Need to know

What is our audit and reporting process?

We audit every department and some of the public entities in the country (also called auditees) to report on the quality of their financial statements and performance reports as well as on their compliance with key legislation.

We further assess the root cause of any error or non-compliance, based on the internal control that has failed to prevent or detect it. We report in the following three types of reports:

  • We report our findings, the root causes of such findings and our recommendations in management reports to the senior management and accounting officers or authorities of auditees, which are also shared with the ministers, members of the executive councils and audit committees.
  • Our opinion on the financial statements, material findings on the performance reports and compliance with key legislation, as well as significant deficiencies in internal control, are included in an audit report, which is published with the auditee’s annual report and dealt with by the public accounts committees and portfolio committees, as applicable.
  • Annually, we report on the audit outcomes of all auditees in a consolidated report (referred to as a general report), in which we also analyse the root causes that need to be addressed to improve audit outcomes. Before the general report is published, we share the outcomes and root causes with the national and provincial leadership, Parliament and the legislatures, as well as key role players in national and provincial government.

Over the past few years, we have intensified our efforts to assist in improving audit outcomes by identifying the key controls that should be in place at auditees, regularly assessing these, and sharing the results of the assessment with ministers, accounting officers and authorities, as well as audit committees.

During the audit process, we work closely with accounting officers or authorities, senior management, audit committees and internal audit units, as they are key role players in providing assurance on the credibility of the auditees’ financial statements and performance reports as well as on their compliance with legislation.

We also continue to strengthen our relationship with the coordinating and monitoring departments (such as the treasuries, premier’s offices and the Department of Planning, Monitoring and Evaluation) as well as Parliament and provincial legislatures, as we are convinced that their involvement and oversight have played – and will continue to play – a crucial role in the performance at departments and public entities.

We have further increased our efforts by using the status of records review to engage with accounting officers and authorities. Such a review is an assessment of records, risks and progress made by the auditee to address prior year issues early in the financial year.

 

BACK TO TOP

Categories of audit outcomes

The overall audit outcomes fall into five categories:

Auditees that receive a financially unqualified opinion with no findings are those that are able to:

  • produce financial statements free of material misstatements (material misstatements mean errors or omissions that are so significant that they affect the credibility and reliability of the financial statements)
  • measure and report on their performance in line with the predetermined objectives in their annual performance plan, and in a manner that is useful and reliable
  • comply with key legislation.

This audit outcome is also commonly referred to as a clean audit.

  1. Auditees that receive a financially unqualified opinion with findings are those that are able to produce financial statements without material misstatements, but are struggling to:
  • align their performance reports to the predetermined objectives to which they have committed in their annual performance plans
  • set clear performance indicators and targets to measure their performance against their predetermined objectives
  • report reliably on whether they have achieved their performance targets
  • determine which legislation they should comply with, and implement the required policies, procedures and controls to ensure that they comply.
  1. Auditees that receive a financially qualified opinion with findings face the same challenges as those that are financially unqualified with findings in the areas of reporting on performance and compliance with key legislation. In addition, they are unable to produce credible and reliable financial statements. Their financial statements contain misstatements that they cannot correct before the financial statements are published.
  2. The financial statements of auditees that receive an adverse opinion with findings include so many material misstatements that we disagree with virtually all the amounts and disclosures in the financial statements.
  3. Those auditees with a disclaimed opinion with findings cannot provide us with evidence for most of the amounts and disclosures in the financial statements. We are therefore unable to conclude or express an opinion on the credibility of their financial statements.

Auditees with adverse and disclaimed opinions are typically also:

  • unable to provide sufficient supporting documentation for the achievements they report in their performance reports
  • not complying with key legislation.

 

BACK TO TOP

What is the purpose of the annual audit of the financial statements?

The purpose of the annual audit of the financial statements is to provide the users thereof with an opinion on whether the financial statements fairly present, in all material respects, the key financial information for the reporting period in accordance with the financial reporting framework and applicable legislation.

The audit provides the users with reasonable assurance regarding the degree to which the financial statements are reliable and credible on the basis that the audit procedures performed did not reveal any material errors or omissions in the financial statements. We use the term material misstatement to refer to such material errors or omissions.

