TIGER BRANDS

TERMS OF REFERENCE OF THE AUDIT AND RISK COMMITTEE

1. Constitution and general principles

1.1 In line with the requirements of section 94 of the Companies Act of 2008 (“the Act”) and the King IV Report on Corporate Governance for South Africa 2016 (“King IV”), the board of directors of the Company (“the Board”) resolved to establish a statutory committee of the Board to be known as the Audit and Risk Committee (“the Committee”).

1.2 Neither the appointment nor the duties of the Committee reduce the functions and duties of the Board or the directors of the Company, who must continue to exercise due care and diligence in accordance with their statutory and fiduciary duties, except with respect to the appointment, fees and terms of engagement of the auditor of the Company.

1.3 These terms of reference have been approved by the Board and shall be annually reviewed.  It shall be read with the Board Charter and shall be subject to the provisions of the Act, the Memorandum of Incorporation of the Company and any other applicable law or regulatory provision.

1.4 In addition to ensuring compliance with the law, the Committee shall be expected, in fulfilling its functions, to apply the principles of good corporate governance as set out in King IV.

1.5 All members of the Committee shall be required to keep up to date with developments affecting the areas of responsibility of the Committee.  Members are furthermore expected to be fully prepared for meetings and to provide appropriate and constructive input on matters under consideration

1.6 In these terms of reference, “Group” shall refer to the Company and its subsidiaries.

2. Composition

2.1 At each annual general meeting, the names of at least 3 (three) directors, all of whom must be independent non-executive directors, shall be tabled for consideration and, if supported, election by shareholders of the Company as members of the Committee.

2.2 The names of suitable candidates to be included in the notice of the annual general meeting shall be approved by the Board on recommendation of the Nomination and Governance Committee.  

2.3 During the time period between annual general meetings, the Board has the authority to appoint members of the Committee, on recommendation from the Nomination and Governance Committee, to fill any vacancy and shall do so within 40 (forty) business days of the vacancy arising.

2.4 In terms of s94(5) of the Act, read with Regulation 42, at least one-third of the members of the Committee must have academic qualifications or experience in economics, law, corporate governance, finance, accounting, commerce, industry, public affairs and human resource management.  In addition, the Committee as a whole must have the necessary knowledge, skills, experience and capacity to execute its duties effectively.

2.5 The chair of the Committee shall be appointed by the Board and shall be one of the members of the Committee as elected by shareholders at the annual general meeting.

2.6 The chair of the Board shall not be a member of the Committee.

3. Authority

3.1 In respect of the statutory duties of the Committee as set out in section 94 of the Act, the Committee shall be accountable and report to shareholders as provided for in the Act.  In respect of all other duties as contained in these terms of reference, the Committee shall be accountable and report to the Board.

3.2 The Committee shall have decision-making power in respect of its statutory duties and such other duties where decision-making power has been specifically delegated by the Board to the Committee in these terms of reference.  In respect of all other duties as contained herein, the Committee shall only have the power to make recommendations to the Board.   

3.3 The Committee is authorised by the Board, subject to the approved process as set out in the Board Charter, to obtain outside legal or other independent professional advice and to secure the attendance at meetings of the Committee of outsiders with relevant experience and expertise if deemed necessary. 

3.4 The Committee may establish and delegate authority to any member or sub-committee to assist it in carrying out certain of its functions.  Such delegation, and the extent thereof, shall be properly recorded in a formal resolution of the Committee passed at a meeting of the Committee or via written resolution. 

3.5 The Company shall meet all expenses reasonably incurred by the Committee in the fulfilling of its duties.

4. Committee meetings and resolutions

4.1 Attendance at meetings

4.1.1 The chief financial officer, the group internal audit and risk director and external audit partner shall be required to attend each meeting of the Committee, unless otherwise indicated.  The Committee shall further identify those members of management, who shall have a standing invitation to attend the meetings of the Committee as and when deemed necessary. External consultants and service providers may be invited to attend from time to time in consultation with the chair.

