WELCOME Trade and Industry 5TH Parliament Capacity Building Presentation 10 September 2014 WELCOME

REPUTATION PROMISE/MISSION The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence. Note to facilitator Honourable Chairperson and honourable members, we thank you for providing the AGSA with the opportunity to demonstrate to you how our reports can be used to enable oversight, accountability and improved governance in the public sector. As is reflected in our Mission statement – we exist in order to support you in your oversight role. The Annual Reports of national departments and public entities tabled every year are powerful accountability instruments, and the reports of the Auditor-General contained therein is an important departure point when assessing the performance of departments. I must point out that the audit report should never be read in isolation, but be read with the rest of the annual report, especially the chapter on programme performance and of course the financial statements. The story that our report tells the reader is always supplemented by the bigger story being told in the whole of the annual report.

PURPOSE OF PRESENTATION To provide members of parliament with the necessary information/guidance on the role of the AGSA to enable them to effectively execute their oversight function.

CONTENT Audit mandate and process 2. Oversight role Briefing process AGSA mandate & Legislative requirements Regularity audit – process and timelines Types of Audits Audit report structure 2. Oversight role Oversight model AGSA contribution to oversight Combined assurance model Briefing process Tools & Process

AUDIT MANDATE AND PROCESS

AGSA Mandate and Legislative requirements Constitution Chapter 9 Section 188: must audit and report on accounts, financial statements and financial management of government institutions Public Audit Act (No. 25 of 2004) Section 20 – AGSA must prepare audit report containing opinion/ conclusion on: - Financial statements and financial position - Compliance and financial management - Predetermined objectives (performance) Departments/Entities Public Finance Management Act (No. 1 of 1999) Section 38 – General responsibilities of accounting officers Section 40 – Accounting officer’s reporting responsibilities 40(1)(a)&(b): Record keeping responsibilities and preparation of AFS 40(1)(a)&(c): Submission of AFS to AGSA for audit Section 40(2) – AGSA must audit submitted AFS and submit an audit report to accounting officer Section 51 – General responsibilities of accounting authorities Section 55 – Annual report and AFS Treasury Regulations Part 1 –Definitions Part 2 –Management arrangements Part 3 –Planning & budgeting Part 4 –Revenue & Expenditure management Part 5 –Asset & Liability management Part 6 –Frameworks Part 7 –Accounting & Reporting requirements Part 8 –Miscellaneous Part 9 –Public Entities -Guidelines, - Instruction Notes, - Practice Notes issued by National Treasury FMPPI & PSR Framework for managing programme performance information (issued by the National Treasury in May 2007) Chapter 5 & Framework for Strategic Plans and Annual Performance Plans par. 4&6 Public Service Regulations – for Human Resource management requirements Available on Treasury website www.treasury.gov.za/legislation/pfma/circulars Also refer to AG Directive General Notice 263 of 2014 issued 2 April 2014

 What we do in public sector? X What an audit does not do? The regularity audit – what we do and what not  What we do in public sector? X What an audit does not do? Provide assurance that AFS are free from material misstatements Guarantee completeness and accuracy of ALL the information Report on usefulness and reliability of the information in the annual performance report Provide assurance that all applicable laws and regulations has been complied with Report on material non-compliance with relevant key legislation Identification of fraud Identify key internal control deficiencies that should be addressed Provide assurance that service delivery has been achieved

The regularity audit – AGSA products Regularity Audit – Mandatory (Annual) Verify whether there is no omitted information on financial statements Consists of – Financial, Compliance , PDO and Internal control Full application of international auditing standards Regularity audit is supported by: MANDATORY ISA focus on the assessment of the information systems environment, use of Computer Assisted Audit Techniques (CAATs) in audits and data analytics DISCRETIONARY (PAA: Section 20(3)) 1. Evaluate measures to ensure economic procurement of resources and efficient and effective application of the same 2. Effect of policy implementation (not policy evaluation) 3. Reporting is factual and does not include an audit opinion 4. Audit is conducted by performance auditors and may include subject matter experts 5. Focuses on a specific government programme, project or management project DISCRETIONARY An independent process to prevent or detect fraud/ crime in the public sector Specific focus area of financial misconduct maladministration & impropriety DISCRETIONARY Agreed upon procedures, i.e. donor funding certificates Information systems Audit Performance Audits Investigations Special Audits

