Audit problem/issue

AG recommendation

Department remarks

Action already taken/to be taken

Implementation

1. Commitments

There were inadequate systems and procedures in place to ensure that all commitments that existed at year-end were identified and disclosed in the financial statements.

The department did not maintain adequate systems or procedures in respect of its lease commitments to ensure that the lease commitments disclosed were accurate, complete and valid.

The commitment amount disclosed in note 20 of the financial statements was understated by R19,461,000 as the department did not identify and consequently included all its commitments at year-end.

Lease register to be developed and maintained by the department to monitor and control all leases.

A manual asset register for lease equipment should be instated.

Recommendations noted and to be implemented henceforth

Lease register (including location and serial number) has been established and will be monitored on a monthly basis.

Reconciliations of BAS and LOGIS commitments are done on a quarterly basis report and meetings held regularly.

Responsible officials:

Mmatshepo Rasebopye and

 Mendrick Mlondobozi (SCM)

Operational from July 2007 (Finance

and SCM)

2. Information systems

2a. The processes followed to create new user accounts and to amend the rights of existing users were not adequate and had not been formally documented and approved.

2b. A LOGIS system controller and one other user have access to incompatible system rights.

2c. There were active system controller and user accounts that had not been allocated to specific users on BAS.

Procedures to be approved and amended to include periodic reviews of access rights to ensure alignment with the rights approved by the supervisors and identification and deactivation of inactive account on the system.

Level 5 access rights granted to System Controller should be revoked. Levels of access for ms Ndou should be deleted.

User Account Manager procedure should include that incompatible responsibilities are detected timely.

Unallocated active accounts should be deactivated to reduce the risk of unauthorized access.

DPSA acknowledged the finding.

The department did not agree totally with the finding.

All System Controllers on traversal systems have access to all functions on the system.

Department acknowledged that Ms Ndou user rights should be deleted as she was deployed to the registry component.

Access for Ms Ndou on level 4 was for capturing requisition forms on LOGIS on behalf of other components and level 5 she as the user clerk for the Supply Chain Management component.

DPSA agreed to revoke the mangers user ids, but the tempsyscon1 was reported to National treasury on 9/5/2007 as the department has no access to this function.

LOG number: 547974

The user account management procedure has been reviewed and documented.

Ms Ndou’s access was deleted.

The User Account Manager procedure was amended to include the detection of incompatible responsibilities.

The access of managers and BAS application has been removed.

Call has been logged with NT regarding the tempsyscon user ids.

Approved policies:

BAS:June’07    J
PERSAL:July’07

LOGIS: July’07

Approved policy: July 2007

Approved policy: July 2007

Follow ups are being done on a regular

basis and the department is still waiting

for a response from NT. (Finance)

Latest follow up was done on 10/10/2007.

3. Asset Management

3a. There was inadequate monitoring in place to ensure that all assets were captured correctly on the asset register and to ensure that all assets physically on hand were captured on the asset register.

Asset register to be updated to reflect asset physically on hand.

To be done after the planned IT equipment audit as the items concerned forms part of the server and IT infrastructure.

Controls have since been implemented to avoid incorrect capturing of assets

IT related items were verified and the asset register was updated accordingly.

The ASD checks and approve all captured asset information

Completed in August 2007

Responsible official: Michael Jackson

Completed April 2007

Responsible official: Michael Jackson

3b. An adjustment of R3,186,000 was effected to the opening balance of the assets disclosed in the financial statements. The fixed assets balance in the previous year was overstated by this amount.

Control measures should be put in place to ensure accuracy of information captured on LOGIS.

The department does acknowledge that one delivery of chairs was captured at an incorrect cost per item. (captured at R79,674 instead of R796.74)

The ASD checks and approve all captured asset information

Responsible official: Michael Jackson

4. RISK

   ASSESSMENT

The department did not have a risk management strategy and risk management policy in place for the year under review. The department’s risk committee only met once during the year.

The department did not comply with section 38 (1) (a)(i) of the PFMA which requires the maintenance of an effective and efficient risk management process.

Requirements of section 38 (1) (a)(i) of the PFMA should be implemented.

