Global > South Africa > Services > Audit > Deloitte Audit > King III

King III - Internal Audit and Governance of Risk

Internal Audit
King III advocates a risk based approach to internal audit. In order for internal audit to contribute to the attainment of strategic goals, the internal audit function should be positioned at a level within the company to understand the strategic direction and goals of the company. It should develop a programme to test the internal controls vis-a-vis specific risks.
The internal audit function should provide assurance with reference to the adequacy of controls to identify risks that may impair the realisation of specific goals as well as opportunities that will promote the achievement of the company’s strategic goals. As an internal assurance provider internal audit should form an integral part of the combined assurance model. It should provide a written assessment of internal controls and risk management to the Board, and specifically on internal financial controls to the audit committee.

Governance of risk:
King III emphasises the fact that risk management should be seen as an integral part of the company’s strategic and business processes. The Board’s responsibility for governance of risk should be set out in a risk management policy and plan. The Board should consider the risk policy and plan, and should monitor the whole risk management process.

While the Board remains responsible for the risk management policy and the determination of the company’s risk appetite and risk tolerance, management is responsible for the design, implementation and effectiveness of risk management. The Board should receive combined assurance regarding the effectiveness of the risk management process. The Board may assign its responsibility for risk management to the risk committee.

Membership of this committee should include executive and non-executive directors. Where the company decides to assign this function to the audit committee, careful consideration should be given to the resources available to the audit committee to adequately deal with governance of risk in addition to its audit responsibilities.

Material on this website is © 2011 Deloitte Global Services Limited, or a member firm of Deloitte Touche Tohmatsu Limited, or one of their affiliates. See Legal for copyright and other legal information.

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche Tohmatsu Limited and its member firms.