|

Governance and Remuneration:

Audit and Risk
Committee Report

Mr Desmond Smith

Chairperson of the Audit and Risk Committee

As Chairperson of the Audit and Risk Committee, I am pleased to present this report for the financial year ended 31 March 2019 which provides insight into how the Audit and Risk Committee discharged its responsibilities during the reporting period and the significant matters it considered in doing so, together with the priorities anticipated for the next financial year.

COMMITTEE COMPOSITION AND MEETINGS

The Audit and Risk Committee is comprised solely of independent non-executive Directors, whose names and attendance records are set out in Table 1 below. Detailed information on each member’s experience, skills and qualifications can be found in Board of Directors. The Board regards each member as possessing recent and relevant financial experience and the appropriate level of independence, enabling them to provide oversight and challenge, and obtain a full explanation from management, the Internal Audit function or the external auditor on any matter considered necessary. The Board is also satisfied that the Audit and Risk Committee as a whole has the required sector-specific competence, knowledge and experience to exercise its duties in an effective, informed and responsible manner.

TABLE 1: Committee composition and meeting attendance

Notes
1 The composition is shown as at 31 March 2019. There were no changes to the composition during the year.
2 The attendance reflects the number of scheduled meetings held during the financial year. One additional ad hoc meeting was held during the financial year and one meeting has been scheduled between the Company’s financial year-end and the Last Practicable Date; both these meetings were attended by all members.
3 Mr Grieve was unable to attend one scheduled meeting owing to a prior commitment which could not be changed.

As announced on 15 November 2018, Mr Desmond Smith will retire as a Director of the Company at the conclusion of the Company’s AGM scheduled for 24 July 2019 and will not seek re-election. Mr Smith will also step down from all Board committees at that time. Mr Alan Grieve, who has been a member of the Audit and Risk Committee since February 2016, will succeed Mr Smith as Chairperson of the Audit and Risk Committee (and as SID), effective from the date of Mr Smith’s resignation.

The Audit and Risk Committee normally holds four meetings during the financial year, with one of these meetings being dedicated primarily to an extensive review of risk-related matters.

Dr Ronnie van der Merwe (CEO), Mr Jurgens Myburgh (CFO) and Mr Gert Hattingh (Chief Corporate Services Officer) attend all meetings. Other attendees differ from time to time and may include Dr Edwin Hertzog (Board Chairman), Mr Pieter Uys (alternate to Mr Jannie Durand), Dr Dirk Le Roux (Chief Information Officer), Mr Glenn Ho (Group General Manager: Internal Audit), Mr Martin Rossouw (Group General Manager: Risk Services) and other relevant management members, as and when their specialist knowledge is required. Representatives from the external auditor are invited to attend all meetings.

From 1 January 2018 to 30 May 2018, as part of the handover arrangements for Dr Van der Merwe succeeding Mr Danie Meintjes as CEO, both Mr Meintjes and Dr Van der Merwe were invited to attend meetings as CEO and CEO Designate respectively. In addition, following Mr Ho’s appointment as Group General Manager: Internal Audit on 1 July 2018, as part of the transition arrangements, the Company’s former internal auditor (Remgro Internal Audit) continued to attend meetings as necessary for the remainder of the 2019 financial year.

Each scheduled meeting takes place prior to a Board meeting, at which the Chairperson of the Audit and Risk Committee provides a report of the Audit and Risk Committee’s activities. The Audit and Risk Committee met privately without management present after each scheduled meeting. In addition, it meets separately with the external auditor, the Internal Audit function and senior management to allow any issues of concern to be raised by, or with, each party.

KEY AREAS OF ACTIVITY

During the financial year under review and between the financial year-end and the Last Practicable Date, the Committee continued to provide oversight and challenge in relation to the following matters within the Group:

  • Financial reporting
  • Internal control systems, risk management processes and related assurance activities
  • Internal audit
  • External audit
  • Ethical conduct, governance and compliance

The following sections of this report explain the work that it has undertaken under each of those headings and the resultant outcomes. The Audit and Risk Committee’s terms of reference are available in the governance section of the Company’s website and are summarised in the Corporate Governance Statement.

Financial reporting

The Audit and Risk Committee’s principal responsibility in this area is to review and challenge management’s approach to significant judgments and ensure the integrity of the Group’s financial reporting, including annual and interim reports and financial statements and announcements regarding the Company’s financial performance. The key financial reporting activities undertaken are set out below.

April 2018

  • Considered the impairment assessment at Hirslanden

May 2018

  • Considered the external auditor’s 2018 year-end audit report and opinion
  • Considered the financial performance of the Group and each division, including debt covenants
  • Considered and satisfied itself with the approach adopted for significant accounting policies, key accounting items, areas of significant judgments, and material assumptions and estimates
  • Reviewed and confirmed the going concern status, the long-term viability assessment and the supporting stress testing analysis, and recommended them for approval by the Board
  • Considered the final dividend proposal and recommended it to the Board for approval by the shareholders
  • Reviewed the key tax considerations across the Group, together with the disclosures made in the 2018 Annual Report
  • Considered the use of adjusted measures by the Group and ensured their appropriateness (including the items of income or cost included or excluded from their calculation)
  • Considered and approved the Audit and Risk Committee Report for inclusion in the 2018 Annual Report
  • Considered the 2018 Annual Report and financial statements, including the confirmation of fair, balanced and understandable reporting and recommended these for approval by the Board
  • Considered the preliminary results announcement and recommended these for approval by the Board
  • Considered the 2018 notice of annual general meeting and recommended it for approval by the Board
  • Reviewed the key tax considerations across the Group

