Crma7312 Mo

IIE Module Outline CRMA7312
Compliance and Risk Management

CRMA7312
MODULE OUTLINE 2024
(First Edition: 2019)
This guide enjoys copyright under the Berne Convention. In terms of the Copyright Act, no 98 of
1978, no part of this manual may be reproduced or transmitted in any form or by any means,
electronic or mechanical, including photocopying, recording or by any other information storage
and retrieval system without permission in writing from the proprietor.
The Independent Institute of Education (Pty) Ltd is registered with the

Department of Higher Education and Training as a private higher education
institution under the Higher Education Act, 1997 (reg. no. 2007/HE07/002).
Company registration number: 1987/004754/07.
© The Independent Institute of Education (Pty) Ltd 2024 Page 1 of 30

Table of Contents
Introduction ............................................................................................................................................... 3
Using this Module Outline ......................................................................................................................... 4
This Module on Learn ................................................................................................................................ 5
Icons Used on Learn ................................................................................................................................... 6
Module Resources ..................................................................................................................................... 7
Module Purpose ....................................................................................................................................... 11
Module Outcomes ................................................................................................................................... 11
Assessments ............................................................................................................................................. 12
Module Pacer ........................................................................................................................................... 15
Glossary of Key Terms for this Module .................................................................................................... 30

Introduction
Welcome to Compliance and Risk Management. This module extends upon the Law of Enterprise
Structures (LAES7321) or Business Enterprise Law (BUEL6212). While LAES7321 and BUEL6212
focus on legal entities, their governance structures in terms of the Companies Act, 2008 and to
a limited extent corporate governance principles, Compliance and Risk Management focuses on
a particular aspect of corporate governance, that is compliance and risk. This module will thus
navigate a more in-depth exploration of compliance and risk as aspects of corporate governance
and should prepare you for Strategic Management (STMA7311) or Governance and Ethics
(GOET7312) depending on which Bachelor of Commerce in Law degree you are completing.
There is risk in everything that we do. The corporate environment (including the legal corporate
environment) presents an exciting environment to thrive and grow. However, the associated and
potential risks need to be managed to ensure the sustainability of a business, and if the business
is not sustainable, who do we hold accountable? This practical module will take you through
enterprise-wide risk management, the process involved in risk management, developing a sound
risk management plan, how to report risks and more importantly how to respond to risks.
Please remember that to get the most out of this module, it is essential that you read all the
prescribed texts before classes. When doing so, keep a pencil handy, and make notes, questions,
and comments as you read so that you engage more deeply with the language, style, and
content. You can dramatically improve your comprehension and levels of enjoyment in reading
by doing so! You are encouraged to engage with the activities on the Learn platform. It will help
you to engage with problem-type scenarios, to enable you to apply knowledge learned to
practical scenarios.
We hope you will enjoy the module.

Using this Module Outline

This module outline has been developed to support your learning. Please note that the content
of this module is on Learn as well as in the prescribed material. You will not succeed in this
module if you focus on this document alone.
• This document does not reflect all the content on Learn, the links to different resources,
nor the specific instructions for the group and individual activities.
• Your lecturer will decide when activities are available/open for submission and when these
submissions or contributions are due. Ensure that you take note of announcements made
during lectures and/or posted within Learn in this regard.

This Module on Learn

Learn is an online space, designed to support and maximise your learning in an active manner.
Its main purpose is to guide and pace you through the module. In addition to the information
provided in this document, you will find the following when you access Learn:
• A list of prescribed material.

• A variety of additional online resources (articles, videos, audio, interactive graphics, etc.)
in each learning unit that will further help to explain theoretical concepts.
• Critical questions to guide you through the module’s objectives.
• Collaborative and individual activities (all of which are gradable) with time-on-task
estimates to assist you in managing your time around these.
• Revision questions, or references to revision questions, after each learning unit.
Kindly note:
• Unless you are completing this as a distance module, Learn does not replace your
contact time with your lecturers and/or tutors.
• CRMA7312 is a Learn module, and as such, you are required to engage extensively
with the content on the Learn platform. Effective use of this tool will provide you
with opportunities to discuss, debate, and consolidate your understanding of the
content presented in this module.
• You are expected to work through the learning units on Learn in your own time –
especially before class. Any contact sessions will therefore be used to raise and
address any questions or interesting points with your lecturer, and not to cover every
aspect of this module.
• Your lecturer will communicate submission dates for specific activities in class and/or
on Learn.

