Management improvement plan related
to the 2006/07 audit
Purpose:
To develop
controls and actions to address all the issues raised in the audits performed
in the Department related to the 2006/07 financial year and to monitor the
implementation thereof on a regular basis.
Background:
The Auditor
General conducted an interim audit early in 2007. The audit on the 2006/07 Annual Financial
Statements and performance information was also conducted by the Auditor
General. The final management letter was
completed on 2 August 2007 and the audit report finalized on 29 August 2007.
The audit
report also incorporates information from three other audits performed which
includes an Information Systems Audit performed in March 2007, Regularity audit
and audit of Performance information of the PSETA and a performance audit on
government employees related entities transacting with departments.
The
management letter and audit report were presented and discussed in an Audit
Committee meeting held on 29 August 2007.
In this meeting it was agreed that the department would develop a plan
of action to address all issued raised during the audit. The Chief Financial Officer is responsible to
monitor the implementation of the plan and to give feedback to the Executive
Management Committee and the Audit Committee.
Detailed
action plan attached.
Chief
Financial Officer
Date:
Accounting
Officer
Date:
ACTION PLAN ON THE AUDIT QUERIES RAISED IN THE 2006/2007 FINANCIAL YEAR
Audit problem/issue |
AG recommendation |
Department remarks |
Action already taken/to be taken |
Implementation |
|||||
1. Commitments There were inadequate systems and procedures in place to
ensure that all commitments that existed at year-end were identified and
disclosed in the financial statements. The department did not maintain adequate systems or
procedures in respect of its lease commitments to ensure that the lease
commitments disclosed were accurate, complete and valid. The commitment amount disclosed in note 20 of the
financial statements was understated by R19,461,000 as the department did not
identify and consequently included all its commitments at year-end. |
Lease register to be developed and maintained by the
department to monitor and control all leases. A manual asset register for lease equipment should be
instated. |
Recommendations noted and to be implemented henceforth |
Lease register (including location and serial number) has
been established and will be monitored on a monthly basis. Reconciliations of BAS and LOGIS commitments are done on a
quarterly basis report and meetings held regularly. |
Responsible officials: Mendrick Mlondobozi
(SCM) Operational from July 2007 (Finance and SCM) |
|||||
2. Information
systems 2a. The processes followed to create new user accounts and
to amend the rights of existing users were not adequate and had not been
formally documented and approved. 2b. A LOGIS system controller and one other user have
access to incompatible system rights. 2c. There were active system controller and user accounts
that had not been allocated to specific users on BAS. |
Procedures to be approved and amended to include periodic
reviews of access rights to ensure alignment with the rights approved by the
supervisors and identification and deactivation of inactive account on the
system. Level 5 access rights granted to System Controller should
be revoked. Levels of access for ms Ndou should be deleted. User Account Manager procedure should include that
incompatible responsibilities are detected timely. Unallocated active accounts should be deactivated to
reduce the risk of unauthorized access. |
DPSA acknowledged the finding. The department did not agree totally with the finding. All System Controllers on traversal systems have access to
all functions on the system. Department acknowledged that Ms Ndou user rights should be
deleted as she was deployed to the registry component. Access for Ms Ndou on level 4 was for capturing
requisition forms on LOGIS on behalf of other components and level 5 she as
the user clerk for the Supply Chain Management component. DPSA agreed to revoke the mangers user ids, but the
tempsyscon1 was reported to National treasury on 9/5/2007 as the department
has no access to this function. LOG number: 547974 |
The user account management procedure has been reviewed
and documented. Ms Ndou’s access was deleted. The User Account Manager procedure was amended to include
the detection of incompatible responsibilities. The access of managers and BAS application has been
removed. Call has been logged with NT regarding the tempsyscon user
ids. |
Approved policies: BAS:June’07 J LOGIS: July’07 Approved policy: July 2007 Approved policy: July 2007 Follow ups are being done on a regular basis and the department is still waiting for a response from NT. (Finance) Latest follow up was done on 10/10/2007. |
|||||
3. Asset Management 3a. There was inadequate monitoring in place to ensure
that all assets were captured correctly on the asset register and to ensure
that all assets physically on hand were captured on the asset register. |
Asset register to be updated to reflect asset physically
on hand. |
To be done after the planned IT equipment audit as the
items concerned forms part of the server and IT infrastructure. Controls have since been implemented to avoid incorrect
