Presentation on theme: "Experiences and common shortfalls on GRAP 17 audits"— Presentation transcript:
1Experiences and common shortfalls on GRAP 17 audits Shelmadene PetzerAuditor-General of South Africa
2Introduction Drivers of internal control Asset management systems Asset registersReconciliation between the General Ledger and the asset registerOwnership of assetsIdentification of infrastructureAssessment of useful lives, residual values and impairmentUse of consultants and valuation expertsDirective 4 transitional provisionsGeneral comments
3Drivers of internal control LeadershipProvide effective leadership based on a culture of honesty, ethical business practices and good governance, protecting and enhancing the best interests of the entityExercise oversight responsibility regarding financial and performance reporting and compliance and related internal controlsImplement effective HR management to ensure that adequate and sufficiently skilled resources are in place and that performance is monitoredEstablish and communicate policies and procedures to enable and support understanding and execution of internal control objectives, processes, and responsibilitiesDevelop and monitor the implementation of action plans to address internal control deficienciesEstablish an IT governance framework that supports and enables the business, delivers value and improves performance
4Drivers of internal control (continued) Financial and performance managementImplement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial and performance reportingImplement controls over daily and monthly processing and reconciling of transactionsPrepare regular, accurate and complete financial and performance reports that are supported and evidenced by reliable informationReview and monitor compliance with applicable laws and regulationsDesign and implement formal controls over IT systems to ensure the reliability of the systems and the availability, accuracy and protection of information
5Drivers of internal control (continued) GovernanceImplement appropriate risk management activities to ensure that regular risk assessments, including consideration of IT risks and fraud prevention, are conducted and that a risk strategy to address the risks is developed and monitoredEnsure that there is an adequately resourced and functioning internal audit unit that identifies internal control deficiencies and recommends corrective action effectively.Ensure that the audit committee promotes accountability and service delivery through evaluating and monitoring responses to risks and providing oversight over the effectiveness of the internal control environment including financial and performance reporting and compliance with laws and regulations
6Asset management systems ChallengesCostly to acquire asset management software that support GRAP compliant information Under-utilisation of functionalities of the asset management system Asset management system not integrated with the financial system Lack of skills and/or capacity to operate and maintain the asset management systemSuggestionsA single asset management system to be implemented by all municipalities Asset management systems to be run by suitably qualified and experienced consultantsMonetary support to enable municipalities to obtain suitable asset management softwareImproved training and support by National and ProvincialTreasuries
7Asset registers Challenges Asset registers are not: mathematically accuratecompleteupdated and maintainedInformation in the asset registers does not facilitate GRAP complianceAsset information in the asset register is not descriptive, making identification of and locating the assets difficultAsset registers are not available for audit on a timely basisAuditing of a GRAP compliant asset register for the first time is time consuming and requires the involvement of senior auditors and/or experts; the audit time between Aug and Nov is insufficient to do this
8Asset registers (continued) SuggestionsRegular (monthly / quarterly) asset counts and monitoringContinuous (at least monthly) update and maintenance of asset registersProper identification (bar-coding) of assetsImplementation of safeguarding controls
9Reconciliation between the General Ledger and the asset register ChallengesInformation in the asset registers does not reconcile to the General LedgerUnidentified / unexplained reconciling itemsSeparate asset management and financial systems – no integrationSuggestionsImplementation of a real time integrated system – costlyMonthly reconciliation of the General Ledger and the asset register and asset management system (as opposed to at the end of the year when required by auditors)Proper monthly reviews by senior officials of reconciliations
10Ownership of assets Challenges Tribal land: ownership of land buildings constructed thereon by municipalitiesUncertainty about ownership of:land in rural areas or where land has not yet been sub-dividedcommunity buildings constructed on municipal landbuildings such as schools and clinics that are incorrectly recognised in the financial statements of a municipality instead of the DPW or Department of Basic EducationTitle deeds:none availablein the name of former regional councilsin the old names of the municipalities prior to name changesin the name of previous municipalities prior to amalgamation or changes in demarcationAn independent audit committee fulfils a vital role in corporate governance. The audit committee is vital to, among other things, ensure the integrity of integrated reporting and internal financial controls and identify and manage financial risks.The audit committee should be an integral component of the risk management processThe responsibility for a company’s risk management function, specifically implementing risk management processes, is that of management.The board should assign oversight of the company’s risk management function to an appropriate board committee (for example a risk committee or the audit committee).The audit committee should satisfy itself that the following areas have been appropriately addressed by itself, failing specific assignment by the board:- financial reporting risks;- internal financial controls;- fraud risk as it relates to financial reporting; and- IT risks as it relates to financial reporting.