We report the poor quality of the financial statements we receive in the audit reports of some auditees as a material finding on compliance, as it also constitutes non-compliance with the Public Finance Management Act. The finding is only reported for auditees that are subject to this act and if the financial statements we receive for auditing include material misstatements that could have been prevented or detected if the auditee had an effective internal control system. We do not report a finding if the misstatement resulted from an isolated incident or if it relates to the disclosure of unauthorised, irregular or fruitless and wasteful expenditure identified after the financial statements had been submitted.

 

BACK TO TOP

What does compliance with key legislation mean?

We annually audit and report on compliance by auditees with key legislation applicable to financial and performance management and related matters. We focus on the following areas in our compliance audits, if they apply to the particular auditee: ■ the quality of financial statements submitted for auditing ■ asset and liability management ■ expenditure management ■ unauthorised, irregular, and fruitless and wasteful expenditure ■ effecting consequences ■ revenue management ■ strategic planning and performance management ■ financial statements and annual report ■ transfer of funds and conditional grants ■ procurement and contract management (in other words, supply chain management).

In our audit reports, we report findings that are material enough to be brought to the attention of auditee management, as well as oversight bodies and the public.

 

BACK TO TOP

What is the scope of supply chain management audits?

We test whether the prescribed procurement processes have been followed to ensure that all suppliers are given equal opportunity to compete and that some suppliers are not favoured above others. The principles of a fair, equitable, transparent, competitive and cost-effective supply chain management process are fundamental to the procurement practices of the public sector, as enshrined in our Constitution and prescribed in the Public Finance Management Act and its regulations. The act and these regulations define what processes should be followed to adhere to the constitutional principles, the level of flexibility available, and the documentation requirements.

We also focus on contract management, as shortcomings in this area can result in delays, wastage as well as fruitless and wasteful expenditure, which in turn have a direct impact on service delivery.

We further assess the financial interests of employees of the auditee and their close family members in suppliers to the auditee. Although there is no legislation that prohibits making awards to suppliers in which state officials have an interest, the amended Public Service Regulations prohibit employees of departments from doing business with the state from 1 August 2016.

 

BACK TO TOP

What is irregular expenditure?

Irregular expenditure is expenditure that was not incurred in the manner prescribed by legislation; in other words, somewhere in the process that led to the expenditure, the auditee did not comply with the applicable legislation.

Such expenditure does not necessarily mean that money had been wasted or that fraud had been committed. It is an indicator of non-compliance in the process that needs to be investigated by management to determine whether it was an unintended error, negligence or done with the intention to work against the requirements of legislation (which, for example, require that procurement should be fair, equitable, transparent, competitive and cost-effective).

Through such investigation, it is also determined who is responsible and what the impact of the non-compliance is. Based on the investigation, the next steps are determined. One of the steps can be condonement if the non-compliance had no impact and negligence was not proven. Alternatively, if negligence was proven, the steps can be disciplinary steps, the recovery of any losses from the implicated officials or even cancelling a contract or reporting it to the police or an investigating authority.

The Public Finance Management Act is clear that accounting officers and authorities are responsible for preventing irregular expenditure as well as on what process to follow if it has been incurred.

In order to promote transparency and accountability, auditees should disclose all irregular expenditure identified (whether by the auditee or through the audit process) in their financial statements with detail on how it had been resolved; in other words, how much had been investigated, recovered or condoned.

 

BACK TO TOP

What is fruitless and wasteful expenditure?

Fruitless and wasteful expenditure is expenditure that was made in vain and that could have been avoided had reasonable care been taken.

This includes penalties and interest on the late payment of creditors or statutory obligations as well as payments made for services not used or goods not received.

The Public Finance Management Act requires accounting officers and authorities to take all reasonable steps to prevent fruitless and wasteful expenditure. Auditees should have processes to detect fruitless and wasteful expenditure and disclose the amounts in the financial statements. Fruitless and wasteful expenditure is reported when it is identified – even if the expenditure was incurred in a previous year.

The act also sets out the steps that accounting officers and oversight bodies should take to investigate fruitless and wasteful expenditure to determine whether any officials are liable for the expenditure and to recover the money if liability is proven.