The department acknowledged the finding.

A decision was taken to utilize the Executive Committee as the Risk Committee. A risk assessment was performed at the executive meeting during July. A task team to develop actions to minimize risks has been established and work is in its final stages. A risk management strategy is to be drafted from the available information and two positions were created for a Risk component. One of the posts is in the process of being filled.

Target date: February 2008

5. Material non-compliance with legislation

The department did not implement proper controls to ensure that all invoices are paid within 30 days of receipt as required by Treasury Regulation 8.2.3. This was reported on in the previous financial year.

There must be one central point for all invoices

Controls to be put in place to ensure that invoices are paid within 30 days

SCM is the entry point for all invoices except for the PILIR and bursary payments

DPSA staff and suppliers have been  informed of the invoices’ entry point

Suppliers are informed of the point of entry when orders are issued.

DPSA staff and management have again being informed of the importance of point of entry and the 30-day period.

Banking details are captured as soon as orders are placed.

Continuous, effective from April 2007

Responsible official:

All staff in the Payments and Supply Chain

Management sections and the

Responsibility managers.

6. Expenses to the value of R9,396,036 were incorrectly classified between Venues and facilities, travel and subsistence and consultants

Controls should be implemented to ensure that expenses are allocated to the correct accounts.

DPSA acknowledges the findings, but this was an unique situation.

A journal was done to correct the expenditure per item and the note was amended.

For future similar events DPSA will

ensure the correctness of item allocations.

No similar events have taken place in the

current financial year.

Suppliers not on database

IQUAL Electronic database to be updated regularly and controls to be put in place to ensure that goods and services are procured from registered service providers

Database was effectively implemented from 1^st November 2006. Controls have being implemented to avoid recurrence of the finding

Service providers not registered on the database of suppliers are sent application forms immediately

Continuous since November 2006

Responsible official: Mmatshepo (SCM)

Procurement advices not fully signed

SPO must sign procurement advises

The Procurement advice was designed by National Treasury for departments with regional offices and since DPSA has no other offices this part is not applicable

The part where the sub-head quarter office is to sign will be scratched out and only the SSO and the Head quarter sections will be signed by the relevant officials

Recommendation effected

 from September 2007

Responsible official: Julia Senosha

(SCM)

Incomplete requisition forms

Requisition form must be verified for correctness and completeness by the relevant officials

SCM ensures that all required fields are completed before acceptance of a requisition

Incomplete requisition forms are rejected at the acquisition sections’ entry point

Effected from September 2007

Responsible official: Godfrey Masuku

(SCM_

Trip authorization sheet not fully completed

All trip authorizations, fully completed should be signed by the relevant responsibility manager.

Kilometers traveled should be entered into the transport system

Log books, trip authority and trip sheets must be reviewed by a senior official and that the ELS system must be updated

Controls would be effected to ensure compliance thereof

Incomplete Trip authorization sheets are rejected and no vehicles are issued

The transport electronic system is updated timeously

Effected from July 2007

Responsible official:

Jeffrey Skosana

(Transport)

Lack of supporting documents on invoices

Controls to be put in place to ensure that invoices are checked for accuracy and agree with supporting documents

Recommendations noted and to be implemented henceforth

All invoices are attached to supporting documentation before being processed

Continuous, effective from April 2007

Responsible official:

Finance and SCM staff

Inventory

Sufficient controls to be put in place to ensure that stock taking is performed accurately

Recommendations noted and to be implemented henceforth

Stock count manual prepared detailing the processes and time frames

Manual completed by August 2007

Next stock taking will be done in February

2008

Responsible officials:

Mmatshepo Rasebopye  (SCM)

No Disaster Recovery Plan

Management should develop and implement a DRC

Finding acknowledged

Disaster recovery plan to be developed and implemented.

Before end March 2008

Evidence of the control mechanism to monitor service level provided by SITA was not provided for audit

Management should formally communicate with SITA on a regular basis

Meetings were held on a monthly basis since 2005 between DPSA and SITA managers and continue to take place but in this financial year (2007/8) the meetings were agreed to take place quarterly.