Icons Used on Learn

The following icons are used in all your modules on Learn:
Icon Description
A list of what you should be able to do after working through the learning
unit.
Specific references to sections in the prescribed work.
Questions to help you recognise or think about theoretical concepts to be

covered.
Sections where you get to grapple with the content/theory. This is mainly
presented in the form of questions which focus your attention and are aimed
at helping you to understand the content better. You will be presented with
online resources to work through (in addition to the textbook or manual
references) and find some of the answers to the questions posed.
Opportunities to make connections between different chunks of theory in

the module or to real life.
Real life or world of work information or examples of application of theory,

using online resources for self-exploration.
You need to log onto Learn to:

• Access online resources such as articles, interactive graphics,
explanations, video clips, etc. which will assist you in mastering the
content; and
• View instructions and submit or post your contributions to individual or
group activities which are managed and tracked on Learn.

Module Resources
Prescrib The following textbook is prescribed for this module:
ed Wixley, T. Everingham, G. & Louw, K
Material Corporate Governance The Director’s Guide
(PM) for ISBN: 9781928309222
this
The following are also prescribed material for this module:
Module
Legislation:
• Broad-Based Black Economic Empowerment Act 53 of 2003
• Financial Intelligence Centre Act 38 of 2001
• National Credit Act 34 of 2005
• Occupation Health and Safety Act 85 of 1993
• Protection of Personal Information Act 4 of 2013
Websites/articles:
• Accountancy SA (2020) I know I need a compliance function, but what do I do next? At

https://www.accountancysa.org.za/i-know-i-need-a-compliance-function-but-what-do-i-do-
next/
• Accountancy SA (2020) Compliance and its relationship to internal audit. At

https://www.accountancysa.org.za/compliance-and-its-relationship-to-internal-audit/
• Amaresan S, What is a business continuity plan at

https://blog.hubspot.com/service/business-continuity-plan
• Bowmans (2017) Key Differences between King III and King IV at

https://www.polity.org.za/article/the-key-differences-between-king-iii-and-king-iv-2017-01-
11
• Compliance Bridge (2017) The Key Difference Between Policy vs Procedures. At

https://compliancebridge.com/policy-vs-
procedures/#:~:text=Policies%20look%20at%20the%20big,and%20the%20success%20of%20
employees
• Compliance Institute (2009) Generally Accepted Compliance Practice Framework launched

today. At https://www.fanews.co.za/article/compliance-
regulatory/2/general/1082/generally-accepted-compliance-practice-framework-launched-
today/6688
• Department of National Treasury of the Republic of South Africa: Risk Identification. At

https://ag.treasury.gov.za/org/rms/rmf/Shared%20Documents/Downloads/09%20Risk%20Id

entification.pdf
• Financial Advisory and Intermediary Services Act 38 of 2002 – Qualifications, Experience and
Criteria for approval as compliance officer – available at
http://www.saflii.org/za/legis/consol_reg/qeacfaaco610.pdf
• Jackson A, Boswell K, Davis D ( 2011) Sustainability and triple bottom line reporting- What is
it all about. International Journal of Business, Humanities and Technology Vol 1 (3) 55-59.
• King IV Report at https://www.iodsa.co.za/page/king-iv
• Mariz, G (2013) The career of Compliance Officer. The South African Financial Markets
Journal 18th Ed 2013 at
http://financialmarketsjournal.co.za/oldsite/18thedition/complianceofficer.htm.
• Natesan P, du Plessis P (2019) Why Kin IV’s “apply and explain” is so important. At
https://www.iodsa.co.za/news/438882/Why-King-IVs-apply-and-explain-is-so-important.htm
• Risk Connect (2021) Compliance vs. Risk Management: What’s the Big Difference? At
https://riskonnect.com/risk-management-information-systems/compliance-vs-risk-
management/# (accessed 28 July 2023)
• Risk Management Policy Template https://web.actuaries.ie/sites/default/files/erm-

resources/risk_management_policy_template.pdf [Accessed 17 August 2021].
• Sipho Nkosi “Risky business: Managing risk to innovate, change and develop” 2022 (March)
De Rebus 12 available at: https://www.derebus.org.za/risky-business-managing-risk-to-
innovate-change-and-develop/
• Vicente V, What is a risk assessment matrix? And why is it important? At

