Upload
julia-richards
View
215
Download
0
Tags:
Embed Size (px)
Citation preview
5th Parliament capacity building Portfolio Committee on Home Affairs
Presented by: Naveen Mooloo
9 September 2014
Reputation promise/mission
The Auditor-General of South Africa has a constitutional mandate and,
as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our
country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.
To provide members of parliament with the necessary information/guidance on the role of the AGSA to enable them
to effectively execute their oversight function
Objective of presentation
1. Combined assurance Complimentary support mandate
2. Audit mandate and process Legislative requirements Regularity audit process AGSA audits Audit of Predetermined Objectives
4. How to interpret and Audit Report Audit report structure Financial audit opinions Good administration
5. Briefing process
Index
OversightOversight
6
End-year reporting
Strategic Planning
Implementation and in-year reporting
Operational planning and
budgeting
Policy development
INSTITUTIONNational department
Provincial departmentMunicipalityPublic entity
Municipal entity
OVERSIGHT:Parliament, provincial legislature or municipal council
Oversight model
Section 55(2) of the Constitution: the National Assembly must provide for mechanisms to ensure that all executive organs of state are accountable to them
Section 114(2) of the Constitution: the Provincial Legislature must provide for mechanisms to ensure that all executive organs of state are accountable to them
Oversight legislation
National
Provincial
Committees
PC’s– overseeing the overall performance and functioning of departments
PAC’s– scrutiny of the financial statements of organs of State and reports of the AGSA
8
Oversight Definition:Oversight entails the informal and formal, watchful, strategic and structured
scrutiny exercised by legislatures in respect of the implementation of laws, the application of the budget, and the strict observance of statutes and the Constitution. In addition, and most importantly, it entails overseeing the effective management of government departments by individual members of
Cabinet in pursuit of improved service delivery for the achievement of a better quality of life for all citizens.
1.
2.
3.
4.
Oversight and Accountability Model - concept
9
Oversight and Accountability Model - concept
Accountability Definition:Accountability is the hallmark of modern democratic governance. Democracy remains clichéd if
those in power cannot be held accountable in public for their acts or omissions, for their decisions, their expenditure or policies. Accountability refers to institutionalised practices of giving account of
how assigned responsibilities are carried out.
To enhance the integrity of public governance in order to safeguard government against corruption, nepotism, abuse of power and other forms of inappropriate behaviour.
Accountability functions
10
Role of Portfolio Committees (Rule 201)
Oversight component - Portfolio committee mandate
Seniormanagement
Accountingofficers/authority
Executiveauthority
Required assurance levels
Extensive Extensive Extensive
Management’s assurance role•Senior management – take immediate action to address specific recommendations and adhere to financial management and internal control systems•Accounting officers/ authority – hold officials accountable on implementation of internal controls and report progress quarterly and annually•Executive authority – monitor the progress of performance and enforce accountability and consequences
Management assuranceFirst level of assurance
Seniormanagement
Accountingofficers/authority
Support oversight – complimentary mandate
Oversight assuranceSecond level of assurance
Coordinating /Monitoringinstitutions
Internalaudit
Auditcommittee
Extensive Extensive Extensive
Required assurance levels
Oversight’s assurance role•National Treasury/ DPSA – monitor compliance with laws and regulations and enforce appropriate action•Internal audit – follow up on management’s actions to address specific recommendations and conduct own audits on the key focus areas in the internal control environment and report on quarterly progress•Audit committee – monitor risks andthe implementation of commitments on corrective action made by management as well as quarterly progress on the action plans
Independent assuranceThird level of assurance
Oversight(portfolio
committees / councils)
Publicaccounts
committee
National Assembly
Extensive Extensive Extensive
Required assurance levels
Role of independent assurance•Oversight (portfolio committees) – review and monitor quarterly progress on the implementation of action plans to address deficiencies •Public accounts committee – exercise specific oversight on a regular basis on any report which it may deem necessary•National Assembly – provide independent oversight on the reliability, accuracy and credibility of National and provincial government
Figure 2 below illustrates the oversight cycle on an annual basis:The oversight cycle requires Parliament to take a long-term view of oversight in order to ensure effective
oversight of sustainable delivery. The parliamentary oversight cycle provides a means through whichParliament can monitor government delivery in terms of long-term commitments, rather than focusingexclusively on annual commitments, annual planning and performance assessments. The cycle thus
provides for continuity in Parliament’s oversight activities from year to year.
