Audit reports as oversight tool: Office of Auditor-General of South Africa briefing

Meeting report

Breifing by Office of Auditor General SA (AGSA)
The Auditor General’s (AG) Office briefed the Committee on how better to understand the audit outcomes of the Department of Home Affairs (DHA).  The Chairperson pointed out that the briefing was a workshop of sorts.  The briefing was undertaken by Mr Naveen Mooloo, Senior Manager: AGSA.

Mr Mooloo said that the objective of the briefing was to provide Members with the necessary information and guidance on the role of AGSA, to enable them to execute their oversight function effectively.  

The Committee was provided with brief information pertaining to the oversight model and oversight legislation that was in place.  Oversight functions included holding the government to account in terms of how taxpayers’ funds were being spent, and to detect and prevent abuse, arbitrary behaviour or illegal and unconstitutional conduct on the part of government and public agencies.

Oversight entailed three levels of assurances. The first level of assurance was management’s assurance role, and entailed the accounting officer of a department holding officials accountable. The second level was an oversight assurance undertaking, perhaps by National Treasury, scrutinising monthly reports, or it could be the department’s audit committee checking on the progress of action plans. The third level was the independent assurance done by portfolio committees to monitor progress on the implementation of action plans to address deficiencies.

The Committee was provided with a breakdown of legal requirements applicable to both the AG’s Office and departments/entities.
 
Mr Mooloo described the process of a regulatory audit. A public sector audit was different to a private sector audit. It had the same standards, but the public sector audit went further than the private sector audit.  Audits were performed on a sample basis and the audits provided reasonable assurances and not absolute assurances. A regulatory audit audited financial statements and information systems. It was performed on an annual basis. After a regulatory audit had been done, there could be processes that added value. These processes were performance audits and investigations. Regulatory audits focussed on finances, whereas performance audits focussed on performance, to check on whether resources had been procured economically and had been used efficiently and effectively.  An audit of predetermined objectives was part of a regulatory audit and was mandatory. A performance audit was discretionary.

On a regulatory audit, there were five possible audit opinions that could result. The first was a clean audit outcome. The second was an unqualified audit opinion, with findings on compliance and predetermined objectives. The third was a qualified audit opinion. The fourth audit opinion was a disclaimer and the fifth was an adverse audit opinion. The latter two audit opinions were considered the worst.  All government departments should aim to get a clean audit outcome.

Members were provided with a practical example of an audit report, to familiarise themselves with it. The Committee was also provided with an audit opinion history of the DHA.  In the financial years 2008/09 and 2009/10, the DHA had obtained a qualified audit opinion (with/without findings).  However, in financial year 2010/11 things looked good for the DHA and it had obtained an unqualified audit opinion with findings on predetermined objectives and compliance.  Unfortunately in financial years 2011/12 and 2012/13, the DHA had regressed and had once again obtained a qualified audit opinion for both years.

Discussion
The Chairperson said that the briefing had enlightened the Committee on the auditing process and would hopefully enhance its ability to perform its oversight function. He asked whether it was correct that the DHA still did not have a Chief Financial Officer.  He noted that the audit outcomes for the DHA for 2012/2013 looked bad.  There seemed to be a chronic problem with the DHA’s predetermined objectives for 2010/2011 and 2012/2013. The Committee would be discussing the issue with the DHA.

Mr B Nesi (ANC) said that he had gained a better understanding of how audits worked. The issue was about how the bad performance of the DHA on issues highlighted in audits would be addressed.  There had to be someone who could be held accountable in terms of the Public Finance Management Act.  He asked who had the authority to see to it that consequences for certain actions had to be implemented. Persons who were supposed to be held accountable had to be held accountable. The AG’s Office had made recommendations, but there had been no follow ups to hold persons accountable. He asked whether the DHA had an Acting Chief Financial Officer.

Mr Mooloo said that everyone had roles and responsibilities. There were assurance levels, and officials would be held accountable.  The responsibilities of officials were clear. The accounting officer of the department concerned had to take action against officials.  Investigations were carried out and actions taken. Reports were sent to the Department of Public Service and Administration. The Committee could perhaps peruse the reports. The issue was also about whether the problem lay with the process or a person. There were therefore structures in place for reporting and for taking action.

The AG’s Office could not take action but could well make recommendations.
 
The new Chief Financial Officer of the DHA had started on 1 September 2014.

The Chairperson asked how the AG’s Office was intending to prevent the abuse of state resources. How was it to be done? After an audit, there was an audit report and a management report.  Which one should the auditee be concerned with, or should the auditee be concerned about both. Which one assisted the auditee?  He also asked whether the AG’s Office audited the work of the audit committee of the auditee, and whether comments were made.

