Exhibit 15.3
Audit and risk committee report
The Companies Act 71 of 2008 (the Act) requires companies to establish an audit committee and prescribes the composition and functions of such a committee. As the mandate of Harmony’s audit committee includes monitoring risk management, it is known as the audit and risk committee.
PURPOSE
Assist the board in discharging its duties on safeguarding assets
Monitor the operation of an adequate system of internal control and control processes
Monitor the preparation of accurate financial reporting and statements in compliance with all applicable legal and corporate governance requirements and accounting standards
Ensure that significant risks facing Harmony are adequately addressed and support the board in its responsibility for the governance of risk.
In terms of the Act, the following members, serving on the committee at 30 June 2013, will be recommended to shareholders for appointment as audit and risk committee members for the ensuing financial year at the company’s annual general meeting:
Name Status Date appointed
John Wetton (chairman) Independent non-executive director 1 July 2011, appointed chairman from 30 November 2011
Fikile De Buck Lead independent non-executive director 30 March 2006
Simo Lushaba Independent non-executive director 24 January 2003
Modise Motloba Independent non-executive director 30 July 2004
Karabo Nondumo Independent non-executive director 3 May 2013
The proposed individuals satisfy the requirements to serve as members of an audit and risk committee as provided for in section 94 of the Act and ensure the committee has adequate and relevant knowledge and experience for the committee to perform its functions. For a detailed account of the qualifications and expertise of the members of the audit and risk committee, please refer to their résumés on pages 56 to 59.
In terms of the audit and risk committee’s formal, approved terms of reference and as part of its function in assisting the board to discharge its duties during the period under review, the committee:
Met five times during the past financial year
Reviewed the company’s quarterly results
Evaluated and considered Harmony’s risks and measures taken to mitigate those risks
Monitored the internal control environment in Harmony and found it to be effective
Discussed the appropriateness of accounting principles, critical accounting policies, management judgements, estimates and the Hidden Valley impairment. These were found to be appropriate
Considered the appointment of the external auditor, PricewaterhouseCoopers Inc. (PwC), as the registered independent auditor for the ensuing year. The committee noted that the current designated partner, Faan Lombard, will oversee the Harmony external audit process for another two years
Satisfied itself through enquiry that the external audit firm, PwC, was independent from the company
Evaluated the independence and effectiveness of the internal audit function and external auditors
Evaluated and coordinated internal and external audit processes
Received and considered reports from the external and internal auditors
Reviewed and approved internal and external audit plans, terms of engagement and fees as well as the nature and extent of non-audit services rendered by the external auditors
Held separate meetings with management and the external auditors
Considered the appropriateness and expertise of the financial director, Frank Abbott, as well as that of the finance function and found all to be adequate and appropriate
Considered whether IT risks are adequately addressed and that appropriate controls are in place to address these risks.
The committee is confident that it complied with its legal, regulatory and other responsibilities assigned by the board under its terms of reference.
The internal audit function reports directly to the audit and risk committee but on administrative matters will in future report to the executive: risk management and services improvement. The internal and external auditors attend the committee’s quarterly meetings and have unrestricted access to the chairman of the audit and risk committee.
On recommendation from the audit and risk committee, the board approved:
The annual financial statements for the year ended 30 June 2013. The audit and risk committee reviewed these to ensure they present a true, balanced and understandable assessment of the financial position and performance of Harmony
The integrated annual report for the year ended 30 June 2013 in accordance with King III and the JSE Listings Requirements
The annual report filed on Form 20-F for subsequent submission to the United States Securities and Exchange Commission (SEC)
The notice of annual general meeting to be held on 5 December 2013.
SHAREHOLDER INFORMATION AND ADMINISTRATION FINANCIALS GOVERNANCE
STRATEGY AND VALUES IN ACTION LEADERSHIP COMMENTARY AND PERFORMANCE GROUP OVERVIEW
HARMONY IN BRIEF
Harmony Integrated Annual Report 2013 73
Governance
Audit and risk committee report continued
The audit and risk committee oversees and monitors the governance of information technology (IT) on behalf of the board in accordance with King III and views this as an important aspect of risk management. Refer to IT governance report included in the supplemental corporate governance report.
In 2012, the committee reported on the comprehensive review of Harmony’s compliance with King III completed in consultation with the auditing firm KPMG in July 2012 and highlighted projects under way to further enhance compliance with King III. Below is a detailed progress report:
Reported in 2012: Progress:
A formal stakeholder policy and stakeholder management plan are being reviewed Finalised
As part of the culture alignment programme, the code of ethics will be reviewed and updated to align with Harmony’s revised value statements. Once reviewed, the revised code will be submitted to the board for approval Finalised
Management is revising the roles and responsibilities for various facets of ethics management (eg board committee responsibilities, fraud risk management). This will include a review and potential redesign of the ethics management programme to address integration and further improve levels of proactive ethical risk management In process
Although combined assurance was applied throughout the year, the process will be formalised into a combined assurance framework and plan In process. To be presented for approval in November 2013
The job specification for the head of internal audit and associated key performance indicators will be developed and submitted to the committee for review and approval. This framework will serve as input into the annual assessment of the internal audit function Finalised. A new head of internal audit has recently been appointed.
The risk management strategy and associated framework were revised. The amended framework and roll-out plan will be submitted to the committee for consideration and approval Finalised
A formalised and functional IT risk register will be enhanced and used by the committee to adequately monitor the company’s IT risks, in line with the revised risk management roll-out plan In process
We will review the current decentralised application of legislative compliance and consider centralising this and/or integrating it into the risk management function to formally address critical regulatory non-compliance risk. In process. As part of our approved planned internal audit coverage, a review to identify Harmony’s regulatory universe is under way. In addition, Harmony’s regulatory compliance strategy will be reviewed to consider the adequacy and effectiveness of the strategy and approach and, if appropriate, identify gaps and provide guidance and recommendations for improvement. Feedback on the outcome will be provided in the FY14 integrated annual report.
The internal audit strategy and associated approach will be revised to align more closely with a risk-based approach and to address enhanced compliance with the Institute of Internal Auditors (IIA) standards. An updated internal audit charter will be presented to the audit and risk committee for its consideration and approval. In process. The internal audit charter has been updated and approved.
For further compliance with the requirements of King III, refer to page 64. John Wetton Audit and risk committee chairman
25 October 2013 74