 

BACK TO TOP

What is unauthorised expenditure?

Unauthorised expenditure refers to expenditure that auditees incurred without provision having been made for it in the approved budget.

The Public Finance Management Act requires accounting officers to take all reasonable steps to prevent unauthorised expenditure. Auditees should have processes to identify any unauthorised expenditure and disclose the amounts in the financial statements. The act also includes the steps that accounting officers and oversight bodies should take to investigate unauthorised expenditure to determine whether any officials are liable for the expenditure and to recover the money if liability is proven.

 

BACK TO TOP

What is financial health?

Our audits include a high-level analysis of financial health indicators for departments and for public entities.

We normally conclude that an auditee’s financial health is concerning if there are multiple indicators of financial strain, such as:

  • a deficit
  • an inability to pay creditors and/or paying them late
  • an inability to recover debt
  • late collection of debt
  • claims against the departments
  • guarantees issued by departments
  • bank overdrafts
  • accruals
  • total liabilities exceeding total assets
  • total current liabilities exceeding total current assets
  • dipping into the next year’s budget to cover the current year’s expenditure
  • amounts payable in future as a percentage of the operational budget for next three years.

The goal is to give management an overview of selected aspects of their current financial management and to enable corrective action to be taken as soon as possible if the auditees’ operations and service delivery may be at risk. We also perform audit procedures to assess whether there are any events or conditions that may cast significant doubt on an auditee’s ability to continue its operations in the near future.

Based on this analysis, we determine the extent of unfavourable indicators.

 

BACK TO TOP

What are conditional grants?

Conditional grants are funds allocated from national government to auditees, subject to certain services being delivered or on compliance with specified requirements.

Conditional grant allocations are approved each year through the Division of Revenue Act. This act indicates the approved allocation per auditee for that particular year, together with a forward estimate for the next two years.

Conditional grants stem from government’s vision and priorities as articulated in the Medium-Term Strategic Framework. In support of these goals, conditional grants are provided to provincial departments. During our audits, we test compliance with the Division of Revenue Act and the individual grant frameworks, as well as the achievement of planned targets for selected projects or programmes funded by each grant allocation.

The following are some of conditional grants:

  • Health facility revitalisation grant – to help accelerate construction, maintenance, upgrading and rehabilitation of new and existing infrastructure in the health sector, including health technology, organisational development systems and quality assurance.
  • Human settlements development grant – to provide funding for the progressive realisation of access to adequate housing through the creation of sustainable and integrated human settlements, and to facilitate a programmatic and inclusive approach to upgrading informal settlements.
  • Education infrastructure grant – to provide co-funding for the ongoing infrastructure programme in provinces, including maintaining and constructing infrastructure.
  • School backlog grant – to eradicate the backlog in implementing basic safety norms in schools without water, sanitation and electricity, and to replace schools constructed from inappropriate material (such as mud and asbestos), thus contributing to optimal learning and teaching.

 

BACK TO TOP

What is the purpose and nature of the annual audit of the performance reports?

Auditees are required to measure their actual service delivery against the performance indicators and targets set for each of their predetermined performance objectives as defined in their annual performance plan, strategic plan or corporate plan, and to report on this in their performance reports.

On an annual basis, we audit selected material programmes of departments and objectives of public entities to determine whether the information in the performance reports is useful and reliable enough to enable oversight bodies, the public and other users of the reports to assess the performance of the auditee. The programmes and objectives we select are those that are important for delivery by the auditee on its mandate. In the audit report, we report findings that are material enough to be brought to the attention of these users.

As part of the annual audits, we audit the usefulness of the reported performance information to determine whether it is presented in the annual report in the prescribed manner and is consistent with the auditee’s planned objectives as defined in strategic and annual performance plans. We also assess whether the performance indicators and targets set to measure the achievement of the objectives are:

  • well defined (the indicator needs to have a clear, unambiguous definition so that data can be collected consistently, and is easy to understand and use)
  • verifiable (it must be possible to validate the processes and systems that produce the indicator)
  • specific (so that the nature and the required level of performance can be clearly identified)
  • time bound (the time period or deadline for delivery must be specific)
  • measurable (so that the required performance can be measured)
  • consistent (with the planned objectives, indicators/measures and/or targets)
  • relevant (so that the required performance can be linked to the achievement of a goal).

