The Rainbow Nation’s Governance and Risk Management Scorecard

This last week, a keen reader sent McLeod Governance a fascinating report on the state of corporate governance, risk management and internal audit in South Africa.

The report titled Corporate Governance and Risk Management Index – An Internal Audit Perspective was recently released by the Institute of Internal Auditors in South Africa and it starts by putting the assessment in context:

The King Codes on Governance are widely recognised as having set the benchmark for corporate governance internationally, and South Africa often features strongly in global governance reports.

Now before we see whether the Rainbow Nation lives up to those lofty ideals, the reason why the report is featuring as our Report of the Week is not only the findings discussed below.

Equally the report provides an excellent framework for all organisations to assess the performance  in these areas.

It is rare that an internal audit function undertakes such an inwardly focused examination of the structures that it seeks to serve and therein lies the benefit of such as study as this.

As to the findings from the analysis.

Whilst there were some pleasing results in the areas of perceived and actual independence of internal audit and the tone set at the top, there were serious failings in the areas of:

Information Communications Technology

Only 32% strongly agreed that their ICT was aligned to the performance and sustainability objectives of the organisation.

Combined Assurance

Firstly a refresher on what King meant by combined assurance – integrating and aligning assurance processes in a organisation to maximise risk and governance oversight and control efficiencies, and optimise overall assurance to the audit and risk committee, considering the company’s risk appetite.

Only 35% of respondents strongly agreed that they were competent in using this framework.

Risk Management

Less than half were strongly confident that their risk management was adequate.

As the report helpfully points out:

This implies that almost 60% of respondents either do not believe that their risk management practices are adequate or else they cannot say  with certainty that their risk management is adequate.

Audit Committee Effectiveness

Little more than half of all respondents (54%) strongly agreed that their audit committees were effective.


The challenges shown by this report are not presented to mock the efforts to date of the South African governance community.

Rather it is to paint a path of where their future should lie.


Download PDF

Subscribe to Receive Our Email Updates

  • This field is for validation purposes and should be left unchanged.