https://www.auditboard.com/blog/what-is-a-risk-assessment-matrix/
• PXP Financial, The 4T’s of risk management at https://info.pxpfinancial.com/blog/the-4ts-of-

risk-management

Recommended Please note that several additional resources and links to resources are
Readings, Digital, provided throughout this module on the Learn platform. You are
and Web encouraged to engage with these as they will assist you in mastering
Resources the various objectives of this module. They may also be useful
resources for completing any assignments. You will not, however, be
assessed under examination conditions on any additional or
recommended reading material.
• Mhlanga, M. 2020. Op-Ed: The role of risk management during and

post COVID-19 times. Available at:
https://www.esi-africa.com/industry-sectors/business-and-
markets/op-ed-the-role-of-risk-management-during-and-post-
covid-19-times/
• de Beer, L. (2020), "Corporate governance: the inputs to outcomes

evolution", Journal of Global Responsibility, Vol. 11 No. 2, pp. 161-
166. Available at https://doi.org/10.1108/JGR-10-2019-0092
• T. Wakolbinger & J.M. Cruz (2011) Supply chain disruption risk

management through strategic information acquisition and sharing
and risk-sharing contracts, International Journal of Production
Research, 49:13, 4063-4084, DOI: 10.1080/00207543.2010.501550
• Andreeva T. (2021) Risk Management in the Insurance Company. In:

Çalıyurt K.T. (eds) Ethics and Sustainability in Accounting and
Finance, Volume II. Accounting, Finance, Sustainability, Governance
& Fraud: Theory and Application. Springer, Singapore.
https://doi.org/10.1007/978-981-15-1928-4_7
• Bernal, G.A., Salgado-Gálvez, M.A., Zuloaga, D. et al. Integration of

Probabilistic and Multi-Hazard Risk Assessment Within Urban
Development Planning and Emergency Preparedness and Response:
Application to Manizales, Colombia. Int J Disaster Risk Sci 8, 270–283
(2017). https://doi.org/10.1007/s13753-017-0135-8
Software required None

Software Licence None
requirements
System None
Requirements

Lab minimum None

requirements
Lab configuration None
settings
Module Overview You will find an overview of this module on Learn under the Module
Information link in the Course Menu.
Assessments Find more information on this module’s assessments in this document
and on the Student Portal.

Module Purpose
After completion of this module, you will be equipped with the necessary skill and
knowledge required in practicing as an attorney or working in the corporate world especially
in risk and compliance roles for example.
Module Outcomes
Understand and analyse the compliance management process within the
MO1 organisation within the context of the South African regulatory environment.
Understand and analyse the risk management process and the role of the risk
MO2 manager within the organisation.
Integrate information and apply in-depth knowledge gained and propose creative
solutions to given practical scenarios using common terms/terminology and
MO3
established theories and principles.
Demonstrate awareness of the need for a nuanced, thoughtful, and well-

MO4 reasoned approach when applying principles to practical scenarios

Assessments
Integrated Curriculum Engagement (ICE)
Minimum number of ICE activities to complete 4
Weighting towards the final module mark 10%
Formatives Test Assignment

Weighting 30% 25%
Duration 1 hour Approximately 10 hours
Write/Submit after LU2 LU4
Learning Units covered LU1 and 2 LU3 and 4
Resources required NA Additional research required
Summative Examination
Weighting 35%
Duration 2 hours
Total marks 120
Open/Closed book Closed book
Resources required None
Learning Units covered All

Assessment Preparation Guidelines

Format of the Assessment Preparation Hints
Test
The test for this module will • Ensure that you work through all the relevant activities,
assess your understanding exercises, and revision questions on Learn and in your
of Learning Unit 1 and 2 of textbook.
this module and will include • Brainstorm possible questions based on the learning
a series of short and outcomes and objectives provided. Then complete
medium-length questions, these as practise-tests.
as well as one longer • During both your preparation for the test and during
question. You will be the test itself, pay attention to the instruction words
expected to apply, as well as (like list, apply, describe, etc.) and to the mark
recall information as per allocations of each question to ensure that you can
your objectives for these provide the correct depth and detail in your answers.
learning units. • Make sure that you have mastered the objectives in
Learning Units 1 and 2.
Assignment
The assignment will assess • Read through the prescribed chapters and content for
your ability to integrate and Learning Units 3 and 4 and ensure that you have
apply the content in engaged in close reading of the indicated scenario
Learning Units 3 and 4 of before you proceed with your written analysis.
this module to a given • Remember to analyse all elements required and ensure
scenario that your assignment is proofread and polished for
style, language, and syntax.
• Improve the quality of your assignment by using the
provided rubric and addressing any areas of concern
prior to submitting it for marking.