We further audit the reliability of the reported information to determine whether it can be traced back to the source data or documentation and whether it is accurate, complete and valid.

 

BACK TO TOP

When is human resource management effective?

Human resource management refers to the management of an auditee’s employees or human resources. Human resource management is effective if adequate and sufficiently skilled staff members are in place and if their performance and productivity are properly managed.

As part of our audits, we look at the management of vacancies and stability in key positions, the competencies of key officials, performance management as well as consequences for transgressions, as these matters directly influence the quality of auditees’ financial and performance reports and their compliance with legislation.

 

BACK TO TOP

When are internal controls effective and efficient?

A key responsibility of accounting officers and authorities, senior managers and officials is to implement and maintain effective and efficient systems of internal control.

We assess the internal controls to determine the effectiveness of their design and implementation in ensuring reliable financial and performance reporting and compliance with legislation. This consists of all the policies and procedures implemented by management to assist in achieving the orderly and efficient conduct of business, including adhering to policies, safeguarding assets, preventing and detecting fraud and error, ensuring the accuracy and completeness of accounting records, and timeously preparing reliable financial and service delivery information. To make it easier to implement corrective action, we categorise the principles of the different components of internal control under leadership, financial and performance management, or governance. We call these the drivers of internal control.

The key basic controls that auditees should focus on are outlined below.

Providing effective leadership

In order to improve and sustain audit outcomes, auditees require effective leadership that is based on a culture of honesty, ethical business practices and good governance to protect and enhance the interests of the auditee.

Audit action plans to address internal control deficiencies

Developing and monitoring the implementation of action plans to address identified internal control deficiencies are key elements of internal control, which are the responsibility of heads of departments, chief executive officers and their senior management team.

Some of the matters requiring attention include the following:

  • Setting action plans to specifically address the external and internal audit findings.
  • Assigning clear responsibility to specific staff to carry out action plans.
  • Monitoring audit action plans to ensure that the responsibilities assigned are carried out effectively and consistently.
  • Developing audit action plans early enough in the financial year to resolve matters by year-end.

Proper record keeping and document control

Proper and timely record keeping ensures that complete, relevant and accurate information is accessible and available to support financial and performance reporting. Sound record keeping will also enable senior management to hold staff accountable for their actions. A lack of documentation affects all areas of the audit outcomes.

Some of the matters requiring attention include the following:

  • Establishing proper record keeping so that records supporting financial and performance information as well as compliance with key legislation can be made available when required for audit purposes.
  • Implementing policies, procedures and monitoring mechanisms to manage records, and making staff members aware of their responsibilities in this regard.

Implementing controls over daily and monthly processing and reconciling of transactions

Controls should be in place to ensure that transactions are processed accurately, completely and timeously, which in turn will reduce errors and omissions in financial and performance reports.

Some of the matters requiring attention include the following:

  • Daily capturing of financial transactions, supervisory reviews of captured information, and independent monthly reconciliations of key accounts.
  • Collecting performance information at intervals appropriate for monitoring, setting service delivery targets and milestones, and validating recorded information.
  • Confirming that legislative requirements and policies have been complied with before initiating transactions.

Reviewing and monitoring compliance with legislation

Auditees need to have mechanisms that can identify applicable legislation as well as changes to legislation, assess the requirements of legislation, and implement processes to ensure and monitor compliance with legislation.

 

BACK TO TOP

 

What is information technology and what are information technology controls?

Information technology (commonly known as IT) refers to the computer systems used for recording, processing and reporting financial and non-financial transactions.

IT controls ensure the confidentiality, integrity and availability of state information, enable service delivery, and promote national security. Good IT governance, effective IT management and a secure IT infrastructure are therefore essential.

