on the AG's audit findings - Parliamentary Monitoring Group

advertisement
PRESENTATION TO PARLIAMENTARY
PORTFOLIO COMMITTEE
A-G AUDIT FINDINGS
Joseph A Mutungama
Chief Audit Executive
National Home Builders Registration Council
Email: josephm@nhbrc.org.za
Bryanston, South Africa
22 February 2013
1
BACKGROUND
• NHBRC received a qualified audit opinion in the financial year ended March
2012.
• In addition to the qualified audit opinion, numerous matters of emphasis
were raised by the Auditor General.
• In response Internal Audit facilitated a workshop with NHBRC Management
to review the report, perform root cause analysis and develop an Action
Plans to address identified control weaknesses as raised by the Auditor
General.
• Progress in implementing the action plan is reported on to the NHBRC Exco
monthly and to both the NHBRC Audit and Risk Committee and Council
quarterly.
BACKGROUND… (CONTINUED)
As per the A-G report the areas below had the most material control
deficiencies reported on:
BUSINESS AREA
REMARKS
SUPPLY CHAIN
• Irregular Expenditure exceeded R200m
• General non compliance with PFMA and SCM policy.
IT
• The current legacy systems cannot support or
enable the NHBRC in a consistent manner
• Issues of system and data security, availability and
integrity.
PERFORMANCE INFO
• Problems in identifying SMART KPIs.
FINANCE
• GL and Payroll Reconciliations issues and controls
over the EFT system.
NHBRC REMEDIATION STRATEGY
The Action Plan to address the A-G reported issues adopted the following
implementation timeframes:
CATEGORY
TIME TO ADRESS THE FINDING
Immediate
Immediately
Short Term
Within 30 DAYS
Medium Term
Within 3 MONTHS
Long Term
Within 6 MONTHS
PROGRESS TO DATE
• Progress To Date is as Follows:
TOTAL
RESOLVED
PARTIALLY
RESOVED
UNRESOLVED
DISAGREED
IMMEDIATE
38
36
0
2
0
SHORT TERM
13
3
9
1
0
MEDIUM TERM
3
2
0
0
1
LONG TERM
9
1
2
6
0
TOTAL
63
42
11
9
1
CATEGORY
PARTIALLY RESOLVED
UNRESOLVED
DISAGREED
7 - BUSINESS MANAGEMENT
SOLUTIONS (IT)
2 – HUMAN CAPITAL
1 - FINANCE
1 - PERFORMANCE INFORMATION
2 - SUPPLY CHAIN
1 - SUPPLY CHAIN
1 – HUMAN CAPITAL
4 - FINANCE
2 - BUSINESS MANAGEMENT
SOLUTIONS (IT)
9
0
11
1
GRAPH-PROGRESS TO DATE
OUTSTANDING FINDINGS
0
1
DISAGREED
0
0
6
0
UNRESOLVED
1
2
2
0
PARTIALLY RESOVED
9
0
1
2
RESOLVED
3
36
0
5
10
15
20
25
30
35
40
RESOLVED
1
PARTIALLY RESOVED
2
UNRESOLVED
6
DISAGREED
0
MEDIUM TERM
2
0
0
1
SHORT TERM
3
9
1
0
IMMEDIATE
36
0
2
0
LONG TERM
6
A-G ACTION PLAN
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
1.
Irregular Expenditure.
Immediate
Unresolved
Immediate
Unresolved
NHBRC faces an irregular expenditure
amount of over R100m as at end of third
quarter mainly due to Forensic Consultation
fees and Rectification contractors. This
expenditure emanates from contracts
entered into in the previous financial year.
As above
Immediate
Resolved
Goods or services with a transaction value of more than R 500
000 were not procured by means of a competitive bidding
process.
2.
The accounting authority did not take effective steps to
prevent irregular expenditure.
In terms of section 51(1) (b) (ii) of the PFMA the accounting
authority must take effective and appropriate steps to prevent
irregular expenditure. The irregular expense declared in the
financial statements decreased from R400 255 in 2010/2011 to
R202 223 991 in 2011/2012, furthermore additional irregular
expenditure was identified through the audit process.
Management circumvented the compliance requirements by
awarding contracts/quotations without following applicable laws
and regulations pertaining to supply chain management.
Evaluation of tender for points and functionality not
performed.
3.
The root cause for this non-compliance was that buyers were
buying from historically disadvantaged suppliers on the approved
supplier database, but they did not understand that they had to
print out the document to prove that they considered those
elements.
The non-compliance with the applicable laws, rules, regulations
and practices resulted in irregular expenditure.
7
A new matrix system has been implemented
and approved by Management. The
preferred service provider is selected due to
highest score points. The matrix system
includes name of the service provider, tender
price, points for price, BEE scoring and
ranking.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
4.
Tax Clearance certificate not obtained.
Immediate
Resolved
The supplier has submitted the tax
clearance certificate.
National Treasury Practice Note 8 of 2007/08 and Treasury
Regulation 16A9 require the winning supplier to submit an
original Tax Clearance Certificate from SARS certifying the tax
affairs of that person to be in order or that suitable arrangements
have been made with SARS.
The following supplier did not submit a tax clearance certificate:
Supplier Name: Surestream Property Investments Pty Ltd
Supplier No. 2944
The owner of the building leased by NHBRC changed and the
new owner did not submit a tax clearance certificate.
This resulted in irregular expenditure of R3 641 147 and due to
the fact that management did not identify and disclose this as
irregular expenditure in the financial statements submitted for
auditing purposes on 31 May 2012 this will contribute to the
modification in the audit report on the completeness of irregular
expenditure.
