ANNEXURE B
In line with the approved Internal Audit Charter, Internal Audit performed both consulting and assurance activities during the period under review.
This section is therefore comprised of the lists audit projects that were conducted by the department during the period April 2002 to March 2003.
FINANCIAL & OPERATIONAL AUDIT SECTION
NO. |
AUDIT PROJECT NAME |
STATUS |
FINALISED AUDIT PROJECTS |
||
PROCUREMENT |
ISSUED
|
|
Overtime Management |
||
Recruitment |
||
Contract Employeees |
||
Fuel Levy |
||
Capital Expenditure Review |
||
Audit Project |
||
Cell Phones Administration |
DRAFT REPORTS |
|
Training & Development |
||
Contract Management |
||
Policies and Procedures |
||
Current Audit Project (March and April 2003) |
||
Cash Management |
CURRENT |
|
Status of Records |
||
Payroll Adiminstration |
||
Review of Staff Manual |
||
Pension Fund |
COMPLIANCE (CLAIMS) AUDITS SECTION
AUDIT PROJECT NAME |
AUDIT ENTITY |
Audit Report Issued |
|
1. Fast-tracking of Suppliers’ Claims Lump-sum Payments to AFCT] |
Head Office - Finance |
2. Yasebetsa Project |
Johannesburg |
3. Dummy Files |
All Regional Offices |
4. Pilot Project - Streamlining of the Claims Environment |
Johannesburg |
Draft Audit Report – |
|
5. Special Branch |
All Regional Offices |
6. Transformation - Appointment of Assessors |
Pretoria |
Durban |
|
Cape Town |
|
7. Finalisation |
Pretoria |
8. |
Durban |
9. Branch Relocation to the CBD |
Pretoria |
10. Opening of the New Regional Office [East London] |
Head Office |
11. Arbitration - Payment of the Forum Fees |
Cape Town |
12. Re-opened Files |
All Regional Offices |
13. Duplicate Claims |
All Regional Offices |
Current Projects (March and April 2003) |
|
14. Mediation & Arbitration – Roll out |
All Regional Offices |
15. Claims Lodgement & Registration |
All Regional Offices |
16. Litigations/Summons |
All Regional Offices |
17. Finalisation |
Cape Town |
18. Finalised Claims |
Pretoria |
19. Finalised Claims |
Johannesburg |
20. Legal Cost |
Johannesburg |
IT AUDIT PROJECTS STATUS
No. |
PROJECT SENIOR |
AUDIT PROJECT |
PROJECT No. |
STATUS |
DATE |
COMMENTS |
1. |
Anneline Claasens |
Unix Database Security |
|
Planning |
|
|
2. |
|
Unix CDAA Feasible Studies |
|
Planning |
|
|
3. |
|
Data Change Management Workflow |
|
Drafting Memo |
|
|
4. |
|
STORED Procedures |
|
Drafting Memo |
|
|
5. |
|
Data Change Control Procedure |
|
Issued to Manager for review |
|
|
6. |
Michiel Jonker |
KPMG |
|
Fieldwork |
|
|
7. |
|
Linking Cobit, BS7799 and Infosec Best Practices |
|
Fieldwork |
|
|
8. |
|
Disposal of ICT Hardware |
|
Memo Issued |
31/10/2002 |
No official client response received |
9. |
|
Logical Access Control Policy |
|
Memo Issued |
06/11/2002 |
No official client response received |
10. |
|
Data Backup Retention Periods |
|
Memo Issued |
06/11/2002 |
No official client response received |
11. |
|
Incident Management |
|
Memo Issued |
22/10/2002 |
No official client response received |
12. |
|
Information Security Policy |
|
Memo Issued |
23/01/2003 |
No official client response received |
13. |
|
Unauthorised ICT Policies on the Intranet |
|
Memo Issued |
19/11/2002 |
No official client response received |
14. |
Themba Thusi |
Project Luft |
|
Planning |
|
|
15. |
|
Undertakings Analysis |
|
Planning |
|
|
16. |
|
Finance System Implementation |
|
Fieldwork |
|
|
17. |
|
PAYE Audit |
|
Abandoned |
|
|
18. |
|
Review of MIT invoices and price reasonableness |
