | 10 |
Other assurance providers | 0 | 0 | 0 | 0 | 0 |
Total | 1 | 6 | 3 | 0 | 10 |