capturing of assets |
IT related items were verified and the asset register was
updated accordingly. The ASD checks and approve all captured asset information |
Completed in August 2007 Responsible official: Completed April 2007 Responsible official: |
|||||
3b. An adjustment of R3,186,000 was effected to the
opening balance of the assets disclosed in the financial statements. The
fixed assets balance in the previous year was overstated by this amount. |
Control measures should be put in place to ensure accuracy
of information captured on LOGIS. |
The department does acknowledge that one delivery of
chairs was captured at an incorrect cost per item. (captured at R79,674
instead of R796.74) |
The ASD checks and approve all captured asset information |
Responsible official: |
|||||
4. RISK ASSESSMENT The department did not have a risk management strategy and
risk management policy in place for the year under review. The department’s
risk committee only met once during the year. The department did not comply with section 38 (1) (a)(i)
of the PFMA which requires the maintenance of an effective and efficient risk
management process. |
Requirements of section 38 (1) (a)(i) of the PFMA should
be implemented. |
The department acknowledged the finding. |
A decision was taken to utilize the Executive Committee as
the Risk Committee. A risk assessment was performed at the executive meeting during
July. A task team to develop actions to minimize risks has been established
and work is in its final stages. A risk management strategy is to be drafted
from the available information and two positions were created for a Risk
component. One of the posts is in the process of being filled. |
Target date: February 2008 |
|||||
5. Material
non-compliance with legislation The department did not implement proper controls to ensure
that all invoices are paid within 30 days of receipt as required by Treasury
Regulation 8.2.3. This was reported on in the previous financial year. |
There must be one central point for all invoices Controls to be put in place to ensure that invoices are
paid within 30 days |
SCM is the entry point for all invoices except for the
PILIR and bursary payments |
DPSA staff and suppliers have been informed of the invoices’ entry point Suppliers are informed of the point of entry when orders
are issued. DPSA staff and management have again being informed of the
importance of point of entry and the 30-day period. Banking details are captured as soon as orders are placed. |
Continuous, effective from April 2007 Responsible official: All staff in the Payments and Supply Chain Management sections and the Responsibility managers. |
|||||
6. Expenses
to the value of R9,396,036 were incorrectly classified between Venues and
facilities, travel and subsistence and consultants |
Controls should be implemented to ensure that expenses are
allocated to the correct accounts. |
DPSA acknowledges the findings, but this was an unique
situation. |
A journal was done to correct the expenditure per item and
the note was amended. |
For future similar events DPSA will ensure the correctness of item allocations. No similar events have taken place in the current financial year. |
|||||
|
|
|
|
|
|||||
|
|
|
|
|
|||||
Suppliers not on database |
IQUAL Electronic database to be updated regularly and
controls to be put in place to ensure that goods and services are procured
from registered service providers |
Database was effectively implemented from 1st
November 2006. Controls have being implemented to avoid recurrence of the
finding |
Service providers not registered on the database of
suppliers are sent application forms immediately |
Continuous since November 2006 Responsible official: Mmatshepo
(SCM) |
|||||
Procurement advices not fully signed |
SPO must sign procurement advises |
The Procurement advice was designed by National Treasury
for departments with regional offices and since DPSA has no other offices
this part is not applicable |
The part where the sub-head quarter office is to sign will
be scratched out and only the SSO and the Head quarter sections will be
signed by the relevant officials |
Recommendation effected from September 2007 Responsible official: Julia Senosha (SCM) |
|||||
Incomplete requisition forms |
Requisition form must be verified for correctness and
completeness by the relevant officials |
SCM ensures that all required fields are completed before
acceptance of a requisition |
Incomplete requisition forms are rejected at the
acquisition sections’ entry point |
Effected from September 2007 Responsible official: Godfrey Masuku (SCM_ |
|||||
Trip authorization sheet not fully completed |
All trip authorizations, fully completed should be signed
by the relevant responsibility manager. Kilometers traveled should be entered into the transport
system Log books, trip authority and trip sheets must be reviewed
by a senior official and that the ELS system must be updated |
Controls would be effected to ensure compliance thereof |
Incomplete Trip authorization sheets are rejected and no
vehicles are issued The transport electronic system is updated timeously |
Effected from July 2007 Responsible official: (Transport) |
|||||
Controls to be put in place to