Examination
The examination will assess • Ensure that you work through all the activities,
all learning units in this exercises, and revision questions on Learn and in your
module and will include textbook. You must have completed close readings of
both theory and
your prescribed material to ensure that you have
application-type questions.
prepared adequately for your examination for this
You will be expected to module.
respond to short, theory- • Pay close attention to the instruction words (like list,
based questions, as well as apply, describe, analyse, etc.) and to the mark
to longer essay-type allocations of each question to ensure that you provide
questions. the correct depth and detail in your answers.
• Make sure that you are comfortable in responding to all
the objectives for all learning units.
• Brainstorm possible questions based on the learning
outcomes and objectives provided.

Module Pacer
Code Programme Contact Sessions Credits
CRMA7312 BML3; BCIL2; BIL2 36 15
Learning Unit 1 An Introduction to Practical Risk Management, the nature of risk
and the importance of focussing on Risk
Overview:
We are faced with risks every day. These risks can be personal or common to the people within
our circles. For instance, when we go out, we are faced with the risk of adverse weather
conditions, like hail. The risk of unfavourable weather conditions will always be present; we
cannot make it disappear, but we can make use of protective clothing, such as raincoats and
boots. Alternatively, we can avoid going out and, by so doing, we eliminate the risk of
encountering bad weather conditions. In certain situations, we can even benefit from risk, for
example by selling raincoats to people who got caught in the rain.
The concept of risk is also applicable in business. There are certain occurrences that may
present businesses with risk, depending on the internal and external environments in which
they operate. Various risk types exist and, just like people, businesses identify these risks and
mitigate them accordingly.
In this learning unit, we are going to demonstrate the understanding of risk as it applies to
businesses. We will also distinguish between the two risk classes, which are pure risks and
speculative risks. Additionally, we will cast the spotlight on corporate governance and how it
is used to manage risks that emanate from unethical conduct of various stakeholders.
Please work through Themes 1, 2, and 3 on Learn, together with the relevant sections of your
prescribed source/s. To ensure that you are working towards mastering the objectives for this
learning unit, please also ensure that you complete all activities on Learn.
The challenges you may experience in this learning unit relate to identifying whether an
example is a pure risk or a speculative risk.

Learning Unit 1: Theme Breakdown

Sessions: Theme 1: Introduction Prescribed Material (PM)
1-4 LO1: Discuss the nature and importance of PM1: Chapter 1 & Chapter 3
Related corporate governance.
Outcome: LO2: Discuss the factors that would influence Jackson A, Boswell K, Davis D
the extent to which an organisation ( 2011) Sustainability and
MO001
triple bottom line reporting-
MO002 should apply corporate governance.
What is it all about.
LO3: Compare governance considerations
International Journal of
relating to different business entities and
Business, Humanities and
apply them to a set of facts. Technology Vol 1 (3) 55-59.
LO4: Discuss the three focus areas of the triple
bottom line and apply them to a practical
scenario
Theme 2: The Nature of Risk
LO5: Differentiate between pure risk and https://www.accountancysa.o
business speculative risk. rg.za/i-know-i-need-a-
compliance-function-but-
LO6: Identify the different types of risk and
what-do-i-do-next/
apply them to a practical scenario.
LO7: Explain with reference to a set of facts
Sipho Nkosi “Risky business:
why risk requires careful consideration. Managing risk to innovate,
change and develop” 2022
(March) De Rebus 12 available
at:
https://www.derebus.org.za/ri
sky-business-managing-risk-to-
innovate-change-and-develop/
Theme 3: The Risk Manager & Compliance
officer https://riskonnect.com/risk-
management-information-
LO8: Compare the role of a risk manager to that
systems/compliance-vs-risk-
of a compliance officer. management/#
LO9: Discuss the following functions of a
compliance officer: http://financialmarketsjournal.co.
• Advisory za/oldsite/18thedition/complianc
eofficer.htm
• Monitoring
• Training
• Generic job description
• Relationships
LO10: Discuss the procedure that a compliance
officer should follow in the event of non-
compliance.

