Carlo Andre Smit

Carlo André Smit (CIA) Governance, Risk and Assurance Specialist Dynamic professional with over 25 years of experience in internal auditing, risk management, corporate governance, and compliance, primarily within JSE-listed organisations. Proven expertise in advisory consulting and in-house internal audit functions across diverse industries, including retail, insurance, wine production, distribution, manufacturing, media, broadcasting, hotels, gambling, properties (management and development), logistics, mining, and technology. Demonstrated ability to assess and enhance business strategies, operations, and risk management processes. Wellequipped to drive efficiency and compliance due to a comprehensive understanding of the business landscape and Contact organisational dynamics; and thus a valuable asset to any Address organisation. Durbanville, Cape Town 7550 Work History 2021-03 – Head: Data Governance & Insurance 2024-11 Unitrans Unitrans is a diversified Supply Chain Logistics company serving the needs of selected Sub-Saharan African Phone (- E-mail-WWW markets. A subsidiary of KAP Industrial Holdings Ltd (JSE Bold Profile listed), the company has more than 11,000 employees WWW and provides supply chain solutions in the Agriculture, www.linkedin.com/in/carlo- Mining, Petrochemical, Food & Consumer, People smit-cia-governance-risk- Transport, and Industrial sectors across 10 different and-assurance-specialist- countries. - Prior to my position as Head of Data Governance and Personal Information Insurance, I was appointed in Unitrans as Head of Governance & Enterprise Risk Management after fulfilling the role of Governance, Risk & Compliance Manager. In these roles, I was responsible for the following primary duties and deliverables: Data and ICT Governance: • Develop and implement a comprehensive Data Governance Framework aligned with regulatory requirements and industry standards, ensuring effective management of data assets. • ID No:- • Age: 46 • Driving License: Code 08 • Lead data process mapping initiatives to document Languages data flows, enhancing process automation, integration, and control design to maintain data English integrity. • Coordinate business process improvements and governance for API and RPA projects in collaboration with the Innovation department. • Manage Data Quality through the design and implementation of process improvements, ensuring data integrity and reliability. • Conduct Data and ICT Risk Assessments, maintaining related Risk Registers to mitigate potential threats. • Establish and maintain data classification protocols based on sensitivity, purpose, and location. • Collaborate with ICT to design security measures that protect data from unauthorised access and cyber threats. • Ensure compliance with data protection regulations across multiple African countries, serving as System Controller and Chairman of the Data Protection Committee. • Develop and monitor Data Governance, ICT, and Insurance policies and procedures, ensuring compliance and performance alignment with business objectives. • Collaborate with Legal, Risk and Compliance, and Innovation teams for holistic governance and risk management. Enterprise Risk Management: • Manage Enterprise Risk Registers at divisional, country, and business unit levels, monitoring strategic and regional ERM improvements. • Maintain the ERM Framework and related policies to ensure alignment with best practices. • Oversee the Combined Assurance map, addressing assurance duplications and gaps through coordinated action plans. • Conduct Group ERM maturity assessments and drive initiatives for improvement. • Facilitate enterprise and process-level risk workshops to identify and manage risks. Bilingual or Proficient (C2) Afrikaans Bilingual or Proficient (C2) Personal Skills • Excellent written and verbal communication abilities • Solid general business acumen • Skilled in coordinating multiple projects and engagements simultaneously • Strong leadership capabilities • Proficient in problemsolving • Quick and eager learner • Self-motivated with a strong sense of duty and integrity • Organised and methodical • Meticulous attention to detail • Committed and dependable • Composed under pressure and in stressful situations • Passionate about assisting and supporting others • Assertive, comfortable navigating difficult conversations Compliance Management: • Identify and assess significant business risks, drafting compliance audit programs to test internal controls. • Conduct regular compliance audits at depots and Professional Associations Full member of the Institute regions to ensure adherence to head office of Internal Auditors (IIA) instructions, accounting controls, policies, and South Africa since June procedures. 