The regularity audit – process THE ANNUAL AUDIT PROCESS What do auditors do? Why they do it? Risk assessment Agree terms of engagement Terms of engagement are communicated & agreed to ensure a clear understanding of responsibilities of the parties, the objectives of the audit, access to information and the reports to be provided. Plan the audit An understanding of the auditee is obtained for risk assessment purposes & an audit plan is prepared. Perform risk assessment procedures A risk assessment is performed to determine the number and type of procedures to perform. Risk response Design and Perform procedures to address identified risk Procedures are performed to obtain evidence that the financial statements & annual performance report do not contain material misstatements and that key legislation has been complied with. Reporting Prepare Management Report (Not published) The report is only provided to the management of the auditee and the executive authority at the end of the audit. It details the findings from procedures performed, identifies the root causes of these findings and makes recommendations for improvement. Prepare Audit Report (Published) The report is published in the auditees’s annual report. It informs those responsible for oversight, the public and others of material misstatements in the financial statements, material findings on the usefulness and reliability of the performance report, material non-compliance with key legislation in specific focus areas, and the deficiencies in internal control that were identified during the audit.

Performed when: problems are identified/requested AGSA Audits (service types and value add) Value add processes Performance Audit Performance Audits – (independent auditing process to evaluate the measures instituted by management to ensure that resources have been procured economically and are used efficiently and effectively) Focus on performance while spending – the three Es •Economy •Efficiency •Effectiveness + = VALUE FOR MONEY SERVICE DELIVERY Ask: what do I need, what quality do I need, when do I need it, where do I need it, how much of it do I need and where can I get all my needs met at the lowest price? Examples of findings: Needs assessments were not always done, Competitive bidding processes were not always followed, Contracts were open-ended in terms of cost and time Ask: was the work done with the minimum of effort? (Best results with what we have?) Examples of findings: Projects were extended because of a lack of project management and monitoring, Payments were made in excess of the amounts approved, The document archiving system was not adequately maintained Ask: Did we do what we set out to do? (Did we reach our Goal?) Examples of findings: Project objectives were not achieved, and deliverables only partially completed, Skills transfer was not always effective, Projects were not analysed to determine whether objectives were met and to determine the benefits received Performed when: problems are identified/requested International Standards of Supreme Audit Institutions (ISSA) 3000 and ISSAI 3001

Last quarter of current year / First quarter of following year The regularity audit - Timelines of audit cycle 31 March Financial year end for auditees PFMA: Section (1) Definition “Financial year” 31 May Submission of financial statements by auditees PFMA: Section 40(1)(c) 31 July AGSA: Audits complete PFMA: Section 40(2) 30 September Submission of annual reports by auditees to Parliament PFMA: Section 40(1)(d) Last quarter of current year / First quarter of following year General reports (PFMA) published

Audit report structure Report on the financial statements Introduction Accounting officer/authority’s responsibility Auditor-General’s responsibility Opinion Emphasis of matters (notes) Additional matters (notes) Report on other legal and regulatory requirements Predetermined objectives Compliance with laws and regulations ( Treasury regulations, PFMA etc) Internal control Leadership Financial and performance management Governance d) Other reports Investigations Performance audits Agreed up procedures

Financial audit opinions Audit report structure - opinions Financial audit opinions four (4) Financial audit opinions financial statements give a true and fair view (or are presented fairly, in all material respects) in accordance with the applicable financial reporting framework. Unqualified with findings on compliance and PDO Qualified departures from financial reporting framework, or limitation on scope which is not so material and pervasive (unqualified opinion cannot be expressed ) Disclaimer the auditor has NOT been able to obtain sufficient appropriate audit evidence to form an opinion (unable to express opinion) Adverse The auditor disagrees with the representation made by management in the financial statements to the extent of confirming that it’s not fair reflection of the financial position, performance and cash flow. (qualification of the report is not adequate to disclose the misleading or incomplete nature of the AFS)

Audit report structure - Audit of predetermined objectives Definition: Annual audit of reported actual performance against predetermined objectives, indicators and targets as contained in the annual performance report of municipalities and their entities. Audit consists of the following Main Criteria: Compliance with regulatory requirements Existence Timeliness Usefulness Presentation Measurability Relevance Consistency Reliability Validity Accuracy Completeness