Support oversight – complimentary mandate
Month
Process Jan Feb March April May June July Aug Sept Oct Nov Dec
Petitions
Constituency Work
Study Tours & Site Visits
ISD Submissions
Civil Society submissions
Strat Plans X
Departmental Briefings
Pres Speech X
Ministerial speeches
• media briefing
• budget speeches
Ministerial statements
MTBPS X Legislation /Policy Assessment of Impact of Legislation
Youth Parliament
Women’s Parliament
People’s Assembly
Annual Reports X X
Audit mandate and processAudit mandate and process
14 Available on Treasury website www.treasury.gov.za/legislation/pfma/circularsAlso refer to AG Directive General Notice 263 of 2014 issued 2 April 2014
Audit - Legislative requirements
15
Regularity Audit - process
The public sector auditor assesses the stewardship of public funds, implementation of government policies and compliance with key legislation in objective manner. The scope of the annual audit performed for each auditee is prescribed in the Public Audit Act and the general notice issued in terms thereof. It includes the following: - Providing assurance that the financial statements are free from misstatements that will affect the users of the financial statements - Reporting on the usefulness and reliability of the information in the annual performance report - Reporting on material non-compliance with key legislation - Identifying the key internal control deficiencies that should be addressed to achieve a clean audit
Performance audits may also be performed to determine whether resources have been procured economically and are used effectively and efficiently.
What is an audit in the public sector?
What does an audit not do?
Due to the test nature and other inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some, even material, misstatements in reported information may not be detected, and the completeness and the accuracy of the information reported are not guaranteed.
Due to the focus on specific areas in key legislation, the audit does not provide assurance that all applicable legislation has been complied with. Although possible fraud may be identified during the audit, this is not the main purpose of the audit. The audit does not provide assurance that service delivery has been achieved, only that the annual performance report is useful and reliable.
16
AGSA Audits (service types & value add)
Regularity Audit
The audit of financial statementsThe financial statements submitted for auditing must be free from material misstatements. Misstatements refer to incorrect or omitted information in the financial statements. Examples include the incorrect or incomplete classification of transactions, or incorrect values placed on assets, liabilities or financial obligations and commitments.
The objective of an audit of financial statements is to express an audit opinion on whether the financial statements fairly present the financial position of auditees at financial year-end and the results of their operations for that financial year.
Audit of computer systems used by the public sector: - PFMA1.Basic Accounting System (BAS)2.PERSAL (HR management3.Logis (asset management)
-MFMASystem used by municipality (each different)
Focus on:1.IT Governance 2.User access management3.Security management4.IT service continuity (Disaster recovery and Business continuity plans)
ISAs (International Standards of Auditing) and ISSAIs Information systems auditing
standards/Guidelines
Audit reportsThe AGSA fulfils its mandate by conducting a variety of audits, such as regularity audits (financial and compliance) and the audit of reporting against predetermined objectives. We also identity root causes that drive the audit outcomes. These are then communicated to the General Conference, through the Executive Board, and the various oversight bodies, i.e. Oversight Advisory Committee, Internal Oversight Service, and Oversight bodies of international standing
Performed annually
Financial Statement Audit Information Systems Audit
17
VS
Performance Audit Investigations
Value add processes are usually performed after inspecting the financial records of an auditee following a directive for the audit to be performed before the usual annual audit. The government may order a special audit conducted on an auditee if there is evidence that its financial affairs are not being run in accordance with proper accounting practices.