November 2018

  • Considered the external auditor’s interim review findings
  • Considered the financial performance of the Group and each division, including debt covenants
  • Considered and satisfied itself with the approach adopted for significant accounting policies, key accounting items, areas of significant judgment and any material assumptions or estimates
  • Reviewed and confirmed the going concern status and recommended its adoption for approval by the Board
  • Considered the interim dividend and recommended it for approval by the Board
  • Considered the use of adjusted measures by the Group and ensured their appropriateness (including the items of income or cost included or excluded from their calculation)
  • Considered the interim financial statements and results announcement, including the confirmation of fair and balanced reporting
  • Reviewed the key tax considerations across the Group and the Group tax strategy, and recommended the latter for approval by the Board

March 2019

  • Considered the external auditor’s pre-year-end report on accounting, auditing and control matters
  • Considered the significant accounting policies, including the implementation of IFRS 9 and IFRS 15 and the corresponding transition disclosures and the impact assessment of IFRS 16
  • Considered the preliminary going concern and long-term viability assessment, together with the supporting stress testing analysis
  • Reviewed the key tax considerations across the Group
  • Conducted an annual review of the Finance function
  • Considered the actions taken by management in response to governance and reporting good practice

May 2019

  • Considered the external auditor’s 2019 year-end audit report and opinion
  • Considered the financial performance of the Group and each division, including debt covenants
  • Reviewed the key tax considerations across the Group, together with the disclosures made in the 2019 Annual Report
  • Considered and satisfied itself with the approach adopted for significant accounting policies, key accounting items, areas of significant judgments (including impairment assessments), and any material assumptions or estimates
  • Reviewed and confirmed the going concern status, the long-term viability assessment and the supporting stress testing analysis, and recommended them for approval by the Board
  • Considered the final dividend proposal and recommended it to the Board for approval by the shareholders
  • Considered the use of adjusted measures by the Group and ensured their appropriateness (including the items of income or cost included or excluded from their calculation)
  • Considered and approved the Audit and Risk Committee Report for inclusion in the 2019 Annual Report
  • Considered the 2019 Annual Report and financial statements, including the confirmation of fair, balanced and understandable reporting, and recommended these for approval by the Board
  • Considered the preliminary results announcement and recommended these for approval by the Board
  • Considered the notice of AGM and recommended it for approval by the Board

The Audit and Risk Committee, together with management and the external auditor, paid particular attention to the following matters:

  • The financial performance of the Group’s divisions and the Group as a whole, in the context of the agreed budget for the year and guidance provided to investors, together with the key drivers of the Group’s performance.
  • The significant accounting policies and practices adopted by the Group, including the new accounting and reporting requirements introduced by IFRS 9 Financial Instruments, IFRS 15 Revenue from Contracts with Customers and IFRS 16 Leases, and their impact on the Group’s financial statements for the financial year ended 31 March 2019.
  • Key accounting items and areas of significant judgment, together with any material assumptions and estimates adopted by management.
  • Areas of discussion where there was discussion with the external auditor and the existence of any errors, adjusted or unadjusted, resulting from the audit.
  • The clarity of disclosures and compliance with relevant accounting standards and financial and governance reporting requirements, including the reporting recommendations published by the FRC during the financial year.
  • Outstanding tax matters, any tax risks and the assurances received from the Company’s tax advisors as part of the year-end audit, together with progress on country-by-country tax reporting and transfer pricing documentation. The Audit and Risk Committee also reviewed and recommended the Group tax strategy to the Board for approval. The strategy is published on Mediclinic’s website and a summary is available in the Financial Review in this Annual Report.
  • The processes followed to ensure the integrity of the information provided in the annual and interim reports and assurance that the 2019 Annual Report presents a fair, balanced and understandable assessment of the Group’s position and prospects.

Significant financial reporting matters

Table 2 below sets out the principal areas of judgment in relation to the 2019 interim and annual financial statements, which the Audit and Risk Committee discussed with management and the external auditor.

TABLE 2: SIGNIFICANT ISSUES CONSIDERED AND STEPS TAKEN

Significant
Issues Considered
Steps taken by the AUDIT AND RISK Committee

Goodwill and non-financial assets (CGU level) impairment reviews

(see notes 6 and 7 to the consolidated financial statements)

The Audit and Risk Committee reviewed:

  • the impairment assessment of the carrying amount of the Middle East goodwill;
  • the impairment assessment of the carrying amount of Hirslanden’s brand names; and
  • the assessment as to whether an indication existed that non-financial assets at an individual CGU level might be impaired, and the subsequent impairment test of the Swiss CGUs including property valuations and the goodwill arising from the acquisition of Clinique des Grangettes.

It reviewed the key assumptions to the impairment review performed, which included the cash flows derived from the annual financial planning process, long-term growth rates and the discount rates. Long-term growth rates for periods not covered by the forecast periods were challenged to ensure they were appropriate in the countries relevant to the divisions.

Based on its challenge of the key assumptions and associated sensitivities, the Audit and Risk Committee concluded that the carrying value of the Middle East goodwill was appropriately supported by the recoverable amount calculated.

It concurred with the impairment charges that arose in the Swiss division because of the disappointing performance and changes in the market and regulatory environment that affected key inputs to the calculation of the recoverable amount.