Learning Unit 2 Corporate Governance and strategy, and an overview of

compliance practice.
Overview:
Before we can implement good corporate governance, we first need to establish what the
company’s purpose is and how it plans to achieve this. A business is only really considered a
success if it manages to reach its goals and achieve its purpose. For example, if a company is
formed to provide PPE to a hospital during COVID-19, does this, and is then de-registered
after, the company has achieved its purpose, and we consider this to be a successful company.
For us to understand a business’ purpose, we must look at the process of strategic planning
as this has an impact on how the company would function.
It is not simple for most businesses to follow best international business practices on their
own. The government, through its various independent agencies, is responsible for making
regulatory guidelines that businesses must comply with. There are many pieces of legislation
that South African businesses are expected to adhere to. These laws and Acts help to keep
various stakeholders in line by stipulating what is expected of them and the statutory
consequences of not complying.
In this learning unit, we will look at what role effective strategy plays in effective corporate
governance, and we will look at the elements of governance as listed in King III and King IV. In
addition to this, we will discuss the recommended business practices and demonstrate the
applicability of these principles to a set of business facts. Most importantly, we will go through
various pieces of legislation and the importance of complying with typical legislative
requirements. Lastly, we will look at what it takes to become a compliance officer.
Please work through Themes 1, 2 and 3 on Learn, together with the relevant sections of your
The challenges that you may experience in this learning unit are differentiating between the
King III and King IV Reports on Corporate Governance in South Africa.


Sessions: Theme 1: Corporate Governance and Strategy Prescribed Material (PM)
5-12
Related LO1: Discuss the requirements for an effective PM: Chapter 4
Outcomes: strategy as it relates to corporate
MO001 governance.
MO002 LO2: Given an overview of the
MO003 recommendations in King IV that a
MO004 governing body should consider when
developing a strategy. Bowmans (2017) Key
LO3: Apply the steps used in developing and Differences between King III
executing a company’s strategy to a set and King IV at
of facts. https://www.polity.org.za/a
LO4: Discuss the role that necessary skills, rticle/the-key-differences-
attitudes and safeguards play in effective between-king-iii-and-king-
corporate governance. iv-2017-01-11
LO5: Define corporate governance, as it
appears in Kings IV Report for Corporate https://www.iodsa.co.za/ne
Governance in South Africa ws/438882/Why-King-IVs-
LO6: Discuss the key differences between King apply-and-explain-is-so-
III and King IV important.htm
LO7: Explain what the “apply and explain”
principle in King IV is and why it was a PM: Chapter 17 para 4.
necessary amendment from the “apply
or explain” principle in King III.
LO8: Apply with regard to a set of facts the .
following concepts:
• The definition of corporate
governance
• The differences between King Code
III and King IV

Theme 2: Compliance Practice PM: Chapter 17

LO9: Explain the purpose of the Generally
Accepted Compliance Practice https://www.accountancysa.o
rg.za/compliance-and-its-
developed by the Compliance Institute of
relationship-to-internal-audit/
South Africa
LO10: Give a brief overview of the compliance
https://www.fanews.co.za/arti
function of a business and the role of the cle/compliance-
compliance officer with reference to: regulatory/2/general/1082/ge
• Companies Act 71 of 2008 nerally-accepted-compliance-
• Financial Intelligence Centre Act 38 of practice-framework-launched-
2001 today/6688
• Broad-Based Black Economic
Empowerment Act 53 of 2003
• Protection of Personal Information
Financial Intelligence Centre
Act 4 of 2013
Act 38 of 2001
• National Credit Act 34 of 2005
LO11: Apply the above to a given set of facts. Broad-Based Black Economic
Empowerment Act 53 of 2003
Theme 3: Qualifications, experience, and
criteria of a compliance officer. Protection of Personal
LO12: Give an overview of the required criteria Information Act 4 of 2013
for Phase I and Phase II approval of a
National Credit Act 34 of 2005
compliance officer in terms of the
Financial Advisory and Services Act 37 of
Financial Advisory and
2002.
Intermediary Services Act 37
of 2002 – Qualifications,
Experience and Criteria for
approval as compliance
officer.
http://www.saflii.org/za/legis/
consol_reg/qeacfaaco610.pdf

Learning Unit 3 Risk management policy and process
Overview:
Risk management is a discipline that everyone within an organisation must be familiar with.
There are many elements of risk management, such as principles, functions and
implementation which must be put in place. All these elements and many others, depending
on the business, must be documented, and used as guidelines.
Establishing a risk management policy is one way of ensuring that every key player within an
organisation knows what is expected of them when executing their duties. A risk management
policy is aligned with the strategic vision of a business because it is at the core of how risk
management is operationalised.


