Internal control & risk management

Our system of internal control assists in ensuring that the Board and management are able to fulfill our business objectives. An effective internal control framework contributes to safeguarding the shareholders' investment and our assets.

The objective of our internal control framework is to ensure that internal controls are established, properly documented, maintained and adhered to in each functional department.

Internal controls need to be embedded in the normal day-to-day management, operational and support processes.

Internal control system is broadly defined as a process, effected by the Board of Directors, management and employees, designed to provide reasonable assurance regarding the achievement of objectives in the following categories:

  1. Risk Management initiatives: Ensure identification & addressing of risks which may prevent the achievement of our overall business objectives
  2. Effectiveness and efficiency of operations:  Addresses our basic business objectives, including adherence to performance standards and the safeguarding of resources
  3. Reliability of financial reporting: Ensures that reliable financial statements and other financial information are presented to the Board, shareholders and Senior Management
  4. Compliance with applicable laws and regulations: Covers laws and regulations to which we are subject to, in order to avoid damage to reputation or fines/penalties.
  • The fundamental concepts associated with Internal control are:
  • Internal control system is a process. It's a means to an end, not an end in itself.
  • Internal control system is effected by people at every level of an organization.
  • Internal control system can be expected to provide only reasonable assurance, not absolute assurance, to du's Audit committee as delegated by the Board of Directors.

The Audit Committee as delegated by the Board of Directors of du in conjunction with the Chief Executive Officer (CEO) of du has established an independent Internal Control Department to be led and managed by Senior Vice President - Internal Control

RISK MANAGEMENT

The Risk Management function at du is accountable to the Board and Audit Committee for developing, maintaining and implementing the Risk Management framework, strategy and high level policy; In addition to communicating to the Audit Committee and the Executive Management the key risk management issues and recommendations for improvement.

We consider risk management as a core competency throughout the organisation. We are committed to maintaining risk management systems and enhancing the organisation’s ability to manage uncertainty by protecting our assets and safeguarding shareholders interests whilst ensuring compliance with applicable laws and regulations.

Our risk Management framework was adopted in 2008 and is based on the Enterprise Risk Management Framework (ERM) of the Committee of Sponsoring Organizations of the Treadway Commission, consistent with international best practice. The ERM framework was designed to ensure consistency in the application of ERM in identifying, assessing, monitoring and reporting risks across the organisation.  A Corporate Risk Agenda is undertaken annually with the CEO and Executive Management team to determine and evaluate the potential exposures facing du. This ensures that risk management is closely aligned with the Company’s strategic themes and objectives, reported to the Audit Committee, and ensuring that action plans are in place to address the risks identified.

The Board is ultimately the Executive Sponsor of Risk Management and through its Audit Committee is responsible for overseeing and enforcing the ERM Process. They also maintain a keen interest in assessesing the effectiveness of the overall process for identifying, assessing and addressing the relevant risks, and providing its view to the CEO and Executive Committee.