Performance Audits – (independent auditing process to evaluate the measures instituted by management
to ensure that resources have been procured economically and are used efficiently and effectively)
Performed when: problems are identified/requested
International Standards of Supreme Audit Institutions (ISSA) 3000 and ISSAI 3001
Investigations assist and support the regulatory audit teams with the identification of fraud risks in the audit environment.
The investigations team perform the following procedures:1.Assist with fraud risk assessments2.Special forensic engagements3.Fraud research and training, and4.Peer quality assurance support.
Value add processes
Standards & Guidelines: Investigations
Performance AuditsFocus on performance while spending– the three Es •Economy •Efficiency •Effectiveness
AGSA Audits (service types and value add)
Regularity AuditsFocus on finances •Financial statements •Financial management •Compliance with laws and regulations
18
AGSA Audits (service types and value add)Performance Auditing:
Looking at the 3Es
GOAL REACHEDBEST RESOURCE BASED ON NEED
BEST RESULTS USING WHAT WE
HAVE
19
AGSA Audits (service types and value add)
Ask: what do I need, what quality do I need, when do I need it, where do I need it, how much of it do I need and where can I get all my needs met at the lowest price?
Examples of findings: •Needs assessments were not always done•Competitive bidding processes were not always followed•Contracts were open-ended in terms of cost and time
Ask: was the work done with the minimum of effort?
Examples of findings:•Projects were extended because of a lack of project management and monitoring •Payments were made in excess of the amounts approved•The document archiving system was not adequately maintained
Ask: Did we do what we set out to do?
Examples of findings:•Project objectives were not achieved, and deliverables only partially completed•Skills transfer was not always effective•Projects were not analysed to determine whether objectives were met and to determine the benefits received
Performance Auditing:
Looking at the 3Es
20
Investigations
The Investigation Business Unit assists the regularity audit teams as follows:
1.Fraud risk assessments•Assist and support the regularity audit teams with the identification of fraud risks in the audit environment as required by ISA 240.
2. Special forensic engagements•Review amongst others, the following complex audit areas to identify non-compliance with prescripts and risk of fraud and irregularities:
• Supply chain management• Human resource management• Information Technology controls• Submitted financial statements
•Perform investigations in exceptional cases.
3. Fraud research and training•Perform pro-active data analysis on government payment systems, to identify fraud risks.•Provide fraud risk awareness training.
4. Peer quality assurance support• Assist the regularity audit teams with peer reviews on procedures performed to mitigate risks identified during risk assessment process.
Value add processes
AGSA Audits (service types and value add)
21
Audit of Predetermined Objectives
22
Regularity Audit - process
THE ANNUAL AUDIT PROCESS
What do auditors do? Why they do it?
Terms of engagement are communicated & agreed to ensure a clear understanding of responsibilities of the parties, the objectives of the audit, access to information and the reports to be provided.
An understanding of the auditee is obtained for risk assessment purposes & an audit plan is prepared.
A risk assessment is performed to determine the number and type of procedures to perform.
Procedures are performed to obtain evidence that the financial statements & annual performance report do not contain material misstatements and that key legislation has been complied with.
The report is only provided to the management of the auditee and the executive authority at the end of the audit. It details the findings from procedures performed, identifies the root causes of these findings and makes recommendations for improvement.
The report is published in the auditees’s annual report. It informs those responsible for oversight, the public and others of material misstatements in the financial statements, material findings on the usefulness and reliability of the performance report, material non-compliance with key legislation in specific focus areas, and the deficiencies in internal control that were identified during the audit.
