Dr Vincent Sazita
According to national treasury (2012), the role of internal audit in relation to controls is to assist the organisation to maintain and continuously improve controls. This is achieved by evaluating the controls’ adequacy, effectiveness and efficiency; advising management and recommending improvements to strengthen controls; and conducting follow-up audits to establish whether management has implemented the audit recommendations (Spencer Pickett, 2010; Coetzee et al., 2014).
The governance process is crucial in the maintenance of financial auditing in regional and local authorities councils. The last element that the definition of internal audit is anchored on is governance. According to Coetzee et al. (2014) in the South African municipal context, governance is a combination of structures and processes put in place by the regional and municipal councils to inform, direct, manage, and monitor the activities of an organisation towards the achievement of its objectives. The failure of large corporations led to the development of corporate governance models across the globe (Spencer-Pickett, 2010). In South Africa, a committee on corporate governance, headed by former High Court judge, Mervyn King, was established to promote an integrated approach to good governance in the interests of a wide range of stakeholders. The first report of the committee that is known as the King 1 Report was issued in 1994. Currently, the report that is in operation is King 3 Report, which was issued in 2009 (Spencer Pickett, 2010). In contrast to the King 1 and 2 Reports, King 3 applies to all entities regardless of the manner and form of incorporation or establishment and whether in the public, private sectors or non-profit sectors.
According to the Institute of Directors in Southern Africa (2009), the King 3 Report covers the following topics: i. Role and function of the board/council: among others, the report outlines that the council should promote ethical culture, and exercise leadership and integrity in directing the organisation. The council/ board should furthermore ensure the integrity of financial reporting and establish independent structures to verify and safeguard the integrity of their financial reporting. ii. Corporate citizenship: leadership, integrity, and responsibility – corporate citizenship refers to an ethical relationship between an organisation and the external stakeholders or environment in which the organisation operates. The organisation should strive to consider the external environment and stakeholders in decision-making to build and promote good relations. This means that the decisions of management and municipal councils should be based on the ethical values that underpin good corporate governance. Examples of ethical values may include responsibility, accountability, fairness, and transparency. It is the responsibility of council to ensure that the organisation acts and is perceived as a responsible corporate citizen. iii. Audit committees – an organisation must establish an independent audit committee, which consists of suitably skilled and experienced members. Among other responsibilities, the audit committee should monitor and report on the integrity and completeness of the organisations’ financial reporting. Furthermore, the committee should conduct an annual review of the design, implementation and effectiveness of the organisation’s system of internal financial controls. iv. Risk management: management remains responsible for the implementation of the risk management process; an organisation may appoint a risk expert to assist management however, such appointment does not renounce management›s responsibility for risk management to such risk experts. It is the responsibility of council to adopt the risk philosophy and plans and to appoint the risk management committee. v. Internal audit: the municipal council should ensure that an independent internal audit function staffed with a competent and independent team is established. The function should conduct risk-based audits and report functionally to the audit committee and administratively to the Accounting Officer.
The National Treasury (2012) again brings us back in the fold as it states that: the internal audit function must evaluate and improve the governance process by i. Promoting suitable ethical behaviour and values; ii. Ensuring effective organizational performance management and accountability; iii. Communicating risk and control information to relevant stakeholders; and, iv. Coordinating the activities of and communicating information among the audit committee, external, internal auditors, and management. The establishment of internal audits at municipalities is legislated by Section 165 of Act No 56 of 2003 (South Africa), which requires each municipality to have an internal audit unit.
Furthermore, the Act (mentioned in the above paragraph) states that the internal audit function of a municipality must carry out the following activities: (a). Prepare and implement a risk-based audit plan and an internal audit program for each financial year; (b). Advise the Accounting Officer and report to the audit committee on the implementation of the internal audit plan and matters relating to i. internal audit; ii. internal controls; iii. accounting procedures and practices; iv. Risk and risk management; v. performance management; vi. loss control; vii. compliance with this Act, the annual Division of Revenue Act and any other applicable legislation.
The National Treasury (2012) further boasts its function as performing any other reasonable and permissible duties as may be assigned to it by the Accounting Officer in consultation with the audit committee. External audit on the other hand is an independent examination of the organisation’s annual financial statements to express an opinion on whether the financial statements have been prepared in accordance with the applicable standards and are a true reflection of the financial position of the organisation (Marx & Lubbe, 2010). Act No. 108 of 1996 recognizes the Auditor-General of South Africa as the supreme audit institution of the Republic; hereafter the term Auditor-General will be used to refer to Auditor-General South Africa unless otherwise specified. Act No. 108 of 1996 compels the Auditor-General to have full legal capacity; to be independent and subjected only to the Constitution and the law, including the Public Audit Act (Act No. 25 of 2004); and to be accountable to the National Assembly. Act No. 108 of 1996 furthermore empowers the Auditor-General to conduct external audits at the municipal level and to report on the accounts, financial statements, and financial management of all municipalities. In conducting the audits, Auditor-General must be impartial and must exercise the powers and perform the audit functions without fear, favour, or prejudice.
This should be clear, especially where the political arm, accounting officers, influential bodies or individuals muscle into mar with impurities; those operations and financial audits of regional and municipal councils.
There is a difference between internal and external audits in this regard. Internal and external auditors have different objectives; are engaged in different activities; possess different qualifications; and are accountable to different parties (Coetzee, et al., 2014). Differences between internal and external audits (Coetzee, et al., 2014) are the following: (i) An internal audit forms part of the municipality and achieves its independence by reporting administratively to the Accounting Officer and functionally to the audit committee on issues relating to risks, controls and governance. (ii) Internal audits focus on assuring the effectiveness of risk, control and governance processes. (iii) The internal audit conducts audits throughout the financial year. (iv) An internal audit forms part of the work of municipal employees. On the other hand, external auditing deals with the following: (i) An external audit is independent of the regional council or municipality and it is accountable to the National Assembly. (ii) External audits focus on issuing an opinion on financial statements. (iii) External audit conducts audits once in a financial year. (iv) An external audit is not part of the regional or municipal council workforce.
Internal audit plans are very essential in the financial auditing of regional and municipal councils. According to the Institute of Internal Auditors (2013), an internal audit must develop an annual risk-based audit plan that responds to changes in the organisation’s risks, operations, programs, systems, and controls. The regional or municipal internal audit is not an exception, National Treasury (2012) states that the Chief Audit Executive should ensure that the risk-based audit plan, supported by management and approved by the Audit Committee, is developed annually.
National Treasury (2012) furthermore highlights the following as issues that should be taken into consideration while developing the risk-based internal audit plan: 1. Internal audit must ensure that the risk assessment was properly carried out and the risk assessment report of the municipality is reliable, accurate and complete. 2. An assessment of the capacity, availability, and skills of internal audit staff must be carried out to identify the team’s strengths and weaknesses. 3. Major changes in the organisation’s risk environment should be identified and considered. 4. Management inputs and consensus on the envisaged audits must be pursued. For a risk-based audit plan to comply with the requirements as set out by the Institute of Internal Auditors (2013), the plan must be based on an assessment of risk and exposures affecting the organisation; prepared in consultation with management and other stakeholders; and approved by the audit committee.
Any material change to the plan must be approved by the Audit Committee (National Treasury, 2012). “The Audit Committee plays a key role in an organisation because it promotes accountability and good governance. Be that as it may, a study on the perceived effectiveness of audit committees in the South African public service found that the audit committees in the public sector are perceived as effective even though there is room for improvement in key areas of oversight over governance, risk management and financial reporting” (van der Nest, 2008).