5th Parliament capacity building Portfolio Committee on Home Affairs

Presented by: Naveen Mooloo

9 September 2014

Reputation promise/mission

The Auditor-General of South Africa has a constitutional mandate and,

as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our

country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.

To provide members of parliament with the necessary information/guidance on the role of the AGSA to enable them

to effectively execute their oversight function

Objective of presentation

1. Combined assurance Complimentary support mandate

2. Audit mandate and process Legislative requirements Regularity audit process AGSA audits Audit of Predetermined Objectives

4. How to interpret and Audit Report Audit report structure Financial audit opinions Good administration

5. Briefing process

Index

OversightOversight

6

End-year reporting

Strategic Planning

Implementation and in-year reporting

Operational planning and

budgeting

Policy development

INSTITUTIONNational department

Provincial departmentMunicipalityPublic entity

Municipal entity

OVERSIGHT:Parliament, provincial legislature or municipal council

Oversight model

Section 55(2) of the Constitution: the National Assembly must provide for mechanisms to ensure that all executive organs of state are accountable to them

Section 114(2) of the Constitution: the Provincial Legislature must provide for mechanisms to ensure that all executive organs of state are accountable to them

Oversight legislation

National

Provincial

Committees

PC’s– overseeing the overall performance and functioning of departments

PAC’s– scrutiny of the financial statements of organs of State and reports of the AGSA

8

Oversight Definition:Oversight entails the informal and formal, watchful, strategic and structured

scrutiny exercised by legislatures in respect of the implementation of laws, the application of the budget, and the strict observance of statutes and the Constitution. In addition, and most importantly, it entails overseeing the effective management of government departments by individual members of

Cabinet in pursuit of improved service delivery for the achievement of a better quality of life for all citizens.

1.

2.

3.

4.

Oversight and Accountability Model - concept

9

Oversight and Accountability Model - concept

Accountability Definition:Accountability is the hallmark of modern democratic governance. Democracy remains clichéd if

those in power cannot be held accountable in public for their acts or omissions, for their decisions, their expenditure or policies. Accountability refers to institutionalised practices of giving account of

how assigned responsibilities are carried out.

To enhance the integrity of public governance in order to safeguard government against corruption, nepotism, abuse of power and other forms of inappropriate behaviour.

Accountability functions

10

Role of Portfolio Committees (Rule 201)

Oversight component - Portfolio committee mandate

Seniormanagement

Accountingofficers/authority

Executiveauthority

Required assurance levels

Extensive Extensive Extensive

Management’s assurance role•Senior management – take immediate action to address specific recommendations and adhere to financial management and internal control systems•Accounting officers/ authority – hold officials accountable on implementation of internal controls and report progress quarterly and annually•Executive authority – monitor the progress of performance and enforce accountability and consequences

Management assuranceFirst level of assurance

Seniormanagement

Accountingofficers/authority

Support oversight – complimentary mandate

Oversight assuranceSecond level of assurance

Coordinating /Monitoringinstitutions

Internalaudit

Auditcommittee

Extensive Extensive Extensive

Required assurance levels

Oversight’s assurance role•National Treasury/ DPSA – monitor compliance with laws and regulations and enforce appropriate action•Internal audit – follow up on management’s actions to address specific recommendations and conduct own audits on the key focus areas in the internal control environment and report on quarterly progress•Audit committee – monitor risks andthe implementation of commitments on corrective action made by management as well as quarterly progress on the action plans

Independent assuranceThird level of assurance

Oversight(portfolio

committees / councils)

Publicaccounts

committee

National Assembly

Extensive Extensive Extensive

Required assurance levels

Role of independent assurance•Oversight (portfolio committees) – review and monitor quarterly progress on the implementation of action plans to address deficiencies •Public accounts committee – exercise specific oversight on a regular basis on any report which it may deem necessary•National Assembly – provide independent oversight on the reliability, accuracy and credibility of National and provincial government

Figure 2 below illustrates the oversight cycle on an annual basis:The oversight cycle requires Parliament to take a long-term view of oversight in order to ensure effective

oversight of sustainable delivery. The parliamentary oversight cycle provides a means through whichParliament can monitor government delivery in terms of long-term commitments, rather than focusingexclusively on annual commitments, annual planning and performance assessments. The cycle thus

provides for continuity in Parliament’s oversight activities from year to year.