|
Abandoned |
|
|
19. |
$$$$ |
Claims Payment Analysis |
IOP /13/2002 |
Draft Report Issued |
28/01/2003 |
No official client response received |
20. |
|
HR Systems |
IOP/03/2002 |
Final report Issued |
15/11/2002 |
|
21. |
|
Offer System User Group |
|
Abandoned |
|
|
22. |
|
Payments Cancellation |
IOP/05/2002 |
Final report Issued |
29/07/2002 |
|
23. |
Sindi Mabizela |
Hardware and Software Management |
IOP/02/2003 |
Planning |
|
Awaiting confirmation with Acting CIO to finalise Planning Document |
24. |
|
Third Party Services |
IOP/09/2002 |
Planning |
|
Put on hold to attend to urgent requests |
25. |
$$$$ |
Claims Payments Analysis |
IOP /13/2002 |
Draft Report Issued |
28/01/2003 |
No official client response received |
26. |
|
Programme and Project Management |
IOP/11/2002 |
Draft Report Issued |
03/02/2003 |
No official client response received |
27. |
(* see compliance audit section – report finalized*) |
YA-SEBETSA |
IOP/03/2003 |
Draft Report issued to IA HOD for review |
04/02/2003 |
Awaiting confirmation with Acting CIO to discuss and obtain Management Comments |
28. |
|
Medsys Acquisition and Implementation |
|
Abandoned |
|
Executive Management decided to abandon the acquisition of the system until the appointment of a Medical Executive. |
29. |
|
Re a Soma User Problems |
IOP/11/2002 |
Final Report Issued |
11/11/2002 |
|
30. |
|
Re a Soma Post Implementation |
IOP/11/2002 |
Final Report Issued |
11/11/2002 |
|
31. |
|
IT Security Policy |
|
Memo issued |
11/11/2002 |
|
32. |
|
East London Branch Visit |
IOP12/2002/03 |
Memo issued |
11/11/2002 |
|
33. |
|
MSP Work-session Recommendations |
|
Memo issued |
11/11/2002 |
|
34. |
|
Service Centre Tender Evaluation |
IOP/12/2002 |
Final Report Issued |
11/11/2002 |
|
35. |
|
Post Implementation – Offer System |
|
Final Report Issued |
|
Audit performed and finalized by Refiloe Ramaphakela |
This Internal Audit report seeks to appraise the Chief Executive Officer and the Board on the activities of the department during the quarter January to March 2003. The 1st quarter has been more challenging in that the department was completing a year since it became properly staffed and fully functional. It remains even more of a challenge that the organization still needs to be educated on the value and benefits that this department could add.
The activities are divided per the three units / sections within the department.
The overall objective of all the audit projects are/were to express an opinion on whether key management controls are/were adequate and effective to provide reasonable assurance that the organizations’/ management objectives will be achieved.
1. COMPLIANCE AUDIT SECTION
This section conducts audits which focus on the RAF’s core business; compensation of road accident victims, the Claims Process.
The following are the activities for the first quarter:
1.1 COMPLETED PROJECTS (Draft reports are in the process of being finalized): |
Dummy Files Specific Audit Objectives were as follows:
|
Duplicate Claims Specific Audit Objectives are:
|
Specific Objectives:
|
ICT Pilot Project [Claims Life Cycle] Specific audit Objectives:
|
1.2 CURRENT PROJECTS |
The specific Audit Objectives are:
|
Specific Audit Objectives:
|
Specific Audit Objectives:
|
Specific Objectives
|
Specific Objectives:
|
2. FINANCIAL & OPERATIONAL AUDIT SECTION
This section conducts internal audits focusing on the support functions within the organization.