It considered the sensitivities to changes in assumptions and the related disclosures required by IAS 36 Impairment of Assets.

The Audit and Risk Committee discussed the external auditor’s feedback and considered its conclusion regarding the impairment charge recorded.

Considering all of the above, management responses and the external auditor’s views, the Audit and Risk Committee was satisfied that the assumptions used were reasonable and that the impairment charges, together with related disclosures, were appropriately presented.

Impairment review of equity investment in Spire

(see note 8 to the consolidated financial statements)

The Audit and Risk Committee reviewed the impairment tests of the equity investment in Spire.

It reviewed the key assumptions, which included the forecast cash flows, long-term growth rates and the discount rate. These were based on valuation work by two global investment banks.

It noted that a significant impairment had arisen at 30 September 2018 because of revised guidance issued by Spire.

The Audit and Risk Committee further considered the updated full-year financial results, further announcements and guidance issued by Spire and Mediclinic’s independent view about Spire’s future trading prospects, as well as the sensitivities to changes in assumptions and the related disclosures required by IAS 36 Impairment of Assets.

Based on its challenge of the key assumptions and associated sensitivities, the Audit and Risk Committee concurred with the impairment charge taken at 30 September 2018 and that no further impairment charge or reversal of impairment charge was required at 31 March 2019.

Purchase price allocation of the Clinique des Grangettes acquisition and related put option liability

The Audit and Risk Committee reviewed and was satisfied with the purchase price allocation performed in respect of the Clinique des Grangettes acquisition including the recognition of a put option liability. It noted that EY had performed an independent valuation of the intangible assets and the Committee was satisfied that a rigorous process was followed.

The Audit and Risk Committee was presented with management’s considerations and feedback from the external auditor on procedures performed.

It was satisfied that a rigorous process was followed in identifying and considering the alternative intangible asset categories and that the significant intangible asset was reasonably valued, applying appropriate judgment.

Adoption of IFRS 9 Financial Instruments and IFRS 15 Revenue from Contracts with Customers

The Audit and Risk Committee reviewed the first-time adoption of IFRS 9 and IFRS 15 and the related disclosures in the Group’s annual financial statements.

It considered the appropriateness and disclosure of the classification and measurement of financial instruments and the quantification of the impairment provision of trade receivables under the expected loss model as required by IFRS 9.

It also considered the disclosure of revenue including an assessment of the agent versus principal criteria in relation to medical practitioners.

Swiss pension fund liabilities

(see note 18 to the consolidated financial statements)

The Audit and Risk Committee reviewed the main valuation assumptions such as discount rates, mortality and inflation rate applied in the valuation of the pension fund plan assets and obligations.

The principal valuation assumptions prepared by external actuaries and adopted by management were considered in the light of prevailing economic indicators.

Classification and presentation of exceptional items

The Group uses non-IFRS measures in evaluating performance and as a method to provide clear and consistent reporting. Judgment is required in determining whether an item is exceptional. For the financial year ended 31 March 2019, the exceptional items (after taking related tax and deferred tax into account) amounted to £349m (£413m before tax) of which £194m (£241m before tax) related to impairment charges.

Refer to the Financial Review for details of the exceptional items. Exceptional items were evaluated based on their nature to assess whether their classification and presentation was in line with the Group’s policy and guidance from the FRC.

The Audit and Risk Committee reviewed management’s application of the policy for consistency with previous accounting periods. It also assessed whether the disclosures within the Financial Review and the interim and preliminary results announcements provided sufficient detail to understand the nature of these items.

It was satisfied that the amounts classified as exceptional items were reasonable in all material respects and the related disclosure of these items in the Financial Review and results announcements was appropriate.

The Audit and Risk Committee was satisfied that all adjusted measures were appropriately labelled and reconciled to the equivalent statutory measures and it found the related disclosures to be clear and transparent.

Impact assessment of IFRS 16 Leases

(see note 2.26 to the consolidated financial statements)

Key matters reviewed by the Audit and Risk Committee included the detailed impact assessment of IFRS 16, such as the quantification of lease liabilities, right-of-use assets and the impact on the Group’s 2020 income statement.

The quantification and consideration of the impact on the Group’s financial statements for the 2020 financial year, together with the associated disclosures and the approach taken in the IFRS 16 transition project, were considered and accepted as appropriate.

Going concern and viability statement

(see Viability statement)

The Audit and Risk Committee monitors the Group’s robust risk management process and system of internal control via a mandate from the Board (see Corporate Governance Statement). The principal risks as detailed in Risk management, principal risks and uncertainties were identified by these systems and, for the purposes of the viability assessment, severe but plausible scenarios reflecting the risks that could impair the viability of the Group were identified for each of the divisions to form the basis for stress testing.

This analysis showed that the business, in its geographically diverse portfolio, would be able to withstand any individual and certain combinations of the severe but plausible scenarios by taking management action, ceteris paribus, with the key mitigating steps being a reduction in discretionary investment, cost management initiatives, drawdown of overdraft facilities and improvement in net working capital days. The Audit and Risk Committee therefore has a reasonable expectation that the Group will be able to continue in operation and meet its liabilities as they fall due over the five-year period of their detailed assessment, ending in 31 March 2024.

Having considered the principal risks and the viability assessment, the Audit and Risk Committee also considered it appropriate to adopt the going concern basis of accounting in preparing the financial statements.