4.1.2 The chief executive officer shall have a standing invitation to attend the meetings of the Committee as and when deemed necessary.

4.1.3 Every member of the Board is entitled to attend any meetings of the Committee as an observer.  However, unless that member is also a member of the Committee, the member shall not be entitled to participate without the consent of the chair and does not have a vote. 

4.1.4 The company secretary (or duly authorised representative of the company secretary) shall be in attendance as each meeting of the Committee to act as secretary of the Committee.

4.1.5 Committee members are expected to attend all meetings of the Committee, unless an apology with reasons has been submitted to the chair of the Committee or the company secretary.  

4.1.6 If the chair of the Committee is absent from the meeting, any other member of the Committee may act as chair for that meeting as agreed by those present or as nominated by the chair of the Committee.  

4.2 Frequency of meetings

4.2.1 Meetings of the Committee shall be held as frequently as the Committee, in consultation with the company secretary, considers appropriate, but it shall normally meet not less than 4 (four) times a year.

4.2.2 Meetings shall be scheduled in advance, as per the annual Board calendar. The agenda and supporting meeting papers will serve as adequate notice of such meeting. 

4.2.3 The chief executive officer, chief financial officer, group internal audit and risk director, external audit partner or a member of the Committee may request a meeting if deemed necessary and a meeting shall then be arranged in consultation with the chair of the Committee. Formal notice of such special meeting shall be given as and when required.

4.2.4 In addition to the meetings contemplated in clause 4.2.1, the Committee shall at least annually meet with the external auditors without management and with or without other Board members, as the Committee may elect.  Likewise, the Committee shall meet at least annually with the group internal audit and risk director and members of the team without the external auditor or management being present.

4.2.5 The Committee must undertake such work as is necessary in preparation for each Board meeting and to properly report to the Board on its activities and recommendations. 

4.2.6 An annual work plan, based on the duties as listed in clause 6, shall be implemented and approved by the Committee and shall be annually reviewed together with these terms of reference.  

4.3 Meeting procedures

4.3.1 The meetings of the Committee may be held in person, or by electronic communication as circumstances may require, provided that the required quorum is met and that the members can speak and hear one another during the meeting. 

4.3.2 A quorum shall be a majority of members present in person or via electronic communication facilities throughout the meeting.  Where a member declares an interest and is recused from the meeting, the meeting shall remain quorate during his/her absence.  

4.3.3 In the absence of a quorum and subject to the discretion of the chair, the meeting can either be postponed to a later date or can proceed as an informal meeting with all resolutions required to be taken at the meeting being formally approved by way of a written resolution.

4.3.4 No resolutions tabled for approval by the Committee at a meeting which is not quorate shall be implemented or given effect to until formally approved at the postponed meeting or via written resolution as contemplated in clause 4.3.3. 

4.3.5 The written resolution circulated in terms of clause 4.3.3 requires majority approval, in the absence of which a special meeting of the Committee shall be convened in order for the matter to be discussed and formally approved during such special meeting. 

4.3.6 An agenda with supporting papers shall be circulated no later than 5 (five) business days prior to the meeting, where reasonably possible.  The company secretary shall be responsible for the preparation of the meeting agenda in consultation with the chair of the Committee and chief financial officer.  

4.3.7 An annual work plan, as a minimum, shall determine the content of the agenda and frequency of the meetings will be in place and based on the duties listed in item 6.

4.3.8 Draft minutes of a meeting shall be approved as per the following timeline – 

4.3.8.1 Minutes of meetings will be completed within 10 (ten) business days of the meeting and circulated to relevant members of the Executive Committee for comment and internal approval; 

4.3.8.2 Executive Management shall comment and approve said minutes within 5 (five) business days after receipt;

4.3.8.3 Should no comments be received by 12:00 midday on the 6th (sixth) business day following circulation, the company secretary of the meeting shall circulate the minutes to the Board/Board Committee for comment and approval;

4.3.8.4 The members of the Board/ Board Committee shall provide the company secretary with comment to the minutes and each member shall send an email to the company secretary indicating their approval of the minutes, within 10 (ten) business days; and

4.3.8.5 The final minutes will be tabled for confirmation as a true record of proceedings at the next meeting of the Committee or circulated for this purpose via electronic communication and shall thereafter be signed by the chair of the Committee.   

