![standard bank [logo]](../i/logo_proxy.gif){kind=logo}
![standard bank [logo]](../i/logo.gif){kind=logo}
Group audit assurance
The group internal audit function operates under a mandate from the group audit committee and has the authority to determine the scope and extent of work to be performed. Group internal audit’s primary objective is the provision of assurance to the group audit committee. It assists the executive management team in meeting their business objectives by examining the group’s activities, assessing the risks involved, and evaluating the adequacy and effectiveness of processes, systems and controls to manage these risks. A risk-based audit approach has been adopted. Material or significant control weaknesses and planned management remedial actions are reported to the group audit committee and to subsidiary audit committees. These issues are tracked to ensure that agreed remedial actions have been implemented. Overdue issues are reported to the group audit committee on a quarterly basis.
Risk management focus for 2006
The group is currently in the process of quantifying its level of risk appetite and risk tolerance which will take into account:
- the level of earnings volatility it is prepared to accept around its
budgeted earnings; and
- the risk profile it is going to tolerate to generate the expected earnings.
In this context, risk profile is the allocation of risk appetite across the various risk categories (e.g. market risk, credit risk, operational risk).
The process to determine both “risk appetite” and “risk tolerance” takes external and internal inputs into account, including:
External
- shareholder expectations;
- rating considerations;
- regulatory constraints;
- securities market data;
- analyst views;
- providers of funding/liquidity; and
- economic environment.
Internal
- group and business area objectives and strategic plans;
- growth targets; and
- capital management.
The amount of risk the group is prepared to accept will be linked to its financial and strategic objectives as detailed in its overall business plan and budget. Specifically, there needs to be congruency between:
- budgeted earnings (which take account of maturation effects and forecast
changes in the economic environment);
- earnings volatility around the budget;
- risk limits; and
- capital.