Transcript No Slide Title

The importance of Internal Audit imprint for local
government
IMFO CONFERENCE – 02-04 OCTOBER 2006
02 September 2006
Shirley Machaba-Partner: PwC Advisory Services-southern Africa
PwC
2
Discussion Points
•Introduction
•Responsibilities of an effective Internal Audit function
– In terms of section 165 of the MFMA
• Internal Audit
• Internal Control
• Accounting procedures and practices
• Risk and risk management
• Performance management
• Compliance with legislation
•Conclusion
3
News Headlines: 2004-2006
•Problem municipalities to be bailed out
•Municipal corruption targeted by Treasury
•Councils owed billions
•Catholic church slams corrupt municipalities
•Council tender protests mount
•Voter demand for accountability and performance
•Out of 284 municipalities 56% fails to submit AFS
•Metro police chief axed after corruption case
4
Setting the scene
Cost of Governance failures
What did shareholders/stakeholders see?
• Loss of credibility
•Greed
• Loss of business partners
•Override of controls
• Weak or non existent controls
•Dysfuntional reward systems
• Individual pressure to perform (PMS)
•Accounting lost it’s concept
• Loss of customers
•Failures after receiving assurances
• Huge losses
•Risk management processes not effective
• Frauds
What do stakeholders/shareholders want to
• Loss of careers
see
•Trust
– Corporate culture
– Ethics ( values and intergrity )
– Effective accounting models
– Controls
– Effective assurance funtions and ERM
frameworks
5
Definition: Internal Audit
“Internal auditing is an
independent, objective assurance
and consulting activity to add value
and improve an organisation’s
operations. It helps an organisation
accomplish its objectives by
bringing a systematic, disciplined
approach to evaluate and improve
the effectiveness of risk
management, control and
governance processes.”
IIA Standards
6
Responsibilities of an effective Internal Audit function in
terms of MFMA
•Prepare a risk-based audit plan and an internal audit program for each
FY
•Advice the accounting officer and report to the audit committee on the
implementation of the plan and the following matters:
– Internal Audit;
– Internal Controls;
– Accounting procedures and practices;
– Risk and risk management;
– Performance management;
– Loss control;
– Compliance with all applicable legislation
7
Responsibilities - Risk Based Internal Audit Plans
•Internal Audit
– Internal control
• Strategy and Policy processes-IDP
• Core processes-Revenue, Budgeting,
Procurement,Service delivery
• Other processes-HR, IT, Finance, Asset
management, etc
– Performance management system
– Compliance with legislative requirements
•Risk Management
– Risk management
– Loss control
•Corporate Governance
– Fairness,Accountability,Responsibility,Transparency,Discipline etc.
8
Responsibilities: Internal Audit
“Internal audit is an independent,
•Does the organisation have an effective
objective assurance and consulting
internal audit function?
activity to add value and improve a
•Internal Audit Charter
company’s operations. It helps an
•Definition
organisation accomplish its
objectives by bringing a
of
function
•Reporting to CEO/AO
•Ready and regular access to
evaluate and improve the
– Chairperson of Board
control and governance
the
organisation consistent with that of IIA.
systematic, disciplined approach to
effectiveness of risk management,
within
– Chairperson of Audit Committee
•Report at each Audit Committee
processes.”
•Audit Committee role in hiring and
IIA Standards
dismissal of Head of Internal Audit
•Independence and objectivity
•Is assurance and value offered?
