DEAT Ops plan 2006 - waterbergcollege.co.za … · Web viewInternal audit will proactively partner with its business management on the ... innovation and world-class audit tools

WATERBERG FET COLLEGE

Internal Audit Plan

Strategic 3 year-rolling Internal Audit Plan 2012 – 2014

and

Operational Internal Audit Plan 2012

WATERBERG FET COLLEGETHREE-YEAR STRATEGIC INTERNAL AUDIT PLAN 2012–2014 AND ONE YEAR OPERATIONAL PLAN FOR THE PERIOD ENDING 31 DECEMBER 2012

INDEX

PAGE1 INTRODUCTION.....................................................32 INTERNAL AUDIT MANDATE...........................................33 STRATEGIC APPROACH...............................................33.1 SCOPE OF INTERNAL AUDIT.........................................43.2 REPORTING AND COMMUNICATIONS....................................43.3 METHODOLOGY.....................................................53.4 QUALITY CONTROL.................................................54 UNDERSTANDING WATERBERG FET COLLEGE..............................55 CO-ORDINATION OF INTERNAL AUDIT..................................55.1 INTERNAL AUDIT TEAM.............................................55.2 CONTACT WITH WATERBERG FET COLLEGE..............................65.3 CONTACT WITH THE EXTERNAL AUDITORS..............................66 OBJECTIVES AND RISKS.............................................76.1 CATEGORIES AND RISKS............................................77 OPERATIONAL PLAN.................................................97.1 THREE-YEAR ROLLING INTERNAL AUDIT PLAN.........................107.2 ONE - YEAR AUDIT PLAN FOR THE PERIOD ENDING 31 DECEMBER 2011...12

Page 2 of 16


1 INTRODUCTIONThe objectives of the audit planning process determine what audit activities will be scheduled for the year and to help ensure qualified audit staff is assigned to the highest priority assignments. The principles and procedures discussed in this document have been developed to provide a process for fulfilling these objectives.

The internal audit process provides oversight to obtain reasonable assurance regarding management’s assertions that objectives are achieved for effectiveness and efficiency of operations, reliability of financial information, and compliance with laws and regulations. Internal audit will proactively partner with its business management on the performance of financial, compliance, information technology, operational audits, as well as consulting reviews and special projects, to maximise value added contributions from the process. Value is created with an integrated audit approach using well trained, knowledgeable professionals, total quality principles, teamwork, innovation and world-class audit tools and techniques.

The primary objective of the internal audit function is to provide a comprehensive service to ensure adequate measures and procedures are in place for sound economic, effective and efficient management. Internal Audit will conduct audits to assist management in the effectiveness of the College’s system of internal controls and quality performance.

2 INTERNAL AUDIT MANDATEThe Internal Audit (IA) mandate is recorded in the approved Internal Audit Charter. Internal Audit best practice requires the following:

a rolling three-year strategic internal audit plan based on the assessment of key areas of risk for the College, taking into consideration current operations, future proposed operations, the strategic plan and the risk management strategy;

an annual internal audit plan for the first year of the rolling three-year strategic internal audit plan;

plans indicating the proposed scope of each audit in the annual internal audit plan; and

a quarterly report to the audit committee detailing its performance against the annual internal audit plan, to allow effective monitoring and possible intervention.

Page 3 of 16


3 STRATEGIC APPROACHA risk based strategic approach is adopted which takes into account the results of the risk assessment workshop conducted by PWC(PriceWaterHouseCoopers) for Waterberg FET during 2011 as well as subsequent discussions with management. This approach involves a focus on understanding the work of each focus area and identifying risks associated with that focus area. It further includes a process of linking risk analysis to assigned planning and audit program development.

3.1 Scope of internal auditThe scope of internal audit is to determine whether the College’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

Risks are appropriately identified and managed;

Interaction with the various governance groups occurs as needed;

Significant financial, managerial, and operating information is accurate, reliable and timely;

Employees actions are in compliance with policies, standards, procedures, and applicable laws and regulations;

Resources are acquired economically, used efficiently and adequately protected;

Programmes, plans and objectives are achieved;

Quality and continuous improvement are fostered in the organisation’s control process; and

Significant legislative or regulatory issues impacting the organisation are recognised and addressed appropriately.

Although investigating fraud and other irregularities are not the primary focus of an internal audit approach, internal audit should maintain close liaison with management should any such issues be identified.