8
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
5.
Internal Audit Function: Non Compliance with Treasury
Regulations.
Immediate
Resolved
Annual operational audit plan 2012/2013
which includes the evaluation of compliance
weaknesses and regulations has been
approved by Council and is being
implemented.
Immediate
Resolved
The finding has not occurred in the current
financial year. Finance section has not
received extensions to contract exceeding
15% of the original value in the current
financial year.
In terms of Treasury Regulations 27.2.6 Internal Audit must be
conducted in accordance with the standards set by the Institute
of Internal Auditors. Through testing performed on the Internal
Audit Function it was found that the Internal Audit Function did
not adhere to all standards set by the Institute of Internal
Auditors.
In terms of Treasury Regulations 27.10(e) internal audit should
evaluate the compliance with laws and regulations. Through
testing performed on the Internal Audit Function it was found that
the Internal Audit Function did not evaluate the compliance with
laws and regulations.
6.
Extensions to contracts exceeding 15% of the original value
not approved by National Treasury.
In terms of the NHBRC procurement policy the extensions of
contracts exceeding 15% of the original contract value should be
approved by the CEO.
The extensions were approved by the CEO in terms of the
NHBRC policy but were not approved by National Treasury in
terms of Treasury Regulations.
This was as a result of management circumventing the
requirements of treasury regulations.
The non-compliance resulted in irregular expenditure and a
modification under the compliance section will be included in the
audit report.
9
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
7.
Invitations to bid not advertised as per Treasury
Regulations.
Immediate
Resolved
The policy has been drafted to align with
Treasury Regulations.
New tenders published currently are
Revision of Home Building Manual and
Forensic Engineering Services.
Immediate
Resolved
The finding occurred is no longer applicable.
The process occurred only once in the
previous financial year.
Per management the urgency of transactions resulted in
minimum advertising time not being followed.
The non-compliance resulted in irregular expenditure and as a
result this will contribute to the modification in the audit report
pertaining to the completeness of irregular expenditure.
8.
Non-compliance with Treasury Regulations.
The scope of the work was increased and more quotations were
sourced for completing other renovation tasks.
Additional work was then performed by Bougart Building
Construction CC.
In terms of Treasury Regulation 16A3.2 the supply chain
management system must be fair, equitable, transparent,
competitive and cost effective. In terms of instruction note 32
expansions / variation orders should not exceed the following
limits without prior approval by the national/ provincial treasury:
For construction contracts: - The lesser of R20 million or 20% of
the original contract amount.
For other goods/ services: - The lesser of 15% or R15 million of
the original contract price.
In terms of the NHBRC procurement policy the extensions of
contracts exceeding 15% of the original contract value should be
approved by the CEO.
10
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
9.
More than 20% of planned targets not achieved.
Short Term
Partially
Resolved
There are new targets to be attained by the
organization for 2012/2013 financial year.
The performance of sections is monitored by
Strategy Section to ensure that targets are
achieved as set out in the organizational
Balanced Scorecards.
Medium
Term
Resolved
A list of all bank accounts was sent through
e-mail to National Treasury by the Personal
Assistant to the Chief Financial Officer on 24
April 2012.
During the audit of the performance information, it was noted
that 24% (13 out of 54) of the targets set by the NHBRC as per
annual performance plan were not achieved as at 31 March
2012.
This matter will be included in the audit report in the section
relating to predetermined objectives.
10.
A list of all bank accounts not submitted to National
Treasury.
As per the Treasury Regulations section 31.2.1 the Accounting
Authority should submit a list of all bank accounts to National
Treasury annually by 31 May. We obtained correspondence
between NHBRC and National Treasury where the Main bank
account details were sent to treasury on 19 April 2012. However
no record could be found that banking details were submitted
during the 2011/2012 financial year.
11
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
11.
Bank reconciliations not prepared on a weekly basis.
Long Term
Unresolved
12.
It was noted that bank reconciliations are performed on a
monthly basis instead of a weekly basis as required in terms of
Treasury Regulations. Treasury Regulations 31.1.2 (j) states
that sound cash management includes preparing bank
reconciliations on at least a weekly basis. However management
does on a daily bases clear receipts and payments even though
there is no formal reconciliation prepared.
Upon enquiry as to the reason for this management indicated
that the Oracle system does not allow for management to
evidence that reconciliations are done on at least a weekly
basis.
Payment not made within 30 days of receipt of invoice.
The Oracle platform is not configured to
handle reconciliation and posting weekly;
this can only be done monthly.
The bank reconciliation is prepared on a
monthly basis as transactions occur on a
monthly basis.
Short Term
Partially
Resolved
The delay in payment is due to business not
receipting goods and services timeously,
business has the obligation to check all
invoices to ensure that all goods and
services were delivered, in certain instances
the receipting of these invoices is delayed,
however once the invoice is receipted they
are paid within two weeks of receipt
It was noted during the inspection of a sample of payments
made during the period, where certain payments were not made
within 30 days of receipt of invoice. In terms of Treasury
Regulation 8.2.3. "all payments due to creditors must be settled
within 30 days from receipt of an invoice". This amounts to noncompliance with the Treasury Regulations
12
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
13.
Exception (Variance) Reports not reviewed by management.
Immediate
Resolved
The current Human Capital Manager was
appointed end of February 2012 and started
reviewing the work in March 2012. HC
Manager is reviewing the variance report on
a monthly basis.
Immediate
Resolved
The reconciliations are cleared timely by the
Financial Accountant.