Non-complex and complex information technology environments

In terms of our audit methodology, we differentiate between non-complex and complex IT environments, as follows:

Non-complex environment – level 1 (low risk)

This is the lower end of the spectrum for IT sophistication and relevance. The auditee uses one server associated with financial reporting and/or performance information, a limited number of workstations, no remote locations, commercial off-the-shelf applications and infrastructure, vendors to perform updates and maintenance on the system, little emerging or advanced technology, and a few or no online and e-commerce transactions.

Key controls over financial reporting and/or performance information are not overly reliant on IT, are embedded in the commercial off-the-shelf applications, or are limited to very few manual processes and controls. Many small to medium-sized entities fall into this category.

Complex environment – levels 2 and 3 (medium and high risk)

This is the middle to high end of the spectrum. These auditees have the following characteristics:

  • Use more than one server associated with financial reporting and/or performance information.
  • Have remote locations.
  • Employ one or more network operating system or non-standard ones.
  • Have more workstations in total.
  • Use some customisation of application software or have a relatively complex configuration of commercial off-the-shelf applications.
  • Use enterprise resource planning systems and/or write their own custom software.
  • Perform updates and maintenance on the system centrally onsite or through vendors, or perform centralised updates and maintenance on the system and distribute these to decentralised sites or through onsite vendors.
  • Employ a few to moderate or a large number of emerging or advanced technologies.
  • Enter into either a few or a large number of online and e-commerce transactions.
  • Rely heavily on IT key controls over financial and/or performance information.

An auditee running transversal systems would also fall into this category. Information systems for which certain IT processes are managed centrally, but which are used by various auditees who have limited responsibility regarding the design and enhancement of the system, will also be classified as high risk at a national level.

Which information technology controls do we audit?

During our audits, we assess the IT controls that focus on IT governance, security management, user access management and IT service continuity – as discussed further down. To evaluate the status of the IT controls in the areas we audit, we group them into the following three categories, with reference to the control measures that should be in place:

  1. Where IT controls are being designed, management should ensure that the controls would reduce risks and threats to IT systems.
  2. Where IT controls are being implemented, management should ensure that the designed controls are implemented and embedded in IT processes and systems. Particular attention should be paid to ensuring that staff members are aware of and understand the IT controls being implemented, as well as their roles and responsibilities in this regard.
  3. Where IT controls have been embedded and are functioning effectively, management should ensure that the IT controls that have been designed and implemented are functioning effectively at all times. Management should sustain these IT controls through disciplined and consistent daily, monthly and quarterly IT operational practices.

Information technology governance

This refers to the leadership, organisational structures and processes which ensure that the auditee’s IT resources will sustain its business strategies and objectives. Effective IT governance is essential for the overall well-being of an auditee’s IT function and ensures that the auditee’s IT control environment functions well and enables service delivery.

Security management

This refers to the controls preventing unauthorised access to the computer networks, computer operating systems and application systems that generate and prepare financial and performance information.

User access management

These are measures designed by business management to prevent and detect the risk of unauthorised access to, and the creation or amendment of, financial and performance information stored in the application systems.

Information technology service continuity

These controls enable auditees to recover within a reasonable time the critical business operations and application systems that would be affected by disasters or major system disruptions.

 

BACK TO TOP

What are root causes?

Root causes are the underlying causes or drivers of audit findings; in other words, the reason why the problem occurred.

Addressing the root cause helps to ensure that the actions address the real issue, thus preventing or reducing incidents of recurrence, rather than simply providing a one-time or short-term solution.

Our audits include an assessment of the root causes of audit findings, based on the identification of internal controls that have failed to prevent or detect the error in the financial statements and performance reports or that have led to non-compliance with legislation. These root causes are confirmed with management and shared in the management report with the accounting officer or authority and the executive authorities. We also include the root causes of material findings reported as internal control deficiencies in the audit report.

 

BACK TO TOP

Who provides assurance?

Ministers, members of the executive councils, and accounting officers and authorities use the annual report to report on the financial position of auditees, their performance against predetermined objectives, and overall governance; while one of the important oversight functions of legislatures is to consider auditees’ annual reports. To perform their oversight function, they need assurance that the information in the annual report is credible. To this end, the annual report also includes our audit report, which provides assurance on the credibility of the financial statements, the performance report and the auditee’s compliance with legislation.