4.4 In-committee meetings

4.4.1 In-committee meetings of the Committee, where only members of the Committee are present, may be held as and when deemed appropriate by the chair of the Committee.

4.4.2 The company secretary may be required to be in attendance at in-committee meetings for minute purposes.  In the event that the company secretary is also excused from the meeting, the chair shall nominate a member of the Committee to keep notes of the discussions and/or decisions for record purposes.  

4.4.3 Separate minutes shall be prepared for in-committee meetings and shall be circulated to members for confirmation via electronic communication whereafter it shall be signed by the chair of the Committee. 

4.5 Written resolutions

A resolution in writing signed by a majority of the members of the Committee shall be as valid and effectual as if it has been passed at a duly constituted meeting of the Committee, provided that each member of the Committee shall have been afforded a reasonable opportunity to express an opinion on the matter to which such resolution relates.

5. Role of the Committee 

(Audit Responsibilities)

5.1 The role of the Committee is to fulfil the statutory functions as set out in section 94 of the Act and, in addition, to provide independent oversight of, among others:

5.1.1 the effectiveness of the assurance functions and services of the Group, with particular focus on combined assurance arrangements, including external assurance service providers, internal audit and the finance function; and

5.1.2 the integrity of the annual financial statements and, to the extent delegated by the Board, other external reports issued by the Company. 

5.2 Unless otherwise indicated, the Committee shall fulfil its statutory duties as listed in clause 6.1 in respect of the Company and any subsidiary that is required by law to have an audit committee. Reference to “Company” in clause 6.1 shall therefore be applicable to both the Company and such relevant subsidiaries.  

5.3 In addition, the Committee shall fulfil its other duties as listed in clause 6.2 in respect of the Company and each of its subsidiaries (the Group). 

5.4 In fulfilling its function, the Committee should specifically have oversight of financial reporting risks, internal financial controls, fraud risks and IT risks.

5.5 In performing the roles above, the Committee shall place reliance on the work and reports of any employee, advisor or committee of the Board that has responsibility for any function falling within the role of the Committee.

(Risk Management and Governance Responsibilities)

5.6 The further role of the Committee is to provide an independent and objective body that shall assist the Board in its oversight of the management of risk and risk governance in the Group.  

5.7 In fulfilling its role and function, the Committee shall work in collaboration with the other committees of the Board to ensure adequate coverage of all risk related matters that might form part of the mandates of such committees.

6. Duties of the Committee

The duties of the committee shall be to:

6.1 Statutory duties (s94(7) of the Act)

6.1.1 Nominate, for appointment as auditor of the Company under s90 of the Act, a registered auditor who, in the opinion of the Committee, is independent of the Company;

6.1.2 Determine and approve the fees to be paid to the auditor and the auditor’s terms of engagement;

6.1.3 Ensure that the appointment of the auditor complies with the provisions of the Act and any other legislation relating to the appointment of auditors;

6.1.4 Determine, subject to the provisions of the Act, the nature and extent of any non-audit services that the auditor may provide to the Company, or that the auditor must not provide to the Company or a related entity;

6.1.5 Pre-approve any proposed agreement with the auditor for the provision of non-audit services to the Company and/or the Group as per policy on non-audit services;

6.1.6 Prepare a report, to be included in the annual financial statements of the Company and each subsidiary which is required by law to have an audit committee, for the relevant financial year that addresses the items as listed in the Act;

6.1.7 Receive and deal appropriately with any concerns or complaints, whether from within or outside the Company, or on its own initiative, in relation to the matters as set out in the Act; and

6.1.8 Make submissions to the Board on any matter concerning the Group’s accounting policies, financial control, records and reporting.