FAIR, BALANCED AND UNDERSTANDABLE REPORTING

Throughout the year, the Audit and Risk Committee (and in certain instances, the Board) reviewed the Group’s external financial reports and other announcements relating to its financial performance to ensure that these presented a fair, balanced and understandable assessment of the Company’s position and prospects. The Audit and Risk Committee also reviewed the use of adjusted measures by the Group and ensured that these were appropriate for aiding users of the Group’s financial statements to better understand its performance year on year (including items included or excluded from calculation).

At the request of the Board, the Audit and Risk Committee reviewed a full draft of this Annual Report, together with a summary of management’s approach to the preparation of the narrative sections and the annual financial statements. It considered whether there was consistency between the key messages in this Annual Report and the Group’s position, performance and strategy, and between the narrative sections and the annual financial statements. The Audit and Risk Committee also considered whether all key events reported to the Board and its committees during the year, both good and bad, were adequately reflected. Feedback from the Audit and Risk Committee on areas that would benefit from further clarity was incorporated into this Annual Report ahead of final approval.

Following its review, the Audit and Risk Committee advised the Board that, in its opinion, this Annual Report, taken as a whole, was fair, balanced and understandable and representative of the financial year under review, and that it provided the information necessary for stakeholders to assess the Group’s position, performance, business model and strategy.

INTERNAL CONTROL SYSTEMS AND RISK MANAGEMENT PROCESSES

The Group upholds an effective control environment, including a comprehensive system of internal controls which is designed to ensure the accuracy and reliability of the Group’s financial reporting, that risks are mitigated and that the Group’s objectives are attained. The key features of the system include appropriate and well-defined delegations of authority, clear lines of accountability, policies and procedures covering financial planning and reporting, and monitoring mechanisms. Management is responsible for establishing and maintaining adequate internal controls, while the Board, via the Audit and Risk Committee, is responsible for ensuring the efficacy of these controls and that appropriate actions are taken to correct deficiencies when they are identified.

During the year, the internal control environment was enhanced by establishing an in-house Internal Audit function, which works closely with the Group Risk Management function (refer to section below on Internal Audit). The Group’s compliance process forms an integral component of the Group’s risk management and internal controls programme. The Compliance Officer is supported by company secretaries at Group and divisional levels, as well as by internal legal advisors who are responsible for providing guidance in respect of compliance with applicable legislation and regulations.

Effectiveness of risk management process and system of internal control

The Board retains overall responsibility for determining the risk appetite of the Group, overseeing the risk management processes and internal controls implemented throughout the Group, reviewing their effectiveness and reporting on the outcome of their review in the annual report. Details of the Group’s principal risks and uncertainties and risk management processes and of the key features of the Group’s internal control systems are set out in the Risk management principle risks and uncertainties section of this Annual Report.

The Board has delegated responsibility for monitoring and reviewing the effectiveness of the Group’s risk management processes and internal controls to the Audit and Risk Committee. This covers all material controls including financial, operational and compliance controls and risk management systems. In discharging the responsibilities delegated by the Board, the Audit and Risk Committee is supported by the internal audit and management reports.

Internal assurance is provided through self-assessments, supported by various peer reviews and self-assessment control processes. Further assurance is provided through the delivery of the internal audit plan, which is developed by the Internal Audit function with input from management. Recommendations arising from internal audits are communicated to the relevant business areas and their implementation is tracked by the function. The Audit and Risk Committee receives regular reports on progress against the internal audit plan and corrective actions taken by management in response to internal audit findings. In addition, where appropriate, the Group seeks external assurance from independent external experts. The internal control environment is also evaluated during the annual external audit. The results of all these assurance processes are monitored by the Group’s Risk Management function and reported to the management team of each division and the Group.

The Audit and Risk Committee also receives reports from management on a range of issues focused primarily on the key risks identified in the ERM dashboard, as well as fraud and ethics matters (including any instances of whistleblowing). It also receives reports and considers the activities of the internal and external auditors. The Audit and Risk Committee provides regular updates to the Board on these matters.

The Audit and Risk Committee conducted a robust review of the principal risks and uncertainties faced by the Group and of the efficacy of the risk management processes and system of internal controls in place within the Group for the year under review and up to the Last Practicable Date, in accordance with the requirements of the Guidance on Risk Management, Internal Control and Related Financial and Business Reporting published by the FRC. The key activities undertaken by the Audit and Risk Committee in respect of its work in this area are set out below.

April 2018

  • Considered progress on implementation of data privacy project (including GDPR)

May 2018

  • Considered the report on internal control systems and risk management processes included in the 2018 Annual Report and recommended it for approval by the Board
  • Considered and approved the amended ERM Policy
  • Considered and confirmed that there were no material changes to the principal risks and uncertainties identified at the March 2018 meeting and recommended these for approval by the Board
  • Considered management’s reports on: progress regarding the implementation of the Group-wide data privacy project (including GDPR); key IT projects; and fraud and ethics matters (including any instances of whistleblowing)

September 2018

  • Considered management’s reports on the ERM dashboard and status report, including changes to key risks across the Group, risk ratings and progress against risk management plans
  • Considered and approved the Group Information Security Management Policy and conducted an in-depth review of IT-related risks, including the governance and status of key IT projects
  • Conducted other in-depth reviews covering: corporate and tax structures across the Group; the Group-wide data privacy protection project (including GDPR); and clinical risk management processes
  • Considered management’s reports on the status of regulatory compliance across the Group; and fraud and ethics matters (including any instances of whistleblowing)