2003 and achieved Fellow • Provide recommendations on internal control gaps and weaknesses identified during audits. • Implement Continuous Controls Monitoring through Member status in April 2012 (Membership number: 83259). scripting and exception reporting. • Report compliance audit findings and track issues Served on the IIA's Western raised by KAP Internal Audit and External Auditors. Cape Regional Committee • Liaise with External Auditors on risk and compliance- in 2017 & 2018. related matters. Procurement Governance: • Oversee procurement governance and supplier vetting processes, maintaining supplier master files, and account management. Insurance Management: • Manage insurance operations, including incident and accident assessments, claims administration, third-party recoveries, annual declarations, and policy renewals. • Coordinate with group and in-country brokers, insurers, underwriters, and loss adjusters. • Provide training on insurance management systems. General Governance: • Maintain the Governance Framework and coordinate related committees to ensure effective oversight. • Oversee the Approval Framework in alignment with KAP requirements. • Coordinate the compilation of Regional Board packs. • Update and maintain the Regulatory and Legal Universe using Lybrio and Afriwise platforms, tracking compliance actions. • Develop a Policy Framework and related templates, ensuring comprehensive documentation. • Compile governance, risk, and insurance reports for monthly, quarterly, and annual reviews by Exco and Certifications Certified Internal Auditor (CIA), 2006 (#61276) Accredited Quality Assessment Reviewer, 2007 Education 2002 B-Tech Degree (Cum Laude): Internal Auditing Cape Peninsula University of Technology Subjects: Internal Auditing; Cost and Management Accounting; Corporate Reporting; Financial Management; Interpretation of Financial Statements; Management Principles & Practice; Communication Skills; Research Methodology. KAP Industrial Holdings. • Attend and report at Exco, ICT Steercom, Incident Response Team, Risk Management, and Regional Board meetings. • Investigate and report on all Fraud & Ethics Hotline matters, and Alternative Disclosure cases. • Oversee Ethics Management, including the Divisional Code of Ethics and related training. • Manage annual and ad-hoc conflict of interest and gift declarations. • Review and approve all supplier and customer credit applications. Other: • Perform Business Process Mapping for prioritized processes, including RACMs and RACI models. • Coordinate Data Protection, Ethics, and Competition Law training and awareness initiatives. • Compile monthly, quarterly, and annual governance, risk and compliance reports for Exco, Audit & Risk Committee and KAP Industrial Holdings. • Lead and coach staff to foster professional development and performance. 1999 National Diploma: Internal Auditing Cape Peninsula University of Technology Subjects: Internal Auditing; Financial Accounting; Cost and Management Accounting; Commercial Law; Corporate Law; Economics; Tax. 1996 Matric President High School Subjects: English (HG), Afrikaans (HG), Mathematics (HG), Accounting (HG), Biology (HG), Physical Science (SG) Technical Experience 2019-05 - Director 2021-02 Symphonic CS Word, Excel, Outlook, Symphonic CS was established for the purpose of PowerPoint, Visio, managing several service offerings, but mainly focused Teams, Planner, Forms, on consulting in the areas of Internal Auditing, Risk Lists Management, Corporate Governance, POPI/GDPR compliance, and related technology. • Microsoft Office Suite: • BarnOwl (Risk Management & Internal Audit Software) As Director, I was involved in all areas of the business, including sales strategy, client relations, networking, • IDEA & ACL (Data Analysis Software) industry research, product awareness, engagement • Safetica DLP planning, and execution. • AccPac • SAP 2015-02 - Group Chief Audit Executive 2018-07 Hosken Consolidated Investments Limited (HCI) HCI is an investment holding company, which is listed in the financial sector on the JSE. The group is involved in a diverse range of investments, including hotel and leisure (Tsogo Sun Hotels), gambling (Tsogo Sun • JDE • Syspro • Sage X3 • Finnivo • Qlik Sense • XGRC • Monday.com Casinos, Galaxy Bingo, and Vukani Gaming/V-Slots), interactive gaming (Prima), media and broadcasting (e-Media Holdings), transport (Golden Arrow Bus Services), mining (HCI Coal), energy (Impact Oil & Gas), industrials (Deneb Investments), services and technology (Alphawave Golf and BSG), clothing (various brands), and properties (HCI Properties). My primary duties and responsibilities included: • Implement risk-based internal auditing across the group, aligned with the International Standards for the Professional Practice of Internal Auditing (IPPF). • Establish a consistent methodology for audit execution and reporting, maintaining the independence of internal audit activities in compliance with the King Report on Corporate Governance. • Provide consolidated internal audit reporting and assurance on internal control effectiveness to the Audit and Risk Committees. • Develop and execute annual internal audit plans approved by the relevant committees. • Attend Executive and Audit Committee meetings to deliver project updates and relevant feedback. • eTime (Greatsoft) • DriveCam • Cawemo/Camunda • Q9elements Sabbatical Took a career break from August 2018 to April 2019 after nearly 20 years in internal audit and risk management roles. During this time, I traveled locally and internationally (including to the USA, Portugal, and Spain), spent quality time with family, prioritized personal growth and health, and established my own consulting company. Hobbies and Interests • Inform Audit Committees of emerging trends in internal auditing and governance, recommending revisions to the Internal Audit Charter and methodology. • Collaborate with risk management, governance, compliance