AoPO Performance Audit Audit report structure - Audit of predetermined objectives Audit of Predetermined Objectives (AoPO) vs. Performance audit AoPO Mandatory audit (section 20(2)(c) of the PAA) Includes compliance with laws and regulations Reflects an opinion or conclusion on performance information Reporting is done annually as part of the regularity audit process Done as part of the regularity audit process and by the regularity auditor Reviews and confirms the validity and completeness of information Reporting at entity level and tabled in the relevant legislature Annual assurance on the credibility of an auditee’s reporting of their performance Performance Audit Discretionary audit (section 20(3) of the PAA) Includes compliance with laws and regulations Reporting is factual and does not include an audit opinion Report is not limited to annual information and can cover more than one financial year Done by performance auditors and may include subject matter experts Evaluates the 3 E’s at organisational, programme or project level Factual report : whether goods & services acquired economically, applied efficiently and managed effectively towards achieving the desired goals

Good Administration / Clean audit Audit report structure - Good Administration / Clean audit Financially Unqualified AFS (free from material misstatement) No material findings on Compliance with laws and regulations No material findings on the Performance Report (Predetermined Objectives) Good Administration / Clean audit ER: This slide and the next one speaks to the same message – can we delete one of them?

Best practices on how to achieve a good administration? Good Administration / Best Practices – Key controls Best practices on how to achieve a good administration? Matters reported by external and internal auditors should receive timeous management attention, internal controls should address the following key areas: Leadership Establish a culture of honesty, ethical business practices and good governance Exercise oversight responsibility Ensure effective human resource practices Implement appropriate policies and procedures Approve and monitor the implementation of action plans to address internal control deficiencies Approve an appropriate information technology governance framework Financial and performance management Ensure proper record keeping of all transactions Maintain effective controls over daily and monthly processing and reconciling of transactions Produce regular, accurate and complete financial and performance (service delivery) reports Review and monitor compliance with applicable legislation Design and implement formal controls to mitigate information technology risks Governance Ensure that risks are periodically identified, assessed and effectively mitigated Maintain an adequately resourced and functioning internal audit unit Maintain an audit committee that performs its legislated duties and promote accountability and service delivery

Visibility of the AGSA beyond the mandate The AGSA provides the oversight committees in parliament and all legislatures with briefings on root causes and recommendations on corrective measures to improve audit outcomes before the entity hearings. The AGSA consults widely with the stakeholders in the executive and legislatures prior to tabling the General Reports that consolidate the audit outcomes of National, provincial and municipalities The General Reports are tabled in Parliament & Legislatures

THE ROLE OF OVERSIGHT

Oversight model OVERSIGHT: Parliament, provincial legislature or municipal council Identify desired impacts Assess and Specify adjust performance indicators Monitor Set targets and take and allocate corrective action resources Policy development 1. Strategic Planning INSTITUTION National department Provincial department Municipality Public entity Municipal entity 2. Operational planning and budgeting 4. End-year reporting 3. Implementation and in-year reporting

Key considerations per oversight model step 1. STRATEGIC PLANNING a. Is the strategic plan in line with legislative requirements? b. Ensure that the strategic plan and strategic initiatives are aligned with government priorities, national plan of action and Medium Term Expenditure Framework (MTEF). c. Enquire about / identify: - challenges in meetings the strategic objectives - initiatives to address them d. Evaluate how success will be measured. 2. BUDGETING/ REVIEW CONSIDERATIONS a. Understand the mandate of the entity, determine if there is adequate budget and human resources to deliver on the mandate? b. National Development plan & SONA initiatives. c. Clear link between budget and Annual Performance Plan. d. Adequate funding to execute the strategy. e. Analyse prior year expenditure (Trends analysis, significant increases, history of underspending & reasons). Analyse prior performance against actual expenditure to (what extend budget was used to achieve performance). f. Assessment of breakdown of budget (how much for administration (excessive travel etc) and how much for actual implementation). Ensure value for money EEE. g. Impact of financial management matters such as accruals, litigations and FW expenditure. 4. REPORTING a. Keeping management accountable and determining whether there is: - compliance with reporting responsibilities as set out in the PFMA; - compliance with the Appropriations Act; and - effective and efficient utilisation of resources. b. Review annual report of the department/ entity including audit report. Consider both financial and non-financial info. 3. IMPLEMENTATION/ MONITORING a. Is departmental spending on the right rack and in line with the strategic plan priorities? b. Does management evaluate monthly and quarterly reports? c. Do action plans exist to address audit findings and improve financial management and accountability? d. are there designed, implemented and maintained internal controls (financial and non-financial info) e. Are procedures in place to prevent, detect and identify fraud? f. Are there adequate governance arrangements in place and are they effective (internal audit and audit committee) Notes Contrary to popular belief, influencing the audit opinion does not begin at the Reporting stage but rather right after Policy Development.

