The board, supported by the audit committee, is ultimately responsible for Exxaro's system of internal controls, which has been designed to evaluate, manage and provide reasonable assurance against material misstatement and loss.
We apply a combined assurance model to optimise assurance by management, as well as internal and external providers, while fostering a strong ethical climate and mechanisms to ensure compliance. Using our board-approved ERM approach, management identifies key risks facing Exxaro and implements the necessary internal controls with comparable information for trend analysis where possible.
The board and audit committee assessed the effectiveness of controls for the year ended 31 December 2024 as satisfactory, principally through a process of management self-assessment (including formal confirmation by executive management), reports from internal audit, independent external audit and other assurance providers.
Exxaro defines assurance broadly to cover all sources, including external assurance, internal audit, management oversight and regulatory inspections. Our combined assurance model includes and optimises all assurance services and functions to collectively provide an effective control environment and support the integrity of information used for internal decision making by management, the board and its committees, and in our external reports including:
The combined assurance model has been entrenched within Exxaro through the effective functioning of the combined assurance forum. The forum's activities and outcomes of assurance reports are presented quarterly to the audit committee.
For the year under review, the sources, level and focus area of assurance, commissioned and performed, are summarised below:
| Function assured | ||||||
| Focus area | Assurance provider | Level of assurance* | Corporate | BU | ||
| External/statutory audit | KPMG | 4 | Yes | Yes | ||
| Sustainable development/KPIs | KPMG | 4 | Yes | Yes | ||
| Environmental liability provisioning | KPMG | 4 | Yes | Yes | ||
| Mining rights and environmental legal compliance | Legal | 2 | Yes | |||
| B-BBEE dtic code compliance | Empowerdex | 4 | Yes | Yes | ||
| Mining Charter III compliance | Internal audit | 3 | Yes | Yes | ||
| Insurance risk surveys | IMIU | 4 | Yes | |||
| Major and mega capital projects | Internal audit | 3 | Yes | Yes | ||
| Mineral Resources and Mineral Reserves statement | Internal audit | 3 | Yes | Yes | ||
| Governance, risk and internal controls | Internal audit | 3 | Yes | Yes | ||
| Employee benefits | Internal audit | 3 | Yes | Yes | ||
| SLP projects | Internal audit | 3 | Yes | |||
| ISO and OHSAS certifications | Various | 4 | Yes | |||
|
* |
Level of assurance refers to independent external assurance. |
As at 31 December 2024, there were 375 open findings, reflecting a decrease of 75 open findings
in the year. Of the 375 open findings,
142 (38%) are classified as “ready for audit”
(a three-month waiting period is applied before
performing follow-up procedures for the control
to be fully embedded). The split by status of findings is depicted below:
| Current period reporting | |||
| Status of findings | Internal audit | ||
| Follow-up in progress | 112 | ||
| Ready for audit | 142 | ||
| Within timelines | 110 | ||
| Overdue | 11 | ||
| Total | 375 |
Overdue findings have been classified by ratings assigned in the final audit report and split into sources below.
| Status of findings | Level 1 (high) |
Level 2 (medium) |
Level 3 (low) |
Not rated | Total | ||
| Internal audit | 0 | 10 | 1 | 0 | 11 | ||
| Other assurance providers | 0 | 0 | 0 | 0 | 0 |
IR