3.2 Reporting and communicationsCommunication, orally and through reports, is an essential part of the internal audit process. The INTERNAL AUDIT FUNCTION will also communicate with management through a series of planned formal meetings.

A quarterly/progress report will be submitted to management with a copy going to the Audit Committee. Reports will clearly demonstrate the control and operational concerns arising from the reviews, the potential impact and the practical reasoned recommendations for change. Any critical issues will be reported orally or in writing to management and the Audit Committee immediately upon identification.

Management will be given 7 working days to respond to internal audit findings.

Page 4 of 16


Internal Audit will follow-up corrective action taken on reported weaknesses. Follow-up audits will be carried out to ensure that control weaknesses have been adequately rectified, or that appropriate action is being planned.

3.3 MethodologyThe platform to harvest internal audit staff’s knowledge is the use of a capable methodology that is supported by information technology. The use of such a methodology has the following benefits:

Speeds up planning;

Improves management and audit information;

Keeps track of major issues arising;

Improves liaison between internal audit staff; and

Enables internal audit staff to share information from a common source.

3.4 Quality ControlIt is important to monitor both the extent and the quality of the internal audit service to the College on an ongoing basis.

The quality of the internal audit assignments will be addressed by adhering to the Institute of Internal Auditors’ (IIA) Standards on quality control and the Internal Auditor’s internal audit procedures such as the involvement of the partners and managers in charge of functional areas in the planning and ongoing review of the work of field staff.

4 UNDERSTANDING WATERBERG FET COLLEGEIt is important that internal audit understand the College and it’s functions fully, to ensure that the Internal Audit effort is focussed appropriately.

5 CO-ORDINATION OF INTERNAL AUDITThe co-ordination of internal audit will consist of:

5.1 Internal Audit Team

Name Position

Telephone no

Cellphone no

E – mail

Ntebo Hlungwane

Internal Auditor

015 491 8581/8602

082 500 4834

[email protected]

Page 5 of 16


5.2 Contact with Waterberg FET College

Name Position Telephone No

Contact no.

E - mail

Mr. SP Mailula

Chief Executive Officer

015 491 8581/8602

015 491 8581/8602

[email protected]

Ms. YSM Mathabatha

Audit Committee Chairperson

082 578 5978 [email protected]

The Chief Executive Officer will be responsible for all administrative arrangements of the internal audit for example approval of expenses of the Internal Audit Function. The Chief Executive Officer will approve the budget of the Internal Audit Function and the Chief Executive Officer together with the Audit Committee, the annual operation plan.

It is accepted that the co-operation and availability of Waterberg FET College’s personnel plays a significant role in impacting the effectiveness and efficiency of the Internal Audit Function. Every effort must be made to obtain the complete co-operation of the College’s management. Any excessive delays should be reported to the Chief Executive Officer and the Audit Committee.

5.3 Contact with the external auditorsInternal Audit should liaise closely with the external auditors to avoid unnecessary duplication of audit work. Liaison with the external auditors will include holding regular meetings between the external auditors and the Internal Audit Function to ensure that there is proper co-ordination.

Contact details of the management team:

Name Position E - mail Telephone No

Mr. Barry Bolink Partner [email protected] 015 297 2731

Page 6 of 16


6 OBJECTIVES AND RISKSRisk analysis consists of two crucial elements, identification and the quantification of risks. Identification depends to a large extent on the knowledge of the College and the environment in which it operates.

Quantification depends on a combination of mathematics and judgement. Judgement depends on the knowledge of the assessors and the required objectives. Risk analysis is not a static process. Assessments need to be revised as new information becomes available. The ultimate action will depend on how risk-averse those responsible for the risks are.

6.1 Categories and risksOne of the reasons for the risk assessment exercise, as set out earlier in the document, was to ensure that internal audit work is properly focussed and represents value for money for the College’s and the risks identified are listed below:

RATING RISK NAME DESCRIPTIONINHERENT RISK

(VALUE)

CURRENT RESIDUAL RISK

(VALUE)

DESIRED RESIDUAL RISK

(VALUE)1 Residence

Management Cleaning; Meals; Lack of Physical Security; Provision of health facilities; Residence sites do not belong to the college (Belong to the department of education); Hostel management by students

High-25 High-20 Low-5

2 Availability of facilities and office space

Business centre does not have admin block. Lack of space at central office Inadequate budget to provide office space Occupational safety and health standards not followed. No space to accommodate newly appointed staff Inadequate planning with regard to office space Government not increasing funds for college infrastructure Dependency on state funds.


