Carlo André Smit (CIA)

Unitrans is a diversified Supply Chain Logistics company serving the needs of selected Sub-Saharan African markets. A subsidiary of KAP Industrial Holdings Ltd (JSE listed), the company has more than 11,000 employees and provides supply chain solutions in the Agriculture, Mining, Petrochemical, Food & Consumer, People Transport, and Industrial sectors across 10 different countries.

Prior to my current position of Head of Data Governance and Insurance, I was appointed in Unitrans as Head of Governance & Enterprise Risk Management after fulfilling the role of Governance, Risk & Compliance Manager. In these roles I have been responsible for the following primary duties and deliverables:

Data and ICT Governance:

• Develop and implement a comprehensive Data Governance Framework aligned with regulatory requirements and industry standards, ensuring effective management of data assets.
• Lead data process mapping initiatives to document data flows, enhancing process automation, integration, and control design to maintain data integrity.
• Coordinate business process improvements and governance for API and RPA projects in collaboration with the Innovation department.
• Manage Data Quality through the design and implementation of process improvements, ensuring data integrity and reliability.
• Conduct Data and ICT Risk Assessments, maintaining related Risk Registers to mitigate potential threats.
• Establish and maintain data classification protocols based on sensitivity, purpose, and location.
• Collaborate with ICT to design security measures that protect data from unauthorized access and cyber threats.
• Ensure compliance with data protection regulations across multiple African countries, serving as System Controller and Chairman of the Data Protection Committee.
• Develop and monitor Data Governance, ICT, and Insurance policies and procedures, ensuring compliance and performance alignment with business objectives.
• Collaborate with Legal, Risk and Compliance, and Innovation teams for holistic governance and risk management.

Procurement Governance:

• Oversee procurement governance and supplier vetting processes, maintaining supplier master files, and account management.

Insurance Management:

• Manage insurance operations, including incident and accident assessments, claims administration, third-party recoveries, annual declarations, and policy renewals.
• Coordinate with group and in-country brokers, insurers, underwriters, and loss adjusters.
• Provide training on insurance management systems.

General Governance:

• Maintain the Governance Framework and coordinate related committees to ensure effective oversight.
• Oversee the Approval Framework in alignment with KAP requirements.
• Coordinate the compilation of Regional Board packs.
• Update and maintain the Regulatory and Legal Universe using Lybrio and Afriwise platforms, tracking compliance actions.
• Develop a Policy Framework and related templates, ensuring comprehensive documentation.
• Compile governance, risk, and insurance reports for monthly, quarterly, and annual reviews by Exco and KAP Industrial Holdings.
• Attend and report at Exco, ICT Steercom, Incident Response Team, Risk Management, and Regional Board meetings.
• Investigate and report on all Fraud & Ethics Hotline matters, and Alternative Disclosure cases.
• Oversee Ethics Management, including the Divisional Code of Ethics and related training.
• Manage annual and ad-hoc conflict of interest and gift declarations.
• Review and approve all supplier and customer credit applications.

Enterprise Risk Management:

• Manage Enterprise Risk Registers at divisional, country, and business unit levels, monitoring strategic and regional ERM improvements.
• Maintain the ERM Framework and related policies to ensure alignment with best practices.
• Oversee the Combined Assurance map, addressing assurance duplications and gaps through coordinated action plans.
• Conduct Group ERM maturity assessments and drive initiatives for improvement.
• Facilitate enterprise and process-level risk workshops to identify and manage risks.

Compliance Management:

• Identify and assess significant business risks, drafting compliance audit programs to test internal controls.
• Conduct regular compliance audits at depots and regions to ensure adherence to head office instructions, accounting controls, policies, and procedures.
• Provide recommendations on internal control gaps and weaknesses identified during audits.
• Implement Continuous Controls Monitoring through scripting and exception reporting.
• Report compliance audit findings and track issues raised by KAP Internal Audit and External Auditors.
• Liaise with External Auditors on risk and compliance-related matters.

Other:

• Perform Business Process Mapping for prioritized processes, including RACMs and RACI models.
• Coordinate Data Protection, Ethics, and Competition Law training and awareness initiatives.
• Compile monthly, quarterly, and annual governance, risk and compliance reports for Exco, Audit & Risk Committee and KAP Industrial Holdings.
• Lead and coach staff to foster professional development and performance.

