Page 1

APAC ANNUAL TRAINING 2011

“Integration of specialist skills into AGSA regularity audits for greater oversight impact”

2- 3 Aug 2011

Presenter: Ms C Mampuru and Ms Jabulile Nkosi

Reputation Promise

The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.

2

3

PRESENTATION OUTLINE

Mandate of the Auditor General of South Africa

Strategic Objectives of the AGSA

Introducing Specialist skills in Regularity Audits

– Why integration– Value and benefits of integration– Investigation inputs– ISA inputs– How to detect red flags within departmental and entity

processes

The AGSA’s key strategic thrust is to respond effectively to the need to influence the achievement of clean audit opinions.

“Good governance is essentially about effective leadership… Leaders need to define strategy, provide directions and establish the ethics and values that would influence and guide practices and behaviour with regard to sustainability performance”. Source - King III

“Clean administration” therefore is about the effectiveness of leadership in ensuring public resources are managed efficiently, for the purpose intended, in compliance with prescripts, therefore a pre-requisite for effective service delivery.

THE STRATEGIC FOCUS OF THE AGSA

• This presentation focuses on the collaboration of the various units within the AGSA, namely:

– To strengthen governance and oversight within Public Entities. – To highlight the preventative measures that can put in place to avoid

the factors that undermine service delivery. – Deals with what oversight structures can do in order to deal decisively

with the factors that undermine service delivery.

5

THE STRATEGIC FOCUS OF THE AGSA

• Procurement – supply chain management

• Human resources – governance and capacity

• Performance information and performance reporting

• IT management

6

KEY AUDIT FOCAL POINTS FOR THE ORGANISATION

• Deploy specialised skills to simplify complex areas

• Focus on systemic and transversal areas

• Integrate into regularity audit through sharing of insights and assisting with

the development of audit approaches and guidance

• Promote knowledge sharing through institutional co-operation activities

• Demonstrating the value and benefits of SAIs

7

SPECIALISED SERVICES PORTFOLIO STRATEGIC POSITIONING

INTRODUCTION OF SPECIALIST DURING REGULARITY AUDITS

• Why Integration

– Integration ensures that there is no unnecessary duplication of effort.

– Strengthens the assessment of risks of material misstatement of the financial statements due to fraud.

– Empowers RA to identify potential high risk areas of fraud and irregularities, and ensures that those that are charged with governance and oversight, can to take timeous action (quarterly key control).

– Investigations pro-actively test compliance with key legislative requirements and advises those that are charged with governance and oversight.

8

INTRODUCTION OF SPECIALIST DURING REGULARITY AUDITS

Value and benefits of integration

• This approach allows for broader coverage of institutions.• Minimises the impact of losses arising from misappropriation, fraud,

theft and corruption.• Evaluation of the measures instituted by management to ensure that

resources have been procured economically and are used efficiently and effectively towards achieving the desired outcomes.

9

Regularity Audit BUs uses the red flags indentified by the investigations BU to strengthen their audit procedures to detect fraud and error in the financial statements of the organs of state, thereby contributing in the achievement of clean audit opinions.

Regularity Audit BU’s will also monitor the Auditees to ensure that the necessary measures and steps to ensure effective accounting and internal control systems, and ensure proper risk management are implemented.

INVESTIGATIONS

INVESTIGATIONS

Regularity also monitors the development/implementation of policies & guidelines to strengthen governance, & ensure compliance with the law.

Investigations BU conducts on-going data analytics of the Public Entities payment systems, using CAATS, to identify possible red flags, and to conduct verification of the identified red flags.

11

INFORMATION SYSTEMS AUDITING

• Provides quality information systems (IS) audit support to the regulatory auditing business units(ABUs) and specialised auditing business units as part of the AGSA’s integrated audit approach.

• Evaluates the controls within an organisation’s information technology (IT) infrastructure and information systems (IS), its IS practices and operations, the safeguarding of its IT assets, the maintenance of data integrity and the design and operating effectiveness of key IT controls

• ISA input empowers ABUs to identify potential high risk areas in the internal control of information systems and assists ABUs to efficiently and effectively discharge their responsibilities in the IS environment responsible for generating financial information.

INFORMATION SYSTEMS AUDITING

• Enhances auditing capacity by building decentralised specialist capacity in provinces to finalise audits timeously and respond to government’s increased use of information systems

• Outcomes of information systems audit are incorporated into the general and sector reports

• IT governance

IT governance consists of the leadership and organisational structures and processes that ensure that the organisation’s information technology sustains and extends the organisation’s strategies and objectives.

• Security management

Security management ensures that security measures are in place to prevent unauthorised access to networks and operating systems that grant access to the application systems.

INFORMATION SYSTEMS AUDIT FOCUS AREAS

• User access controls

User access control is the systematic process of managing the access of users to the application systems.

• Program change management

Program change management ensures that any proposed changes to the existing information system environment are coordinated, scheduled, authorised and tested to prevent unnecessary disruptions, erroneous changes and unauthorised and inappropriate access.

INFORMATION SYSTEMS AUDIT FOCUS AREAS

• IT service continuity Information technology service continuity is the process of

managing the availability of hardware, system software, application software and data to enable an organisation to recover/establish information system services in the event of a disaster.

• Facilities and environmental controls Facilities and environmental controls over information systems

ensure the security, integrity, condition, performance and accessibility of the systems and the system information.

INFORMATION SYSTEMS AUDIT FOCUS AREAS

• Data Centre

Data centre management relates to the management of scheduled processing, protecting sensitive output, monitoring infrastructure performance and ensuring preventive maintenance of hardware.

INFORMATION SYSTEMS AUDIT FOCUS AREAS

• The relevant Provincial Legislature or Parliament uses the identified risks as technical information to facilitate public accountability.

• The Legislature should focus on the corrective steps that the Auditee has taken to rectify the situation, since the issues were highlighted by the AGSA.

• Auditees should be required to provide proof of implementation plans in order to keep the Accounting Officers accountable.

• The Legislature should require of the Auditees to provide regular (quarterly) updates and progress reports on the implementation of corrective measures.

THE USE OF SPECIALISED SERVICES REPORTS-PARLIAMENTARY COMMITEES