Audit and Risk Committee

• Integrated Reporting – The Committee oversees integrated reporting and must: (a) have regard to all factors and risks that may impact the integrity, quality and timing of the integrated report, including annual financial statements, annual performance report, risk management report and annual report of the entity; (b) review and recommend to the Board for approval the annual financial statements; (c) review and comment on all financial reporting (quarterly, half yearly and annual) before submission to the Board, focusing on changes in accounting framework policies and practices, major judgement areas, significant adjustments from the audit, going concern, compliance with accounting standards and statutory requirements, reliability and accuracy of information, adequacy of internal controls, compliance with laws and regulations and governance policies; (d) review disclosure sustainability issues in the integrated report to ensure reliability and no conflict with financial information; (e) draft and approve the annual Audit Committee report; (f) oversee the assurance process of sustainability information in the Integrated Report; (g) disclose information related to technology and information, including governance arrangements, key focus areas, changes in policy, major incidents and future focus; (h) recommend to the Board whether to engage an external assurance provider on material sustainability issues and recommend the integrated report for approval.
• Combined Assurance – Ensure a combined assurance model, plan and framework is approved and applied for a coordinated approach to all assurance activities, including:
  • Ensuring that combined assurance is appropriate to address significant risks.
  • Monitoring the relationship between external assurance providers and Management.
  • Monitoring adequacy and effectiveness of combined assurance, including reporting methodology and coverage.
  • Monitoring reporting on the implementation of the combined assurance plan.
• Internal Audit – Oversee internal audit, including:
  • Recommend to the Board the structure of the internal audit function (internal or outsourced).
  • Consider outsourcing the Internal Audit function if necessary.
  • Recommend removal of the Internal Audit service provider when appropriate.
  • Examine and review a rolling strategic internal audit plan based on risk assessment.
  • Monitor performance against plans and intervene where needed.
  • Approve three-year rolling plan, annual internal audit plan, Internal Audit Charter and other policies.
  • Assess objectives, activities, qualifications and adequacy of internal audit resources.
  • Consider significant audit findings and management’s response.
  • Review and approve internal audit quarterly reports and management responses.
  • Annually or as required, meet separately with internal auditors.
  • Review the function of internal audit and ensure cooperation with external audit within the combined assurance model.
  • Annually evaluate independence and effectiveness of Internal Audit and ensure adequate resourcing.
  • Ensure internal audit is subject to independent external quality review.
  • Quarterly monitor outcomes of internal and external quality assurance assessments.
• External Audit – The Committee’s responsibilities include:
  • The Auditor-General is the external auditor of the CSOS and, after consultation, determine standards and scope of audits, and procedures for handling complaints.
  • Discuss with external auditors before the audit commences the terms, nature and scope; monitor independence; review quality and effectiveness of the external audit process; ensure access to the Committee or Chairperson; ensure no restrictions on the auditors.
  • Regularly consult with external auditors about internal controls and financial records; review external audit reports and management responses; discuss significant disagreements; meet with external auditors at planning and reporting stages; and annually meet without management present.
  • Review findings of the audit with the external auditor, including major issues, accounting and audit judgments, and error levels; review representation letters and the management letter and responses; advise on risks in irregular, fruitless and wasteful expenditure; approve external audit plans, budget and scope; monitor implementation of audit recommendations; ensure timely progress towards remediation.
  • Review the scope and outcomes of the audit and the risk management framework’s alignment with the audit findings.
• Risk Management – Oversee risk management including: financial reporting risks; internal control risks; fraud and corruption in reporting; technology and information risks; ESG and sustainability risks; risks in supply chain; whistleblower concerns and investigations; Loss Control Committee and Investigations Register; governance and other organizational risks; ensure key risks are managed effectively and bring critical risks to the Board with recommendations.
• The Committee is responsible for: 1) developing and reviewing a risk management framework and policy, 2) monitoring implementation, 3) disseminating the plan, 4) ensuring the Board reviews a key risks register, and 5) monitoring risk management performance and environmental changes, and ensuring business continuity and information security management processes.
• Information and Technology (IT) – Exercise oversight over IT risks and controls, disaster recovery, information security and privacy, and IT’s role in audit coverage and going concern. This includes:
  • Receiving and reviewing control reports; regular assurance on IT processes incl. cyber security and IT governance.
  • IT controls related to financial reporting, internal controls and fraud/IT risks; monitor IT implementation risks; oversee IT governance and consider appropriate frameworks.
  • Oversee integration of people, technologies, information and processes; assess value delivery of IT investments; manage third-party and outsourced service provider risks; ensure responsible disposal of obsolete technology; promote ethical use of technology and compliance with laws.
  • Recommend for Board approval: ICT Strategy, ICT Governance Terms of Reference, IT Governance Policy and Cyber Security Strategy.
• Stakeholder Engagement – Periodically engage with stakeholders or review stakeholder-related risks, concerns and complaints (e.g., whistleblower channels).
• Ethics – The Committee must oversee ethical compliance, corporate citizenship and the organisation’s ethical culture.
• Appointment of the Chief Audit Executive – The Committee should approve the appointment, employment contract, remuneration and performance agreements/appraisals of the Chief Audit Executive.