November 2018

  • Considered the principal risks and uncertainties and recommended these for approval by the Board
  • Considered the combined assurance processes established for IT projects aimed at adapting the Group to the evolving global healthcare environment
  • Considered the outcome of the Group’s 2018 cyber governance health check; the cyber incident response plan and steps being taken to enhance the Group’s cyber protection arrangements. The Committee recommended the cyber incident response plan to the Board for approval
  • Considered and noted the Group Tax Policy compiled by management
  • Considered management’s report on fraud and ethics matters (including any instances of whistleblowing)

March 2019

  • Conducted a robust assessment of the Group’s risk management processes and internal control systems, principal risks and uncertainties and mitigating actions, including: the ERM framework, ERM Policy and risk appetite statement; top risks; other topical risk areas; and the ERM plan for the 2020 financial year. The Committee took into consideration the control matters reported in the in auditors pre-year-end report
  • Considered the preliminary going concern and long-term viability assessment, together with the supporting stress testing analysis
  • Considered the Fraud Risk Management Policy and management’s report on fraud and ethics matters (including any instances of whistleblowing)
  • Considered the Treasury Policy and procedures
  • Group Information Security Management Policy
  • Cyber incident response plan
  • Data Privacy and Data Protection Policy
  • Considered the Group’s key insurance policies
  • Considered the Group Regulatory Compliance Policy and management’s report on assurances obtained in respect of compliance matters and the programme for the 2020 financial year

May 2019

  • Considered the report on internal control systems and risk management processes included in this Annual Report, taking into account the control matters notes in the external auditor’s report and recommended it for approval by the Board
  • Considered the report on principal risks and uncertainties and mitigating actions included in this Annual Report and recommended these for approval by the Board
  • Considered management’s report on fraud and ethics matters (including any instances of whistleblowing)
  • Considered management’s report on cybersecurity risks and monitoring

The key areas examined by the Audit and Risk Committee during the year included:

  • the ERM Policy, framework and processes, including the Group’s risk appetite and action plans designed to mitigate risks in line with the Group’s risk appetite statement;
  • further strengthening of the combined assurance model by integrating the reports received on financial, operational, clinical and compliance internal control systems and risk management processes, together with the corresponding key performance indicators and sources of internal and external assurances;
  • the governance arrangements and progress on implementation of IT projects aimed at adapting the Group to the evolving global healthcare environment, such as HIT2020 in Hirslanden and the Intersystems EHR in Mediclinic Middle East;
  • progress on the implementation of a comprehensive data privacy project across the Group (including GDPR);
  • key ICT risks including cybersecurity, project delivery, information protection, architecture and quality of IT systems, and application control and change risks and steps taken by management to mitigate these risks; and
  • the control findings raised by the external auditor.

The review confirmed that there were no significant failings or weaknesses and that processes were in place to ensure that the necessary actions were taken, where areas for improvement were identified, and that these outcomes were monitored. The Board, via the Audit and Risk Committee is therefore satisfied that the Group has an internal control and risk management environment that is effective in ensuring the consistent achievement of key control objectives and appropriately mitigating the significant risks faced by the Group.

INTERNAL AUDIT

As stated in the 2018 Annual Report, the Audit and Risk Committee approved the appointment of a Group General Manager: Internal Audit with effect from 1 July 2018 in order to establish an in-house Internal Audit function. As part of the arrangements designed to ensure a gradual and smooth transition of responsibilities from Remgro Internal Audit to the new in-house function, Remgro Internal Audit continued to provide internal audit services to the Group until May 2019.

The key topics relating to internal audit considered by the Audit and Risk Committee during the year are set out below.

May 2018

  • Considered the internal audit report for the 2018 financial year, including annual review of the effectiveness of the Group’s internal controls and risk management processes
  • Considered the updated internal audit plan for the 2019 financial year
  • Privately consulted with the internal auditor, without management
  • Privately consulted with management, without the internal auditor

September 2018

  • Considered an update on internal audit
  • Discussed employment and resourcing arrangements

November 2018

  • Considered the internal audit report and findings, including progress on the internal audit plan for the 2019 financial year
  • Considered plans to increase internal staffing

March 2019

  • Reviewed the internal audit report, internal audit mandate and Internal Audit function
  • Privately consulted with the internal auditor, without management
  • Privately consulted with management, without the internal auditor

May 2019

  • Considered the internal audit report, including the annual review of the effectiveness of the Group’s internal controls and risk management processes
  • Privately consulted with the internal auditor, without management
  • Privately consulted with management, without the internal auditor

The Internal Audit function, which reports functionally to the Audit and Risk Committee and administratively to the Chief Corporate Services Officer, is responsible for undertaking risk-based reviews across the Group, examining the internal controls and management of risks relating to the financial, operational and clinical performance, IT and compliance activities of the Group. Its responsibilities also include conducting an annual documented review of the effectiveness for the Board of the system of internal controls and risk management. The Audit and Risk Committee receives regular reports on the activities and key findings of the function and the status of management’s implementation of recommendations.