Symphonic CS was established for the purpose of managing several service offerings, but mainly focused on consulting in the areas of Internal Auditing, Risk Management, Corporate Governance, POPI/GDPR compliance, and related technology.

As Director, I was involved in all areas of the business, including sales strategy, client relations, networking, industry research, product awareness, engagement planning, and execution.

HCI is an investment holding company, which is listed in the financial sector on the Johannesburg Stock Exchange in South Africa. The group is involved in a diverse range of investments, including hotel and leisure (Tsogo Sun Hotels), gambling (Tsogo Sun Casinos, Galaxy Bingo, and Vukani Gaming/V-Slots), interactive gaming (Prima), media and broadcasting (e-Media Holdings), transport (Golden Arrow Bus Services), mining (HCI Coal), energy (Impact Oil & Gas), industrials (Deneb Investments), services and technology (Alphawave Golf and BSG), clothing (various brands), and properties (HCI Properties).

The primary mandate given to this role by the HCI Audit Committee was:

• Ensure the implementation of risk-based internal auditing across the group, aligned with the International Standards for the Professional Practice of Internal Auditing (IPPF).
• Establish a consistent methodology for audit execution and reporting, maintaining the independence of internal audit activities in compliance with the King Report on Corporate Governance.
• Provide consolidated internal audit reporting and assurance on internal control effectiveness to the Audit and Risk Committees.
• Develop and execute annual internal audit plans approved by the relevant committees.
• Attend Executive and Audit Committee meetings to deliver project updates and relevant feedback.
• Inform Audit Committees of emerging trends in internal auditing and governance, recommending revisions to the Internal Audit Charter and methodology.
• Collaborate with risk management, governance, compliance functions, and external auditors to ensure coordinated efforts and minimize duplication.
• Coordinate fraud investigations across the group, reporting findings to the Risk and Social & Ethics Committees.
• Manage and guide audit staff performance while facilitating continuous training and development.
• Supervise outsourced staff for annual internal audit reviews at non-listed subsidiaries (HCI Coal & HCI Properties).
• Implement and maintain a quality assurance program for the internal audit function, continuously monitoring its effectiveness.

Previously Seardel Investment Corporation, Deneb is a diverse investment company operating in Southern Africa and listed on the Johannesburg Stock Exchange under the Consumer Goods, Personal, and Household Goods sector. The Group's revenue is derived from various investments clustered into five segments, namely properties, branded product distribution, textiles, and industrials.

As Head of Internal Audit my primary duties and responsibilities were as follows:

• Establish and maintain an internal audit department that operates according to its approved mandate, as outlined in the Internal Audit Charter.
• Align the Internal Audit Charter with best practices and applicable governance standards.
• Ensure departmental methodology conforms with the Code of Ethics and the Standards for the Professional Practice of Internal Auditing, as prescribed by the Institute of Internal Auditors.
• Develop and achieve risk-based annual internal audit plans approved by the Audit Committees (Deneb/Seardel and HCI).
• Provide continuous assurance on the design and operational effectiveness of the internal control environment to the Audit and other Board Committees.
• Conduct annual assessments of the adequacy and effectiveness of internal controls and risk management frameworks for the Audit Committees.
• Attend Executive and Audit Committee meetings to provide feedback, project status updates, and reports.
• Keep Audit Committees informed of emerging trends in internal auditing and governance practices, recommending necessary revisions to the Internal Audit Charter and methodology.
• Review audit files, and distribute audit reports.
• Manage and coach audit staff to enhance performance.
• Implement and maintain a quality assurance and improvement program for the internal audit function, continuously monitoring its effectiveness.
• Participate in the operational risk assessment process and maintain the group's combined assurance plan.
• Coordinate and oversee other control and monitoring functions, including risk management, social and ethics, OHS, and external audit.
• Provide guidance on fraud investigations, risk management, corporate governance, and special projects.
• Oversee and coordinate internal audit functions and reporting for certain subsidiaries within the HCI Group, including Deneb, Sabido Investments (eMedia), Golden Arrow Bus Service, and Niveus (Vukani Gaming, Galaxy Bingo, and KWV).

Grant Thornton SA is a medium-tier auditing firm that has been operating since 1920. Over the years, the firm has advanced from a traditional audit, accounting, and tax practice and is now the largest accounting and specialist advisory services firm in the country after the 'Big Four'. .

