Experiences and common shortfalls on GRAP 17 audits Shelmadene Petzer Auditor-General of South Africa
Introduction Drivers of internal control Asset management systems Asset registers Reconciliation between the General Ledger and the asset register Ownership of assets Identification of infrastructure Assessment of useful lives, residual values and impairment Use of consultants and valuation experts Directive 4 transitional provisions General comments
Drivers of internal control Leadership Provide effective leadership based on a culture of honesty, ethical business practices and good governance, protecting and enhancing the best interests of the entity Exercise oversight responsibility regarding financial and performance reporting and compliance and related internal controls Implement effective HR management to ensure that adequate and sufficiently skilled resources are in place and that performance is monitored Establish and communicate policies and procedures to enable and support understanding and execution of internal control objectives, processes, and responsibilities Develop and monitor the implementation of action plans to address internal control deficiencies Establish an IT governance framework that supports and enables the business, delivers value and improves performance
Drivers of internal control (continued) Financial and performance management Implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial and performance reporting Implement controls over daily and monthly processing and reconciling of transactions Prepare regular, accurate and complete financial and performance reports that are supported and evidenced by reliable information Review and monitor compliance with applicable laws and regulations Design and implement formal controls over IT systems to ensure the reliability of the systems and the availability, accuracy and protection of information
Drivers of internal control (continued) Governance Implement appropriate risk management activities to ensure that regular risk assessments, including consideration of IT risks and fraud prevention, are conducted and that a risk strategy to address the risks is developed and monitored Ensure that there is an adequately resourced and functioning internal audit unit that identifies internal control deficiencies and recommends corrective action effectively. Ensure that the audit committee promotes accountability and service delivery through evaluating and monitoring responses to risks and providing oversight over the effectiveness of the internal control environment including financial and performance reporting and compliance with laws and regulations
Asset management systems Challenges Costly to acquire asset management software that support GRAP compliant information Under-utilisation of functionalities of the asset management system Asset management system not integrated with the financial system Lack of skills and/or capacity to operate and maintain the asset management system Suggestions A single asset management system to be implemented by all municipalities Asset management systems to be run by suitably qualified and experienced consultants Monetary support to enable municipalities to obtain suitable asset management software Improved training and support by National and Provincial Treasuries
Asset registers Challenges Asset registers are not: mathematically accurate complete updated and maintained Information in the asset registers does not facilitate GRAP compliance Asset information in the asset register is not descriptive, making identification of and locating the assets difficult Asset registers are not available for audit on a timely basis Auditing of a GRAP compliant asset register for the first time is time consuming and requires the involvement of senior auditors and/or experts; the audit time between Aug and Nov is insufficient to do this
Asset registers (continued) Suggestions Regular (monthly / quarterly) asset counts and monitoring Continuous (at least monthly) update and maintenance of asset registers Proper identification (bar-coding) of assets Implementation of safeguarding controls
Reconciliation between the General Ledger and the asset register Challenges Information in the asset registers does not reconcile to the General Ledger Unidentified / unexplained reconciling items Separate asset management and financial systems – no integration Suggestions Implementation of a real time integrated system – costly Monthly reconciliation of the General Ledger and the asset register and asset management system (as opposed to at the end of the year when required by auditors) Proper monthly reviews by senior officials of reconciliations
Ownership of assets Challenges Tribal land: ownership of land buildings constructed thereon by municipalities Uncertainty about ownership of: land in rural areas or where land has not yet been sub-divided community buildings constructed on municipal land buildings such as schools and clinics that are incorrectly recognised in the financial statements of a municipality instead of the DPW or Department of Basic Education Title deeds: none available in the name of former regional councils in the old names of the municipalities prior to name changes in the name of previous municipalities prior to amalgamation or changes in demarcation An independent audit committee fulfils a vital role in corporate governance. The audit committee is vital to, among other things, ensure the integrity of integrated reporting and internal financial controls and identify and manage financial risks. The audit committee should be an integral component of the risk management process The responsibility for a company’s risk management function, specifically implementing risk management processes, is that of management. The board should assign oversight of the company’s risk management function to an appropriate board committee (for example a risk committee or the audit committee). The audit committee should satisfy itself that the following areas have been appropriately addressed by itself, failing specific assignment by the board: - financial reporting risks; - internal financial controls; - fraud risk as it relates to financial reporting; and - IT risks as it relates to financial reporting.
Ownership of assets (continued) Challenges (continued) Valuation roll: impact of ownership issues on the completeness of the valuation roll (and consequently on revenue generation) reconciliation of information in the asset register with the valuation roll Uncertainty about ownership of assets due to many changes in powers and functions; sometimes annually and/or with retrospective effect, with insufficient consideration of the practical implementation issues Clarity is needed where functions are shared between: local and district municipalities (e.g. water services) municipalities and departments (e.g. clinics) No guidance or support is available to assist with these matters The board should be responsible for the governance of risk The board should exercise leadership to prevent risk management from becoming a series of activities that are detached from the realities of the company’s business. The board should be able to demonstrate that it has dealt with the governance of risk comprehensively. This should include the development and implementation of a policy and plan for a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, as well as the related internal control, compliance and governance processes within the company. The board should be able to disclose how it has satisfied itself that risk assessments, responses and interventions are effective. The board’s responsibility for risk governance should manifest into a documented risk management policy and plan. Management should develop both the risk management policy and the plan for approval by the board. The board should continually monitor significant risk taken by management, and should satisfy itself that management decisions balance performance with the defined tolerance limits. The board should ensure that it understands the implications of risks taken by management in pursuit of returns, as well as the potential impact of risk-taking on stakeholders.