Long Term
Partially
Resolved
Human Capital is in a process of sourcing a
Tax Consultant to assist and advice on
matters of tax. The Payroll Specialist has
prepared the Terms of Reference document
for submission with regard to sourcing a Tax
Consultant.
It was noted that for the months of September 2011, November
2011 and March 2012, the spike/variance reports that were
prepared were inspected for material & unusual movements by
the Payroll Specialist, however the reports were not reviewed by
senior management.
Furthermore the September 2011 ACB Report was not reviewed
by management.
14.
Reconciling items not cleared timely.
It was noted that reconciling items/differences between the
Payroll Oracle system and the general ledger were not cleared
on a month to month basis.
This finding was caused due to human resources constraints.
15.
Fringe benefits not subjected to PAYE.
The PAYE deducted from employees may be understated due to
the non-inclusion of a petrol card allowance received by 107
employees (specifically High Users) of R4400 that is used for
both business and private purposes, as no travel log is
maintained. Staff is required to be taxed on fringe benefits in
term of schedule 7a of the Income Tax Act.
This was caused by staff not fully understanding the implications
of tax on fringe benefits.
13
Matter to be resolved by 31 March 2013
.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
16.
Findings on Predetermined Objectives.
Immediate
Resolved
The reporting of performance information
and targets are clearly indicated in the
performance report of 1 April 2012 to 30
June 2012. The reporting of amounts
collected from debtors is included in the
quarterly report. KPI’s have also changed in
the first quarter of 01 April 2012 to 30 June
2012 and it is no longer a performance
indicator.
Immediate
Resolved
Nine quality assessors have been appointed
in all nine provinces.
Inconsistencies in the reporting of amounts collected from
debtors.
It was noted that there were inconsistencies with regard to the
amounts reported in the quarterly reports for the indicator “R 72
million to be collected from the NHBRC debtors” This indicator
was only reported in the first quarter. An amount of R 11 million
was reported as collected in the first quarter and nothing was
reported from the second quarter up to the fourth quarter. In the
annual report an amount of R348.3 million was reported for this
indicator.
Management did not define the objectives clearly in the prior
year, which resulted in inconsistent reporting.
17.
Inconsistencies in the reporting of assurance structures
implemented in the provincial departments of Human
Settlements.
It was noted that there were inconsistencies with regard to the
quarterly reporting of the indicator “Quality assurance support
structures strengthened in the Provincial Departments of Human
Settlements”. This indicator was only reported in the fourth
quarter. A total number of 2 support structures were reported as
achieved in the fourth quarter and nothing was reported from the
first quarter to the third quarter. Through inspection of the
number of structures reported as implemented in the annual
report, we noted that 9 support structures were reported.
14
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
18.
Management does not ensure the completeness of the
indicators or targets reported in the annual report.
Immediate
Resolved
The matter has been taken into
consideration in the KPA’s and KPI’s
2012/2013.
Immediate
Resolved
The matter has been addressed in the
2012/2013 NHBRC balance scorecard. The
copy of the balance scorecard is accessible
on the intranet.
It was noted that management does not have any controls to
ensure that indicators/targets reported in the annual report are
complete. Completeness of targets is important since it ensures
that all the activities relating to a particular indicator/target has
been reported. Note that management did report on all the
indicators included in the strategic plan for the entity.
Management did not define the objectives clearly in the prior
year, which resulted in matter above.
Inconsistencies between the quarterly and annual reports
for the indicator of “20% of
all houses under construction inspected to be audited”
19.
It was noted that that there were inconsistencies with regard to
the quarterly reporting of this indicator
“20 of all houses under construction inspected to be audited”.
The following has been reported in the
quarterly reports:
Management did not define the objectives clearly in the prior
year, which resulted in matter above.
The final amount reported in annual report could be
substantively audited. Thus this matter highlights the control
weaknesses that exist during quarterly reviews of data that is
reported.
Through inspection of the annual report, we noted that
management reported that a total of 20% of the houses that
were inspected have been audited. This is not consistent with
what has been reported in the quarterly performance reports.
15
Objectives are clearly defined in the
performance report 01 April 2012 to 31 March
2013.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
20.
Inaccurate reporting of technical services revenue.
Immediate
Resolved
The matter is no longer a performance
indicator in the current financial year.
It was noted that the amount reported in the quarterly reports
does not agree to the amount disclosed in the management
accounts. Through inspection of the fourth quarter performance
report, we noted that management disclosed that they have
collected nothing from technical services revenue, but through
inspection of the management accounts, we noted that a total of
R 22 642 545 had been collected from technical services,
resulting in a difference of R 22 642 545 between the
management accounts and quarterly performance reports. Note
that the amount that is reported in the annual report agrees to
the annual financial statements and the above issue relates to a
control deficiency on reviewing of data reported on quarterly
bases.
16
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
21.
The register for the “Reduction in the number of days taken
to produce a legally enforceable contract from 3 weeks to 7
working days” does not have the date the request was
received and the date the request/contract was completed.
Immediate
Resolved
The matter is no longer included in the
2012/2013 financial year.
Short Term
Resolved
IT section has programmed the Oracle
system not to allow duplication of suppliers.
The system does not permit the capturing of
the same Co. registration number or Vat
number. Test suppliers have been
deactivated from Oracle system.
The Contract register does not include dates on which the
request for contract was received and the date on which drafting
thereof was completed. Through inspection of the quarterly
reports submitted to the National Department of Human
Settlement, we noted that this target was indicated as
achieved/met. It was not possible to assess if a legally
enforceable contract was issued within 7 working days.
