Skip to content skip to secondary navigation

Annual report suite 2012

Statement of combined assurance

We aim to enable the board and management to assess whether the significant risks facing the group are complete and adequately mitigated.

Under the guidance of the Audit and Corporate Governance Committee, a combined assurance framework has been implemented with the aim of providing a co-ordinated approach to all assurance activities within the group.

We aim to enable the board and management to assess whether the significant risks facing the group are complete and adequately mitigated.

The evolution towards combined assurance began in 2006 when Group Internal Audit started using a combined approach for providing assurance on capital and sustainability projects which involved working with various stakeholders in these processes. To give effect to the requirements of King III and under the guidance of the Audit and Corporate Governance Committee a Combined Assurance Framework was developed to coordinate the assurance activities of all assurance providers, both internal and external.

At the same time, management teams at the different business units were complaining about ‘audit fatigue’ and duplication as different auditors and reviewers from different disciplines were on site almost continuously, and some were even reviewing the same areas, the typical silo syndrome.

With assistance and valuable input from the Business and Technical Development Department (B&TD) as well as Group Risk, Group Internal Audit developed a Combined Assurance Charter with a mandate to provide assurance on whether key risks, strategic and operational risks, within the business were sufficiently managed. In terms of the Combined Assurance Charter, the Senior Vice President: Group Internal Audit was appointed as co-ordinator of group assurance.

While primarily focused on threats, the system also provides a forum to highlight significant improvement opportunities in the effective operation of the existing assets and allows for systematic benchmarking between AngloGold Ashanti operations. The framework follows a top-down as well as a bottom-up approach.

The ‘top-down’ component of the framework focuses on the group strategic objectives and the risks that directly affect the achievement of those objectives. It identifies risk owners, control strategies and assurance providers within the different ‘lines of defence’. Assurance received from assessed assurance providers is then consolidated and plotted against the relevant risk and associated control strategy, providing the board and management with a consolidated view on the management of strategic risks.

The ‘bottom up’ element of the Combined Assurance Framework strengthens the risk management process through the utilisation of existing audit protocols and the skills of coordinated multidisciplinary teams to review the risks at each operation; validating the risks developed by each operation as recorded in the group’s risk register – AuRisk. Each review tests completeness of risks (Are all major risks being captured in AuRisk?) and the accuracy (Are the judgements on risk consistent with the intent of the AuRisk ranking system?) and effectiveness (Are the major identified risks being managed or mitigated systematically and effectively?) of the risk management process.

Combined Assurance – bottom-up – annually establishes two separate review windows of one week each for selected sites following a risk based approach. The one review window will focus on technical aspects whereas the other review window will focus on the commercial aspects of the business with both reviews incorporating an assessment of compliance and risk management activities at operational level. The diagram alongside sets out the typical scope of the two review windows.

Review teams consist of highly skilled and experienced discipline specialists, independent of the operation being reviewed, and are led by a senior team leader. The findings of the reviews are prioritised and ranked in line with the group’s existing risk rating matrix and referenced back to the AuRisk register.

Typical scope of a bottom-up combined assurance review [graph]

The success of the combined assurance process would not have been possible without the commitment and support of B&TD as well as the various regional management teams and Group Risk. For the first time regional and corporate reviewers from different disciplines are working together as one team on a review and sharing information.

In conclusion, the board is satisfied that the combined assurance framework facilitates a group wide integration and leveraging of the various control, governance and assurance processes and its introduction has brought a new dimension to assurance within the group through the value being derived from integrated assurance teams.

During 2012, all significant operations within AngloGold Ashanti were subjected to risk based, integrated, technical or commercial combined assurance reviews. The outcome of these reviews provided reasonable assurance to allow the board, on recommendation from the Audit and Corporate Governance Committee, to conclude on the effectiveness of the group’s system of internal controls.