Support oversight – complimentary mandate

Month

Process Jan Feb March April May June July Aug Sept Oct Nov Dec

Petitions                        

Constituency Work                        

Study Tours & Site Visits                        

ISD Submissions                        

Civil Society submissions                        

Strat Plans      X                  

Departmental Briefings                        

Pres Speech     X                    

Ministerial speeches                        

• media briefing                        

• budget speeches                        

Ministerial statements                        

MTBPS                   X      Legislation /Policy Assessment of Impact of Legislation                        

Youth Parliament                        

Women’s Parliament                        

People’s Assembly                        

Annual Reports                 X X    

Audit mandate and processAudit mandate and process

14 Available on Treasury website www.treasury.gov.za/legislation/pfma/circularsAlso refer to AG Directive General Notice 263 of 2014 issued 2 April 2014

Audit - Legislative requirements

15

Regularity Audit - process

The public sector auditor assesses the stewardship of public funds, implementation of government policies and compliance with key legislation in objective manner. The scope of the annual audit performed for each auditee is prescribed in the Public Audit Act and the general notice issued in terms thereof. It includes the following: - Providing assurance that the financial statements are free from misstatements that will affect the users of the financial statements - Reporting on the usefulness and reliability of the information in the annual performance report - Reporting on material non-compliance with key legislation - Identifying the key internal control deficiencies that should be addressed to achieve a clean audit

Performance audits may also be performed to determine whether resources have been procured economically and are used effectively and efficiently.

What is an audit in the public sector?

What does an audit not do?

Due to the test nature and other inherent limitations of an audit, together with the inherent limitations of internal control, there is an unavoidable risk that some, even material, misstatements in reported information may not be detected, and the completeness and the accuracy of the information reported are not guaranteed.

Due to the focus on specific areas in key legislation, the audit does not provide assurance that all applicable legislation has been complied with. Although possible fraud may be identified during the audit, this is not the main purpose of the audit. The audit does not provide assurance that service delivery has been achieved, only that the annual performance report is useful and reliable.

16

AGSA Audits (service types & value add)

Regularity Audit

The audit of financial statementsThe financial statements submitted for auditing must be free from material misstatements. Misstatements refer to incorrect or omitted information in the financial statements. Examples include the incorrect or incomplete classification of transactions, or incorrect values placed on assets, liabilities or financial obligations and commitments.

The objective of an audit of financial statements is to express an audit opinion on whether the financial statements fairly present the financial position of auditees at financial year-end and the results of their operations for that financial year.

Audit of computer systems used by the public sector: - PFMA1.Basic Accounting System (BAS)2.PERSAL (HR management3.Logis (asset management)

-MFMASystem used by municipality (each different)

Focus on:1.IT Governance 2.User access management3.Security management4.IT service continuity (Disaster recovery and Business continuity plans)

ISAs (International Standards of Auditing) and ISSAIs Information systems auditing

standards/Guidelines

Audit reportsThe AGSA fulfils its mandate by conducting a variety of audits, such as regularity audits (financial and compliance) and the audit of reporting against predetermined objectives. We also identity root causes that drive the audit outcomes. These are then communicated to the General Conference, through the Executive Board, and the various oversight bodies, i.e. Oversight Advisory Committee, Internal Oversight Service, and Oversight bodies of international standing

Performed annually

Financial Statement Audit Information Systems Audit

17

VS

Performance Audit Investigations

Value add processes are usually performed after inspecting the financial records of an auditee following a directive for the audit to be performed before the usual annual audit. The government may order a special audit conducted on an auditee if there is evidence that its financial affairs are not being run in accordance with proper accounting practices.

