2
Reputation promise/mission
The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.
55
SUPPLY CHAIN MANAGMENTOur approach:
– To determine whether legislative requirements for fair, equitable, cost-effective, transparent and competitive procurement have been adhered to.
– The subsequent management of contracts and whether payments are made only for goods and services received.
– To identify and report possible fraud indicators to those charged with governance. The approach addresses expenditure and the disclosure of irregular, fruitless and wasteful expenditure
66
The objectives of the approach:
– To ensure that significant risk due to fraud in procurement processes is appropriately and consistently responded to;
– To ensure correct and consistent compliance testing and identification of irregular expenditure;
– To ensure correct and consistent reporting of weaknesses;
SUPPLY CHAIN MANAGMENT
77
SUPPLY CHAIN MANAGMENT
Risk – Significant
– Such risk will translate into a significant risk that affects the:– completeness assertion for the
disclosures of irregular, fruitless and wasteful expenditure
– The occurrence and compliance assertions for the expenditure classes of transactions affected by the types of procurement and transactions that give rise to such risk
88
SUPPLY CHAIN MANAGMENTSelecting our sample (including but not limited) to:
– All awards from follow-ups / previous audits– All awards from employees having interest– All awards to possible fictitious suppliers– All awards to companies that are liquidated /
deregistered– All awards that were registered within the past 12
months– All transactions not procured through a competitive
bidding process (> R500k) or not through inviting 3 quotations (< R500k)
– At least 2 suppliers with the highest number of contracts
– At least 2 contracts awarded for construction projects that are significantly behind schedule
1010
PRE-DETERMINED OBJECTIVESOur approach:
– 2010/11 – Opportunity to get ready for Predetermined objective opinions
– Understanding and testing of the internal policies, procedures and controls related to the management of performance information.
– Understanding and testing of systems and controls relevant to collecting, monitoring and reporting performance information.
1111
Audit criteria
Main criteria Sub-criteria
1. Compliance with reporting requirements
Existence
Timeliness
Presentation
2. Usefulness Measurability
Relevance
Consistency
3. Reliability Validity
Accuracy
Completeness
1212
RISKS FOR PRE-DETERMINED OBJECTIVES• Lack of effective, efficient and transparent systems and
internal controls regarding performance management (applicable at an overall performance management level)– Reliability of reported performance information– Not all supporting source information provided to validate
the completeness of the reported target– Completeness of reported targets could not be verified– Reported indicator not reliable, as no supporting source
information was provided– Inadequate performance management systems
• Management at station and unit levels responsible for visible policing and investigating organised crime, does not exercise oversight responsibility over reporting of predetermined objectives to ensure that entries have occurred, are authorised and all entries have been captured.
1313
• Audit and confirm:
- Existence of performance information - Consistency of performance information between:
• Strategic/annual performance plan, quarterly reports and annual performance report
- Presentation in annual report - Reliability of reported performance information - The performance management systems • Audit and compare reported performance information to
relevant source documentation and conduct procedures to ensure validity, accuracy and completeness of reported performance information.
FOCUS AREAS OF PREDETERMINED OBJECTIVES
1414
FOCUS AREAS OF PREDETERMINED OBJECTIVES• All indicators on programs:
- Program 2 - Visible Policing
- Program 3 - Detective Services
- Program 4 - Crime Intelligence
- Program 5 - Protection and Security Services
• National Intervention Unit (PTA)• Public Order Policing Service (Welkom)• Forensic Science Laboratory (PTA)• Criminal Record Centre (JHB)• Crime Intelligence (KZN)• Ports of entry (JHB, KZN and FS) • 24 Police station that’s been selected for the region audits
1515
PURPOSE OF IT AUDITING
To assist our financial auditors by reviewing the adequacy of
controls implemented by management over the financial and
performance information systems
1616
RISKS IN THE IT ENVIRONMENT
The following risks were identified:
• Lack of information technology (IT) governance framework and controls, which provides for the structures, policies and processes through which departments ensure that IT supports the organisation’s strategies
• Lack of department business continuity that will ensure that IT disaster recovery process is aligned to business requirements
• Lack of user access controls on the database and application systems, through which the department will ensure that only valid and authorised users are allowed access the systems and that user access is adequately separated when transactions are initiated, captured and approved (CAS and OPAM)
1717
RISKS IN THE IT ENVIRONMENT
• Lack of change management controls that will ensure that changes to the existing information system environment are coordinated, scheduled, authorised and tested prior to implementation (CAS and OPAM)
• Inadequate management information system that will assist in confirming that only authorised people are allowed access to Numerus data centre (where department critical systems are hosted)
1818
FOCUS AREAS FOR IT AUDITING
The following management processes will be audited:
• IT governance • Business continuity and disaster recovery • Security and user access management • Change management • Physical and environmental
Top Related