Exhibit 15.3

Exhibit 15.3

Audit and risk committee report

Harmony integrated annual report 2012

The Companies Act 71 of 2008 (the Act) requires companies to establish an audit committee and prescribes the composition and functions of such a committee. As the mandate of Harmony’s audit committee includes monitoring risk management, its name changed to the audit and risk committee.

The committee has been established by the board of directors to attend to its statutory duties as set out in the Act, assist the board in discharging its duties on safeguarding assets, monitor the operation of an adequate system of internal control and control processes, and monitor the preparation of accurate financial reporting and statements in compliance with all applicable legal requirements, corporate governance and accounting standards. The committee is also required to ensure that significant risks facing Harmony are adequately addressed and supports the board in its responsibility for the governance of risk.

In terms of the Act, the following members, serving as members of the committee as at 30 June 2012, will again be recommended to shareholders for appointment as audit and risk committee members for the ensuing financial year at the company’s annual general meeting:

John Wetton (chairman and independent non-executive director) – member since 1 July 2011, appointed chairman from 30 November 2011

Fikile De Buck (lead independent non-executive director) – member since 30 March 2006

Simo Lushaba (independent non-executive director) – member since 24 January 2003

Modise Motloba (independent non-executive director) – member since 30 July 2004.

The proposed individuals satisfy the requirements to serve as members of an audit and risk committee as provided for in section 94 of the Act and ensure that the committee comprises people with adequate and relevant knowledge and experience for the committee to perform its functions. For a detailed account of the qualifications and expertise of the members of the audit and risk committee, please refer to their resumés on pages 26 to 28 of the report.

In terms of the audit and risk committee’s formal, approved charter www.harmony.co.za and as part of its function in assisting the board to discharge its duties during the period under review, the committee:

Met five times during the past financial year

Reviewed the company’s quarterly results

Reviewed the annual financial statements for the year ended 30 June 2012 to ensure these present a true, balanced and understandable assessment of the financial position and performance of Harmony. On recommendation from the committee, the board subsequently approved the financial statements

Evaluated and considered Harmony’s risks, measures taken to mitigate those risks and treatment of the residual risks

Monitored the internal control environment in Harmony and found it to be effective

Discussed the appropriateness of accounting principles, critical accounting policies, management judgements, estimates and impairments. These were found to be appropriate and satisfactory

Considered the appointment of the external auditor, PricewaterhouseCoopers Inc (PwC), as the registered independent auditor for the ensuing year

Evaluated the independence and effectiveness of the internal audit function and external auditors

Evaluated and coordinated internal and external audit processes

Received and considered reports from the external and internal auditors

Reviewed and approved internal and external audit plans, terms of engagement and fees as well as the nature and extent of non-audit services rendered by the external auditors

Held separate meetings with management and the external auditors

Considered the appropriateness and expertise of the financial director, Frank Abbott, as well as that of the finance function and found all to be adequate and appropriate

Please note that this page does not form part of the audited information.

190

Harmony integrated annual report 2012

Considered whether IT risks are adequately addressed and that appropriate controls are in place to address these risks

Satisfied itself through enquiry that the external audit firm, PwC, was independent from the company.

The committee is confident that it complied with its legal, regulatory and other responsibilities assigned by the board in terms of the committee’s charter.

The internal audit function reports to the financial director on day-to-day administrative matters. The internal and external auditors attend the committee’s quarterly committee meetings and have unrestricted access to the chairman of the audit and risk committee.

The audit and risk committee reviewed and recommended the integrated annual report for the year ended 30 June 2012 to the board for approval in accordance with King III and the JSE Listings Requirements. This was subsequently approved by the board.

In addition to the integrated report, the committee reviewed the annual report filed on Form 20-F for recommendation to the board and subsequent submission to the United States Securities and Exchange Commission (SEC). The board approved the Form 20-F for submission to the SEC.

The audit and risk committee oversees and monitors the governance of information technology (IT) on behalf of the board in accordance with King III and views this as an important aspect of risk management. For a report on IT governance, refer to page 175.

A comprehensive review of Harmony’s compliance with King III was completed in consultation with the auditing firm

KPMG, in July 2012. As a result, to further enhance compliance with King III:

A formal stakeholder policy and stakeholder management plan are being reviewed

As part of the culture alignment programme, the code of ethics will be reviewed and updated to align with Harmony’s revised value statements. Once reviewed, the revised code will be submitted to the board for approval

Management is revising the roles and responsibilities for various facets of ethics management (eg board committee responsibilities, fraud risk management). This will include a review and potential redesign of the ethics management programme to address integration and further improve levels of proactive ethical risk management

Although combined assurance was applied throughout the year, the process will be formalised into a combined assurance framework and plan

A more detailed overview of the appraisal process, results and action plans following the evaluation of the board, its committees and individual directors is disclosed on page 170

Reasons for the current non-executive directors’ fee structure are more fully explained on page 180

The job specification for the head of internal audit and associated key performance indicators will be developed and submitted to the audit and risk committee for review and approval. This framework will serve as input into the annual assessment of the internal audit function

The onset and frequency of independent quality reviews were considered and approved by the committee in August 2012

A non-audit service policy was developed and approved by the committee in August 2012

The risk management strategy and associated framework were revised. The amended framework and roll-out plan will be submitted to the committee for consideration and approval

HARMONY IN BRIEF

ANNUAL REVIEWS

OPERATIONAL REVIEW

GEOLOGY

EXPLORATION

MINERAL RESOURCES AND RESERVES

GOVERNANCE

FINANCIALS AND ADMINISTRATION

191

Audit and risk committee report continued

Harmony integrated annual report 2012

A management technology (IT) steering committee was constituted in addition to various technology-focused project steering committees currently in place for Harmony. The steering committee charter will be finalised and submitted to the audit and risk committee for consideration and approval

A formalised and functional IT risk register will be enhanced and used by the audit and risk committee to adequately monitor the company’s IT risks, in line with the revised risk management roll-out plan

We will review the current decentralised application of legislative compliance and consider centralising this and/or integrating it into the risk management function to formally address critical regulatory non-compliance risk. The relevant disclosures appear on pages 24 to 25

The internal audit strategy and associated approach will be revised to align more closely with a risk-based approach and to address enhanced compliance with the Institute of Internal Auditors (IIA) standards. An updated internal audit charter will be presented to the audit and risk committee for its consideration and approval. More information on Harmony’s risk management appears on page 24 to 25.

John Wetton

Audit and risk committee chairman

25 October 2012

192