Performance Audits – (independent auditing process to evaluate the measures instituted by management

to ensure that resources have been procured economically and are used efficiently and effectively)

Performed when: problems are identified/requested

International Standards of Supreme Audit Institutions (ISSA) 3000 and ISSAI 3001

Investigations assist and support the regulatory audit teams with the identification of fraud risks in the audit environment. 

The investigations team perform the following procedures:1.Assist with fraud risk assessments2.Special forensic engagements3.Fraud research and training, and4.Peer quality assurance support.

Value add processes

Standards & Guidelines: Investigations

Performance AuditsFocus on performance while spending– the three Es •Economy •Efficiency •Effectiveness

AGSA Audits (service types and value add)

Regularity AuditsFocus on finances •Financial statements •Financial management •Compliance with laws and regulations

18

AGSA Audits (service types and value add)Performance Auditing:

Looking at the 3Es

GOAL REACHEDBEST RESOURCE BASED ON NEED

BEST RESULTS USING WHAT WE

HAVE

19

AGSA Audits (service types and value add)

Ask: what do I need, what quality do I need, when do I need it, where do I need it, how much of it do I need and where can I get all my needs met at the lowest price?

Examples of findings: •Needs assessments were not always done•Competitive bidding processes were not always followed•Contracts were open-ended in terms of cost and time

Ask: was the work done with the minimum of effort?

Examples of findings:•Projects were extended because of a lack of project management and monitoring •Payments were made in excess of the amounts approved•The document archiving system was not adequately maintained

Ask: Did we do what we set out to do?

Examples of findings:•Project objectives were not achieved, and deliverables only partially completed•Skills transfer was not always effective•Projects were not analysed to determine whether objectives were met and to determine the benefits received

Performance Auditing:

Looking at the 3Es

20

Investigations

The Investigation Business Unit assists the regularity audit teams as follows:

1.Fraud risk assessments•Assist and support the regularity audit teams with the identification of fraud risks in the audit environment as required by ISA 240.

2. Special forensic engagements•Review amongst others, the following complex audit areas to identify non-compliance with prescripts and risk of fraud and irregularities:

• Supply chain management• Human resource management• Information Technology controls• Submitted financial statements

•Perform investigations in exceptional cases.

3. Fraud research and training•Perform pro-active data analysis on government payment systems, to identify fraud risks.•Provide fraud risk awareness training.

4. Peer quality assurance support• Assist the regularity audit teams with peer reviews on procedures performed to mitigate risks identified during risk assessment process.

Value add processes

AGSA Audits (service types and value add)

21

Audit of Predetermined Objectives

22

Regularity Audit - process

THE ANNUAL AUDIT PROCESS

What do auditors do? Why they do it?

Terms of engagement are communicated & agreed to ensure a clear understanding of responsibilities of the parties, the objectives of the audit, access to information and the reports to be provided.

An understanding of the auditee is obtained for risk assessment purposes & an audit plan is prepared.

A risk assessment is performed to determine the number and type of procedures to perform.

Procedures are performed to obtain evidence that the financial statements & annual performance report do not contain material misstatements and that key legislation has been complied with.

The report is only provided to the management of the auditee and the executive authority at the end of the audit. It details the findings from procedures performed, identifies the root causes of these findings and makes recommendations for improvement.

The report is published in the auditees’s annual report. It informs those responsible for oversight, the public and others of material misstatements in the financial statements, material findings on the usefulness and reliability of the performance report, material non-compliance with key legislation in specific focus areas, and the deficiencies in internal control that were identified during the audit.