Agree terms of engagement
Plan the audit
Perform risk assessment procedures
Design and Perform procedures to address
identified risk
Prepare Management Report
(Not published)
Prepare Audit Report (Published)
23
Key concepts for Predetermined ObjectivesA good performance indicator ito the FMPPI chapter 3.2 should be:
24
Key concepts for predetermined objectives continued
A useful set of criteria for selecting performance targets is the "SMART" criteria ito the FMPPI chapter 3.3;
How to interpret an Audit reportHow to interpret an Audit report
26
Regularity Audit - report
departures from financial reporting framework, or limitation on scope which is not so material and pervasive (unqualified opinion cannot be expressed )
Disclaimerlimitation on scope is so material and pervasive the auditor has NOT been able to obtain sufficient appropriate audit evidence to form an opinion (unable to express opinion)
Adversedisagreement with management regarding departures from the financial reporting framework, is so material and pervasive to AFS (qualification of the report is not adequate to disclose the misleading or incomplete nature of the AFS)
Unqualifiedwith findings
on compliance and PDO
Qualified
27
Regularity Audit - report
Additional Matter paragraph included in audit report: >20% of targets are not achieved
28
Regularity Audit – Best practicesBest practices on how to achieve a good administration?
Matters reported by external and internal auditors should receive timeous management attention, internal controls should address the following key areas:
Leadership•Establish a culture of honesty, ethical business practices and good governance •Exercise oversight responsibility •Ensure effective human resource practices •Implement appropriate policies and procedures •Approve and monitor the implementation of action plans to address internal control deficiencies •Approve an appropriate information technology governance framework
Financial and performance management•Ensure proper record keeping of all transactions •Maintain effective controls over daily and monthly processing and reconciling of transactions •Produce regular, accurate and complete financial and performance (service delivery) reports •Review and monitor compliance with applicable legislation •Design and implement formal controls to mitigate information technology risks
Governance•Ensure that risks are periodically identified, assessed and effectively mitigated •Maintain an adequately resourced and functioning internal audit unit •Maintain an audit committee that performs its legislated duties and promote accountability and service delivery
Briefing process by the AGSA
30
- Reliable, accurate and complete Annual
Reports by entities
- AGSA review of annual reports
critical in ensuring complete, reliable
and accurate reporting
- AGSA briefing of Root causes of audit
outcomes
- Root causes are linked to the Key
Focus Areas
- Analysis and understanding of the Root causes of the audit outcomes by
oversight
- AGSA make recommendations to
oversight in addressing the
deficiencies reported
Reporting by departments and entities
Actual Briefing process
- Oversight committees must
obtain an understanding of the
entity
- The Annual Report of the entity must be studied prior to the
briefing and hearing
Understanding Mandate of entities by Oversight
- Oversight committees issues their findings and
must make recommendations which address the
deficiencies identified by way of
resolutions
- Recommendations must have
milestones and conform to the
“SMART” principles
-Send reports to executives for
implementation.
Recommend-ations by oversight
committees
-Entities must compile an action
plan to address the deficiencies
- Action plans must have deliverable
milestones and also conform to the
“SMART” principles
- Progress on implementation of action plan and
measures to improve the audit outcomes must be reported to
oversight for monitoring.
Action plans by entities
and progress monitoring
EFFECTIVE BRIEFING PROCESS
Briefing process
31
Briefing process
32
Acts applicable
How to interpret an Audit report - Example ReportHow to interpret an Audit report - Example Report
DHA audit outcomes to 2012/13DHA audit outcomes to 2012/13
Audit opinion history
Audit opinions 08-09 09-10 10-11 11-12 12-13
Department of Home Affairs (DHA)
Qualification areas
Capital assets X X X
Revenue X X
Receivables for departmental revenue X X
Payables X X
Leases X
Revenue management: Contingent Assets X X
Accruals X
Contingent liabilities X
Leave liability X
Other matters
Predetermined objectives X X X
Compliance with laws and regulations X X X X X
Key: AUDIT OPINION
CLEAN AUDIT OPINION: No findings on PDOs and compliance
UNQUALIFIED with findings on PDOs and compliance
QUALIFIED AUDIT OPINION (with/without findings)
DISCLAIMER/ADVERSE AUDIT OPINION
Thank You