Management did not define the objectives clearly in the prior
year, which resulted in the matter above. Note that the
misstatement of indicators that could not be tested is less than
20% and thus will not have an impact on the opinion on
predetermined objectives.
Duplicate suppliers
22.
The NHBRC entered into business with suppliers duplicated on
the supplier database.
17
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
23.
The declaration of bidder’s past supply chain management
practices (SDB8) form not completed for the winning
supplier.
Immediate
Resolved
This was an isolated incident where the
NHBRC had a dispute with the supplier
which was subsequently settled.
Long Term
Partially
Resolved
The new CEO has been appointed and will
commence on 1 March 2013.
Long term
Unresolved
HCREMCO resolve to put a moratorium on
the appointment of all senior officials until
the appointment of the CEO is finalised.
The National Treasury Practice Note 4 of 2006 and Treasury
Regulation 16A9 require the winning supplier to complete and
sign the bidder’s past SCM practices on the SBD 8 form. This
information furnished by the builder should be used to ensure
that when goods and services are procured or disposed of, all
reasonable steps are taken to combat the abuse of the supply
chain management system.
24.
Senior managers acted in positions for more than 6
months
The CEO position was acted in for longer than 6 months by J
Mahachi, due to pending investigations on S. Mashinini.
Position was approved in minutes of meetings by the Council as
well as on the approved acting allowance forms.
25.
Senior management vacancy rate increased from prior year
The senior management vacancy rate increased from 43% in
the previous year to 60% in the current year. This was due to a
decrease in total positions available from the prior year.
18
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
26.
Payments made in excess of contract value.
Medium
Term
Disagreed
Management still disagrees with the finding.
NHBRC entered various contracts with ICM.
Balance score cards, strategic planning and
training of consultants’ facilitation were part
of the SLA’s entered into with ICM. The R 1,
615.461 was allocated for different services
with ICM in addendum to the agreement
entered into with NHBRC. The total payment
of R 1, 065. 607 that was paid to ICM,
instead of paying the total value of R749 696
that was agreed upon, it was for another
contract that was entered into with the
organization for R 315, 911.
Medium
Term
Resolved
Signing of the SBD9 form is implemented.
Every supplier is required to complete and
sign the SBD 9 form.
In terms of treasury regulations 8.2, the total payments made
under the contract/ quotation should not exceed the original
contract / quoted amount.
27.
The certificate of independent bid determination (SBD 9)
was not completed and signed by the winning supplier.
National Treasury Practice Note dated 21 July 2010 and
Treasury Regulation 16A9 requires the winning supplier to
complete and sign the certificate of independent bid
determination on the SBD 9 form. This information furnished by
the bidder should be used to ensure that when goods and
services are being procured or disposed of, all reasonable steps
are taken to combat the abuse of the supply chain management
system.
Management did not believe it to necessary to obtain certificate
if they did go out on tender and contract was entered into before
practice note came into effect.
19
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
28.
Construction Projects not registered on the CIDB database.
Immediate
Resolved
Management disagrees as this was a
partitioning exercise.
In terms of the Construction Industry Development Board (CIDB)
regulation 24, an invitation to tender or calls of expression (in the
case of a two stage building process) should be advertised in
the CIDB website.
Bogart Building and Construction CC was awarded a contract
without the contract being registered on the CIDB database.
20
This was a once off project.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
29.
Employees’ declaration of interest not in line with NHBRC
policy.
Immediate
Resolved
SCM practitioners have completed their
declaration of interest forms.
30.
No reference made to the list of restricted suppliers and
tender defaulters when adding new suppliers to the
supplier database.
Immediate
Resolved
Tender defaulters are checked by Supply
Chain through a list of tender defaulters as
published by National Treasury. This is
attached to each supplier’s application form.
Through testing performed on additions to the supplier database
it was noted that no reference is made to whether a prospective
supplier are listed on the Restricted supplier database or List of
tender defaulters as published by National Treasury. In terms of
the Treasury Regulations Section 16A9.1(c) the evaluation
criteria for prospective providers should include the disallowance
of providers whose name appears on the National Treasury’s
database as a person prohibited from doing business with the
public sector and in terms of The Prevention and Combating of
Corrupt Activities Act sec 29 the evaluation criteria should
include the disallowance of providers whose name appears on
the National Treasury’s register of tender defaulters.
An additional audit procedure was performed to check on a
sample bases that none of the suppliers were listed on the
restricted supplier data base.
This was an oversight by management.
21
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
31.
Investment disclosure not in compliance with IFRS.
Immediate
Resolved
The investments disclosures have been
reassessed. The annual report 2012/2013
will be in compliance with the IFRS
disclosure requirements.
Short Term
Resolved
The control has been implemented as per
management response. This control has
been implemented to assist with
management reporting. The NHBRC was
behind with invoicing for the EC Department
of Human Settlements, this has been
resolved and the funds have been received.
Per the inspection of the Annual Financial Statements we noted
that the IAS 39 Investments were not in compliance with IFRS 7
disclosure requirements.
32.
No reconciliation of technical services revenue accounts to
technical services expenses.
This is necessary as the revenue recognized in the financial
statements should be directly proportional to the expenses
recognized in the financial statements.
This reconciliation was performed after year end prior to 31 May
submission of financial statements.
Note that the necessary adjustments were processed to correct
the revenue recognized compared expenses that was
recognized in the general ledger. Thus no material misstatement
exists. This was not performed as management did not consider
it necessary at that point in time.
22
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
33.
Trade Receivables outstanding for longer than 30 days
Long Term
Unresolved
Management is in process of clearing the
long outstanding amounts.