Agree terms of engagement

Plan the audit

Perform risk assessment procedures

Design and Perform procedures to address

identified risk

Prepare Management Report

(Not published)

Prepare Audit Report (Published)

23

Key concepts for Predetermined ObjectivesA good performance indicator ito the FMPPI chapter 3.2 should be:

24

Key concepts for predetermined objectives continued

A useful set of criteria for selecting performance targets is the "SMART" criteria ito the FMPPI chapter 3.3;

How to interpret an Audit reportHow to interpret an Audit report

26

Regularity Audit - report

departures from financial reporting framework, or limitation on scope which is not so material and pervasive (unqualified opinion cannot be expressed )

Disclaimerlimitation on scope is so material and pervasive the auditor has NOT been able to obtain sufficient appropriate audit evidence to form an opinion (unable to express opinion)

Adversedisagreement with management regarding departures from the financial reporting framework, is so material and pervasive to AFS (qualification of the report is not adequate to disclose the misleading or incomplete nature of the AFS)

Unqualifiedwith findings

on compliance and PDO

Qualified

27

Regularity Audit - report

Additional Matter paragraph included in audit report: >20% of targets are not achieved

28

Regularity Audit – Best practicesBest practices on how to achieve a good administration?

Matters reported by external and internal auditors should receive timeous management attention, internal controls should address the following key areas:

Leadership•Establish a culture of honesty, ethical business practices and good governance •Exercise oversight responsibility •Ensure effective human resource practices •Implement appropriate policies and procedures •Approve and monitor the implementation of action plans to address internal control deficiencies •Approve an appropriate information technology governance framework

Financial and performance management•Ensure proper record keeping of all transactions •Maintain effective controls over daily and monthly processing and reconciling of transactions •Produce regular, accurate and complete financial and performance (service delivery) reports •Review and monitor compliance with applicable legislation •Design and implement formal controls to mitigate information technology risks

Governance•Ensure that risks are periodically identified, assessed and effectively mitigated •Maintain an adequately resourced and functioning internal audit unit •Maintain an audit committee that performs its legislated duties and promote accountability and service delivery

Briefing process by the AGSA

30

- Reliable, accurate and complete Annual

Reports by entities

- AGSA review of annual reports

critical in ensuring complete, reliable

and accurate reporting

- AGSA briefing of Root causes of audit

outcomes

- Root causes are linked to the Key

Focus Areas

- Analysis and understanding of the Root causes of the audit outcomes by

oversight

- AGSA make recommendations to

oversight in addressing the

deficiencies reported

Reporting by departments and entities

Actual Briefing process

- Oversight committees must

obtain an understanding of the

entity

- The Annual Report of the entity must be studied prior to the

briefing and hearing

Understanding Mandate of entities by Oversight

- Oversight committees issues their findings and

must make recommendations which address the

deficiencies identified by way of

resolutions

- Recommendations must have

milestones and conform to the

“SMART” principles

-Send reports to executives for

implementation.

Recommend-ations by oversight

committees

-Entities must compile an action

plan to address the deficiencies

- Action plans must have deliverable

milestones and also conform to the

“SMART” principles

- Progress on implementation of action plan and

measures to improve the audit outcomes must be reported to

oversight for monitoring.

Action plans by entities

and progress monitoring

EFFECTIVE BRIEFING PROCESS

Briefing process

31

Briefing process

32

Acts applicable

How to interpret an Audit report - Example ReportHow to interpret an Audit report - Example Report

DHA audit outcomes to 2012/13DHA audit outcomes to 2012/13

Audit opinion history

Audit opinions 08-09 09-10 10-11 11-12 12-13

Department of Home Affairs (DHA)          

Qualification areas          

Capital assets X X     X

Revenue X       X

Receivables for departmental revenue X       X

Payables X       X

Leases X        

Revenue management: Contingent Assets       X X

Accruals         X

Contingent liabilities         X

Leave liability         X

Other matters          

Predetermined objectives     X X X

Compliance with laws and regulations X X X X X

Key: AUDIT OPINION

  CLEAN AUDIT OPINION: No findings on PDOs and compliance

  UNQUALIFIED with findings on PDOs and compliance

  QUALIFIED AUDIT OPINION (with/without findings)

  DISCLAIMER/ADVERSE AUDIT OPINION

Thank You