Accountants Professional Indemnity Insurance Proposal

Annexure B

Commercial CrimeProposal

Proposer Details

1.Name of Company (Include details of Subsidiary and/or Associated companies)

NATIONAL REGULATOR FOR COMPULSORY SPECIFICATIONS

2.Date Established

1 SEPTEMBER 2008

3.Head Office Physical Address

SABS CAMPUS, 1 DR LATEGAN ROAD, GROENKLOOF, PRETORIA, 0181

4.VAT Registration No:

N/A ESTABLISHED UNDER ACT OF PARLIAMENT

1. Nature of Operations

REGULATORY ENTITY UNDER THE DEPARTMENT OF TRADE AND INDUSTRY. REGULATING PRODUCTS FOR PUBLIC HEALTH, SAFETY AND ENVIRONMENTAL PROTECTION.

______

1. Annual Turnover

REFER TO THE ANNUAL REPORT AND THE STRATEGY PLAN

1. Number of Locations

Domestic: 5

Foreign : 0

______

1. Number of Employees

Previous year: ______292 (2013/14)

Current year: ______302 (2014/15)

Next year: ______319(2015/16)

9.Current Market Value of all Pension and Employee Benefit Plans

EMPLOYEE BENEFITS OBLIGATIONSR23 MILLION

10. Name of parent company (if applicable)

N/A

Audit and Corporate Governance

9.Do External Auditors audit all operations at least annually?.______Yes

10.(a)Have all recommendations by External Auditors regarding internal controls been complied with, following your last audit? Yes

(b)If “no”, please provide details.

11.Is there an Audit Committee which monitors the effectiveness of internal controls and reports directly to the Board? Yes

12.(a)Does management support the principals of transparency, integrity, accountability and

accordingly endorse “The Code of Corporate Practices and Conduct” as set out in The King Report on Corporate Governance? Yes

(b)If “no”, please briefly explain reasons for areas of non-compliance.

13.(a)Do you have an Internal Audit Department?...... ______Yes

(b)Do they have an established audit cycle for all operations? ______Yes

(c)Are all recommendations by Internal Auditors regarding internal controls complied with? Yes

(d)If “no”, please provide details. ______

______

______

Recruitment Procedures

14.State the number of employees in each of the following, departments

Executive management3

Management54

Accounts/Financial

With access to money6

Without access to money16

Others:

Inspectors141

General Administration81

TOTAL NUMBER302

15.When recruiting or promoting employees to positions of trust involving handling of stock, money, financial or treasury functions, do you:

(a)undertake independent checks into their employment history? ______Yes

(b)undertake independent checks into criminal record and financial history? Financial record yes and no criminal checks

(c)undergo a process to ensure their suitability for the position? ______Yes

Internal Financial Controls

16.Are comprehensive management and reporting accounting structures, budget control and budget variance analysis and processes operative within the company? Yes

17.Through management reporting levels and variance analysis are adverse and positive variances investigated? Yes

18.Have operational and system manuals and procedures formally been defined with respect to each activity? Yes

19.If not, how is effective control maintained over the activities?

N/A

20.Are wages/salaries independently checked against personnel records for unusual or excessive payments? Yes

21.Are duties segregated so that no individual can control any of the following activities from commencement to completion without referral to others;

(a)signing cheques or authorising payments (including capital expenditure).Yes

(b)issuing funds transfer instructions?...... Yes

(c)amending funds transfer procedures?...... Yes

(d)opening new bank accounts?...... Yes

(e)investment in and custody of securities and valuables (including bank cheques, traveler’s cheques, bills of exchange etc.)? Yes

(f)refund of monies or return of goods?...... Yes

(g)disbursement of assets or funds of any Pension Plan?..N/A

(h)awarding contracts following a tender?...... Yes

22.Is all supporting documentation validated before authorising payments?____Yes

23.Are statements of accounts sent to customers independently of employees receiving payment? Yes

24.Are bank statements independently reconciled with customer accounts by persons not authorised to deposit/withdraw funds, issue funds transfer instructions or dispatch accounts to customers? Yes

Stock and Physical Security

NRCS DOES NOT MANUFACTURE OR OFFER ANY PRODUCT FOR SALE. IT IS PURELY A SERVCE DRIVEN BUSINESS.

NRCS DOES NOT ACCEPT CASH FOR PAYMENT OF SERVICES

25.Describe your system, for purchasing goods

NA

26.Describe you stock (separately for raw materials and finished goods, if applicable)

N/A

27.Describe the controls applied to stock arriving on the premises, movement within the premises and stock leaving the premises.

N/A

28.Is there controlled access to all locations?...... N/A

29.Are all premises containing stock, money, securities, precious metals etc. connected to an intruder alarm? N/A

30.Are intruder alarms maintained in proper working order and connected to a central station or

a police station?...... N/A

31.Is an independent physical count of stock, raw materials, work in progress and finished goods undertaken at least quarterly and is this count reconciled against stock records?

...... N/A

32.What action is taken upon discovery of discrepancies between inventory and stocktake?

N/A

33.Is the transfer of money and securities usually made by a security or professional cash carrying company? N/A

34.What is the maximum value of money, securities, precious metals and/or jewellery at any one location:

(a)during business hours?...... N/A

(b)outside business hours?...... N/A

Suppliers/Service Providers/Outsourcing

35.Do you maintain an approved suppliers list?...... ______Yes

36.Are suppliers, service providers and outsourcing companies vetted for competency, financial stability and honesty before being approved? Yes

37.Are all suppliers, service providers and outsourcing companies appointed under written contract? Yes

38.Are procedures in place to assess the suitability of trustees; fiduciaries; administrators or officers of any of your Pension Plans? Yes

39.(a)Do you outsource any activities to third party service providers Yes

(b)If “yes”, please detail the services provided.

