To maintain its financial sustainability, the contribution rates are set according to the promised benefits of the social security programme.

The programme has regular actuarial valuations to monitor sustainability.

The actuarial measures of the social security programme are well defined and documented to enhance accountability, transparency and predictability in the administration of each of the social security programmes established by the institution.

Depending upon the legislation, policy or decree that establishes the social security programme, the board and management of a social security institution may be duty bound to maintain an adequate level of funding to deliver the promised benefits to members and beneficiaries of the scheme, and to ensure the cost effectiveness of the administration of the social security programme.

The implementation of audit findings and recommendations are time bound and monitored.

There is a periodic performance assessment of the internal audit unit. A set of clearly defined indicators measures its efficiency and effectiveness in improving the institution’s performance.

When auditing the institution’s reports, the internal auditor and actuary communicate clearly and effectively. The exchange of information between them neither compromises nor impinges upon their respective independence.

The board or management establishes the internal audit charter of the internal audit unit. The charter sets out the nature, role, responsibility, status and authority of the unit and outlines the scope of its work.

Internal audit is the central unit that undertakes independent and objective reviews of all areas of operation of the institution, and verifies and certifies compliance with all pertinent laws, rules and regulations. The scope of its work is comprehensive. By undertaking independent and objective reviews of policies, operations, systems and procedures, internal controls, risk management, information management, ICT systems and governance processes, it promotes a disciplined approach to the overall management of the institution.

The management aligns and coordinates risk management activities across the institution to maximize synergies, avoid gaps and prevent duplication of effort.