6.2 Other duties

6.2.1 External auditors, audit process and financial reporting

(i)annually review the independence, objectivity and effectiveness of the external auditors;

(ii) consider and set, if appropriate and subject to relevant legislative requirements, mandatory term limits on the length of time the external auditors or audit partner may serve the Company and ensure a managed rotation process in respect of the audit partner after at least every 5 (five) years;

(iii) discuss with the external auditor before the annual audit commences the nature and scope of the audit, and ensure co-ordination where more than one audit firm is involved;

(iv) review and comment on all financial reporting, including the half year and annual financial statements before submission to the Board, focusing particularly on:-

a. any changes in accounting policies and practices;

b. major judgemental areas;

c. significant adjustments resulting from the audit;

d. the going concern statement;

e.  proposed distributions and the required solvency and liquidity testing;

f. compliance with accounting standards;

g. compliance with stock exchange and statutory requirements;

h. reliability and accuracy of the financial information provided to management and other users of financial information.

(v) discuss problems and reservations arising from the interim, (if and when applicable) and final audits, and any matters incidental thereto which the external auditors may wish to discuss (in the absence of management where necessary);

(vi) review the quality and effectiveness of the external audit process as well as any accounting or auditing concerns identified as a result of the internal or external audits;

(vii) review the external auditor’s management letter and management’s response, if available, and/or to consider the matters to be dealt with therein;

(viii) review the Company’s statement on internal control systems prior to endorsement by the Board;

(ix) having satisfied itself with the correctness of the annual financial statements (or summarised financial information) and interim report after having consulted with management and, where necessary, sought audit advice or other assistance, recommend the annual financial statements and interim report to the Board for approval;

(x) consider whether the external auditor should perform assurance procedures on interim results and make a recommendation to the Board in this respect; 

(xi) ensure that the information and technology risks insofar as they relate to financial reporting and the going concern status of the Company are adequately managed; and

(xii) ensure that the annual IT audit work plan is agreed with the IT executive team prior to the execution of any IT audit.

6.2.2 Internal Audit

(i) have oversight of internal audit and approve the structure of the internal audit function – either internal function, co-sourced or outsourced – as proposed by the chief financial officer;

(ii) ensure that the arrangements for internal audit provide for the necessary skills and resources to address the complexity and volume of risk faced by the Company and the Group and that internal audit is supplemented as required by specialist services which also include forensic fraud examiners, auditors, safety and process assessors and statutory actuaries;

(iii) approve the appointment of the group internal audit and risk director, upon recommendation including employment contract and remuneration, and ensure that the group internal audit and risk director has the necessary competence, gravitas and objectivity and that the position is set up to function independently from management and that it carries the necessary authority;

(iv) approve the appointment, including terms and fees, of an external service provider to assist the group internal audit and risk director with the execution of the internal audit plan, as and when required;

(v) approve the dismissal of the group internal audit and risk director and/or the internal audit service provider;

(vi) approve the internal audit charter and the internal audit plan as well as the resources required;

(vii) review the functioning of the internal audit programme and department, if any, and ensure co-ordination between the internal and external auditors;

(viii) receive and review the internal audit report at each meeting of the Committee as well as the annual assessment of the effectiveness of the Group’s governance, risk management and control processes;

(ix) consider the major findings of internal investigations and management’s response;

(x) monitor on an ongoing basis that internal audit follows an approved risk-based internal audit plan and reviews the organisational risk profile regularly and proposes adaptations to the internal audit plan accordingly;

(xi) annually review the performance and objectivity of the group internal audit and risk director and the internal audit service provider;

(xii) subject the internal audit function to an independent quality review at least once every 5 (five) years; 

(xiii) obtain confirmation annually from the group internal audit and risk director that internal audit conforms to a recognised industry code of ethics, including the IIA Code of Ethics; and

(xiv) ensure that the annual IT audit work plan is agreed with the IT executive team prior to the execution of any IT audit.