3 Marketing No engagement with the departments; Lack of public communication strategy

High-25 High-20 Medium -10

4 Supply Chain Non adherence to High-25 High-16 Low-3Page 7 of 16



(VALUE)


(VALUE)


(VALUE)Management policies and

procedures; Fraud; Timeous delivery; Poor Quality of goods by suppliers; Procurement planning and sourcing decision; Emergency procurement services and processes; Poor supplier management; Poor warranties and after sales support; Poor warranty management process; By passing payment processes

5 Revenue collection including other sources of revenue e.g. Hotel school, farm.

Rentals facilities revenue collections; Cash deposited in the bank; Separate bank accounts; Goods and service sales(Farms, training centres and hotels school); Project revenue; Disposals; Physical Cash security; Inadequate use of opportunities to collect own revenue


6 Records Management

Employee Records; Confidentiality of Records; Student Records


7 Extra curricula activities

Lack Recreational Facilities; Lack Induction Function; Lack of library facilities

High-20 High-16 Medium-8

8 Occupational Health and Hygiene

Engineering workshops; Central Office exit and health risk; Fire risks; Centres which do not belong to the college are not maintained to the desired standards of the College; First aid kits; Electricity supply.


9 Business Continuity

Power failure; Water Shortages; Natural Disasters; Services; Threat to human life; Systems Failure

High-20 Medium -13

Medium-8

Page 8 of 16



(VALUE)


(VALUE)


(VALUE)10 Information

System Disaster Recovery

Development and implementation of strategy. Recovery of data.

High-20 Medium -13

Medium-8

7 OPERATIONAL PLANIt is important to demonstrate how the internal audit process integrates with and contributes to the College’s ability to achieve its mission and vision.

Internal audit is a protective, assurance service that should be viewed in the context of:

The challenges facing the College and how these challenges affect its vision and ability to meet the expectations of a diverse group of stakeholders, and

The impact that these challenges have on internal audit, for example the increase in risk.

Page 9 of 16

WATERBERG FET COLLEGETHREE-YEAR STRATEGIC INTERNAL AUDIT PLAN 2012– 2014 AND ONE YEAR OPERATIONAL PLAN FOR THE PERIOD ENDING 31 DECEMBER 2012

7.1 Three-year rolling internal audit plan

Activity Planned hours Comments2012 2013 2014

1

Prepare a 3 year strategic internal audit plan and budget based on identified high impact risks 24 16 16 3 days, from Year 2 onwards, 2 days

2Developing an annual operational internal audit plan and budget 24 16 16 3 days, from Year 2onwards, 2 days

3

Reporting results of reviews to Executive Management and the Audit Committee 160 128 128

One week per quarter, from year 2onwards, 4 days per quarter

4Preparing quarterly activity reports on the internal audit function 160 160 160 One week per quarter

5

Follow-up and reporting of previously raised internal and external audit findings 96 96 96 3 days per quarter

6 Execution of internal audit plan 1000 1850 1410 Refer plan below1464 2306 1906

Execution of Internal Audits Planned Hours Comments2012 2013 2014

1 Designing / updating an internal financial control framework to enable Audit Committee to sign off on internal control environment 200 160 120 Annual

2Residence Management 0 100 100

Annual Internal Audit - rotation of audit emphasis

3Supply Chain Management 150 150 150


4 Revenue Collection (including 100 100 100 Annual Internal Audit - rotation of audit

Page 10 of 16


Execution of Internal Audits Planned Hours Comments2012 2013 2014

student debtors. emphasis5

Records Management 100 40 100Internal Audit in year 1 and 3, follow-up in year 2 (All campuses)

6 Occupational Health and Hygiene 0 100 40

Internal Audit in year 1 and 3, follow-up in year 2 (All campuses)

7Management of Assets 150 150 100


8Business Continuity 0 150 150


9Integrity of IT systems 100 100 100


10 Adherence to required standards in workshops 0 60 60 Compliance Audit

11 Governance 40 40 100 Follow-up in year 1 and 2, Internal audit year 312

Program Content 0 100 0High inherent risks - to be added to year 3 if audit outcome is negative

13Emerging risk 0 100 0

Emerging risks identified from Annual Risk Assessment Process











18 Ad hoc requests 160 100 190 Provision for annual ad hoc assignments1000 1850 1410

Page 11 of 16


7.2 One - year audit plan for the period ending 31 December 2011

Activity2012 hours

1

Prepare a 3 year strategic internal audit plan and budget based on identified high impact

risks 24

2 Developing an annual operational internal audit plan and budget 24

3 Reporting results of reviews to Executive Management and the Audit Committee 160

4 Preparing quarterly activity reports on the internal audit function 160

5 Follow-up and reporting of previously raised internal and external audit findings 96

6 Execution of internal audit plan 1000

1464

Execution of Internal Audits

2012 allocated hours

Anticipated Timing Planned scope of internal audit

1 Designing / updating an internal financial control framework to enable Audit Committee to sign off on internal control

200 The Audit Committee recommended that this audit be co-sourced in the first year to external services as this is a complex Audit.