Trade debtors relating to government Departments included in
the age analysis that are outstanding for longer than 30 days.
This is contrary to the PFMA regulations as these departmental
debtors had to pay the NHBRC within 30 days.
The accounting authority did not take effective steps to collect all
money due to the NHBRC as required in terms of section 51 (1)
(c) (ii) of the PFMA.
34.
Unidentified and unapplied receipts not cleared.
Our testing of unidentified and unapplied receipts revealed long
outstanding amounts in unidentified and unapplied receipts.
Receipts in the bank account are not identified and captured in a
form and time frame to support financial reporting. This issue
was also reported in the prior year. The unidentified receipts’
balance at year end was R 3 306 994 (R 5 815 003: 2011) and
the unapplied receipts’ balance at year end was R 23 481 286
(R 41 386 698: 2011). Note: comfort has been obtained that all
receipts entered in the system are allocated to accounts or
allocated to unapplied or unidentified cash, Furthermore
additional procedures were performed over the allocation of the
amounts moving out of these accounts.
23
Resolution of finding targeted for 31 March
2013.
Long term
Unresolved
Finance in process of addressing
unidentified and unallocated receipts.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
35.
Unrecorded liabilities identified.
Long term
Resolved
All liabilities are recorded in the period in
which they are incurred. Accruals are raised
at each month end to ensure that the
NHBRC complies with IFRS.
Long term
Unresolved
Busy Addressing the Financial policy and
doing upgrades on the Oracle system.
The total amount for invoices that were tested and not accrued
for were R 4,067,627.
These items were selected through target testing a no
extrapolation was done, but the sample was extended to include
more items from the misstatement identified.
Proper systems to identify all accruals that should be made at
year-end are not in place.
36.
Assets with a zero book value held on the fixed asset
register.
In terms of GRAP 17, paragraph 61, the residual value and the
useful life of an asset shall be reviewed at least at each reporting
date and, if expectations differ from previous estimates, the
change(s) shall be accounted for as a change in an accounting
estimate in accordance with the Standard of GRAP on
Accounting Policies, Changes in Accounting Estimates and
Errors.
This resulted because a rigorous exercise to evaluate the
residual value and useful life of all assets was not performed at
year-end.
The current value of fixed assets does not represent the
economic benefit of the assets as they are still in use.
24
Upgrades may be completed by 31 March
2013.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
37.
Unexplained difference on bank reconciliation.
Immediate
Resolved
Bank reconciliations differences are
attached with supporting documentation by
the Financial Accountant.
Immediate
Resolved
Bank reconciliations are prepared by the
Accounts Clerk and reviewed by the
Financial Accountant on a monthly basis.
Immediate
Resolved
The petty cash reconciliation is prepared by
the Accounts Clerk and reviewed by the
Financial Accountant on a monthly basis. A
bank column was added to the petty cash
reconciliation to agree to the amount as per
bank statement to the petty cash control
general ledger.
As per inspection of the bank reconciliations for December 2011
for the Main bank account of the entity (account number
62081366520), there was an unexplained difference between
the balance as per bank statement, and the balance as per
general ledger amounting to R27, 235.76 (December 2011).
The finding was a result of taken balance errors from JD
Edwards.
38.
Bank reconciliation not prepared on a timely basis.
It was noted that the Trust bank account bank reconciliation as
at 31 October was only prepared and reviewed on 8 December
2011.
This was a result of management oversight.
39.
Ineffective preparation and review of petty cash
reconciliations.
It was noted during inspection of bank confirmations that the
amount as per the bank confirmation for the petty cash
accounts, does not agree to the amount as per the general
ledger. Upon further investigation, it was noted that no petty
cash reconciliation is prepared to reconcile the physical petty
cash bank account, and the general ledger account.
25
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
40.
Authorized signatories includes employees no longer
employed by the NHBRC
Immediate
Resolved
With reference to the bank, the signing
arrangements have been updated with the
bank for change of signatories in Free State
and Gauteng. All documents for the Petty
Cash Account and Council-Trust Account
are signed by two signatories, the Acting
CEO, Chief Financial Officer and a list of
authorised signing officers. Petty Cash
Account has been updated.
It was noted through inspection of the bank confirmations
received that the signatories listed on the bank confirmation are
no longer employed by the NHBRC.
We inspected the change mandate form sent to the bank on the
11th of May 2012, and noted that change of signatories had
been requested for the Main Account and Trust Account.
However, no change of signatories had been requested for the
Gauteng and Free State Petty Cash Accounts.
Furthermore, the following signatories were identified in the prior
year as signatories which were not valid and not belonging to
current employees, but still appeared on the bank confirmation
as authorized signatories:
Management relied on the bank updating their request for
signatory changes, with the exception of LD Less and S.
Mashinini.
26
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
41.
Allowance for doubtful debts policy not in line with IFRS.
Immediate
Resolved
In terms of IAS 39 paragraph 64 and entity should assess
whether objective evidence of impairment exists individually for
financial assets that are individually significant and for financial
assets that are not individually significant. If an entity determines
that no objective evidence of impairment exists for an individually
assessed financial asset, whether significant or not, it includes
the asset in a group of financial assets with similar credit risk
characteristics and collectively assesses them for impairment.
It was noted that management provided for all invoices older
than 120 days at year end. This is not in line with the
requirements of IAS 39 as debtors were not assessed for
impairment on an individual basis. Furthermore there debtors’
policy does not make reference to what is required by the
standard. Note that the provision has not been misstated as a
result of the above.
Management never considered the impact IAS 39, due to fact
that they consider government of be one debtor with one risk
profile.