6.2.3 External reporting and assurance model

(i) review the integrated annual report, having regard to all factors and risks that may impact on the integrity of the integrated annual report, and recommending the integrated annual report to the Board for approval;

(ii) approve management’s determination of the reporting frameworks (including reporting standards) to be used, taking into account legal requirements and the intended audience and purpose of each report;

(iii) approve management’s basis for determining materiality for the purposes of deciding which information should be included in the external reports;

(iv) review the disclosure of sustainability issues in the integrated and external reports to ensure that it is reliable and does not conflict with the financial information;

(v) oversee the arrangements for assurance services and functions and ensure that these arrangements are effective in achieving the required objectives;

(vi) review external reports, in addition to the integrated annual report, and consider all factors and risks that may impact on the integrity of such reports;

(vii) recommend to the Board the engagement of an external assurance provider on material sustainability issues when deemed necessary; and

(viii) annually review the expertise, resources and experience of the Company’s finance function, including the appropriateness of the experience and expertise of the director (chief financial officer) responsible for the finance function, and disclose the results of the review in the integrated annual report.

6.2.4 Combined Assurance

(i) have oversight over the direction and effectiveness of the Company’s assurance functions and services, with focus on the Combined Assurance Model and ensuring that significant risks and material matters facing the Company are adequately addressed;

(ii) ensure that assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decision-making and of the organisation’s external reports;

(iii) consider whether the external auditor should perform assurance procedures on interim results and make recommendations to the Board in this regard;

(iv) consider the use of technology and related techniques to improve audit coverage and audit efficiency;

(v) consider and approve the Combined Assurance Model, and thereafter submit same to the Board for final approval; 

(vi) report on the Combined Assurance Model to stakeholders.

6.3 Risk Governance

6.3.1 oversee risk management in the Group to ensure that it encompass both:

(i) the opportunities and associated risks to be considered when developing strategy; and

(ii) the potential positive and negative effects of the same risks on the achievement of the Group’s objectives;

6.3.2 oversee risk management in the Group to ensure that it results in the following:

(i) an assessment of risks and opportunities emanating from the triple context within which the Group operates and the capitals that the Group uses and affects; 

(ii) an assessment of the potential upside, or opportunity, presented by risks with potentially negative effects on 
achieving the Group objectives;

(iii) an assessment of the Group’s dependence on resources and relationships as represented by the various forms of capital;

(iv) the design and implementation of appropriate risk responses;

(v) the establishment and implementation of business continuity arrangements that allow the Group to operate under conditions of volatility, and to withstand and recover from acute shocks; and

(vi) the integration and embedding of risk management in the business activities and culture of the Group.

6.3.3 annually review the risk management policy and plan for recommendation to the Board, taking into account the above factors, including the nature and extent of the risks that the Group should be willing to take in pursuit of its strategy objectives and in particular:

(i) the Group’s risk appetite (propensity to take appropriate levels of risk); and

(ii) the limit of the potential loss that the Group has the capacity to tolerate;

6.3.4 monitor that risks are managed within the levels of tolerance and appetite as approved by the Board;

6.3.5 review and monitor the processes and procedures for risk identification, analysis and quantification;

6.3.6 review the processes implemented to monitor the ongoing management of risk and ensure that continuous monitoring by management takes place;

6.3.7 continuously review the Group’s register of key risks and submit same to the Board after each Committee meeting for information purposes;

6.3.8 annually review a formal report from internal audit on the effectiveness of the risk management processes and procedures.

6.3.9 consider the need to receive periodic independent assurance on the effectiveness of risk management throughout the Group;

6.3.10 ensure that the Group has an effective risk management, policy and a plan for risk management in order to assist the company in achieving its strategic goals and that the disclosure and reporting of risk is accurate, complete, timely, accessible and relevant; and include the extent of the risks and opportunities that the Group is willing to take without compromising sensitive information.  The Committee is an integral component of the risk management governance process and specifically the Committee shall ensure the development, distribution and communication of a formal policy and plan for the management of risk;

6.3.11 oversee that the risk management plan is widely disseminated throughout the Group and integrated in the day-to-day activities of the business; and

6.3.12 annually review the adequacy and cost of the various elements of the insurance programme of the Group and the proposed amendments to the cover provided and the resultant impact on premiums, if any.