Sessions Theme 1: Risk management policies and Prescribed Material (PM)
13 -20 principles
Related LO1: Differentiate between policy and PM: Chapter 9
Outcome: procedure. Risk Management Policy Template
MO001 LO2: Discuss King IV’s recommendations on https://web.actuaries.ie/sites/defa
MO002 risk management. ult/files/erm-
resources/risk_management_policy
MO003 LO3: List the essential information that
_template.pdf
MO004 should be included in a risk
management policy.
The Key Difference Between Policy
LO4: Examine and discuss the elements of a vs. Procedures
risk management policy and draft https://compliancebridge.com/poli
sections of it. cy-vs-
LO5: Explain the basic risk management procedures/#:~:text=Policies%20lo
principles with reference to the below: ok%20at%20the%20big,and%20the
• Identify risks early and assess their %20success%20of%20employees.
impact and likelihood.
• Understand risks, their causes, and
their consequences.
• Treatment of risks: avoid, reduce, or
set tolerance levels for risks.
• Establish internal controls to
mitigate the risks.
• Monitor performance of controls
and ensure accurate and timely
reporting.
• Reporting.
• Be alert to the danger of new and
unpredictable events.
• Manage the risks posed by
information technology.
LO6: Apply the basic risk management
principles to a given scenario.
Theme 2: Risk Identification and Risk
Assessment (Part 1) https://ag.treasury.gov.za/org/r
LO7: Explain the process of performing risk ms/rmf/shared%20Documents/
identification and apply it to a given Downloads/09%20Risk%20Identi
scenario. fication.pdf
LO8: Discuss the purpose and elements of a
risk register.

LO9: Compile a risk register based on a set of

facts.
LO10: Explain why effective internal
communication within the corporate
structure would be important for
effective risk management.
Theme 3: Risk Assessment (Part2)
LO11: Discuss the Risk Assessment Matrix, its https://www.auditboard.com/bl
importance and the steps that need to og/what-is-a-risk-assessment-
be followed to compile one. matrix/
LO12: Draw a risk assessment matrix based on
a given set of facts. https://info.pxpfinancial.com/bl
LO13: Discuss the four Ts in the risk og/the-4ts-of-risk-management
management process.
Theme 4: Business Continuity Plan

LO14: Explain what a business continuity plan
is and the importance of having one.
LO15: Discuss the types of business continuity.
LO16: List the steps needed to write a
business continuity plan.
LO17: Draft a business continuity plan or https://blog.hubspot.com/servic
portions thereof based on a given e/business-continuity-plan
scenario.

Learning Unit 4 Risk Management and the Business Environment in South Africa
Overview:
Every business faces several risks, which emanate either from within the organisation itself or
from outside. These risks are usually unique to the business environments in which they
operate. Businesses that operate in South Africa face unique risks which may be fundamentally
different from businesses that operate in Botswana, for example. It is against this background
that most businesses use risk management frameworks that are unique to the South African
macro-environment.
In this learning unit, we will outline the risk management framework common to South African
businesses. We will also look at the components of an integrated report and evaluate the
functions and purpose of certain committees.


Sessions: Theme 1: Prescribed Material (PM)
21-28 The Board of Directors: Functions and
responsibilities.
Related LO1: Discuss the need for a balanced PM: Chapter 5 and 7
Outcomes: group of boards insofar as it relates
MO001 to the independence of directors
MO002 and the diversity aspect.
MO003 LO2: Discuss the flow of information to
MO004 the board.
LO3: Discuss the function and
importance of the board and
committee meetings.
LO4: Discuss the role of the company
secretary.
LO5: Apply the following to a given
scenario:
• The independence of directors
• How information flows to the
Board
• The importance of Board
meetings
• The company secretary’s role.
Theme 2: Integrated reporting PM:
LO6: Discuss the importance of
disclosure of non-financial Chapter 13
information.
LO7: Describe what integrated reporting
means(what characteristics it has
and how it differs from financial
reporting.)
LO8: Explain what is required for
integrated reporting under the King
IV report.
LO9: Describe the Global Reporting
Initiative and its influence on
reporting.
LO10: List the components that an
integrated report should have
according to the IIRC.