Our reporting and the oversight processes reflect on history, as they take place after the financial year. Many other role players contribute throughout the year to the credibility of financial and performance information and compliance with legislation by ensuring that adequate internal controls are implemented.

The mandates of these role players differ from ours, and we have categorised them as follows:

  • Those directly involved in the management of the auditee (management or leadership assurance).
  • Those that perform an oversight or governance function, either as an internal governance function or as an external monitoring function (internal independent assurance and oversight).
  • The independent assurance providers that give an objective assessment of the auditee’s reporting (external independent assurance and oversight).

We assess the level of assurance provided by the role players based on the status of auditees’ internal controls and the impact of the different role players on these controls. In the current environment, which is characterised by inadequate internal controls, corrected and uncorrected material misstatements in financial and performance information, and widespread non-compliance with legislation, all role players need to provide an extensive level of assurance.

 

BACK TO TOP

Glossary of key terminology used in the PFMA GR
Asset (in financial statements) Any item belonging to the auditee, including property, infrastructure, equipment, cash, and debt due to the auditee.
Cash flow (in financial statements) The flow of money from operations: incoming funds are revenue (cash inflow) and outgoing funds are expenses (cash outflow).
Cash-backed (grant management) When unspent grants are supported by available cash.
Chief information officer or government information technology officer (information technology) The most senior official of the auditee who is accountable for aligning information technology and business strategies; for planning, resourcing and managing the delivery of information technology services and information; and for the deployment of the associated human resources. The chief information officers in the South African public sector are referred to as government information technology officers.
Commitments from role-players Initiatives and courses of action communicated to us by role players in national and provincial government aimed at improving the audit outcomes.
Creditors Persons, companies or organisations to whom the auditee owes money for goods and services procured from them.
Current assets (in financial statements) These assets are made up of cash and other assets, such as inventory or debt for credit extended, which will be traded, used or converted into cash within 12 months. All other assets are classified as non-current, and typically include property, infrastructure, plant and equipment as well as long-term investments.
Current liability (in financial statements) Money owed by the auditee to companies, organisations or persons who have supplied goods and services to the auditee.
Cybersecurity (information technology) The protection of information assets by addressing threats to information processed, stored and transported by internet-worked information systems.
Deficit An excess of expenditure or liabilities over income or assets in a given period.
Financial and performance management (as one of the drivers of internal control)

The performance of tasks relating to internal control and monitoring by management and other employees to achieve the financial management, reporting and service delivery objectives of the auditee.

These controls include the basic daily and monthly controls for processing and reconciling transactions, the preparation of regular and credible financial and performance reports as well as the review and monitoring of compliance with key legislation.

Governance (as one of the drivers of internal control) The governance structures (audit committees) and processes (internal audit and risk management) of an auditee.
Hacked (information technology) When unauthorised access to a computer system has been gained.
Hacker/intruder (information technology) An individual who attempts to gain unauthorised access to a computer system.
Implementing agent Government institutions (e.g. the Independent Development Trust), non-governmental organisations or private sector entities appointed by the auditee to manage, implement and deliver on projects.
Information technology infrastructure (information technology) The hardware, software, computer-related communications, documentation and skills that are required to support the provision of information technology services, together with the environmental infrastructure on which it is built.
Key service delivery departments Government departments in the health, education, human settlements and public works sectors, responsible for almost a third of the national and provincial expenditure budget and instrumental in managing infrastructure and delivering essential services.
Leadership (as one of the drivers of internal control)

The administrative leaders of an auditee, such as heads of departments, chief executive officers and senior management.

It can also refer to the political leadership or the leadership in the province (such as the premier).