Meetings will continue to take place but on a quarterly basis. Reports will be compiled and submitted to the DDG (corporate management and the DG).

Minutes of the meetings were provided to the AG by Mr. Venko Evtimov.

Next Meeting January 2008.

Last Meetings:27 June 2007 and

 03 October 2007.

Report will be submitted November 2007

 covering the past quarterly meetings

 resolutions

Responsible person:

Tshavhu Mukhodowane

and SITA

Timeline: Ongoing

Information Security Policy had not been approved

Management should approve and enforce the information Security Policy.

The draft Policy was found to be too complex as developed by SITA and does not relate to the environment.

SITA was requested to develop a policy that relates to the environment

Tshavhu Mukhodobwane

and SITA (ISS Branch)

Responsible Timeline: Jan 2008

Password protected screen saver not activated

Automatically disconnect a logon session

Automated desktop screen locks will be effected

Automated desktop screen locks were affected in September 2007.

Implemented and Ongoing

Access logs were not requested from SITA for reviews

The system controller should obtain and review logs on a regular basis

SITA will be request to check the sever logs on a regular basis.

Tasked to function within the BA and demands them to render server administration work and access logs are a function performed by an average server administrator and forms part of their reporting but SITA to be chased to know what to document. They do not deploy senior technical staff that is well experienced in managerial reporting but deploy staff that still requires a lot of hand held assistance on what to report on.

Tshavhu Mukhodobwane  will review

 the reports.

Timeline March 2008

The SLA implantation challenges of the past

 will not allow for immediate implementation

 as a lot of aspects in the SLA have to be

 corrected or addressed first.

Several HR policies implemented in draft form.

policies should be reviewed and approved if deemed appropriate by the AO

Policies have been revised and amended.

Policies were routed to the DG’s office, however LS made further amendments. Policies to be routed to DG between end of September and December 2007

D:PMD and DD:PM will ensure that

all revised HR Policies will be

approved between  October 2007

and January 2008.

Brenda Hendricks (PMD)

The performance management policy states that the Department should conduct performance reviews during Sept. No such review was conducted for at least two employees.

Controls should be implemented to ensure compliance with the Performance Management Policy.

PMD has monitored submissions and have in the past followed up with relevant managers and employees.

Letters of warning will be submitted to the relevant employee and manager when September reviews are not submitted by end October of every year

Letters of warning will be sent out

During November to be signed by the

 DG/Branch head as required.

Brenda Hendricks (PMD)

Consultant remunerated outside the specific salary post. Administrator overpaid

Consultants remunerated outside the level of the specific post. Possible irregular expenditure may have been incurred

PMD was not aware that the rate paid was not within the required limit since D:PMD did not sign the contract or invoice payments.

LS have assisted PMD to draft a SLA to be used when engaging an agency to recruit staff. The hourly rate will be stated in the contract and the number of hours that can be claimed. All invoices will be signed off by D:PMD in the future to ensure temporary workers are being paid at the correct levels.

The CFO will sign the contract agreement on behalf of the Dept.

Will be implemented from

 1 November 2007

Brenda Hendricks  (PMD)

Three quotes not obtained to appoint consultants

Controls should be implemented to ensure that policies and procedures are adhered to.

New Standard Operating Procedure (SOP) established where PMD drafts a submission to obtain approval to appoint a temporary worker SCM use a database of agencies to obtain quotations from three suppliers. An Interview is conducted and staff nominated/appointed.

New Standard Operating Procedure already effective,

Implemented 1 August 2007

SP files not presented/available

SP files should be submitted

Files requested were submitted. Files often on desk of staff working with an appointment/transfer/termination.

Standard Operating Procedure (SOP) to give files requested immediately or to locate file not in registry and to submit to AG. Registry Clerks will release files after file is registered. Clerks will follow up and ensure files released are back in registry on a daily basis.

Implemented 1 August 2007

State Guarantee outstanding for more than 7 years – register not updated

Management should follow up with financial institutions regarding the outstanding guarantees that were more than seven years in existence and to update state guarantee register

PMD agrees regular review of state guarantee is inadequate.