9
Responsibilities: Internal Audit
“Internal audit is an independent,
•Vetting of information supplied to the Board
objective assurance and consulting
•Risk-based internal audit planning
activity to add value and improve a
•Co-ordination with external audit and other
company’s operations. It helps an
organisation accomplish its
objectives by bringing a
systematic, disciplined approach to
evaluate and improve the
effectiveness of risk management,
control and governance
processes.”
assurance functions
•Respect and co-operation of Board and
management
•Educate audit committee and board
•Participate in audit committees
•Audit corporate governance processes
•Assess management ‘s ERM compliance
efforts
•Assist in self assessments (management,
IIA Standards
board and its committees)
10
Responsibilities: Internal Controls-COSO control model
elements
11
Responsibilities: Accounting Procedures and Practices
•Accounting Standards Board:Accounting Framework for Municipalities
and Municipal Entities: New GAMAP + GRAP 1-3
•GRAP 1: Presentation of AFS
– Whether resources obtained & used ito legally adopted budget
– Comparison between budget and actual
– Additional commentary on application of going concern & materiality
– Guidance on balances in reserves & trust fund accounts
•GRAP 2: Cash Flow Statements
– Only direct method of cash flows
•GRAP 3: Accounting Policies, Changes in Accounting Estimates and
Errors
12
Responsibilities: Risk Management
“The Accounting Officer/board is
Does the organisation have an effective
responsible for the total process of
system for the identification, evaluation,
risk management, as well as for
monitoring and measurement of all risks
forming its own opinion on the
impacting
effectiveness of the process.
its
ability
to
achieve
its
objectives?
Management is accountable to the
board for designing, implementing
Does the organisation comply with all legal
and monitoring the process of risk
and regulatory requirements to which it is
management and integrating it into
subject?
the day-to-day activities of the
company.”
King Code 2002
13
Responsibilities: Risk Management
“The accounting officer/board is
responsible for the total process of
risk management, as well as for
forming its own opinion on the
effectiveness of the process.
Management is accountable to the
•Board to set risk strategy and policy
•Board to establish appetite for risk
•Confidential
reporting
process
“whistle-
blowing” for fraud and similar risks
•Continuous
business
risk
assessment
(formally, once a year)
board for designing, implementing
•Financial and non-financial risks
and monitoring the process of risk
•Comprehensive system of internal control
management and integrating it into
•Contribution to robust business operations
the day-to-day activities of the
company.”
King Code 2002
•Importance of management reporting
•Risk statement in annual report
•Use of Risk Committee
14
Responsibilities: Risk Management – The Risk
Management Cycle
INFORM
AND
REPORT
IDENTIFY
AND
PRIORITISE
ORGANISATIONAL
RISK FACTORS
REVIEW
AND
MONITOR
MEASURE
AND
MANAGE
15
Responsibilities: Risk Management - The benefits of
implementing the EWRMF
Viewing risk as an opportunity, rather than as a threat;
Leveraging competitive advantage by focusing on the key
success factors;
Improving the management of operations;
Enhancing stakeholder value by reducing the adverse impact of
covering downside risk and maximising upside potential;
Taking account of the full extent of the organisation’s activities.
16
Performance management-Municipal Systems Act & LGM
Planning & Performance Management Regulation
•Phase 1 – Integrated Development
Plan
8
–
Performance
Measurement & Reporting
•Phase 2 – Performance management
system
•Phase
•Phase
•Phase 9 – Revision of Strategies &
Objectives
3
–
Key
Performance
Indicators
•Phase 4 – Performance Targets
•Phase 5 – Actual Service Delivery
•Phase 6 – Internal Monitoring
•Phase 7 – Internal Control
17
Responsibilities: Loss Control
•Link with risk assessment
•Risk management policy to tie up
•Anti Corruption and Fraud Prevention Strategy
•Business Continuity Plan
•Inspectorate/investigators
•Other assurance providers
18
Responsibilities: Compliance with Legislation
•Municipal Finance Management Act
•Structures Act
•Systems Act
•Division of Revenue Act
•Occupational Health and Safety Act
•Other e.g Labour Relations Act, Skills Development Levy Act etc
19
Conclusion
•Inadequate Internal Audit capacity
•Increased pressure on service delivery
•Increased focus on local government
•Growing impatience and intolerance of non-delivery
•Effective Internal Audit function will be key
•Unlimited opportunities for competent internal auditors
•Opportunity to turn negative perceptions to positive realities
pwc
PwC