Material finding (from the audit) An audit finding on the quality of the performance report or compliance with key legislation that is significant enough in terms of either its amount or its nature, or both these aspects, to be reported in the audit report.
Material irregularity Any non-compliance with, or contravention of, legislation, fraud, theft or a breach of a fiduciary duty identified during an audit performed under the Public Audit Act that resulted in – or is likely to result in – a material financial loss, the misuse or loss of a material public resource or substantial harm to a public sector institution or the general public.
Material Irregularity Regulations The regulations stemming from the provisions of section 52(1A) of the Public Audit Act. The regulations enable us to implement the material irregularity provision in the Public Audit Act by, among others, regulating the decision-making on material irregularities and the time frames applicable to the material irregularity process.
Material misstatement (in financial statements or performance reports) An error or omission that is significant enough to influence the opinions or decisions of users of the reported information. Materiality is considered in terms of either its rand value or the nature and cause of the misstatement, or both these aspects.
Medium-Term Strategic Framework Government’s strategic plan for the 2019-24 electoral term. It reflects the commitments made in the election manifesto of the governing party, including the commitment to implement the National Development Plan. Its aim is to ensure policy coherence, alignment and coordination across government plans as well as alignment with budgeting processes.
Misstatement (in financial statements or performance reports) Incorrect or omitted information in the financial statements or performance report.
Payable Amounts owed for the purchase of goods or services at a specific date.
Preventative controls

Internal controls can be categorised as preventative controls, detective controls or corrective controls. Preventative controls are the controls designed and implemented by management to avoid threats to the objectives of the auditee materialising. Detective and corrective controls focus more on identifying and correcting failures after they had already occurred.

Preventing poor-quality financial statements and performance reports, non-compliance and material irregularities is more effective and efficient than having to deal with the consequences thereof – money and time are lost, costly investigations have to be instituted, and officials are subjected to the discomfort and anxieties associated with these processes, which often take a number of years to be finalised.

Property, infrastructure, plant and equipment (in financial statements) Assets that physically exist and are expected to be used for more than one year, including land, buildings, leasehold improvements, equipment, furniture, fixtures and vehicles.
Public Audit Act (Act No. 25 of 2004) This is the AGSA’s enabling legislation. The objective of the act is to give effect to the provisions of the Constitution by establishing and assigning functions to an auditor-general and by providing for the auditing of institutions in the public sector. The Public Audit Act was amended [Public Audit Amendment Act (Act No. 5 of 2018)] to provide us with more power to ensure accountability in the public sector. The intent of the amendments is not to take over the functions of accounting officers and authorities, as their accountability responsibilities are clear in legislation. It is rather to step in where those responsibilities are not fulfilled in spite of us alerting leadership to material irregularities that need to be investigated and addressed.
Ransomware (information technology) A type of malicious software designed to block access to a computer system until a ransom demand is satisfied.
Reconciliation (of accounting records) The process of matching one set of data to another; for example, the bank statement to the cheque register, or the accounts payable journal to the general ledger.
Receivables or debtors (in financial statements) Money owed to the auditee by companies, organisations or persons who have procured goods and services from the auditee.
Section 4(3) audits Audits that the AGSA has opted not to perform in terms of section 25(1)(a) of the Public Audit Act, and which is then audited by registered auditors appointed by the auditee, with the consent of the AGSA.
State-owned enterprises (SOEs) Independent public entities (listed in schedule 2 of the Public Finance Management Act) that are partially or fully owned by the state to achieve various socio-economic goals.
Status of records review

A process whereby the auditor performs basic review procedures to identify risks and areas of concern for discussion with the accounting officer or authority. The purpose of the status of records review is to:

•       ensure that there is a system of early warning to the accounting officer or authority on challenges that may compromise good financial and performance management and compliance with legislation

•       demonstrate to the accounting officer or authority a deepened level of understanding of the business of the auditee and the value added by the auditor

•       contribute to capacitating the accounting officer or authority and senior management in instilling good practices of regular reporting, review and oversight

•       identify risks early and throughout the audit cycle to respond to these timeously and correctly.

System development (information technology) The development of an integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities.
Virement The utilisation (transfer) of a saving from one programme towards the defrayment of excess expenditure under another programme within the same vote (department).
Vulnerability (information technology) In information security, a weakness or flaw (in location, physical layout, organisation, management, procedures, personnel, hardware or software) that may be exploited by an attacker to cause an adverse impact.
Vulnerable financial position (going concern) The presumption that an auditee will continue to operate in the near future, and will not go out of business and liquidate its assets. For the going concern presumption to be reasonable, the auditee must have the capacity and prospect to raise enough financial resources to stay operational.

 

BACK TO TOP