During the year, the Internal Audit function completed and reported to the Audit and Risk Committee on audits and reviews across the Group, which focused particularly on the human resources and payroll cycle. A cycle of clinical audits was also implemented to provide assurance on agreed clinical risk areas. In addition, internal audits were performed at a high-level on certain business projects aimed at adapting the Group to the evolving global healthcare environment. The Audit and Risk Committee provided feedback on the findings and recommendations made and also considered the Internal Audit function’s annual written assessment of the effectiveness of the Group’s internal controls and risk management processes. Following discussion with the function and management, the Audit and Risk Committee confirmed to the Board that it is satisfied with the effectiveness and efficiency of the function, reliability of financial reporting and compliance with applicable legislation and regulations.

One of the principal duties of the Audit and Risk Committee is to review and approve the internal audit plan. The plan is set on a three-year rolling basis and the focus areas are determined and updated in line with:

  • the internal audit mandate;
  • the Group’s ERM dashboard;
  • strategic and operational initiatives aimed at growing and preserving value;
  • the results of previous internal audits and reviews of the effectiveness of internal controls and risk management systems;
  • significant changes in the business, operations, ICT programmes, systems and controls;
  • requests from management and the Audit and Risk Committee;
  • new developments in organisational governance; and
  • emerging risks and trends.

The internal audit plan approved by the Audit and Risk Committee for the 2020 financial year will focus on risks linked to business and IT projects aimed at adapting the Group to the evolving global healthcare environment, cyber and security risks, medical technology risks, clinical audits, data privacy audits and procurement audits, as well as a range of financial controls.

A key aspect of the Audit and Risk Committee’s work during the year was to ensure the adequate staffing and resourcing of the in-house Internal Audit function to allow for a smooth transition away from Remgro Internal Audit. A high-level assessment of the function conducted in March 2019 recognised that it had been in operation for less than nine months, with most of the internal audit employees joining Mediclinic during February 2019. The Audit and Risk Committee was satisfied with the effectiveness, independence, resourcing and standing of the Internal Audit function within the Group and the progress made in establishing the function.

EXTERNAL AUDIT

The Audit and Risk Committee, on behalf of the Board, is responsible for the relationship with the external auditor. PricewaterhouseCoopers LLP was appointed as the Company’s external auditor in February 2016, as approved by the Company’s shareholders in December 2015. The lead audit engagement partner is Mr Giles Hannam who was appointed in February 2016. The external auditor is invited to all Audit and Risk Committee meetings and receives copies of all relevant papers and meeting minutes.

The key topics considered by the Audit and Risk Committee during the year in relation to the external audit are set out below.

May 2018

  • Considered the external auditor’s year-end audit report and opinion
  • Evaluated the external auditor’s performance, focusing on its independence and the objectivity and effectiveness of the external audit process
  • Considered and recommended the external auditor’s re-appointment
  • Considered the non-audit services expenditure for the 2018 financial year
  • Considered and approved the non-audit services thresholds for the 2019 financial year
  • Privately consulted with the external auditor, without management
  • Privately consulted with management, without the external auditor

September 2018

  • Considered relevant statutory, regulatory and good practice developments
  • Privately consulted with only the Audit and Risk Committee members present

November 2018

  • Considered the external auditor’s interim review report
  • Considered and approved the external audit plan for the 2019 financial year, including the proposed materiality threshold, the scope of the audit, the significant audit risks and fees and the corresponding engagement letter
  • Considered the non-audit services expenditure for the 2019 financial year to date
  • Considered and approved the revised non-audit services thresholds for the 2019 financial year
  • Privately consulted with the external auditor, without management
  • Privately consulted with management, without the external auditor

March 2019

  • Considered the external auditor’s pre-year-end report on accounting, auditing and control matters
  • Considered and approved the 2019 financial year audit fees
  • Considered and approved the policy on the external auditor’s independence and non-audit services
  • Considered the non-audit services expenditure for the 2019 financial year to date
  • Considered and approved the non-audit services thresholds for the 2020 financial year
  • Privately consulted with the external auditor, without management
  • Privately consulted with management, without the external auditor

May 2019

  • Considered the external auditor’s year-end audit report and opinion
  • Evaluated the external auditor’s performance, focusing on its independence and the objectivity and effectiveness of the external audit process
  • Considered and recommended the external auditor’s re-appointment
  • Reviewed the non-audit services expenditure for the 2019 financial year
  • Privately consulted with the external auditor, without management
  • Privately consulted with management, without the external auditor

Effectiveness and independence

An important element of the Audit and Risk Committee’s role is to examine the effectiveness of the audit process and monitor the independence of the external auditor. It is committed to ensuring that the Group receives a high-quality and effective statutory audit.

Prior to the start of the statutory audit work in respect of the current reporting period, the Audit and Risk Committee discussed the strategy and scope of the audit with PricewaterhouseCoopers LLP and management. At the March 2019 meeting, PricewaterhouseCoopers LLP presented the Audit and Risk Committee with a pre-year-end report on accounting, auditing and control matters, allowing it to monitor and discuss progress against the external audit plan. Private meetings held after Audit and Risk Committee meetings with the external auditor without management present, and with management without the external auditor present, encouraged open and transparent feedback from both parties.

As the 2019 financial year external audit neared finalisation, all members of the Audit and Risk Committee, management and those who regularly provide input or have regular contact with the external auditor were asked to evaluate its performance, with a strong focus on its independence and objectivity. The evaluation was performed by way of a questionnaire, which focused on four key performance areas: (1) the robustness of the audit process; (2) the quality of delivery; (3) the quality of reporting; and (4) quality of people and service. The feedback from the questionnaire and the meetings with the external auditor and management held during the year was considered and discussed by the Audit and Risk Committee at the meeting held in May 2019 and any opportunities for improvement were brought to the attention of the external auditor. The Audit and Risk Committee was satisfied with the overall feedback on PricewaterhouseCoopers LLP and concluded that the external audit process was effective and that expectations set when awarding the external audit to PricewaterhouseCoopers LLP in 2018 had largely been met.