LO11: Describe the step-by-step process

in preparing and presenting an
integrated report according to the
IIRC.
LO12: Apply the preparation of an
integrated report to a given
scenario.
LO13: Discuss the content of the
integrated report with specific
focus on:
• General organisational profile
• Key stakeholder engagement
• Strategy, objectives, and goals
• Risks and opportunities
• Governance
• Reporting on performance
• Sustainability matters.
LO14: Discuss how transformation issues
should be reported on in an
integrated report.
Theme 3: Board Committees: PM:
LO15: Discuss the importance of board Chapter 8, Chapter 10, and
committees in terms of legislation Chapter 11.
and the King IV report.
LO16: Discuss the basic principles that
should apply to all board
committees.
LO17: Describe the formation and
functions of the Nominations
Committee.
LO18: Describe the purpose and functions
of the Risk committee.
LO19: Discuss the Social and Ethics
committee in terms of the
provisions in the King IV report and
the Companies Act.
LO20: Give an overview of the Social and
Ethics Committee’s monitoring and
reporting functions.

LO21: Apply the following to a set of facts:

• The function of the Nomination
committee.
• The function of a Risk
committee.
• The function of the Social and
Ethics Committee

Learning Unit 5 The Audit Committee, the Internal Audit and External Audit.
Overview:
The Audit Committee is arguably one of the most important committees within a business.
The directors of a company cannot always know every aspect of the business and therefore
must delegate some important tasks, like the tasks given to the Audit committee. The Audit
Committee also maintains several important relationships and ensures a great deal of
compliance.
A business should perform internal audits to ensure that its risk management and compliance
activities are in order. In this learning unit, we are going to examine the regulatory
requirements of an internal audit and investigate the many pitfalls that a business needs to
look out for when conducting one.
No module on compliance would be complete without a detailed look at the external audit.
The external audit has changed drastically from what it used to be, and it now gives a much
more “well-rounded” view of the business’ finances and other aspects. In recent years several
big companies have come under scrutiny for the apparent failure of their external auditors,
and it has become increasingly important to ensure full compliance when conducting one.


Sessions: Theme 1: The Audit Committee Prescribed Material (PM)
29-36
Related LO1: Discuss the statutory requirements PM: Chapter 11
Outcomes: of the audit committee.
MO001 LO2: Describe when and how meetings
MO002 of the audit committee should take
MO003 place.
MO004 LO3: Give an overview of the statutory
duties of the audit committee.
LO4: Discuss the duties of the Audit
Committee prescribed by the King
IV Code.
LO5: Evaluate the Audit Committee’s
role pertaining to risk management
and internal controls.
LO6: Explain the “Combined Assurance
model”.
LO7: Explain, the Audit Committee’s role
insofar as it relates to the 3 main
sources:
• Management
• Internal assurance providers
• External assurance providers.
LO8: Apply the Audit Committee’s role
to a given set of facts.
LO9: Discuss the requirements set on
the Audit Committee as it relates to
reporting.
Theme 2: External Audit PM: Chapter 15
LO10: Explain the differences between an
audit report and a review.
LO11: Discuss the factors that may impact
the independence of auditors and
apply them to a given scenario.
LO12: Describe the audit-firm rotation
requirement and why it is
important.
LO13: Discuss the external audit’s
relationship with the internal audit.

LO14: Explain why an internal audit is vital

to comply with the “combined
assurance requirement.”
Theme 3: Internal Audit PM: Chapter 16

LO15: Lists the minimum tasks required
by the King III Report to be
conducted during an internal audit.
LO16: Discuss the purpose and content of
an internal audit charter.
LO17: Discuss the relevance of a risk-
based approach in an internal
audit.
LO18: Give an overview of the standards
for the Professional Practice of
Internal Auditing and Code of Ethics
issued by the IIA.
LO19: Discuss and apply the possible
pitfalls that may apply to internal
auditors within a company.
LO20: Compare an outsourced internal
audit against an in-house internal
audit.