6.4 Compliance governance

6.1.1 annually receive and review a formal report from the Social, Ethics and Sustainable Committee of the Board, confirming the execution of its statutory duties in monitoring the laws and non-binding rules, codes and standards within its areas of responsibility;  

6.1.2 annually receive and review a formal report from management, confirming compliance with the laws and non-binding rules, codes and standards; and

6.4.2 monitor the risk of non-compliance in the Group and the adequacy of measures taken by management to address and sanction incidences of non-compliance.

6.5 Information and technology governance

6.5.1 annually review the policy on the employment of technology and information based on the approved Board strategy and recommend to the Board;

6.5.2 exercise ongoing oversight of technology and information management to ensure that it results in the following:

(i) integration of people, technologies, information and processes across the Group; 

(ii) integration of technology and information risks into risk management;

(iii) arrangements to provide for business and IT resilience, and the testing of business continuity and disaster recovery plans;

(iv) proactive monitoring of intelligence to identify and respond to incidents, including cyber-attacks and adverse social media events;

(v) management of performance and risks pertaining to third-party and outsourced service providers;

(vi) structures and methods to assess the value delivered to the Group by significant investments in technology and information, including the evaluation of projects throughout their life cycles and of significant operational expenditure;

(vii) processes for the responsible disposal of obsolete technology and information that take into account environmental impact and information security; and

(viii) monitoring of ethical and responsible use of technology and information.

6.5.3 exercise ongoing oversight of the management of information, in particular, that results in the following:

(i) leveraging of information to sustain and enhance the Group’s intellectual capital;

(ii) if deemed necessary, the establishment of a Tiger Brands-wide Data Quality Council (DQC) which supports the strategic management of data disciplines (data quality, data analytics, business intelligence, data marts, etc.);

(iii) if deemed necessary, the allocation of data stewards, data owners and data administrators across functional business areas;

(iv) if deemed necessary, the establishment of a Tiger Brands-wide security council which supports confidentiality, integrity and availability of information; and

(v) the monitoring of security of information and the security culture within the organisation.

6.5.4 exercise ongoing oversight of the management of technology, in particular, that results in the following:

(i) enterprise technology architecture that enables the achievement of strategic and operational objectives; 

(ii) the management of risks pertaining to technology sourcing;

(iii) monitoring and appropriate responses to developments in technology, including their potential opportunities and disruptive effects on the organisation and its business model; and

6.5.5 consider the need to receive periodic independent assurance on the effectiveness of the Group’s technology and information arrangements, including outsourced services.

6.6 General

6.6.1 give due consideration to the relevant provisions of the Act, the Listings Requirements of the JSE Limited and the principles and recommendations of King IV;

6.6.2 review the annual JSE report on proactive monitoring of financial statements; and responding to any of monitoring reviews conducted by the JSE on the Company’s annual financial statements;  

6.6.3 receive and deal with any internal or external complaint relating to either accounting practices or internal audit of the Company or to the content or auditing of the financial statements or to any related matter; 

6.6.4 consider such other topics and fulfil such other duties as defined by the Board.

7. Reporting Procedure

7.1 As required by the Act, the Committee shall include its report in the annual financial statements describing how the Committee carried out its functions, stating whether it is satisfied that the external auditors are independent of the Company and presenting the Committee’s views on the financial statements, the accounting practices and the internal financial controls.

7.2 The Committee shall include a report in the integrated annual report that addresses the matters as listed in King IV for disclosure. 

7.3 In addition to the above, the Committee shall review the report on risk governance for inclusion in the integrated report.

7.4 The chair of the Committee shall provide a report on the Committee’s most recent activities at every subsequent Board meeting.

7.5 The chair of the Committee or his/her nominee shall be required to attend the Company’s annual general meeting to answer relevant questions posed by shareholders.

8. Performance evaluation

8.1 The performance of the Committee shall be evaluated in accordance with the methodology approved by the Board from time to time.