OUR GOVERNANCE
Governance of fair, responsible, and transparent remuneration.
The three lines of defence play a complementary role to each other:
Assurance on the effectiveness of internal controls and integrity of information for internal decision-making and external reporting purposes.
Internal Audit (IA) supports the Board and Management to execute their mandate by providing independent and objective assurance, thereby protecting and creating value for a better life.
Internal Audit provides an independent, objective, and continuous evaluation of the Fund’s operations and system of internal controls.
The function reviews, appraises and reports on:
The Internal Audit Charter approved by the Board of Directors, provides the framework that guides activities, purpose, authority, and responsibility of the IA function. IA reports functionally to the Board and administratively to the Managing Director.
The annual risk-based IA audit plan and budget are developed in consultation with Management and approved by the Audit and Risk Assurance Committee of the Board (ARC).
Issues raised in various audit assignments, are reported to both Management for remediation and to the Board Audit Committee (ARC) for oversight. IA makes value adding recommendations to Management and all remedial actions are followed up to completion and independently validated.
During this time of unparalleled change, it is more important than ever that IA continues to provide assurance and advise both Management and the Board on internal controls and risk. Managing change and developing resilience has consequently become an important topic for IA function at the Fund.
Subsequently, the IA team at the Fund has embraced continuous risk assessment, exploratory analytics, automated controls testing, and agile methods as a way of decreasing costs and adding advisory value in the environment.
In the long-term, we recognise that a deeper digital transformation is a requirement. New digital tools and automation technologies are creating a world in which remote internal auditing does not mean compromised quality or plan reductions. Instead, it implies a higher level of functioning.
As the Fund adjusts its operations to cope with the impact of changes, we reprioritise and reassess our audit plans and revisit the risk assessment methodology to respond to the changing landscape.
This includes dialogue and collaboration with key stakeholders to identify emerging, shifting or net-new risks and determining how to work with the business most effectively in planning mitigation strategies. Considering the dynamic environment at the Fund, IA has embraced a dynamic risk assessment which refers to the continuous monitoring of business operations, functions and processes enabled by automation.
The Dynamic Risk Assessment has so far helped us to:
Key emerging risk areas or those that may be significantly altered include:
We have reprioritised the audit plan as soon as possible to provide assurance over the most consequential risks while being cognisant of the impact on operations. This includes determining which audits can be performed remotely versus those that absolutely require an in-person presence.
From an assurance perspective, we have also considered how operational changes will affect the audit timeline. For instance, process owners may need to move their controls to a virtual environment, which takes time.
By utilising tools that enable collaboration and establishing mutually agreed upon protocols, IA has efficiently worked with process owners to gather, and review requested documentation in a remote environment.
As our audit team members find themselves working remotely, the value of exception-based monitoring and analytics-driven process analysis is becoming readily apparent. The IA department has developed capabilities for the audit team to demonstrate greater resiliency and flexibility in the dynamic environment and the team provides inspiration for others to continue their digital journeys.
As the IA mindset shifts towards a virtual operating model, it is imperative that its communication strategies shift as well. We are therefore reviewing our frameworks to modify the frequency and means of communicating with our key stakeholders.
To remain resilient and relevant, the audit team will continue to focus on the key risks and provide assurance where it is most needed by the key stakeholders.
Consequently, the IA team is:
The implementation of a QAIP is to ensure conformance with the definition of IA, the Code of Ethics for internal auditors and the Auditing Standards.
Internal assessments include a comprehensive ongoing and periodic monitoring. The programme incorporates quality assurance processes in the stages of planning, engagement, and reporting.
Annually, the function conducts and reports the results of the internal assessment to the ARC.
Independent and objective external quality assessment evaluates conformance of the IA with the Internal Audit Charter, Code of Ethics, and auditing standards. The last external assessment was conducted in 2018 and the next assessment has been planned for in the FY 2023/24.
The powers to appoint external auditors for Public Institutions (like NSSF) is vested in the Office of the Auditor General of Uganda (OAG). In line with Section 23 of the National Audit Act (2008), the Auditor General may appoint private auditors to assist him/her in the performance of his/her functions under this Act.
Section 32(2) of the NSSF Act gives the Auditor General the mandate to audit its financial statements or by an Auditor appointed by the Auditor General.
Accordingly, the Auditor General re-appointed PricewaterhouseCoopers Limited (PwC) to conduct an annual audit of NSSF for the year ending 30 June 2023. The length of service of external auditors is determined by the appointing authority and the general practice has been for a duration of three years.
The ARC reviews the external audit plan and oversees the relationship between the internal and external auditors to ensure efforts are coordinated.
Financial information used in the report is sourced from the Annual Financial Statements which is assured by our External Auditors.