Activities for the first quarter are as follows:
2.1 COMPLETED PROJECTS – draft reports in the process of being finalized |
The specific audit objectives were to ensure:
|
The Audit Objectives for this project are similar to those of The Recruitment Project. Focus in this respect was on the temporary / contract workers.
|
The overall objective of the audit was to express an opinion on whether the system of internal control over the Fund’s management of fuel levy income is adequate and effective, specifically to establish whether Fuel Levy income is complete and accurate. |
The specific audit objectives are to ensure that:
|
2.2 Current Projects |
The specific audit objective is to express an opinion regarding:
|
The specific audit objectives are to ensure that:
|
|
2.3 Planned Projects |
Audit objective is to obtain reasonable assurance that the internal control procedures are adequate and effective to ensure that the Professional Consultants present the Fund with reasonable fee structures; that there is effective monitoring and evaluation of services rendered to ensure adherence to deliverables.
|
3. COMPUTER AUDIT SECTION
The Audit is focusing on Maintenance contracts, ICT related expenditure with the objective of determining reasonableness of prices in relation to industry norms. This is to ensure that possible abuse is curbed and added value is derived by the organization.
|
Evaluation of control procedures within the environment.
|
Objective to ensure that it is adequate, effective and is in accordance with best practice. |
Ongoing Systems Development Review To ensure that the designed systems will be adequate, effective, value adding and will support the achievement of desired management objectives.
|
4. HIGHLIGHTS AND LOWLIGHTS OF DEPARTMENT
The following are the highlights and the lowlights within the internal audit department for the 1st quarter
Highlights:
Lowlights:
As at date of this report, there are no specific mandates required from the board.
The following recommendations are for consideration by the Board. The same had been raised by Internal Audit during various meetings with the Fund Management as well as raised in various reports issued by the department.
1. CLAIMS LIFE CYCLE
Following the recommendations of the Lesedi Project, the Executive Management took a decision to implement a new claims section, which was based on the principle of "separation of powers". The implementation of the Lesedi recommendations has a significant impact of the Fund’s internal processes regarding the processing of claims. The estimated funding requirements for this project amounts to R 34 million which is a significant capital outlay. According to recent reports, it is planned that the newly developed system will go live in August 2003.
We therefore recommend that the Board should review progress of the Claims life Cycle project with the view of obtaining assurance that the project objectives will be met before going live.
2. DIRECT CLAIMANTS: RISK ANALYSIS
The fund is in a process of establishing a fully functional unit whose objective will be to assist claimants regarding the lodging of claims directly with the Fund, without the assistance of an attorney.
We recommend that a detailed risk analysis should be performed, the results of which should form a basis for a decision to fully implement this function.
3. AFCT ARRANGEMENT
As a result of the arrangement the Fund has/ had with AFCT, it is currently exposed to a possible financial loss of R 47 million.
We recommend that the Board should therefore obtain an opinion and review the legal implications of this arrangement.
4. POLICIES
We recommend that the Board should look at the following policies, which are at different stages of completion, and are required in terms of the Public Finance Management Act and Good Governance.
According to the provisions of the Public Finance Management Act, a formal "Special Delegation of Powers" Framework should be designed and documented. The framework set out in detail the powers and duties delegated to the office of the CEO and Executive Management. Thereafter, the CEO further sub-delegates accordingly. This policy was formulated but remains a draft and requires finalisation.
The Road Accident Fund (RAF) as a public entity is required in terms of Chapter 6, Section 51, of the Public Finance Management Act, to implement and maintain, effective, efficient and transparent systems of financial and risk management and internal control …". The Risk Management Policy still remains a draft pending approval hereof.
The Fund, as a Public Entity listed under Schedule 3a of the PFMA, is required in terms of the Treasury Regulations, to have an Investment Policy. Taking into account the value of the RAF’s investments, it is recommended that this policy be formulated as a matter of urgency.
It is our observation that the budgeting process in the Fund requires improvement. Furthermore, no monthly management reports are produced to encourage Executive Management to take a profound interest in the financial matters of the organization.
5. ORGANIZATIONAL STRUCTURE
It is recommended that the Board reviews the organizational structure at top management level taking into account the current vacancies, some of which are as a result of extended suspensions; as well as that of the Claims Executive, which has remained vacant for more than two years.
The continued vacancies expose the Fund to an increased risk of a poor control environment and therefore the inability of the organization to implement good internal control systems and procedures.