|Asset (in financial statements)
|Any item belonging to the auditee, including property, infrastructure, equipment, cash, and debt due to the auditee.
|Cash flow (in financial statements)
|The flow of money from operations: incoming funds are revenue (cash inflow) and outgoing funds are expenses (cash outflow).
|Cash-backed (grant management)
|When unspent grants are supported by available cash.
|Chief information officer or government information technology officer (information technology)
|The most senior official of the auditee who is accountable for aligning information technology and business strategies; for planning, resourcing and managing the delivery of information technology services and information; and for the deployment of the associated human resources. The chief information officers in the South African public sector are referred to as government information technology officers.
|Commitments from role-players
|Initiatives and courses of action communicated to us by role players in national and provincial government aimed at improving the audit outcomes.
|Persons, companies or organisations to whom the auditee owes money for goods and services procured from them.
|Current assets (in financial statements)
|These assets are made up of cash and other assets, such as inventory or debt for credit extended, which will be traded, used or converted into cash within 12 months. All other assets are classified as non-current, and typically include property, infrastructure, plant and equipment as well as long-term investments.
|Current liability (in financial statements)
|Money owed by the auditee to companies, organisations or persons who have supplied goods and services to the auditee.
|Cybersecurity (information technology)
|The protection of information assets by addressing threats to information processed, stored and transported by internet-worked information systems.
|An excess of expenditure or liabilities over income or assets in a given period.
|Financial and performance management (as one of the drivers of internal control)
The performance of tasks relating to internal control and monitoring by management and other employees to achieve the financial management, reporting and service delivery objectives of the auditee.
These controls include the basic daily and monthly controls for processing and reconciling transactions, the preparation of regular and credible financial and performance reports as well as the review and monitoring of compliance with key legislation.
|Governance (as one of the drivers of internal control)
|The governance structures (audit committees) and processes (internal audit and risk management) of an auditee.
|Hacked (information technology)
|When unauthorised access to a computer system has been gained.
|Hacker/intruder (information technology)
|An individual who attempts to gain unauthorised access to a computer system.
|Government institutions (e.g. the Independent Development Trust), non-governmental organisations or private sector entities appointed by the auditee to manage, implement and deliver on projects.
|Information technology infrastructure (information technology)
|The hardware, software, computer-related communications, documentation and skills that are required to support the provision of information technology services, together with the environmental infrastructure on which it is built.
|Key service delivery departments
|Government departments in the health, education, human settlements and public works sectors, responsible for almost a third of the national and provincial expenditure budget and instrumental in managing infrastructure and delivering essential services.
|Leadership (as one of the drivers of internal control)
The administrative leaders of an auditee, such as heads of departments, chief executive officers and senior management.
It can also refer to the political leadership or the leadership in the province (such as the premier).
|Material finding (from the audit)
|An audit finding on the quality of the performance report or compliance with key legislation that is significant enough in terms of either its amount or its nature, or both these aspects, to be reported in the audit report.
|Any non-compliance with, or contravention of, legislation, fraud, theft or a breach of a fiduciary duty identified during an audit performed under the Public Audit Act that resulted in – or is likely to result in – a material financial loss, the misuse or loss of a material public resource or substantial harm to a public sector institution or the general public.
|Material Irregularity Regulations
|The regulations stemming from the provisions of section 52(1A) of the Public Audit Act. The regulations enable us to implement the material irregularity provision in the Public Audit Act by, among others, regulating the decision-making on material irregularities and the time frames applicable to the material irregularity process.
|Material misstatement (in financial statements or performance reports)
|An error or omission that is significant enough to influence the opinions or decisions of users of the reported information. Materiality is considered in terms of either its rand value or the nature and cause of the misstatement, or both these aspects.
|Medium-Term Strategic Framework
|Government’s strategic plan for the 2019-24 electoral term. It reflects the commitments made in the election manifesto of the governing party, including the commitment to implement the National Development Plan. Its aim is to ensure policy coherence, alignment and coordination across government plans as well as alignment with budgeting processes.
|Misstatement (in financial statements or performance reports)
|Incorrect or omitted information in the financial statements or performance report.
|Amounts owed for the purchase of goods or services at a specific date.
Internal controls can be categorised as preventative controls, detective controls or corrective controls. Preventative controls are the controls designed and implemented by management to avoid threats to the objectives of the auditee materialising. Detective and corrective controls focus more on identifying and correcting failures after they had already occurred.
Preventing poor-quality financial statements and performance reports, non-compliance and material irregularities is more effective and efficient than having to deal with the consequences thereof – money and time are lost, costly investigations have to be instituted, and officials are subjected to the discomfort and anxieties associated with these processes, which often take a number of years to be finalised.
|Property, infrastructure, plant and equipment (in financial statements)
|Assets that physically exist and are expected to be used for more than one year, including land, buildings, leasehold improvements, equipment, furniture, fixtures and vehicles.
|Public Audit Act (Act No. 25 of 2004)
|This is the AGSA’s enabling legislation. The objective of the act is to give effect to the provisions of the Constitution by establishing and assigning functions to an auditor-general and by providing for the auditing of institutions in the public sector. The Public Audit Act was amended [Public Audit Amendment Act (Act No. 5 of 2018)] to provide us with more power to ensure accountability in the public sector. The intent of the amendments is not to take over the functions of accounting officers and authorities, as their accountability responsibilities are clear in legislation. It is rather to step in where those responsibilities are not fulfilled in spite of us alerting leadership to material irregularities that need to be investigated and addressed.
|Ransomware (information technology)
|A type of malicious software designed to block access to a computer system until a ransom demand is satisfied.
|Reconciliation (of accounting records)
|The process of matching one set of data to another; for example, the bank statement to the cheque register, or the accounts payable journal to the general ledger.
|Receivables or debtors (in financial statements)
|Money owed to the auditee by companies, organisations or persons who have procured goods and services from the auditee.
|Section 4(3) audits
|Audits that the AGSA has opted not to perform in terms of section 25(1)(a) of the Public Audit Act, and which is then audited by registered auditors appointed by the auditee, with the consent of the AGSA.
|State-owned enterprises (SOEs)
|Independent public entities (listed in schedule 2 of the Public Finance Management Act) that are partially or fully owned by the state to achieve various socio-economic goals.
|Status of records review
A process whereby the auditor performs basic review procedures to identify risks and areas of concern for discussion with the accounting officer or authority. The purpose of the status of records review is to:
• ensure that there is a system of early warning to the accounting officer or authority on challenges that may compromise good financial and performance management and compliance with legislation
• demonstrate to the accounting officer or authority a deepened level of understanding of the business of the auditee and the value added by the auditor
• contribute to capacitating the accounting officer or authority and senior management in instilling good practices of regular reporting, review and oversight
• identify risks early and throughout the audit cycle to respond to these timeously and correctly.
|System development (information technology)
|The development of an integrated set of computer programs designed to serve a particular function that has specific input, processing and output activities.
|The utilisation (transfer) of a saving from one programme towards the defrayment of excess expenditure under another programme within the same vote (department).
|Vulnerability (information technology)
|In information security, a weakness or flaw (in location, physical layout, organisation, management, procedures, personnel, hardware or software) that may be exploited by an attacker to cause an adverse impact.
|Vulnerable financial position (going concern)
|The presumption that an auditee will continue to operate in the near future, and will not go out of business and liquidate its assets. For the going concern presumption to be reasonable, the auditee must have the capacity and prospect to raise enough financial resources to stay operational.