Referencing Best Practice to design a financial control framework

2 Supply Chain Management

150 May/June21/05/2012(Start)15/06/2012(Report)

Evaluate controls relating to:o Compliance to the Supply Chain Policy;o Authorisation, completeness of information on

the supplier database.Page 12 of 16





o Review controls relating to supplier performance (VAT vetting, evaluation of suppliers).

Review controls relating to :o Approval of payments in terms of delegation of

authority;o Compliance to policy and procedure regarding the

various expenses;o Expenditure control to prevent fruitless &

wasteful expenditure;o Allocation of expenditure to correct ledger

accounts; ando General ledger reconciliations.

Review the effectiveness of procurement committeesReview of the travel and subsistence process, compliance to policy and procedure, proper approval Regular monitoring of Supply Chain Management process

3Revenue Collection (Student debtors)

100 June18/06/2012(Start)6/07/2012(Report)

Evaluate controls relating to:Compliance with finance and student debt policy

Review controls relating to :o Invoices relating to student application formso Registration and tuition feeso Effectiveness of procedure to be followed when on

revenue collection (Revenue collected will be banked on a weekly basis).

o Transfer of funds(Remittances)o Handling of bursary and/or donation Incomeo Interest Receivedo Income generating projectso Debt Collection o Monitoring of controls

Follow up on monthly student account4 Records Management 100 July

09/07/201231/07/2012

Review the adequacy and effectiveness of controls over the Records management, in particular:o Evaluate the adequacy of the Records Management

Page 13 of 16





Policies and Procedures.o Ensure that Policies and Procedures are developed in

line with the National Archives Act and other relevant legislation.

o Ensure compliance with approved Records Management Policies and Procedures and relevant legislation.

o Evaluate the adequacy and effectiveness of controls to ensure that the Registry is a complete hub of all key documents and other records.

o Evaluate the adequacy and effectiveness of the documents / records classification (restricted vs. non restricted) and filing systems (manual and electronic).

o Evaluate the adequacy and effectiveness of controls to access (employees and public) and return documents /records.

Evaluate the adequacy and effectiveness of physical access controls as well as safeguarding of documentation / records against fire and other hazards.

5 Management of Assets

150 August01/08/2012(Start)31/08/2012(Report)

Review the adequacy and effectiveness of controls over Assets Management, in particular:o Evaluate the adequacy of the Asset Management

Policies and Procedures.o Evaluate the adequacy of insurance over the

College’s assetso Review acquisition of asset processeso Review receipts and distribution of assets o Evaluate the maintenance of the fixed Assets

Registero Evaluate transfer of assets processeso Evaluate the writing off of Assets procedures or

processeso Review disposal or selling of assets processeso Review the general processes/procedures on Asset

Page 14 of 16





management6

Integrity of IT systems(Information System Disaster Recovery)

100 September03/09/2012(start)21/09/2012(Report)

Evaluate the adequacy and effectiveness of controls relating to:IT PolicyIT planning processAccess controls to the system

7 Governance(Follow up audit)

40 October01/10/2012(Start)12/10/2012(Report)

Evaluate the adequacy and effectiveness of controls relating to:o College Governance Structures;o Risk Management;o Policies and Procedures;o IT Governance;o Organisational Strategy;o Performance measurement;o Stakeholder interaction; ando Statutory Report.

8 Ad hoc requests 160 NovemberFollow up and ad hoc audits as requested by management.

As agreed upon commencement of assignments.

1000

Page 15 of 16


RECOMMENDED BY:

Chief Executive Officer DateMr. S. P. Mailula

APPROVED BY:

Chairperson of the Audit Committee

Date

PREPARED BY:

Ntebo HlungwaneInternal Auditor

Date

Page 16 of 16

Documents

DEAT Ops plan 2006 - waterbergcollege.co.za … · Web viewInternal audit will proactively partner with its business management on the ... innovation and world-class audit tools