Kumba Iron Ore - Statement of internal control

QUICKLINKS

	Statement of compliance
	Role of the board
	Board composition
	Directors’ attendance
	Frequency and attendance of meetings
	Board evaluation
	Induction and training
	Company secretary
	Committees of the board
	Risk Management
	Statement of internal control

Corporate governance

Statement of internal control

The executive committee is responsible for establishing a system of internal control to manage significant group risks. The board’s approach to risk management encompasses all significant business risks to the group, including financial, operational and compliance risk, which could undermine achieving business objectives.

There is clear accountability for risk management, which is a key performance area for line managers throughout the group. The requisite risk and control capability is assured through the board challenge, and appropriate management selection and skills development. Managers are supported in fulfilling their risk responsibilities through an integrated risk management policy and guidelines on risk and control management.

Continuous monitoring of risks and control processes provides the basis for regular and exception reporting to business management and the boards of subsidiary companies, the executive committee and the board. Risk assessment and reporting criteria are designed to provide the board with a consistent perspective of key risks. Reports to the board, submitted via the audit and risk committee, include an assessment of the likelihood and impact of risk materialising, as well as mitigation initiatives and their effectiveness.

The system of internal control, which is embedded in all key operations, provides reasonable, rather than absolute, assurance that the group’s business objectives will be achieved within the risk tolerance levels defined by the board. Kumba seeks to have a sound system of internal control, based on group policies, in all material associates and joint ventures. In those companies that are independently managed, directors represented on these organisations’ boards seek assurance that significant risks are being managed.

The group’s internal audit function has a formal collaboration process in place with the external auditors to ensure efficient coverage of internal controls. The internal audit function is responsible for providing independent assurance to the executive committee and the board on the effectiveness of the risk management process throughout the group.