27
COMMENT
Resolved:
The Allowance for doubtful debt procedure
has been updated to be in line with IFRS
and the requirements of IAS 39.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
42.
Reconciliations of accounts receivable control account to
age analysis were neither prepared nor reviewed on time.
Immediate
Resolved
Reconciliations for accounts receivable
account age analysis to General Ledger are
prepared by Accounts Clerk and reviewed
by the Financial Manager.
43.
Bad debts written off, policy not followed
We noted that management did not follow the procedures as per
the Financial Policy and Procedures document; Procedure 9.4.2.
which states that the “Executive Director: Finance must
recommend to the Chief Executive Officer overdue accounts that
cannot be collected and recommend writing off...” Bad debts
written off of R1, 101,783 were with regards to the dispute
between the Mpumalanga Department of Human Settlements
and the NHBRC over a quantum that had to be used for a
project enrolment.
These invoices where incorrectly raised. As per our inspection of
the correspondence (email) between Thobeka Khubisa (DoHS:
Mpumalanga) and Tamlyn Bouwer and Mabel Afrika (both
NHBRC) on 24 November 2011.
Immediate
Resolved
This was a once off incident in the prior year,
and this has not happened in the current
financial year.
However, this particular write off did not follow the policy per the
Financial Policy and Procedures.
28
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
44.
No Fraud prevention plan in place that includes specific
measures for preventing and detecting fraud in the
procurement process.
Immediate
Resolved
Fraud prevention plan has been approved
on 18 July 2012 at Executive Committee
meeting.
Immediate
Resolved
Gift register template was circulated to all
staff in December 2012.
Through enquiry a Fraud Prevention Plan could not be found
The plan would include specific measures for preventing and
detecting fraud in the procurement process.
This was as a result of oversight by management.
45.
No gift register could be located where employees can
declare a gift or award received.
In terms of the “Gifts to NHBRC Employees Policy” all gifts
should be declared and registered in the Gift Register which can
be found at the Human Resources department. Through enquiry
from employees in Human Resources the gift register could not
be located.
29
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
46.
Names of successful bidders not published on NHBRC
website or Tender Bulletin.
Immediate
Resolved
The new tenders published currently are:
Revision of Home Building Manual and
Forensic Engineering Services. The tenders
were published on the government bulletin
and Sunday Times newspaper; however they
were not advertised on the NHBRC website.
In terms of Instruction Note 32 the details of the winning bidder,
contract number and description, preference claimed and
contract price should be published in the government tender
bulletin or website of the auditee.
The names of the successful bidders for the following awards
were not published on the tender bulletin or the NHBRC website:
•
•
Tenders to be published on the NHBRC
website by next tender advert.
Hydrotek - KZN Water Tanks
Motswako Office Solutions
This matter arose due to the NHBRC’s website being under
construction.
47.
Test suppliers included in the supplier listing.
Test suppliers included in supplier’s listing. During our
procurement testing of conflicts of interest, we noted a supplier
by the name of "TEST" that was included in the listing.
Controls should be established to mitigate the creation and
maintenance of supplier details on the system. No test journal
entries should be processed on a live system
30
Immediate
Resolved
Test suppliers are deactivated; therefore
transactions cannot be conducted under
their names.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
48.
Rental expenses not appropriately classified
Immediate
Resolved
Rental expenses are appropriately classified
in consolidated management accounts such
as water and electricity, sewage, cleaning
services, insurance, etc.
Immediate
Resolved
The Annual report has been amended in
“other non-cash items” in the Cash Flow
Statement.
Non cash items are no longer reflected in
the notes to the Cash Flow Statement.
It was noted in our testing of leases that the amount posted to
the Rental of premises (4624) account included other expenses
such as water and electricity, sewage, cleaning services,
insurance, etc., which should be posted to separate accounts.
Note that none of the disclosable line items in the financial
statements have been misstated thus matter is considered to be
administrative of nature.
49.
Other non-cash items on the cash flow statement are not
supported by any documents.
It was noted that the “Other non-cash items” amounting to R
3,324,183 disclosed in the notes to the Cash Flow Statement do
not have any supporting documents. This balance was included
in the notes to the cash flow statement as a balancing figure.
31
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
50.
Incorrect capitalization of additional costs associated with
assets.
Immediate
Resolved
The finding will never occur in future.
NHBRC is presently not charging VAT and
not paying VAT. Capex and Opex expenses
are acquired VAT inclusive. Total 163,483
Immediate
Resolved
The assets have depreciated on Oracle
financials system by the Accounts
Administrator. The Oracle financial system
indicates the useful life of the asset, original
cost, accumulated depreciation, net book
value, depreciation amount and remaining
useful life of the asset.
It was noted that the cost of four air conditioners were incorrectly
reflected in the fixed asset register due to the incorrect
capitalization of costs to each asset. The total value of the
invoice was agreed to the total value of the sum of all four air
conditioners capitalised, however the costs to bring the asset
into a condition ready for use to relative component were
incorrectly split.
Note that the overall value as per the fixed asset register is not
misstated, only a misallocation per individual assets exist. This
does not result in a material misstatement in the financial
statements.
51.
Assets that are ready for use not depreciated.
It was noted that the following assets are ready for use but are
not depreciated on the system. However this is not material.
32
Asset number
Date
purchased
Amount (
R)
Total
Depreciation
(R)
17714-CBT205
FLEX
14-Jan-10
205,974
34,329
17715-CHT4106
STA
14-Jan-10
460,108
76,685
17793-YAW4206
MTS
25-Mar-10
314,815
52,469
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
52.