In assessing the independence of the external auditor, the Audit and Risk Committee adopts a two-fold approach. Firstly, it considers the information and assurances provided by the external auditor under the FRC’s Revised Ethical Standard for Auditors. PricewaterhouseCoopers LLP confirmed that there were no significant facts and matters that may reasonably be thought to bear on its independence or on the objectivity of the lead partner and the audit team. The quality review partner, who reviews the judgments of the audit team, rotates every seven years and the lead partner and key audit partners at each division rotate every five years. The lead partner and quality review partner were appointed in February 2016 and are therefore not due for rotation until after 2020 and 2022 respectively. The key audit partners for Switzerland, Southern Africa and the Middle East were appointed in 2018, 2017 and 2019 respectively, with rotation due after 2023, 2022 and 2024. Secondly, the Audit and Risk Committee developed and monitors the Non-audit Services Policy and associated fees discussed below, which are designed to safeguard the independence of the external auditor. Based on this approach and the Audit and Risk Committee’s findings, it was satisfied that PricewaterhouseCoopers LLP continues to be independent and free from any conflicting interest with the Group.

Non-audit services and fees

The Audit and Risk Committee believes that it may be appropriate in certain circumstances for the Company to engage its external auditor to provide non-audit services. A policy governing the provision of such services is in place to ensure non-audit services provided by the external auditor do not impair, and are not perceived to impair, its independence or objectivity. The policy was last reviewed and approved by the Audit and Risk Committee in March 2019.

The policy makes it clear that only certain types of services are permitted to be carried out by the external auditor. Since 1 April 2017, the policy has excluded the provision of tax services by the external auditor (previously provided by PricewaterhouseCoopers LLP). Deloitte LLP was appointed to provide tax advice to the Company and Mediclinic Southern Africa and KPMG was appointed to provide tax advice to Hirslanden and Mediclinic Middle East. In order to help maintain the independence and objectivity of the external auditor, the policy further requires that a different partner be appointed to lead any non-audit services.

At the beginning of each financial year, the Audit and Risk Committee determines the pre-approved monetary thresholds for each category of non-audit services that may be provided by the external auditor. The nature of the non-audit services, the individual fee levels for each category and the aggregate fee relative to the external audit fee are taken into account in determining these thresholds. Any individual assignment with a fee exceeding £50 000 requires the Audit and Risk Committee’s prior approval.

The fees paid to PricewaterhouseCoopers LLP in respect of non-audit services amounted to approximately £550 000 or 23% of the statutory audit fees. Approximately £248 000 of the non-audit services fees were in respect of reviews conducted in relation to the financial statements for the six months ended 30 September 2018. Therefore, excluding the interim reviews, non-audit service fees as a percentage of statutory audit fees amounted to 13%.

Refer to note 23 to the consolidated financial statements for more information for the fees paid audit and non-audit services during the year.

Re-appointment

The Audit and Risk Committee concluded that the services provided by the external auditor were of a high quality; that the external audit process in respect of the 2019 financial statements was effective; and that the auditor remains objective and independent. Accordingly, the Audit and Risk Committee recommended to the Board that the re-appointment of PricewaterhouseCoopers LLP as the Company’s external auditor be proposed to shareholders at the Company’s AGM on 24 July 2019.

As a result of the UK’s implementation of the European Union’s mandatory audit firm rotation requirements, and in accordance with the Audit and Risk Committee’s terms of reference, the Company is required to ensure that the external auditor’s contract is put out to tender at least every 10 years, with the proviso that no single firm may serve as the Company’s external auditor for a period exceeding 20 years. PricewaterhouseCoopers LLP was first appointed as the Company’s auditor with effect from February 2016, as approved by the Company’s shareholders in December 2015. It is intended that the external audit will be put out to tender no later than for the financial year commencing 1 April 2023, which is 10 years after the Company’s initial listing. The Audit and Risk Committee complied with the provisions of The Statutory Audit Services for Large Companies Market Investigation (Mandatory Use of Competitive Tender Processes and Audit Committee Responsibilities) Order 2014.

ETHICAL CONDUCT, GOVERNANCE AND COMPLIANCE

The Group is focused on conducting its business in an honest, fair and ethical manner – a principle endorsed by the Board and management. The Audit and Risk Committee oversees the Group’s processes for handling breaches of the Group’s Ethics Code and Anti-bribery Policy. The key topics considered by the Audit and Risk Committee during the year in relation to ethical conduct, governance and compliance are set out below.