As the Internal Audit Manager, my primary duties and responsibilities involved the following:

• Oversee all internal audit and risk advisory processes.
• Compile and review working paper files.
• Manage project timelines, budgets, and deadlines effectively.
• Ensure all work complies with Grant Thornton and IIA Standards.
• Assist in training departmental personnel and supporting staff management.
• Attend audit committee meetings to provide insights and updates.
• Prepare and present proposals to clients.
• Develop internal audit plans tailored to client needs.
• Promote and market internal audit and risk services.

The Iliad Africa Group focuses on sourcing, distributing, and retailing the entire spectrum of ceramic tiles and sanitary ware, bathroom fittings, hardware, building materials, interior and exterior finishes, finished wood products, and related accessories. The Group is listed on the Johannesburg Stock Exchange and had over 90 operations/outlets (at the time) throughout South Africa.

As Regional Internal Audit Senior my primary duties and responsibilities involved the following:

• Preliminary review of all branch audit reports and assessing the quality of work performance,
• Preparation of the quarterly branch audit plan, and
• Providing support to the Audit Manager for the preparation of Quarterly Reports.

The Shoprite Group is Africa's largest food retailer, with more than 3,600 operating outlets across 10 African countries. The Group's headquarters are situated in the Western Cape province of South Africa, and its outlets include Shoprite, Checkers, Shoprite & Checkers LiquorShop, OK Furniture, OK Power Express, OK Dreams, and House & Home.

My primary duties and responsibilities involved the following:

• Supervise and review head office internal audits as outlined in the Annual Internal Audit plan, or as delegated by the Internal Audit Manager.
• Base the Annual Internal Audit plan on an approved Company Risk Assessment to ensure effective risk management.
• Identify current controls and gaps within business units, using relevant internal control frameworks to develop audit programs that test and review control adequacy and effectiveness.
• Employ a risk-based audit approach for audit execution and planning.
• Oversee Regional Audit activities and conduct preliminary reviews of branch audit reports to assess quality.
• Analyze and appraise evidentiary data to form informed and objective opinions.
• Conduct ad-hoc special investigations using forensic audit techniques.
• Support the Internal Audit Manager with corporate governance issues and assist in reporting to senior management.
• Facilitate training for junior internal audit staff and top students.

The Lewis Group is a listed furniture retail group with over 800 stores in South Africa and neighbouring African countries.

Prior to my position of Internal Audit Supervisor, I was appointed in the Lewis Group as Group Internal Auditor after fulfilling the role of Branch Accounts Manager. In these roles I was responsible for the following primary duties and deliverables:

• Ensure compliance with the Annual Internal Audit Plan.
• Perform internal audits as outlined in the Strategic and Annual Internal Audit plan, or as delegated by the Group Internal Audit Manager.
• Follow a risk-based audit approach for audit execution and planning.
• Supervise and review all Regional Audit activities.
• Conduct preliminary reviews of branch audit reports, assessing the quality of work performed.
• Prepare the quarterly branch audit plan.
• Support the Audit Manager in the preparation of Quarterly Reports.
• Base the Annual Internal Audit Plan on an approved Company Risk Assessment to ensure effective risk management.
• Identify current controls and gaps within business units, utilizing the COSO framework to develop audit programs that test and review control adequacy and effectiveness.
• Review the quality of performance, focusing on economy and efficiency.
• Analyze and appraise evidentiary data to form informed and objective opinions.
• Comment on the effectiveness and efficiency of the systems under review.
• Carry out ad-hoc special investigations using forensic auditing techniques.
• Resolution of all queries related to the contravention of standard banking policies and procedures.
• Reviewing and validating monthly branch controllable expenses to audit by exception.
• Monitoring and validating all branch insurance claims.
• Monitoring and controlling account adjustments received from branches.
• Monitoring and acting on exceptions highlighted by the Internal Audit Database.
• Liaison with Middle and/or Senior Management to provide feedback on Internal Audit activities and ensure that the appropriate corrective action is taken.
• Managing a staff complement of approximately 55 individuals at Head Office level.
• Facilitating and training junior audit staff.
• Tasked with restructuring the department and facilitating constant communication between the Branch Accounts Department and the rest of the Internal Audit Department to ensure all major control breaches are promptly acted upon.

• Reconstructing accounting records from source documentation and drafting financial statements.
• Auditing assets and liabilities of clients.
• Completion of income tax returns for individuals.
• Assisting with Head Office and branch audits.