Internal Audit



INTRODUCTION

The institute of Internal Auditors defines internal auditing as follows:

‘’……an independent, objective assurance and consulting activity designed to add value and improve organizations, operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and government processes’’

In terms of the Municipal Finance Management Act 56 of 2003 chapter 8 Sec 62©, the accounting officer for the Municipality must ensure that the entity has and maintains, inter alia, effective, efficient and transparent systems of financial accounting, risk management and internal controls.

Ulundi Local Municipality has prepared three – year strategic internal audit plan for Internal Audit Unit to be compliance with the Act.

The Plan incorporates:

  • Annual Internal Audit Plan for the year ending 30 June 2016.
  • Strategic three- year rolling Internal Audit Plan.

The Internal Audit Plan was designed to provide an independent, objective

Assurance and advisory services, in an efficient and effective manner, to

the following key stakeholders:

Audit Committee

  • Accounting Officer
  • Top Management Team and
  • Senior Management.

The overall approach was to formulate a risk -based plan to align the priorities of the Internal Audit Unit with the strategic objectives and goals of the Ulundi Local Municipality and the related strategic and major business risks as identified by Management.

This document sets out the Annual Internal Audit Plan for the year ended 30 June 2016 for consideration and approval by the Audit Committee.

The plan was prepared based on:

  • Results of the risk assessment workshop conducted by ourselves with management with assistance from KZN Treasury on 27 May 2015;
  • The strategic and major risks identified and determined by the priority of ranking based on the Internal Audit three year plan, Internal Audit and Auditor General Report findings of identified audit areas and the expertise and resources available to Internal Audit;
  • The gradual implementation of the “combined assurance” principle whereby the efforts of various assurance providers are effectively coordinated to avoid duplication and inefficiencies;

The Internal Audit Plan for Ulundi Municipality was designed to provide an independent, objective assurance and advisory service, in an efficient and effective manner, to the following key stakeholders:

  • District municipality’s Council through the Audit Committee of the municipality;
  • KwaZulu-Natal Department of Local Government and Traditional Affairs;
  • National Department of Provincial and Local Government;
  • Municipal Manager;
  • Local line management.

The overall approach was to formulate a risk-based Annual Internal Audit Plan to align the priorities of the Internal Audit function with the strategic objectives and goals of Ulundi and the related strategic and major business risks as identified by management , the Auditor General and previous audit reports.

RESTRICTION ON DISTRIBUTION OF THIS DOCUMENT
This document has been prepared for the sole and exclusive use of the Ulundi Local Municipality, the internal audit unit will not be held responsible to any third party who may use or rely upon the contents of this document for purposes other than that for which it was originally intended.

INTERNAL AUDIT – ROLES AND RESPONSIBILITIES
The Internal Audit function evaluates and contributes to the improvement of governance, risk management and controls.

Risk Management.

Internal Audit Unit assists Ulundi Local Municipality in facilitating the risk management process. This includes assisting management in identifying, evaluating and assessing significant strategic and organization risks, and the monitoring thereof.

 

Controls.

The Internal Audit Unit evaluates whether the internal controls upon which

Management relies to mitigate the risks to acceptable levels, are appropriate and functioning as intended and develops recommendation for enhancement or improvements in the control environment.

The Internal Audit Unit is authorized to:

  • Have unrestricted access to all functions, records, property and personnel.
  • Have full uninhibited access to the Audit Committee.
  • Allocate resources, set frequencies, select subjects, determine scopes of work, and apply the techniques required to accomplish audit objectives.
  • Obtain the necessary assistance of personnel directorates of Ulundi Local Municipality where they perform reviews, as well as specified services from within the Municipality.

The Internal Audit Unit is not authorized to:

Perform any operation duties for Ulundi Local Municipality.

  • Direct activities of any municipal employee by the Internal Auditing Unit, except to the extent that such employees have been appropriate assigned to auditing teams or to otherwise assist the internal auditors in carrying out investigations.

The Internal Audit Unit will conduct audits in accordance with the “Code of Ethics’’ and ‘’ Standard for the Professional Practice of Internal Auditing’’ of the Internal Auditors as well as relevant Municipal legislation.

Other Internal Audit Responsibilities / Activities.

  • Additional Internal audit activities include:

Planning and reporting activities of the Internal Audit Unit include amongst others:

  • Preparation of strategic three year internal audit plan.
  • Preparation of a detailed annual internal audit plan.
  • Liaison with top management, external auditors and key stakeholders.
  • Reporting to the Audit Committee.
  • Follow-up on reports issued.

Project Management

Project Management activities of the Internal Audit Unit include amongst others:

  • Organizing and directing audit staff, including monthly internal audit management meetings.
  • Review of working papers and reports.
  • Monitoring activities against plan.
  • Quality assurance reviews.