Non-compliance to EFT payment controls.
Immediate
Resolved
The payment batch is signed by the preparer
and has signatory A and Signatory B being
the Financial Accountant and Management
Accountant before a payment is released.
Immediate
Resolved
FNB new access requisition form has been
designed for new user access requests to
the EFT application.
There was non-compliance with controls designed by
management to adequately mitigate key financial risks. As a
result, the following were not implemented:
At the time of the audit, the following EFT payment controls were
not complied with:

One payment batch had not been signed by the preparer;

One payment document within a payment batch had not
been signed by releaser 1, but was

signed by releaser two; and

Ten occurrences existed were supporting documentation
had not been cancelled.
The non-compliance to EFT payment controls could result in
erroneous and unauthorized payments.
53.
Inadequate controls exist to manage the process regarding
new user access to the EFT application.
Management had not formally designed user access controls
(policies, procedures, guidelines) to mitigate the risk of
unauthorized access to the network and information systems.
Informal controls were in place, but were inadequate. As a
result, the following key financial risks were noted:
It was noted at the time of the audit, that no formal process had
been implemented to control the new user access requests to
the EFT application.
The informal new user access process to the EFT application
could result in unauthorized user gaining access to the EFT
application.
33
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
54.
Inadequate controls exist relating to the periodic review of
activity logs on the EFT Application.
Long Term
Unresolved
User Access policy and procedures are
currently in draft.
Management had not formally designed user access controls
(policies, procedures, guidelines) to mitigate the risk of
unauthorized access to the network and information systems.
Informal controls were in place, but were inadequate. As a
result, the following key financial risks were noted:
It was noted that no formal periodic review of user activities on
the EFT application is currently performed.
34
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
55.
Inadequate controls exist relating to the password
parameters on the EFT application.
There was non-compliance with controls designed by
management to adequately mitigate key financial risks. As a
result, the following were not implemented:
It was noted that no expiry is set for general users' accounts on
the EFT application. The EFT application provides the
functionality to enforce password expiration after 30 days, it was
noted that this functionality is not enabled. Furthermore, it was
noted that the log of unsuccessful login attempts is not
periodically reviewed.
No password expiration and no formal periodic review of
unsuccessful login attempts on the EFT application may result in
unauthorized users gaining access to the EFT application.
Short Term
Resolved
There was a request to FNB bank on
availability and functionality of password
expiration. Management site profile has
been sent to the Financial Accountant that
can be changed on site profile of a password
expiry. After 30 days, password expires; the
user will be reminded to change the
password and FNB will lock the user out of
the system for failure to change password.
56.
Inadequate design and non-compliance regarding user
access controls for the Linux operating system
environment.
Short Term
Partially
Resolved
A procedure manual has been developed to
address this finding.
IT management had inadequately designed user access controls
(policies, procedures, guidelines) to mitigate the risk of
authorized access to the network and information systems.
Informal controls were in place, but were inadequate. There was
also non-compliance with controls designed by IT management
to adequately mitigate key user access risks.
35
The manual will be submitted to the policy
task team in the beginning of 2013 for
review.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
57.
Inadequate design of user access controls defined for the
Oracle database environment.
Short Term
Partially
Resolved
A procedure manual has been developed to
address this finding.
IT management had inadequately designed user access controls
(policies, procedures, guidelines) to mitigate the risk of
unauthorised access to the network and information systems.
Informal controls were in place, but were inadequate.
If the controls for the user access control processes are
inadequate, users might obtain access to system functions
without proper approval, which might lead to employees having
rights not related to their job descriptions.
58.
Inadequate design and non-compliance regarding user
access controls for the Oracle E-Business Suite application
environment.
IT management had inadequately designed user access controls
(policies, procedures, guidelines) to mitigate the risk of
unauthorised access to the network and information systems.
Informal controls were in place, but were inadequate. There was
also noncompliance with controls designed by IT management
to adequately mitigate key user access risks.
If the controls for the user access control processes are
inadequate, users might obtain access to system functions
without proper approval, which might lead to employees having
rights not related to their job descriptions.
36
The manual will be submitted to the policy
task team in the beginning of 2013 for
review..
Short Term
Partially
Resolved
A procedure manual has been developed to
address this finding.
The manual will be submitted to the policy
task team in the beginning of 2013 for
review.
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
59.
Lack of design regarding user access creation and removal
controls on the Oracle E-Business Suite and Siebel
applications.
Short Term
Partially
Resolved
The external users have been removed.
User access forms are already in use.
The long term solution will be to delete the
user however the user is currently linked to a
number of concurrents that would adversely
affect functionality if the user were to be
deleted.
IT management had not formally designed user access controls
(policies, procedures, guidelines) to mitigate the risk of
unauthorized access to the network and information systems.
Informal controls were in place, but were inadequate. On the
Siebel and Oracle E-Business Suite application it was noted that
the user account management processes such as new-user
registrations, terminations of access, regular reviewing of
access rights and changes to user profiles were not formalized.
There is an increased risk is of unauthorized users gaining
access to the Oracle E-Business Suite and the Siebel
applications without going through the formal new users’
approval process. Furthermore, there is an increased risk of
unauthorized access to the environment as user IDs belonging
to users who left the organization or department can be targeted
for malicious use by users with a reduced risk of discovery.
37
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
60.
Inadequate IT security controls designed for the Linux
operating system environment.
Short Term
Partially
Resolved
Root logs are now abled but have not been
reviewed. Review frequencies and
responsibilities still to be assigned.
A procedure manual has been developed to
address this finding. The manual is in draft
and will be submitted to the Policy Task
Team for review.