• A minimum of a bachelor degree and postgraduate qualification in finance, auditing and/or accounting.
• A Chartered Accountant (CA(SA)) registered with SAICA or equivalent.
• 5 to 10 years management experience in strategic management, risk management and/or auditing/financial, anti-fraud environments; preferably in corporate, public sector or state-owned entities.
• Minimum 2 years’ experience serving on an audit committee in the public sector/state-owned entity environment.
• Valid Driver’s License.

Knowledge required - Position 1:

• Knowledge of Finance/Accounting, Risk Management, Corporate Governance, Public Finance Management Act, Treasury Regulations and public sector governance.
• Knowledge of Internal and External Audit processes.
• High personal and professional ethics.
• Knowledge of Integrated Internal Control Framework.

• A minimum of a bachelor degree or postgraduate qualification in Information Technology, Computer Science, or Information Systems.
• Certification or membership with a recognized professional body (e.g., ISACA, IITPSA) is an added advantage.
• 5 to 10 years management experience in strategic management, risk management, ICT governance and/or anti-fraud environments; preferably in corporate, public sector or state-owned entities.
• Minimum 2 years’ experience serving on an audit committee in the public sector/state-owned entity environment.
• Valid Driver’s License.

Knowledge required - Position 2:

• Knowledge of Risk Management, Corporate Governance, Public Finance Management Act, Treasury Regulations, IT, and public sector governance environment.
• Strong understanding of ICT governance frameworks such as CGICT, COBIT, ISO 27001, and alignment with King IV or V principles.
• Experience in risk management, cybersecurity oversight, and ICT audit or assurance.
• Knowledge of Internal and External Audit processes.
• High personal and professional ethics.
• Knowledge of Integrated Internal Control Framework.

Added advantage:

• A Master’s Degree in any listed field or Administration will be an added advantage.

Closing Date: 06 February 2026

REMUNERATION AND TERM OF APPOINTMENT:

Compensation will be in accordance with rates determined by National Treasury prescripts. Schedules issued annually with specific hourly or daily rates. Other refundable expenses follow CSOS policies in line with National Treasury guidelines.

The term of office for Independent Members shall be three (3) years or until the end of the Board term, subject to annual performance review for renewal.

SUBMISSION OF APPLICATIONS:

Applications, including a cover letter with CV and copies of qualifications. Applications to be received through Direct Hire recruitment system.

ENQUIRIES:

Mr. Sithabiso Mabaso, Senior Manager: Human Capital, tel. (080) 000 0653.

The CSOS reserves the right not to appoint on the advertised positions.

No late applications will be accepted.

Enquiries during office hours – 08:00 – 16:30

Background checks will be conducted on shortlisted candidates. Applicants who do not receive a response within 4 weeks of closing date should regard their applications as unsuccessful.

Privacy Statement:

We comply with the Protection of Personal Information Act; Act No. 4 of 2013. We will use your personal information provided for recruitment purposes only.