CONSULTING SERVICES

40.Do you audit outsourcing companies during the term of their contract?__Yes

41.If the service provider or outsourcing company operates on your premises are their employees under your daily management control? Yes

Computer Systems

42.Are unique passwords used to give various levels of entry to the computer depending on the users authorisation? Yes No

43.Are passwords automatically withdrawn when people leave?______Yes

44.Are all amendments to programs approved independently of the persons making the amendments? Yes

45.Are programs protected to detect unauthorised changes?...______Yes

46.Is your computer system “firewall” protected to prevent unauthorised access? Yes

47.Is your computer system protected by virus detection and repair software? __Yes

48.Are your electronic data processing operation audited regularly?______Yes

49.Has a security policy, which addresses security objectives, top management level support and high level security principles e.g. access profile, compliance conditions etc., been introduced and implemented? Yes

50.Do persons other than employees have physical or electronic access to you facilities? Yes

51. If yes, describe circumstances and controls in effect.

ONLY AUTORISED CONTRACTORS GIVEN LIMITED ACCESS

52.Do you operate “Remote Access Systems” which allows users to dial into the network and have the same access as if they were in the office? Yes

53.If yes, provide a brief overview of the controls over “Remote Access”

REMOTE ACCES IS PASSWORD PROTECTED AND ONLY USERS WITH

REMOTE ACCESS RIGHTS CAN ACCESS THE SYSTEM

54Does the Internal Audit staff have the qualifications to and do they review the work of external consultants to check for programming faults, errors and fraud?

Yes

55If you do not have an Internal Audit Department how do you and/or your independent External Auditors/Accountants review the work of external consultants to check for programming faults, errors and fraud?

MAKE USE OF CO-SOURCED AUDIT PARTNERS

56Is anyone other than your employees allowed access to your computer system? Yes

If so:

a)Which computer systems are they allowed to access? What restrictions or parameters are placed on their access?DATABASES AND BUSINESS APPLICATIONS

b)Who overseas their activity?IT MANAGEMENT

c)What safeguards are in place to prevent access to other systems?ACCESS RIGHTS

d)Do you review the changes/alterations made to your computer systems before going live and releasing to end users? If yes, how often? How do you identify deviations from the approved parameters? If one occurs, how is this handled?YES ALL SYSTEMS ARE REVIEWED ON THE DEVELOPMENT ENVIRONMENT BEFORE GOING LIVE

e)What is the scope of the background check performed in respect of all such individuals before being approved to start work for you?BACKGROUND CHECKS ARE DONE ON A COMPANY LEVEL

57Do you have a contingency plan to provide specific safeguards against employee theft or crime exposures affecting payroll, accounts receivable accounts payable, inventory systems, funds transfer and security systems in the event of a crisis such as a power outage or extended computer system failure? Please provide details.

THE IT INFRASTRUCTURE IS HOSTED AT A REMOTE DATA CENTER AND IN THE CASE OF POWER OUTAGES THERE IS BACKUP POWER. THERE IS ALSO A DISASTER RECOVERY SITE IN CASE OF A DISASTER AT THE PRODUCTION SITE ALL SECURITY IS HANDLED AT THE DATA CENTER AND POWER OUTAGES ON SITE WILL NOT AFFECT SYSTEM SECURITY.

Fund Transfers

“Fund Transfers” means any instructions (other than cheques) given to a Financial Institution to pay or deliver funds.

58.What is the approximate annual value of fund transfers?...Cover required for R15 MILLION

59.Please specify the method of instruction (e.g. written, electronic, computer, telephone etc.).

ELECTRONIC - INTERNET BANKING

60.Can payment instructions be made to any account which has not been pre-agreed?

...... ____Yes

61.Is the financial institution required to authenticate the instruction before payment is released? No

62.Please provide a brief description of the methods used to secure fund transfers (e.g. passwords, encryption, code words, call back).

DUAL SIGNATORIES

NORMAL BANKING SECURITY PASSWORDS

TWO TIER APPROVAL PROCESS ( A AND B SIGNATORIES

Plans and Policies

63.Do you maintain a written crisis management or contingency plan covering procedures following kidnapping or extortion? Yes FOR NORMAL BUSINESS INTERRUPTIONS AND NOT FOR KIDNAPPING OR EXTORTION

64.Do you maintain a written anti-fraud policy which is distributed throughout your organisation? Yes

Loss History

65.(a)Please provide brief details of any losses (of a type covered by this insurance)

sustained during the past five (5) years and before application of any deductible, retention or excess whether insured or not. (Please include date discovered, location, nature of loss and amount).

R120 000.00 FRAUD. AN INDIVIDUAL WITH ACCESS TO THE INTERNAL FINANCIAL SYSTEM AMENDED BANKING DETAILS IN THE BACKGROUND. AS THE TRANSFER WAS MADE THE MONEY WAS DIVERTED IN TO A WRONG ACCOUNT, APRIL 2010.

(b)Please describe what corrective measures were taken to prevent similar losses.

IMPROVED SYSTEM SECURITY AND AUDIT TRAILS