AGSA contribution to oversight Provide briefings to committees: On audit reports before the portfolio committee compiles their BRRR (read with the annual report) Update on progress of current year audits. Sharing of audit risks & status of key controls Before the APPs is reviewed by the portfolio committee to discuss the findings identified from the pro-active audit of the PDOs of the department Attend and provide clarity during public hearings Road shows after tabling of the general report (PFMA & MFMA) Regular follow-up on the progress of implementation of resolutions Interactions with the chairpersons (possible quarterly) Assist in building capacity of members via APAC.

Oversight – Key timelines Figure below illustrates the oversight cycle on an annual basis: The oversight cycle requires Parliament to take a long-term view of oversight in order to ensure effective oversight of sustainable delivery. The parliamentary oversight cycle provides a means through which Parliament can monitor government delivery in terms of long-term commitments, rather than focusing exclusively on annual commitments, annual planning and performance assessments. The cycle thus provides for continuity in Parliament’s oversight activities from year to year. Month Process Jan Feb March April May June July Aug Sept Oct Nov Dec Parliamentary Questions (throughout year) - Study Tours & Site Visits   Civil Society submissions Strategic Plans  X X Departmental Briefings (incl. Quarterly reporting) X  State of the Nation Address (SONA) Ministerial speeches • media briefing • budget speeches Ministerial statements (tracking of commitments made; throughout year) -  Medium Term Budget Policy Statement (MTBPS - Adjustments budget) Legislation /Policy Assessment of Impact of Legislation (throughout year)  - Annual Reports / BRRR

Combined assurance model Senior management Accounting officers/ authority Executive Required assurance levels Extensive Management’s assurance role Senior management – take immediate action to address specific recommendations and adhere to financial management and internal control systems Accounting officers/ authority – hold officials accountable on implementation of internal controls and report progress quarterly and annually Executive authority – monitor the progress of performance and enforce accountability and consequences Management assurance First level of assurance Oversight assurance Second level of assurance Coordinating / Monitoring institutions Internal audit Audit committee Extensive Required assurance levels Oversight’s assurance role National Treasury/ DPSA – monitor compliance with laws and regulations and enforce appropriate action Internal audit – follow up on management’s actions to address specific recommendations and conduct own audits on the key focus areas in the internal control environment and report on quarterly progress Audit committee – monitor risks and the implementation of commitments on corrective action made by management as well as quarterly progress on the action plans Independent assurance Third level of assurance Oversight (portfolio committees / councils) Public accounts committee Extensive Required assurance levels Role of independent assurance Oversight (portfolio committees) – review and monitor quarterly progress on the implementation of action plans to address deficiencies Public accounts committee – exercise specific oversight on a regular basis on any report which it may deem necessary

BRIEFING PROCESS

Briefing process - tools State of the Nation Address/ Budget speeches Estimates of National Expenditure Accounting officer and audit committee ’s Reports AGSA Briefing Notes Annual Report including Audit Report & Performance Report TOOLS

Briefing process EFFECTIVE BRIEFING PROCESS Reliable, accurate and complete Annual Reports by entities AGSA review of annual reports critical in ensuring complete, reliable and accurate reporting Reporting by departments and entities - Oversight committees must obtain an understanding of the entity - The Annual Report of the entity must be studied prior to the briefing and hearing Understanding Mandate of entities by Oversight - AGSA briefing of Root causes of audit outcomes - Root causes are linked to the Key Focus Areas Analysis and understanding of the Root causes of the audit outcomes by oversight AGSA make recommendations to oversight in addressing the deficiencies reported Actual Briefing process Oversight committees issues their findings and must make recommendations which address the deficiencies identified by way of resolutions Recommendations must have milestones and conform to the “SMART” principles Send reports to executives for implementation. Recommend-actions by oversight committees Entities must compile an action plan to address the deficiencies Action plans must have deliverable milestones and also conform to the “SMART” principles Progress on implementation of action plan and measures to improve the audit outcomes must be reported to oversight for monitoring. Action plans by entities and progress monitoring EFFECTIVE BRIEFING PROCESS

Acts applicable Summary: Laws and regulations applicable on National and Local Government PFMA Public Finance Management Act (No. 1 of 1999) FMPPI Framework for managing programme performance information (issued by the National Treasury in May 2007) PFMA Circulars PFMA Treasury Regulations Instruction notes MFMA Municipal Finance Management Act (No. 56 of 2003) MFMA Circulars MFMA Treasury Regulations Municipal Systems Act (MSA)

THANK YOU