Ownership of assets (continued) Suggestions NT and COGTA should provide detailed guidance per municipality on shared powers and functions and who should account for the related assets Assistance and guidance from the Department of Rural Development and Land Reform, DPW and NT in order to resolve ownership issues
Identification of infrastructure Challenges Individual infrastructure assets are not identified, but indicated in the asset register as one line “infrastructure assets”, consequently the auditors cannot verify the existence and completeness thereof Identification of infrastructure assets is a timely and costly process Municipalities do not have the capacity and expertise to perform the identification of infrastructure assets and need consultants, engineers and other specialists to do so Consultants in many cases do not understanding the full extent of GRAP 17 requirements and either do an incomplete job or it takes very long Changes are made and adjusting journals prepared by the consultants, without the municipality understanding (owning) the detail behind these journals Supporting documentation and working papers for the asset verification are not properly maintained or not provided by the consultants and are therefore not available to the auditors Management should identify and consider different ways that the company can respond to the risks identified during the risk assessment process. These responses opted for should be noted in the risk register. The options for responses should include: avoiding the risk by not starting the activity that creates exposure to the risk; treating, reducing or mitigating the risk, through improvements to the control environment such as the development of contingencies and business continuity plans. Risk treatment may include methods, procedures, applications, managements systems and the use of appropriate resources that reduce the probability or possible severity of the risk; transferring the risk exposure, usually to a third party better able to manage the risk, for example, through insurance or outsourcing; tolerating or accepting the risk, where the level of exposure is as low as reasonably practicable or where there are exceptional circumstances; exploiting the risk, where the risk exposure represents a potential missed or poorly- realised opportunity; terminating the activity that gives rise to the intolerable risk; and integrating some or all of the risk responses outlined above.
Identification of infrastructure (continued) Suggestions Better cooperation between technical and finance departments to ensure all assets are identified Municipal officials must be closely involved with the work performed by consultants Early involvement of the audit team at the start of the process NT to provide a list of approved engineering consultants and other specialists and prescribe what information such consultants must make available for audit purposes Knowledge sharing and assistance by metros and others who have succeeded
Assessment of useful lives, residual values and impairment Challenges It is impractical to assess useful lives, residual values and indicators of impairment at each reporting date: large number of assets infrastructure assets, e.g. underground pipes costly Fully depreciated assets still in use Challenges with the distinction between cash-generating and non-cash-generating assets for impairment purposes Difficult to audit municipalities’ assessments of useful lives, residual values and indicators and estimation of impairment; may require the use of an expert by the auditors Suggestions NT to provide guidance on simplified methods for assessing useful lives, residual values and indicators and estimation of impairment that still comply with GRAPs
Use of consultants and valuation experts Challenges Extensive use is made of consultants/ experts Affordability: contracting of consultants/ experts is expensive and not value for money municipalities sometimes have to settle for consultants/ experts which they can afford rather than those that are suitably qualified and experienced to perform the required work Poor quality of work; consultants/ experts are contracted to resolve problems, yet the problem still remains after the consultants/ experts have completed their work There is a lack of control over the work performed by consultants/ experts Consultants’/ experts’ supporting documentation and working papers are not made available to the municipalities and auditors No skills transfer takes place; making municipalities permanently dependent on consultants/ experts
Use of consultants and valuation experts (continued) Challenges (continued) Difficult and time consuming to audit the methods, assumptions, data, etc. used by consultants/ experts Contracts with consultants do not protect the interests of the municipality (no penalties or come backs) Suggestions NT to provide a list of approved consultants/ experts NT to continually assess the experience and skills of such consultants/ experts NT to prescribe tariffs that consultants/ experts doing work in the public sector may charge NT to prescribe what information and supporting documentation consultants/ experts must make available to the municipalities and auditors Standard contracts to be made available to protect the interests of municipalities
Directive 4 transitional provisions Challenges All assets were recognised at R0, as the transitional provisions allowed assets to be recognised at provisional amounts No asset management implementation plans to ensure municipalities will achieve the GRAP 17 requirements at end of the transitional provision period No disclosure in the financial statements regarding the use of the transitional provisions and the progress towards full GRAP compliance Assets acquired after the effective date of GRAP not recognised in the asset register or recognised at R0 Confusion regarding what constitutes “recognition” and what forms part of “measurement” Municipalities have not started with the measurement of assets, but are leaving this to year-3 of the transitional provision period Changes resulting from full compliance with GRAP to be accounted for retrospectively (cost and effort vs. benefit)
Directive 4 transitional provisions (continued) Suggestions Municipalities to prepare and submit detailed asset management implementation plans to NT Provincial Treasuries to monitor implementation on a monthly basis, supported with quarterly monitoring by National Treasury
General comments Inconsistencies in interpretation between different municipalities Confusion about the status of and manner in which the ASB FAQs should be applied ASB FAQs not taken into consideration by municipalities as they are not considered to have any status Centralise certain systems and functions at districts or municipalities in locations where skills are readily available Non-accounting for assets impacts the ability to effectively maintain assets, which in turn impacts on: useful lives, residual values and impairment losses (water, electricity, etc.) service delivery
General comments (continued) In conclusion How good is the understanding of the standards by the average non technical accountant? Section 89(1)(b) of the PFMA The Accounting Standards Board must prepare and publish directives and guidelines concerning the Standards of GRAP Section 89(2)(a) & (b) of the PFMA In setting standards the Board must take into account all relevant factors, including: best accounting practices, both locally and internationally the capacity of the relevant institutions to comply with the standards
Reputation promise/mission The Auditor-General of South Africa has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.