May 2018

  • Considered management’s report on fraud and ethics matters (including any instances of whistleblowing)
  • Considered the Regulatory Compliance Policy
  • Considered the non-audit services expenditure for the 2018 financial year
  • Considered and approved the non-audit services thresholds for the 2019 financial year
  • Reviewed the key tax considerations across the Group
  • Considered relevant statutory, regulatory and good practice developments

September 2018

  • Considered management’s reports on the status of regulatory compliance across the Group and fraud and ethics matters (including any instances of whistleblowing)
  • Considered relevant statutory, regulatory and good practice developments

November 2018

  • Considered management’s report on fraud and ethics matters (including any instances of whistleblowing)
  • Considered the key tax considerations across the Group and the Group tax strategy and recommended the Group tax strategy for approval by the Board
  • Considered and noted the Group Tax Policy established by management
  • Considered and approved the revised non-audit services thresholds for the 2019 financial year

March 2019

  • Considered management’s report on fraud and ethics matters (including any instances of whistleblowing)
  • Conducted an annual review of: the Audit and Risk Committee’s Terms of Reference; the Internal Audit Mandate; policy in respect of the independence and the provision of non-audit services by the external auditor; ERM Policy; Fraud Risk Management Policy; Treasury Policy and procedures; and Group Regulatory Compliance Policy
  • Considered management’s report on assurances obtained in respect of compliance matters
  • Considered the non-audit services expenditure for the 2019 financial year to date
  • Considered and approved the non-audit services thresholds for the 2020 financial year
  • Reviewed the key tax considerations across the Group
  • Considered relevant statutory, regulatory and good practice developments

May 2019

  • Considered management’s report on fraud and ethics matters (including any instances of whistleblowing)
  • Reviewed the key tax considerations across the Group
  • Considered relevant statutory, regulatory and good practice developments

During the year, the Audit and Risk Committee received regular feedback from the Group General Manager: Risk Management on all material cases and incidents reported on the ethics lines, on how these were managed and their overall effectiveness. Further details on the ethics lines are provided in the Sustainable development overview. The Fraud Risk Management Policy adopted in the 2018 financial year has facilitated the development of further controls for the prevention of fraud and corruption.

The Audit and Risk Committee is responsible for ensuring Group-wide compliance with relevant legislation and regulations. During 2018, Mr Dirk Lubbe was appointed Group General Manager: Compliance and Data Protection to maintain the standardised risk-based compliance monitoring programme, which was strengthened in the 2018 financial year under the guidance of an external compliance consultant. The programme tracks the Group’s compliance with key legislation across all the jurisdictions in which it operates. The Audit and Risk Committee received regular updates on progress regarding the development of the compliance programme; examined the implications of forthcoming legislation and management’s plans to address the new requirements; and monitored progress on their implementation, particularly in relation to the EU’s GDPR, new data protection legislation in Switzerland and South Africa, and new value-added tax legislation in the UAE.

The Clinical Performance and Sustainability Committee is also responsible for assessing the Group’s ethics and compliance. Further details on the Company’s policies in respect of business conduct and ethics, anti-corruption and anti-bribery matters are provided in the Sustainable development overview. Details of the Clinical Performance and Sustainability Committee are provided in the Corporate Governance Statement.

COMMITTEE EVALUATION

The Audit and Risk Committee’s performance was reviewed within the framework of the annual internal Board evaluation, which is discussed in the Corporate Governance Statement. The evaluation focused on the Audit and Risk Committee’s composition and time management, processes and support, the work undertaken during the financial year and any priorities for improving its performance in the coming year. It reviewed and discussed the outcomes of the evaluation and certain actions were agreed for implementation, designed to further develop or mature some of the Group’s risk management and reporting. The results were reported to the Board at the March 2019 meeting. The Audit and Risk Committee will monitor progress on the agreed actions and resultant outcomes, and these will be incorporated into the following year’s performance evaluation.

PROGRESS ON KEY PRIORITIES FOR THE COMMITTEE FOR the 2019 financial year

Priorities

Status

  • Monitor establishment of in-house Internal Audit function
  • Monitor progress against the internal audit plan for the 2019 financial year

Refer to the internal audit section of this Audit and Risk Committee Report

  • Monitor progress against the overall ERM plan for the 2019 financial year
  • Mature the integration of reporting to the Audit and Risk Committee on financial, operational and compliance internal controls and risk management systems
  • Monitor the performance of recently implemented IT projects aimed at adapting the Group to the evolving global healthcare environment

Refer to the internal control systems and risk management processes section of this Audit and Risk Committee Report

  • Monitor the implementation of new IFRS standards

Refer to the financial reporting section of this Audit and Risk Committee Report

  • Appoint a permanent compliance officer and monitor the entrenchment of compliance management

Refer to the ethical conduct, governance and compliance section of this Audit and Risk Committee Report

KEY PRIORITIES FOR THE COMMITTEE IN the 2020 financial year

For the coming financial year, the Audit and Risk Committee will, among other matters, focus on:

  • further developing the Group’s clinical risk management and reporting processes;
  • continuous monitoring of the development of the in-house Internal Audit function and progress against the internal audit plan for the 2020 financial year;
  • monitoring progress against the ERM plan for the 2020 financial year;
  • maturing the integration of reporting to the Audit and Risk Committee on financial, operational and compliance internal controls and risk management systems;
  • maturing the monitoring and reporting of projects aimed at adapting the Group to the evolving global healthcare environment and cybersecurity risks;
  • monitoring the implementation of new IFRS standards;
  • overseeing the selection and transition of the new lead external audit partner who will lead the audit from the 2021 financial year;
  • further enhancing the Group’s monitoring of potential, long-term regulatory developments; and
  • monitoring progress against the regulatory compliance plan for the 2020 financial year.

Approved and signed on behalf of the Audit and Risk Committee.

Mr Desmond Smith

Chairperson of the Audit and Risk Committee

22 May 2019

|