11Ownership of assets (continued) Challenges (continued)Valuation roll:impact of ownership issues on the completeness of the valuation roll (and consequently on revenue generation)reconciliation of information in the asset register with the valuation rollUncertainty about ownership of assets due to many changes in powers and functions; sometimes annually and/or with retrospective effect, with insufficient consideration of the practical implementation issuesClarity is needed where functions are shared between:local and district municipalities (e.g. water services)municipalities and departments (e.g. clinics)No guidance or support is available to assist with these mattersThe board should be responsible for the governance of riskThe board should exercise leadership to prevent risk management from becoming a series of activities that are detached from the realities of the company’s business.The board should be able to demonstrate that it has dealt with the governance of risk comprehensively. This should include the development and implementation of a policy and plan for a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, as well as the related internal control, compliance and governance processes within the company.The board should be able to disclose how it has satisfied itself that risk assessments, responses and interventions are effective.The board’s responsibility for risk governance should manifest into a documented risk management policy and plan. Management should develop both the risk management policy and the plan for approval by the board.The board should continually monitor significant risk taken by management, and should satisfy itself that management decisions balance performance with the defined tolerance limits. The board should ensure that it understands the implications of risks taken by management in pursuit of returns, as well as the potential impact of risk-taking on stakeholders.
12Ownership of assets (continued) SuggestionsNT and COGTA should provide detailed guidance per municipality on shared powers and functions and who should account for the related assetsAssistance and guidance from the Department of Rural Development and Land Reform, DPW and NT in order to resolve ownership issues
13Identification of infrastructure ChallengesIndividual infrastructure assets are not identified, but indicated in the asset register as one line “infrastructure assets”, consequently the auditors cannot verify the existence and completeness thereofIdentification of infrastructure assets is a timely and costly processMunicipalities do not have the capacity and expertise to perform the identification of infrastructure assets and need consultants, engineers and other specialists to do soConsultants in many cases do not understanding the full extent of GRAP 17 requirements and either do an incomplete job or it takes very longChanges are made and adjusting journals prepared by the consultants, without the municipality understanding (owning) the detail behind these journalsSupporting documentation and working papers for the asset verification are not properly maintained or not provided by the consultants and are therefore not available to the auditorsManagement should identify and consider different ways that the company can respond to the risks identified during the risk assessment process. These responses opted for should be noted in the risk register. The options for responses should include:avoiding the risk by not starting the activity that creates exposure to the risk;treating, reducing or mitigating the risk, through improvements to the control environment such as the development of contingencies and business continuity plans. Risk treatment may include methods, procedures, applications, managements systems and the use of appropriate resources that reduce the probability or possible severity of the risk;transferring the risk exposure, usually to a third party better able to manage the risk, for example, through insurance or outsourcing;tolerating or accepting the risk, where the level of exposure is as low as reasonably practicable or where there are exceptional circumstances;exploiting the risk, where the risk exposure represents a potential missed or poorly- realised opportunity;terminating the activity that gives rise to the intolerable risk; andintegrating some or all of the risk responses outlined above.
