THE ROLE AND IMPORTANCE OF COMPLIANCE OFFICERS PRESENTED BY : CHERYL REDDY AUDIT AND RISK INDABA 2019

Definitions Compliance as defined, is simple, it is making sure you follow the rules. What is not simple is the interpretation and creation of the rules. Compliance can be broken down into two areas namely regulatory compliance and internal compliance. Regulatory compliance ensures that any business or action conducted by the Municipality is within legal parameters and/or that all "reasonable" actions have been taken in order to prevent or reduce incidents of non-compliance. Internal compliance concentrates on internal policies and procedures of the Municipality.

Definitions Compliance is simply defined as the ability to comply with a set of rules or requests. As a CFO, we typically think of this as ensuring the organization has the requisite systems of internal control that adequately manage the risks that the corporation faces in multiple areas (such as legal risk, financial risk, regulation risk, IT risk, data risk, etc). Interesting to note that organizations continue to equate compliance with security with an inappropriate reliance on historical system compliance procedures leading them to mistakenly believe that their company is more secure." Curtis Cain - CFO, Courion Corporation This means we place reliance on outdated internal controls around eg. Electronic fund transfers, not changing internal controls as technology advances.

Roles and Responsibilities Definitions Roles and Responsibilities

Compliance Management Framework

Roles and Responsibilities A compliance Officer/Manager must ensure that the Municipality is conducting its business in full compliance with all laws and regulations that pertain to municipalities, as well as professional standards, accepted business practices, and internal standards. There is both an ethical component and a pragmatic or logical component to compliance - a role that is crucial in helping municipalities manage risk, maintain a positive reputation, and avoid lawsuits.

Roles and Responsibilities… Compliance officers must have an innate and intuitive knowledge of the municipality’s goals and culture, as well as of the greater local government laws and regulations. They are charged not just with keeping the municipality’s business dealings ethically sound and legally pristine, but with educating the entire municipality and instituting practices that will ensure the highest possible level of compliance.  

Main Roles and Responsibilities of a CO Assisting the Risk Officer in assessing compliance risks within the Municipality; Designing a compliance management system; Communicating the effect and the importance of the compliance management system to the Municipality as a whole; Making sure that the Municipality operates according to its own created culture.  A good rule of thumb is to set internal standards higher than the regulatory standards;

Main Roles and Responsibilities of a CO Preparing a compliance quarterly report to management, internal audit, Audit Committee and the Council; and Scanning the legislative environment and identify all relevant pieces of legislation and communicate that through his or her quarterly report.

Roles and Responsibilities to assist the AO Managing the compliance risks and communicating any emerging risks to the Municipal Manager, the Audit Committee and the Council. This will assist the Municipality to maintain a positive reputation. If compliance is handled properly then a good portion and a base for risk mitigation is in place; Keeping abreast with all legislations, standards, policies and the code of conduct; Designing a compliance system within the system of internal control to ensure that any deviations are detected early and corrective measures are instituted immediately;

Roles and Responsibilities to the AO Making sure that the Municipality is conducting its business in full compliance with all laws and regulations pertaining to municipalities, for example, the Municipal Finance Management Act, Municipal Systems Act, Circulars from the National and Provincial Treasury; Setting up compliance programmes, monitoring them for effectiveness and reporting to management. If challenges are met the compliance officer will make recommendations;

Roles and Responsibilities to assist the AO Providing support and educating other managers within the Municipality in order to promote a positive compliance culture; Maintaining a constant flow of information between the Municipality and outside stakeholders like National and Provincial Treasury, SALGA, AG etc; Assisting internal auditors and the Auditor General during the audit to respond to all compliance queries; and Following up on compliance related queries raised by internal auditors and the Auditor General.

AG audit of compliance During the course of the AG audit, the subject matters listed below are subjected to auditing against key legislation: Strategic planning and performance management Annual financial statements, performance and annual reports Procurement and contract management Human resource management Expenditure management Utilisation of conditional grants Revenue management Assets management Liability management Consequence management

AG audit of compliance The key legislation applicable is: Municipal Finance Management Act (MFMA), 2003 (Act No. 56 of 2003) and regulations issued in terms of the act Annual Division of Revenue Act (DoRA) Municipal Structures Act, 1998 (Act No. 117 of 1998) and regulations and instructions issued in terms of the act Municipal Systems Act, 2000 (Act No. 32 of 2000) and regulations and instructions issued in terms of the act Preferential Procurement Policy Framework Act, 2000 (Act No. 5 of 2000) and regulations issued in terms of the act Construction Industry Development Board Act, 2000 (Act No. 38 of 2000) and regulations issued in terms of the act Prevention and Combating of Corrupt Activities Act, 2004 (Act No. 12 of 2004) Value Added Tax Act (89 of 1991)

AG audit of compliance Audit of compliance is performed in accordance with the principles of ISAE 3000. Material findings on compliance matters are included under the heading Compliance with Legislation in the auditor’s report. Where the AG discovers non-compliance or suspected non-compliance, management are required to respond and where response is not adequate but the matter is material is could be reported to the EXCO etc. In exceptional circumstances, the AG may be required to immediately disclose the matter to an appropriate authority where they have become aware of actual or intended conduct that they may have reason to believe would constitute an imminent breach of law or regulation that would cause substantial financial loss or harm to employees or the public.

Reasons for the upgrade of the the Compliance Officer Previously regarded as the tick the box person eg. In banks, they made sure that the forms were completed correctly. The title is now changed to the Chief Compliance Officer giving the position more power, prestige and compensation. It forms part of the “C suite” and reports to the CEO and may be part of Board meetings and having more authority, staff and budgets. The compliance officer performs a risk assessment of the organization, focusing on the areas that are of special interest to compliance that is, potential violations of laws or company standards. In certain organisations it is seen as a part of Risk.

Reasons for the upgrade of the the Compliance Officer Example: The LG audit by the AG reflects that SCM has potentially the largest amount of non compliance, as a municipality one would then perceive this area as having high risk to non compliance. Hence the CRO will focus far greater attention in this area to ensure that non compliance is minimal or non existent. The would be increased controls in this environment to limit the non compliance. In practice there is a trade off between the frequency and severity of violations and the amount expended on compliance. Any attempt to eliminate all violations would be prohibitively costly.

THANK YOU!