ensure that invoices are checked for accuracy and agree with supporting
documents |
Recommendations noted and to be
implemented henceforth |
All invoices are attached to
supporting documentation before being processed |
Continuous, effective from April
2007 Responsible official: Finance and SCM staff |
||||||
Inventory |
Sufficient controls to be put in place to ensure that
stock taking is performed accurately |
Recommendations noted and to be implemented henceforth |
Stock count manual prepared detailing the processes and
time frames |
Manual completed by August 2007 Next stock taking will be done in February 2008 Responsible officials: |
|||||
No Disaster Recovery Plan |
Management should develop and implement a DRC |
Finding acknowledged |
Disaster recovery plan to be developed and implemented. |
Before end March 2008 |
|
||||
Evidence of the control mechanism to monitor service level
provided by SITA was not provided for audit |
Management should formally communicate with SITA on a
regular basis |
Meetings were held on a monthly basis since 2005 between
DPSA and SITA managers and continue to take place but in this financial year
(2007/8) the meetings were agreed to take place quarterly. |
Meetings will continue to take place but on a quarterly
basis. Reports will be compiled and submitted to the DDG (corporate
management and the DG). Minutes of the meetings were provided to the AG by Mr. |
Next Meeting January 2008. Last Meetings:27 June 2007 and 03 October 2007. Report will be submitted November 2007 covering the past
quarterly meetings resolutions Responsible person: Tshavhu Mukhodowane and SITA Timeline: Ongoing |
|
||||
Information Security Policy had not been approved |
Management should approve and enforce the information
Security Policy. |
The draft Policy was found to be too complex as developed
by SITA and does not relate to the environment. |
SITA was requested to develop a policy that relates to the
environment |
and SITA (ISS Branch) Responsible Timeline: Jan 2008 |
|
||||
Password protected screen saver not activated |
Automatically disconnect a logon session |
Automated desktop screen locks will be effected |
Automated desktop screen locks were affected in September
2007. |
Implemented and Ongoing |
|
||||
Access logs were not requested from SITA for reviews |
The system controller should obtain and review logs on a
regular basis |
SITA will be request to check the sever logs on a regular
basis. |
Tasked to function within the BA and demands them to
render server administration work and access logs are a function performed by
an average server administrator and forms part of their reporting but SITA to
be chased to know what to document. They do not deploy senior technical staff
that is well experienced in managerial reporting but deploy staff that still
requires a lot of hand held assistance on what to report on. |
the reports. Timeline March 2008 The will not allow for
immediate implementation as a lot of aspects
in the corrected or
addressed first. |
|
||||
Several HR policies implemented in draft form. |
policies should be reviewed and approved if deemed
appropriate by the AO |
Policies have |
Policies were routed to the DG’s office, however LS made
further amendments. Policies to be routed to DG between end of September and
December 2007 |
D:PMD and DD:PM will ensure that all revised HR Policies will be approved between
October 2007 and January 2008. |
|
||||
The performance management policy states that the
Department should conduct performance reviews during Sept. No such review was
conducted for at least two employees. |
Controls should be implemented to ensure compliance with
the Performance Management Policy. |
PMD has monitored submissions and have in the past
followed up with relevant managers and employees. |
Letters of warning will be submitted to the relevant
employee and manager when September reviews are not submitted by end October
of every year |
Letters of warning will be sent out During November to be signed by the DG/Branch head as
required. |
|
||||
Consultant remunerated outside the specific salary post. |
Consultants remunerated outside the level of the specific
post. Possible irregular expenditure may have |
PMD was not aware that the rate paid was not within the
required limit since D:PMD did not sign the contract or invoice payments. |
LS have assisted PMD to draft a The CFO will sign the contract agreement on behalf of the
Dept. |
Will be implemented from 1 November 2007 |
|
||||
Three quotes not obtained to appoint consultants |
Controls should be implemented to ensure that policies and
procedures are adhered to. |
New Standard Operating Procedure (SOP) established where PMD
drafts a submission to obtain approval to appoint a temporary worker SCM use
a database of agencies to obtain quotations from three suppliers. An
Interview is conducted and staff nominated/appointed. |
New Standard Operating Procedure already effective, |
Implemented 1 August 2007 |
|
||||
SP files not presented/available |
SP files should be submitted |
Files requested were submitted. Files often on desk of
staff working with an appointment/transfer/termination. |
Standard Operating Procedure (SOP) to give files requested
immediately or to locate file not in registry and to submit to AG. Registry