14Identification of infrastructure (continued) SuggestionsBetter cooperation between technical and finance departments to ensure all assets are identifiedMunicipal officials must be closely involved with the work performed by consultantsEarly involvement of the audit team at the start of the processNT to provide a list of approved engineering consultants and other specialists and prescribe what information such consultants must make available for audit purposesKnowledge sharing and assistance by metros and others who have succeeded
15Assessment of useful lives, residual values and impairment ChallengesIt is impractical to assess useful lives, residual values and indicators of impairment at each reporting date:large number of assetsinfrastructure assets, e.g. underground pipescostlyFully depreciated assets still in useChallenges with the distinction between cash-generating and non-cash-generating assets for impairment purposesDifficult to audit municipalities’ assessments of useful lives, residual values and indicators and estimation of impairment; may require the use of an expert by the auditorsSuggestionsNT to provide guidance on simplified methods for assessing useful lives, residual values and indicators and estimation of impairmentthat still comply with GRAPs
16Use of consultants and valuation experts ChallengesExtensive use is made of consultants/ expertsAffordability:contracting of consultants/ experts is expensive and not value for moneymunicipalities sometimes have to settle for consultants/ expertswhich they can afford rather than those that are suitably qualifiedand experienced to perform the required workPoor quality of work; consultants/ experts are contracted to resolve problems, yet the problem still remains after the consultants/ expertshave completed their workThere is a lack of control over the work performed by consultants/ expertsConsultants’/ experts’ supporting documentation and working papersare not made available to the municipalities and auditorsNo skills transfer takes place; making municipalities permanently dependent on consultants/ experts
17Use of consultants and valuation experts (continued) Challenges (continued)Difficult and time consuming to audit the methods, assumptions,data, etc. used by consultants/ expertsContracts with consultants do not protect the interests of the municipality (no penalties or come backs)SuggestionsNT to provide a list of approved consultants/ expertsNT to continually assess the experience and skills of such consultants/ expertsNT to prescribe tariffs that consultants/ experts doing work in the public sector may chargeNT to prescribe what information and supporting documentation consultants/ experts must make available to the municipalities and auditorsStandard contracts to be made available to protect the interests of municipalities
18Directive 4 transitional provisions ChallengesAll assets were recognised at R0, as the transitional provisions allowed assets to be recognised at provisional amountsNo asset management implementation plans to ensure municipalities will achieve the GRAP 17 requirements at end of the transitional provision periodNo disclosure in the financial statements regarding the use of the transitional provisions and the progress towards full GRAP complianceAssets acquired after the effective date of GRAP not recognised in the asset register or recognised at R0Confusion regarding what constitutes “recognition” and what forms part of “measurement”Municipalities have not started with the measurement of assets, but are leaving this to year-3 of the transitional provision periodChanges resulting from full compliance with GRAP to be accounted for retrospectively (cost and effort vs. benefit)
19Directive 4 transitional provisions (continued) SuggestionsMunicipalities to prepare and submit detailed asset management implementation plans to NTProvincial Treasuries to monitor implementation on a monthly basis, supported with quarterly monitoring by National Treasury
20General commentsInconsistencies in interpretation between different municipalitiesConfusion about the status of and manner in which the ASB FAQs should be appliedASB FAQs not taken into consideration by municipalities as they are not considered to have any statusCentralise certain systems and functions at districts or municipalities in locations where skills are readily availableNon-accounting for assets impacts the ability to effectively maintain assets, which in turn impacts on:useful lives, residual values and impairmentlosses (water, electricity, etc.)service delivery
21General comments (continued) In conclusionHow good is the understanding of the standards by the average non technical accountant?Section 89(1)(b) of the PFMAThe Accounting Standards Board must prepare and publish directives and guidelines concerning the Standards of GRAPSection 89(2)(a) & (b) of the PFMAIn setting standards the Board must take into account all relevant factors, including:best accounting practices, both locally and internationallythe capacity of the relevant institutions to comply with the standards
22Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.