Embed Size (px)
Citation preview
Sage Evolution ERPIMFO Conference Expenditure Management
Presenter: Eddie Sweeney1 October 2013
ICT- The ABC of Clean Audit GovernanceIMFO Audit & Risk Indaba 201520 – 22April 2015: Olive Convention Centre, Durban
2
Speed
Cost
Growth
Skill
Embracing Corporate Discipline
Respecting the Statutes
Deploying Enabling Systems and Business Processes
Empowering People
Governance defined is about leadership mitigating risks through:-
IMFO: ICT- The ABC of Clean Audit Governance
3
Sage Evolution ERPAGSA – 2012/13 MFMA Audit OutcomeStatus of Information Technology Controls
IMFO: ICT- The ABC of Clean Audit Governance
• Slight Improvement from previous audit
• Alarmingly, almost half of municipalities has ineffective IT Controls
4
Sage Evolution ERPAGSA – 2012/13 MFMA Audit OutcomeIT Governance
IMFO: ICT- The ABC of Clean Audit Governance
• Corporate Governance of Information and Communication Technology Policy Framework (CGICTPF) adopted by Cabinet
• King III• ISO 38500• COBIT 5
5
Sage Evolution ERPCGICTPFKING III / ISO 38500 Governance Framework
6 Principles
• Responsibility
• Strategy
• Acquisition
• Performance
• Conformance
• Human behaviour
IMFO: ICT- The ABC of Clean Audit Governance
6
Sage Evolution ERPISACA COBIT 5 -Control Objectives for Information and Related Technology
IMFO: ICT- The ABC of Clean Audit Governance
7
Sage Evolution ERPISACA COBIT 5 -Priority Focus Areas for ICT Audits as defined by AGSA
• EDM01: Governance framework setting and maintenance• APO01: Manage the ICT management framework• APO02: Manage strategy• APO03: Manage enterprise architecture• APO05: Manage portfolio• APO10: Manage Suppliers• APO12: Manage Risk• APO13: Manage security• BAI01: Manage programmes and projects• DSS01: Manage operations• DSS04: Manage continuity• MEA01: Monitor, evaluate and assess performance and conformance
8
Sage Evolution ERPAGSA – 2012/13 MFMA Audit OutcomeSecurity Management
IMFO: ICT- The ABC of Clean Audit Governance
• Firewalls & routers are configured correctly within the network environment
• IT security is managed at the highest organizational level (CIO)
• Strong password controls to authenticate system access, minimum character length, alpha numeric, encrypted, forced change of password
• Patch management processes to prevent exploitation of vulnerabilities• Antivirus software is implemented across the organisation• System configurations need to ensure that security vulnerabilities and
incidents are detected, monitored, reported and resolved on a regular basis• Activities within the system network including databases are tracked, using
audit trails and reviewed on a regular basis by someone independent of administration functions and in a senior position
9
Sage Evolution ERPAGSA – 2012/13 MFMA Audit OutcomeUser Access Management
IMFO: ICT- The ABC of Clean Audit Governance
• Formally documented and approved user account management standards and procedures are in place
• Formal access request for registering users, changing of access rights, password resets and termination of access rights is approved by management
• The number of users with administrator privileges that can perform all functions pertaining to user account management is minimised
• Activities of system administrators are monitored by an independent person, in a senior position
• Periodic reviews of employee access rights and privileges to ensure it is in line with their job responsibilities are performed
10
Sage Evolution ERPAGSA – 2012/13 MFMA Audit OutcomeIT Service Continuity
IMFO: ICT- The ABC of Clean Audit Governance
• The IT continuity and disaster recovery plans have been incorporated into the organisational business continuity plan.
• The IT continuity plan and DRP has been distributed, updated and tested and is also stored at an offsite location
• An IT backup and retention strategy has been implemented• Backup procedures for data and programs exist and are performed
according to above strategy• Backups are stored in a secure offsite storage facility• Physical access and environmental controls over the offsite storage facility
are implemented
11
Sage EvolutionEnabling Systems and Business ProcessesCompliance with the Statutes
• MFMA, PPPFA, MPRA, VAT, PAYE
• Budget Regulations – Multiple Financial Periods (7 minimum)
• Reporting up to GRAP AFS
• SCM – Supplier Rotation, BBBEE, Automated Evaluation and Adjudication, Budget Control, Levels of Approval, Authorised Deviations, Requisition to PO
• Property Valuation Roll (GV & SV)
• Billing - Tariffs for Rates and Services, Statements
12
Sage EvolutionEnabling Systems and Business ProcessesCompliance with the Statutes
• MFMA, PPPFA, MPRA, VAT, PAYE• CRM - Debt Collection and Credit Control, Interest Charging,
Ageing per Service
• VRM - Supplier Database, BBBEE & Tax Clearance, Invoicing and Payments
• Asset Management – Bar Coding, Infrastructure, Depreciation
• VAT – Payments or Invoice Based, VAT201
• Payroll – EMP201, EMP500
• Audit Trails – Transactional as well as System Transactions
13
Sage EvolutionEnabling Systems and Business ProcessesmSCOA
• Design Elements of SCOA
• Segmented GL Account Structure (7 Segments) with Lookups and Filters per Segment
• Short Codes, Full mSCOA Codes and GUID’s
• Business Process Automation
• Uniform Transaction Types
• Multiple Reporting Categories and Levels
• Scheduling and Locking of Published Reports
• Transaction Data Output File as per NT requirements
14
Sage EvolutionSupply Chain Management
Main features of the Sage Evolution Advanced Procurement Module:-• Manages your SCM cycle from requisitions to purchase order and
payment of suppliers• Manages your tender processes• Allows you to rotate preferred suppliers• Categorise suppliers by sector / commodities • Allows you to request, evaluate and approve quotes using workflows• Create preferred suppliers to supply certain requested commodities• Set specific qualifying criteria for supplier • Manually or automatically calculate supplier scores• Import and export functionality for supplier quotes• Compare and evaluate quotes and suppliers according to PPPFA
scorecards
Thank You!