Management Responsibilities.

Management is responsible for the establishment and maintenance of an effective system of governance, risk management and internal control.

The objectives of the system of the internal control are inter alia, to provide

Management with reasonable, but not absolute, assurance that:

  • Risks are properly managed.
  • Assets are safeguard
  • Financial and operation information is reliable.
  • Operations are effective and efficient.

 

  • Laws, regulations and contracts are complied with.

 

The principal safeguard against fraud, misstatement and irregularities is an effective system of internal control. It must, however, be recognized that there are inherent limitations in any systems of internal control- including human error and circumventions through collusion. The prevention and detection of fraud is therefore Managements responsibility.

Advisory Services
Advisory service activities of the Internal Audit function includes amongst others:

  • Providing assistance and expertise on either newly developed systems or improving current systems;
  • Assisting management with the facilitation of risk assessments and the implementation of a formal system of risk management;
  • Act as a “sounding board” to management for ad-hoc projects.

FRAUD CONSIDERATIONS
The principal safeguard against fraud, misstatement and irregularities is an effective system of internal control. It must, however, be recognised that there are inherent limitations in any system of internal control – including human error and circumventions through collusion. The prevention and detection of fraud is therefore management’s responsibility.

CO-ORDINATION AND CO-OPERATION
It is accepted that the co-operation and availability of the municipality’s personnel plays a significant role in impacting on the effectiveness and efficiency of our service to the municipality. Every effort must be made to obtain the complete co-operation of Departmental Site management.

OUR APPROACH 

1.SCOPE OF INTERNAL AUDIT

The scope of Internal Audit, in line with good Corporate Governance principles and the Ulundi’s Audit Charter, is to determine whether Ulundi’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

  • Risks are appropriately identified and managed;
  • Interaction with the various governance groups occurs as required;
  • Significant financial, managerial, and operating information is accurate, reliable and timely;
  • Employees actions are in compliance with policies, standards, procedures, and applicable laws and regulations;
  • Resources are acquired economically, used efficiently and adequately protected;
  • Programmes, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in the municipality’s control process;
  • Significant legislative or regulatory issues impacting the municipality are recognised and addressed appropriately;

 

  • Proactive steps towards the Skill Development and Human Resource Management including antecedent verification should cover serious Operational Risk emanating from high attrition rate - a common phenomenon in South Africa;
  • Adherence to Municipal Finance Management Act, Municipal Systems Act, Division of Revenue Act, Supply Chain Management Framework etc;
  • Compliance with various policies for example the Supply Chain Management, Human Resource Policy, Debtors Policy, Investment Policy, etc;
  • Corporate Governance such as various Committees is meeting with regularity and agenda. Minutes are properly documented and circulated and follow up action is taken and reviewed in a timely manner.

Although investigating fraud and other irregularities are not the primary focus of an Internal Audit approach, Internal Audit should maintain close liaison with management should any such issues be identified.

2. REPORTING AND COMMUNICATION

  • Communication, orally and through reports, is an essential part of the Internal Audit process. Internal Audit should also communicate with management through a series of planned formal meetings.
  • Progress reports are to be submitted to management on an on-going basis. A quarterly summarised report is to be submitted to management with a copy going to the Audit Committee. Reports are to clearly demonstrate the control and operational concerns arising from the reviews, the potential impact and the practical reasoned recommendations for change. Any critical issues to be reported orally to management and the Audit Committee immediately upon identification. Management to be given 5 days to respond to management reports and have 30 days after the issuance of final reports to see that corrective action on reported weaknesses is either planned or taken.
  • Follow-up audits to be carried out to ensure that control weaknesses have been adequately rectified, or that appropriate action is being planned.

3. COMPLIANCE REVIEWS

We will concentrate on the basic internal control environment (Financial Management review). Internal Audit will concentrate on the operational risks identified during the risk assessment. Management is responsible for mitigating all risks.

The main focus during the review of internal controls will be to evaluate the effectiveness of controls around initiation and approval of transactions prior to final processing and recording.

4. COMMENCING THE AUDIT

Before an audit at a division is commenced, Internal Audit will prepare an Audit Planning Memorandum in consultation with the Head of the division. This will ensure that the division’s expectations are addressed.

5. Period for submission of Required Documents.

The management has taken a decision to set a minimum period for the submission of the requested information from auditee (clients) with a minimum of 1 day and maximum of 3 days after that the request will be escalated to the Municipal Manager a maximum of 7 days is allowed to have the information submitted.

STRATEGIC INTERNAL AUDIT PLAN 2014 TO 2017

The Strategic Internal Audit Plan 2014 to 2017 does not include detailed Information Technology audits.

© 2017 uLundi Municipality. All Rights Reserved. Powered By TTECH