functions, and external auditors to ensure coordinated efforts and minimize duplication. • Coordinate fraud investigations across the group, reporting findings to the Risk and Social & Ethics Committees. • Manage and guide audit staff performance while facilitating continuous training and development. • Supervise outsourced staff for annual internal audit reviews at non-listed subsidiaries (HCI Coal & HCI Properties). • Implement and maintain a quality assurance program for the internal audit function, continuously monitoring its effectiveness. Playing guitar Singing and song writing Travelling Food and wine tasting Playing golf Running 2009-10 - Group Head of Internal Audit 2015-01 Deneb Investments Limited Previously Seardel Investment Corporation, Deneb is a diverse investment company operating in Southern Africa and listed on the JSE under the Consumer Goods, Personal, and Household Goods sector. The Group's revenue is derived from various investments clustered into five segments, namely properties, branded product distribution, textiles, and industrials. My primary duties and responsibilities included: • Establish and maintain an internal audit department that operates according to its approved mandate, as outlined in the Internal Audit Charter. • Align the Internal Audit Charter with best practices and applicable governance standards. • Ensure departmental methodology conforms with the Code of Ethics and the Standards for the Professional Practice of Internal Auditing, as prescribed by the Institute of Internal Auditors. • Develop and achieve risk-based annual internal audit plans approved by the Audit Committees (Deneb/Seardel and HCI). • Provide continuous assurance on the design and operational effectiveness of the internal control environment to the Audit and other Board Committees. • Conduct annual assessments of the adequacy and effectiveness of internal controls and risk management frameworks for the Audit Committees. • Attend Executive and Audit Committee meetings to provide feedback, project status updates, and reports. • Keep Audit Committees informed of emerging trends in internal auditing and governance practices, recommending necessary revisions to the Internal Audit Charter and methodology. • Review audit files and distribute audit reports. • Manage and coach audit staff to enhance performance. • Implement and maintain a quality assurance and improvement program for the internal audit function, continuously monitoring its effectiveness. • Participate in the operational risk assessment process and maintain the group's combined assurance plan. • Coordinate and oversee other control and monitoring functions, including risk management, social and ethics, OHS, and external audit. • Provide guidance on fraud investigations, risk management, corporate governance, and special projects. • Oversee and coordinate internal audit functions and reporting for certain subsidiaries within the HCI Group, including Deneb, Sabido Investments (eMedia), Golden Arrow Bus Service, and Niveus (Vukani Gaming, Galaxy Bingo, and KWV). 2007-06 - Internal Audit Manager 2009-09 Grant Thornton Grant Thornton SA is a medium-tier auditing firm that has been operating since 1920. Over the years, the firm has advanced from a traditional audit, accounting, and tax practice and is now the largest accounting and specialist advisory services firm in the country after the 'Big Four'. My primary duties and responsibilities included: • Oversee all internal audit and risk advisory processes. • Compile and review working paper files. • Manage project timelines, budgets, and deadlines effectively. • Ensure all work complies with Grant Thornton and IIA Standards. • Assist in training departmental personnel and supporting staff management. • Attend audit committee meetings to provide insights and updates. • Prepare and present proposals to clients. • Develop internal audit plans tailored to client needs. • Promote and market internal audit and risk services. . 2005-07 - Regional Internal Audit Senior 2007-05 Iliad Africa Group The Iliad Africa Group focuses on sourcing, distributing, and retailing the entire spectrum of ceramic tiles and sanitary ware, bathroom fittings, hardware, building materials, interior and exterior finishes, finished wood products, and related accessories. The Group is listed on the Johannesburg Stock Exchange and had over 90 operations/outlets (at the time) throughout South Africa. 2002-11 - Head Office Internal Audit Supervisor 2005-06 Shoprite Group The Shoprite Group is Africa's largest food retailer, with more than 3,600 operating outlets across 10 African countries. The Group's headquarters are situated in the Western Cape province of South Africa, and its outlets include Shoprite, Checkers, Shoprite & Checkers LiquorShop, OK Furniture, OK Power Express, OK Dreams, and House & Home. 1999-12 - Internal Audit Supervisor 2002-10 Lewis Group Limited The Lewis Group is a listed furniture retail group with over 800 stores in South Africa and neighbouring African countries. Prior to my position of Internal Audit Supervisor, I was appointed in the Lewis Group as Group Internal Auditor after fulfilling the role of Branch Accounts Manager. 1999-08 - Audit / Article Clerk 1999-10 Downing-Pienaar Management Consultants & Lewis - Please note that references are available on request -