Corporate Governance Aligned to King IV Principles

Principle 15: Assurance



  • Principle 15 – The governing body should ensure that assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decision-making and of the organisation’s external reports



  • Assurance on the effectiveness of internal controls and integrity of information for internal decision-making and external reporting purposes

Internal Audits Key Strategic Initiatives

The IA Strategic Plan is aligned to the strategic objectives of the Fund and includes the following strategic focus areas:

1. Leveraging on Technology and use of Modern Audit Techniques

IA has embraced technology to enable the function to realise the goal of efficiency, optimisation, accountability, and transparency.


The IT auditing and data analytics tools, audit management system, as well as the continuous auditing software have facilitated the automation of the IA processes and deeper analysis of data.


This has helped to improve efficiency and effectiveness of the audit processes while determining the scale and depth of audit observations and compliance status, which has enabled decision-makers to timely mitigate risks.

2. Continuous Risk-Based Auditing

IA has introduced and implemented agile auditing to respond to emerging risks and established a robust risk assessment to focus on emerging technological, strategic, and business risks.

3. Quality Assurance and Improvement Programme (QAIP) and Performance Monitoring

The implementation of a QAIP is to ensure conformance with the definition of IA, the Code of Ethics for internal auditors and the Auditing Standards.


Internal assessments include comprehensive ongoing and periodic monitoring. The programme incorporates quality assurance processes in the stages of planning, engagement, and reporting.


On an annual basis, the function conducts and reports the results of the internal assessment to ARC.


Independent and objective external quality assessment evaluates conformance of IA with the IA Charter, Code of Ethics, and Auditing Standards. The last external assessment was conducted by KPMG in 2018 and the next assessment is due in the FY2023/2024.

QAIP is effectively applied at three fundamental levels (or perspectives):

*Click to enlarge view

4. Improving Interaction and Coordination with Stakeholders

IA has developed a Stakeholder Engagement Matrix to identify and appropriately respond to different stakeholders’ needs.

In addition, IA is engaging with other assurance providers to develop a formalised combined assurance model to improve the coordination of work plans, minimise duplication of efforts and facilitate collaboration and uniform reporting to Management and the Board.


Currently, IA consults and engages other assurance providers during the audit planning and execution stages.


However, the coordination with other assurance providers does not impair the independence of IA. IA objectively reviews all internal controls, risk management and governance processes for the other assurance providers.

The NSSF Internal Audit team

5. Capacity Building of Staff

Capacity building to improve skills is being achieved in the following ways:

  • Acquisition of professional certifications through sponsorship and provision of study facilities
  • Attraction, retention, and development of highly skilled and talented staff
  • Building the competence and capacity of the individual internal auditors through mandatory continuous professional development programmes
  • Benchmarking with other audit shops in the industry

The professional certifications obtained to date include Certified Information Systems Manager (CISM), Certified Chartered Accountant (ACCA), Certified Public Accountant (CPA), Certified Information Systems Auditor (CISA) and Certified Internal Auditor (CIA)

External Auditors

The powers to appoint External Auditors for Public Institutions (like the NSSF) is vested in the Office of the Auditor General of Uganda (OAG). In line with Section 23 of the National Audit Act (2008), the Auditor General may appoint private auditors to assist him/her in the performance of his/her functions under this Act.

Section 32(2) of the NSSF Act gives the Auditor General the mandate to audit its financials or by an Auditor appointed by the Auditor General. Accordingly, the Auditor General re-appointed PwC to conduct an annual audit of NSSF for the year ending 30 June 2022. The length of service of external auditors is determined by the appointing authority and the general practice has been for a duration of three years.

The ARC reviews the external audit plan and oversees the relationship between the internal and external auditors to ensure efforts are coordinated.

Assurance of Reports

  • As of the year ending 30 June 2022, IA will provide assurance on elements of non-financial information

Financial information used in the report is sourced from the Annual Financial Statements which are assured by our External Auditors.
Read more about the role of Internal Audit in integrated reporting