Clerks will release files after file is registered. Clerks will follow up and
ensure files released are back in registry on a daily basis. |
Implemented 1 August 2007 |
|
||||
State Guarantee outstanding for more than 7 years –
register not updated |
Management should follow up with financial institutions
regarding the outstanding guarantees that were more than seven years in
existence and to update state guarantee register |
PMD agrees regular review of state guarantee is
inadequate. |
PMD has started to follow-up with relevant financial
institutions and to keep updated info of state guarantees and to follow up
with relevant/affected employee to assist in this regard. Evidence will be
filed on SG file. |
State Guarantee
Register to be instated By 1 November 2007 and followed up in the future a SOP, by ASD: |
|
||||
HR Plan not approved |
Policies should only be implemented once approved and
should be revised to cover all relevant processes |
HR Plan currently being revised/updated to include
establishment changes |
D:PMD will ensure that the HR Plan is amended, discussed
in CM and DBC and then submitted to DG |
1 November 2007 |
|
||||
HR Plan not projected for budget implications |
All risks and projections should be included when drafting
the HR Plan. |
PMD agrees HR Plan not costed. |
The HR Plan will be costed. |
1 Nov 2007. |
|
||||
No register or system in place to keep track of employee’s
files. |
Management should attend to this filing problem as a
matter of urgency to ensure that all documents are properly filed and
safeguarded. |
PMD uses a “pick-card” tracking system to register where
files are when not in registry. |
PMD is working on strengthening the pink card management
and access to files in the personnel/staff registry. Additional capacity is
sourced to control access to files and to register/track files. Registry
Clerks will register, control and track files |
15 September 2007 Registry clerk (PMD) |
|
||||
Leave Register not adequately maintained |
Leave register should be updated and reviewed by the
supervisor |
Each Responsibility Manager in conjunction with the Leave
Clerk in every component is responsible for the safe-keeping and managing of
their leave registers. |
Leave registers will be closely monitored and evaluated by
(ASD:COS, monthly. Additional training will be conducted with leave clerks
& MANCO members awareness campaign. |
Training and awareness to MANCO members October 2007 and via email to all managers |
|
||||
Casual workers
leave entitlement was not provided even though they were employed. |
The
provision of leave entitlement should be adjusted to include casual workers. |
Interns’
leave not captured on PERSAL, have to be done manually. This was an oversight |
Abnormal
appointees’ leave as on 31 March of a year will be audited in April of each
year to enable dept to report leave monetary value annually. |
April 08,
or when required. Paula
Harding (PMD) |
|
||||
|
|
|
|
|
|
||||
Recovery
of debt when employees resign |
Control
measures should be put in place to ensure that payment made through PERSAL is
not duplicated through BAS. PERSAL-BAS reconciliation should be reviewed by
management and items followed up |
Special
care will be taken on these matters in future |
Strict
follow-ups where required/applicable will be done by DD:PM in consultation
with DD:FA |
Ongoing |
|
||||
Recovery of debt upon resignation |
Control measures should be in place to ensure that payment
is made through PERSAL and not BAS |
Finding acknowledged and debt file was open up. |
Debt take on was done and the debtor was informed of the
debt. |
Not applicable |
|
T&S claims |
Person who took the trip should be the one completing the
S&T claim form. |
Due to the nature of DPSA’s activities, managers are not
always available in the offices to sign their claim forms |
Travel policy will be amended to make provision for the
personal assistants to sign T&S claim forms |
Policy to be amended by: Date: 1 December 2007 Responsible person: (Finance) |
|
No register to record credit notes |
Credit note register to be implemented |
Credit notes related to orders are captured on LOGIS. A register will be implemented for sundry
credit notes |
Credit note register to be opened |
Implemented 1 August 2007 |
|
Accidents not recorded in the loss register |
Losses be recorded in the Loss Register |
DPSA did not agree to the findings as the losses have not
yet been invoiced by the GG Garage to DPSA |
The Transport section will introduce an accident register
to report all GG accidents. |
Accident register is in place by the Transport section.
Since 1 August 2007. |
|
VAT charged on travel claims by service providers |
Controls should be implemented to ensure that these types
of errors are detected and corrected timely. |
Debt will be raised and be recovered from the service
provider |
Claim was submitted to the service provider but payment
has been received till date. |
Employees in SCM and |
|
Completeness of accruals |
Controls should be implemented to ensure that all accruals
are disclosed at year-end |
Accrual note was updated and the accrual procedure will be
amended. |
Accrual procedure to be amended. |
The procedure will be amended by 1 December 2007 and
implemented during the compilation of the 2007/08 Annual Financial Statements. |
|