PMD has started to follow-up with relevant financial institutions and to keep updated info of state guarantees and to follow up with relevant/affected employee to assist in this regard. Evidence will be filed on SG file.

 State Guarantee Register to be instated

By 1 November 2007 and followed up in

the future a SOP, by ASD: COS in PMD

HR Plan not approved

Policies should only be implemented once approved and should be revised to cover all relevant processes

HR Plan currently being revised/updated to include establishment changes

D:PMD will ensure that the HR Plan is amended, discussed in CM and DBC and then submitted to DG

1 November 2007

Brenda Hendricks (PMD)

HR Plan not projected for budget implications

All risks and projections should be included when drafting the HR Plan.

PMD agrees HR Plan not costed.

The HR Plan will be costed.

1 Nov 2007.

Brenda Hendricks (PMD)

No register or system in place to keep track of employee’s files.

Management should attend to this filing problem as a matter of urgency to ensure that all documents are properly filed and safeguarded.

PMD uses a “pick-card” tracking system to register where files are when not in registry.

PMD is working on strengthening the pink card management and access to files in the personnel/staff registry. Additional capacity is sourced to control access to files and to register/track files. Registry Clerks will register, control and track files

15 September 2007

Registry clerk (PMD)

Leave Register not adequately maintained

Leave register should be updated and reviewed by the supervisor

Each Responsibility Manager in conjunction with the Leave Clerk in every component is responsible for the safe-keeping and managing of their leave registers.

Leave registers will be closely monitored and evaluated by (ASD:COS, monthly. Additional training will be conducted with leave clerks & MANCO members awareness campaign.

Training and awareness to

MANCO members October 2007

and via email to all managers

Brenda Hendricks (PMD)

Casual workers leave entitlement was not provided even though they were employed.

The provision of leave entitlement should be adjusted to include casual workers.

Interns’ leave not captured on PERSAL, have to be done manually. This was an oversight

Abnormal appointees’ leave as on 31 March of a year will be audited in April of each year to enable dept to report leave monetary value annually.

April 08, or when required.

Paula Harding (PMD)

Recovery of debt when employees resign

Control measures should be put in place to ensure that payment made through PERSAL is not duplicated through BAS. PERSAL-BAS reconciliation should be reviewed by management and items followed up

Special care will be taken on these matters in future

Strict follow-ups where required/applicable will be done by DD:PM in consultation with DD:FA

Ongoing

Recovery of debt upon resignation

Control measures should be in place to ensure that payment is made through PERSAL and not BAS

Finding acknowledged and debt file was open up.

Debt take on was done and the debtor was informed of the debt.

Not applicable

T&S claims

Person who took the trip should be the one completing the S&T claim form.

Due to the nature of DPSA’s activities, managers are not always available in the offices to sign their claim forms

Travel policy will be amended to make provision for the personal assistants to sign T&S claim forms

Policy to be amended by:

Date: 1 December 2007

Responsible person: Felicity van Vuuren

(Finance)

No register to record credit notes

Credit note register to be implemented

Credit notes related to orders are captured on LOGIS.  A register will be implemented for sundry credit notes

Credit note register to be opened

Implemented 1 August 2007

Accidents not recorded in the loss register

Losses be recorded in the Loss Register

DPSA did not agree to the findings as the losses have not yet been invoiced by the GG Garage to DPSA

The Transport section will introduce an accident register to report all GG accidents.

Accident register is in place by the Transport section. Since 1 August 2007.

Jeffrey Skosana (Transport)

VAT charged on travel claims by service providers

Controls should be implemented to ensure that these types of errors are detected and corrected timely.

Debt will be raised and be recovered from the service provider

Claim was submitted to the service provider but payment has been received till date.

Employees in SCM and Finance have been made aware of the problem.

Completeness of accruals

Controls should be implemented to ensure that all accruals are disclosed at year-end

Accrual note was updated and the accrual procedure will be amended.

Accrual procedure to be amended.

The procedure will be amended by 1 December 2007 and implemented during the compilation of the 2007/08 Annual Financial Statements.

Felicity van Vuuren (Finance)