Glossary of Key Terms for this Module
Term Definition My Notes
Risks Uncertainties or circumstances that will

either prevent you from achieving your goals
or those that will steer you towards them.
Risk Management The process of identifying, monitoring, and
Process managing potential risks to minimise the
negative impact they may have on an
organisation

Crma7312 Mo

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Crma7312 Mo

Uploaded by

Copyright:

Available Formats

IIE Module Outline CRMA7312

Compliance and Risk Management

The Independent Institute of Education (Pty) Ltd is registered with the

© The Independent Institute of Education (Pty) Ltd 2024 Page 1 of 30

© The Independent Institute of Education (Pty) Ltd 2024 Page 2 of 30

We hope you will enjoy the module.

© The Independent Institute of Education (Pty) Ltd 2024 Page 3 of 30

Using this Module Outline

© The Independent Institute of Education (Pty) Ltd 2024 Page 4 of 30

This Module on Learn

• A list of prescribed material.

© The Independent Institute of Education (Pty) Ltd 2024 Page 5 of 30

Icons Used on Learn

Specific references to sections in the prescribed work.

Questions to help you recognise or think about theoretical concepts to be

Opportunities to make connections between different chunks of theory in

Real life or world of work information or examples of application of theory,

You need to log onto Learn to:

© The Independent Institute of Education (Pty) Ltd 2024 Page 6 of 30

• Broad-Based Black Economic Empowerment Act 53 of 2003

• Financial Intelligence Centre Act 38 of 2001

• National Credit Act 34 of 2005

• Occupation Health and Safety Act 85 of 1993

• Protection of Personal Information Act 4 of 2013

• Accountancy SA (2020) I know I need a compliance function, but what do I do next? At

• Accountancy SA (2020) Compliance and its relationship to internal audit. At

• Amaresan S, What is a business continuity plan at

• Bowmans (2017) Key Differences between King III and King IV at

• Compliance Bridge (2017) The Key Difference Between Policy vs Procedures. At

• Compliance Institute (2009) Generally Accepted Compliance Practice Framework launched

• Department of National Treasury of the Republic of South Africa: Risk Identification. At

© The Independent Institute of Education (Pty) Ltd 2024 Page 7 of 30

• King IV Report at https://www.iodsa.co.za/page/king-iv

• Risk Management Policy Template https://web.actuaries.ie/sites/default/files/erm-

• Vicente V, What is a risk assessment matrix? And why is it important? At

• PXP Financial, The 4T’s of risk management at https://info.pxpfinancial.com/blog/the-4ts-of-

© The Independent Institute of Education (Pty) Ltd 2024 Page 8 of 30

• Mhlanga, M. 2020. Op-Ed: The role of risk management during and

• de Beer, L. (2020), "Corporate governance: the inputs to outcomes

• T. Wakolbinger & J.M. Cruz (2011) Supply chain disruption risk

• Andreeva T. (2021) Risk Management in the Insurance Company. In:

• Bernal, G.A., Salgado-Gálvez, M.A., Zuloaga, D. et al. Integration of

Software required None

© The Independent Institute of Education (Pty) Ltd 2024 Page 9 of 30

Lab minimum None

© The Independent Institute of Education (Pty) Ltd 2024 Page 10 of 30

Demonstrate awareness of the need for a nuanced, thoughtful, and well-

© The Independent Institute of Education (Pty) Ltd 2024 Page 11 of 30

Formatives Test Assignment

© The Independent Institute of Education (Pty) Ltd 2024 Page 12 of 30

Assessment Preparation Guidelines

© The Independent Institute of Education (Pty) Ltd 2024 Page 13 of 30

© The Independent Institute of Education (Pty) Ltd 2024 Page 14 of 30

© The Independent Institute of Education (Pty) Ltd 2024 Page 15 of 30

Learning Unit 1: Theme Breakdown

© The Independent Institute of Education (Pty) Ltd 2024 Page 16 of 30

Learning Unit 2 Corporate Governance and strategy, and an overview of

© The Independent Institute of Education (Pty) Ltd 2024 Page 17 of 30

Learning Unit 2: Theme Breakdown

© The Independent Institute of Education (Pty) Ltd 2024 Page 18 of 30

Theme 2: Compliance Practice PM: Chapter 17

© The Independent Institute of Education (Pty) Ltd 2024 Page 19 of 30

Learning Unit 3 Risk management policy and process