Mr Mooloo said that if proper procedures were in place, they could act as a deterrent to wrongdoing. Action taken should come from the top of any organisation. Parameters had to be set.   On procurement, for example, a needs analysis needed to be done.
 
He said that it seemed that people were more concerned about an audit report because it was a public document. The management report was more detailed, and hence management would work with it.
The AG’s Office evaluated audit committees in terms of whether they abided by best practices. Compliance legislation, their charters and their constitutions were taken into consideration.

Ms D Raphuti (ANC) asked what measures the AG’s Office was putting in place to prevent bad performance by departments. What could the Committee do to assist?

Mr Mooloo said that oversight committees, like the Portfolio Committee on Home Affairs, could make recommendations on what the DHA needed to do. The Committee could consider what the action plan of the DHA should be. The action plan needed to be Specific, Measurable, Achievable, Relevant and Time-bound (SMART). The actions taken by the DHA had to address concerns.  The Committee had to also check progress on a quarterly basis, to ensure things were on track.  In the past, DHA’s action plans had been late and had not achieved what had been intended. 
Ms T Kenye (ANC) referred to the annual audit process and said she was concerned about the response of the AG’s Office in relation to design and perform procedures to address identified risk. Procedures were performed to obtain evidence that the financial statements and annual performance report did not contain material misstatements and that key legislation was complied with.  She noted that in 2010/11, the DHA had obtained an unqualified audit report but in 2012/13 things had deteriorated to a qualified audit report. The Framework for Managing Programme Performance Information (FMPPI) was there to guide departments to prepare performance information.  What more could be done about the FMPPI indicators?

Mr Mooloo said that when outcomes were looked at, it was checked whether there had been governance. In the area of performance information, the biggest problem was documentation. It was a problem to find documentation. How could things be verified if there was no documentation? The issue was about doing daily reconciliations.

The Chairperson referred to fraud risk investigations, and asked who called for them to happen and on what basis such investigations were called.

Mr Mooloo said that the AG’s Office did consider fraud and risk procedures when it came to risk.  Fraud and risk investigations were done, based on requests.  When the AG’s Office did a regulatory audit and fraud was found, it was reported to the accounting officer or the executive officer of the department concerned. There could be a request that the AG’s Office undertake the investigation, or an external party could be used. The DHA would most probably use its Counter Corruption Unit to do an investigation.
The AG’s Office had a forensic unit that had expertise and they could be used to do risk identification and to set procedures. They could also provide training. There were two types of fraud. The first was misappropriation, which amounted to theft.  The second type was financial misstatements by management.

Ms Raphuti said that 2014 was already halfway through, and asked whether the AG’s Office could not assist now to close gaps at the DHA.

The Chairperson responded that the Committee was awaiting the 2013 audit outcomes from the DHA. The Committee hoped to see an improved situation.

Mr Mooloo said that in connection with the DHA’s 2011/12 and 2012/13 audits, the accounting officer and executive of the DHA had requested the AG’s Office to give them an extension to address the audit findings. The AG’s Office was therefore still trying to close up previous audits. The AG’s Office had met the DHA in July 2014 and had asked to do an interim audit in October 2014.
 
He said that the AG’s Office had experienced problems with the DHA over the past three to four years over the issue of assets. The AG’s Office had requested the DHA to provide its asset register, but it was not forthcoming as yet.  An interim audit was like a “heads up”.  The AG’s Office intended to perform an interim audit on the DHA at the end of October 2014 or at the beginning of November 2014, after it had closed the DHA’s 2013/14 audit.

The Chairperson asked whether the Committee could assume that there was an element of non-cooperation from the DHA. If it was premature to respond to the question, it would be understandable. Was the interim audit obligatory?

Mr Mooloo responded that the DHA was a huge organisation, and it made things a bit easier for the AG’s Office to do an interim audit in terms of workload.  Good entities were often those that had interim audits and had quarterly reports. The AG’s Office did an interim audit of the DHA every year.

The Chairperson thanked Mr Mooloo for the presentation and said that the Committee would perhaps need the AG’s Office’s assistance to link up issues with outcomes when the Committee engaged the DHA on its annual report.

Committee’s draft report on introductory workshop of 29 July 2014
The Chairperson said that the draft report had been with Members for a while now. He placed the report before them for consideration and it was adopted unamended.

Committee Minutes
The Committee’s minutes dated 19 August 2014 and 2 September 2014 were adopted as amended. Necessary spelling, grammatical or formatting changes were made where necessary.

The Committee’s minutes dated 26 August 2014 were adopted unamended.
   
The meeting was adjourned.