FTP (File Transfer Protocol) has been
disabled, only using SFTP (Secure File
Transfer Protocol).
Short Term
Partially
Resolved
Review frequencies and responsibilities still
to be assigned.
A procedure manual has been developed to
address this finding.
IT management had not formally designed security management
controls (policies, procedures, guidelines) to mitigate the risk of
unauthorised access to the network and information systems.
Informal controls were in place, but were inadequate. As a result
the following key financial risks were not addressed:
•
The privilege account “root” usage has not been logged
and therefore no auditing has been enabled.
•
No independent formal review of audit logs is being
performed on a periodic basis. Data transfer is in clear text
(unsecure protocol running is “FTP”). .
61.
Inadequate IT security controls designed for the Oracle EBusiness Suite application environment.
IT management had inadequately designed security
management controls (policies, procedures, guidelines) to
mitigate the risk of unauthorised access to the network and
information systems. Informal controls were in place, but were
inadequate. Therefore, no
Independent formal review of audit logs, generated from the
Oracle E-Business Suite application environment, is being
performed on a periodic basis. Without adequate security
controls, unauthorised access to the organisation’s network and
possibly IT systems can be gained, which could result in data
integrity being compromised.
38
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
62.
Inadequate IT security controls designed for the Oracle
database environment.
Short Term
Partially
Resolved
Encryption has been investigated and
management has decided that it is not
required in our environment.
Release 11.1.0.7.0 is still supported by
Oracle and patches are loaded based on
Oracle recommendations, therefore an
upgrade is not necessary.
A procedure manual has been developed to
address this finding. The manual is in draft
and will be submitted to the Policy Task
Team for review.
IT management had not formally designed security management
controls (policies, procedures, guidelines) to mitigate the risk of
unauthorised access to the network and information systems.
Informal controls were in place, but were inadequate. As a result
the following key financial risks were not addressed:
•
Encryption has not been configured.
•
Connection strings, which provide privileged access to the
Oracle database without the need of a password, were
active.
•
The current Oracle security patch loaded (Release
11.1.0.7.0) on the database server is outdated.
Parameters (listener) have been inappropriately
configured. An unprotected listener could lead to the
shutdown of the listener, denial-of-service and the
database being compromised.
39
A-G ACTION PLAN…CONTINUED
NO
FINDING
TIMEFRAME
PROGRESS
STATUS
COMMENT
63.
Non-compliance to change management controls designed.
Short Term
Unresolved
Procedure will be enforced.
There was non-compliance with controls designed by IT
management to adequately mitigate key financial risks. As a
result, the following were not implemented:

Six out of the 30 change management request forms
selected for testing, could not be provided.

No version control is used to control the migration of
source code from development to production.
There is an increased risk of unauthorised or erroneous changes
being made to the Oracle E-Business Suite and Siebel
application. Furthermore, these unauthorised changes may have
a negative impact on the transaction processing environments.
40
Irregular Expenditure
WASTEFUL EXPENDITURE
Condoned by Council
Nature
Interest paid to suppliers
2012
Responsible
Amount
Division
Manager
575 Finance
Action
Taken
Responsible
Division
Manager
Action
Taken
2013
Completion
Effect on the
Date
Current financial year
N/A
IRREGULAR EXPENDITURE
Condoned By Council
Nature
Rebahale Consulting (Pty) Ltd
Amount
5 411 627
Audit
Chief Audit
Executicve
Contract
Terminated
Council appointed a task team to review the appointment of Rebahale Consulting (Pty) Ltd,
and a quality assurance review was performed by the Institute of Internal Auditors on the
work done by Rebahale Consulting (Pty) Limited. The reports from the Institute of Internal
Auditors and the Task team were presented to Council and the Service Level Agreement with
Rebahale was terminated. The appointment of Rebahale was considered irregular due to a
conflict of interest during tender evaluation.
41
Completion
Effect on the
Date
Current financial year
A Provision for R 1.8
million raised as well as
a contigent liability of
Arbitratration R 20 million
Irregular Expenditure
Condoned By Council
Nature
Non Subsidy Inspectorate
appointments
2012
Amount
47 732 066
2013
Responsinle
Division
Manager
CEO
CEO
Action
Taken
Council
Resolution
Completion
Effect on the
Date
Current financial year
Expenditure will be
reported in the current
31 May 2013 financial year
(Dec R 24 million)
Inspectorate Tender was advertised for a period of one year, on award of the tender the
contracts were extended to a period of three years. This was in contravention of the SCM
policy.
Hydrotek International
Executive
17 273 848 Technical Manager
Expenditure will be
reported in the current
None taken 31 March 2013 financial year
The period for the advertising of this tender did not comply with the Treasury Regulations,
which require a period of 21 days. Subsequent tenders have been advertised in line with the
Treasury Regulations.
42
(Dec R 3.4 million)
Irregular Expenditure
Not Condoned by Council
Nature
Ms V Somiah
2012
Amount
1 300 000
Responsible
Division
Manager
CEO
CEO
2013
Action
Completion
Effect on the
Taken
Date
Current financial year
Empoyment
contract
terminated
Complete None
The appointment of Ms Somiah was irregular, the appointment was not within the Delegated
Authority of the CEO.
Rectification and Forensics
appointments
129 586 693 Technical
CEO
CEO
Dismissed
The appointment of the Forensics companies contravened the procurement policy, the
appointments were above the delegated Authority of the CEO.
43
Expenditure will be
reported in the current
31 May 2012 financial year
(Dec R 112 million)
THANK YOU
Download