SAPS, CSP, IPID and PSIRA Audit Committees on action plans to address audit findings

Meeting report

South African Police Service (SAPS) on audit findings

Major Gen Leon Rabie, Head: Strategic Menagement, SAPS, reported that the root cause analysis of the audit findings highlighted that there were challenges in relation to the outdated internal controls not being adequately identified, reviewed and updated. The internal control framework was not rationalised, with numerous, conflicting directives. The newly introduced and existing internal controls were not tested practically, were not adequately communicated/explained, not institutionalised by management and members, and not adequately implemented due to members’ ignorance, negligence or malicious non-compliance. It was also noted that senior managers were not directly involved in audits, leaving engagement with the Auditor General (AG) to junior members. The station commanders did not ensure the implementation of internal controls. There was also a challenge of lack of consequence management from commanders.

Maj Gen Rabie said that the action plans that had been implemented to address the AG’s findings had focused on developing individualised project plans, a rationalised internal control framework and an institutionalised internal control framework. There would also be a focus on the application of consequence management and conducting compliance testing of the internal control framework. The senior management would develop project plans to address all identified deficiencies, recommendations and internal control deficiencies by 30 October 2017, and this would be the responsibility delegated to divisional and provincial commanders. All project plans would be signed off by the Acting National Commissioner by 30 November 2017. There would be monitoring of AGSA’s project plans by the National Management Forum, and reporting to the Audit Committee. There would be a benchmark for the adequacy of reviewed internal controls, and the coordination of all internal assurance providers’ testing of prioritised internal controls in the quarterly reports. The correlation of audit findings, particularly repeat and recurring findings with managers’ performance assessments, would be undertaken annually.


Civilian Secretariat of Police (CSP) on audit findings

Mr Alvin Rapea, Secretary of Police: CSP, said that a total of 14 AG recommendations had been implemented, 17 had been partially implemented (in progress), while there were two recommendations that had not been implemented. The AG had indicated that there was still a challenge of material under-spending of the budget, as the Department had materially under-spent the budget on Programme 1 by R2.4 million, Programme 2 by R1.8 million, Programme 3 by R3.6 million and on Programme 4 by R3.4 million. The material under-spending was attributed to the critical vacant funded posts which were not filled for the larger part of the 2016/17 financial year, as most posts had been approved late. The vacant funded posts had since been filled. The critical posts were the Chief Financial Officer (CFO), the Chief Director: Civilian Oversight Monitoring and Evaluation, and the Chief Director: Intersectoral Coordination and Strategic Partnerships.

The AG had also highlighted concerns on material misstatements in the Annual Report regarding  Programme 2 – Intersectoral Coordination and Strategic Partnerships (ICSP) – in respect of their validity and the accuracy of portfolio of evidence. The CSP had promised that the appointment of the Chief Director of the ICSP Unit would ensure that the quarterly performance information was complete, valid and useful. The performance evaluation process for all officials would be scrutinised intensively by 30 December 2017.
Mr Tumelo Nkojoana, CFO, CSP, said that the AG had noted the financial statements submitted for auditing were not been prepared fully in accordance with the prescribed financial reporting framework, as required by the Public Finance Management Act (PFMA). In terms of action plan, the CSP had ensured that staff had been identified and were being trained in preparing the financial statements on a quarterly basis. There were also concerns about payments not being made within 30 days from receipt of invoices, in contravention of Treasury regulations. The root cause of this was the fact that the invoices which were being disputed, were not confirmed by end users within the timeframe. The CSP had implemented an invoice register to allow for more regular follow-ups with line managers on disputed invoices. The AG had raised concern that disciplinary steps had not been taken against some of the officials who had permitted irregular expenditure, as required by the PFMA. The root cause of this was because the investigation process had taken longer than expected due to the complexity of the matter. The recommendations of the final report would be implemented by 31 October 2017.

Private Security Industry Regulatory Authority (PSIRA) on audit outcomes

Mr Manabela Chauke, Director (CEO): PSIRA, said that PSIRA had achieved an unmodified audit opinion, and 85% of the planned targets had been achieved. The code of conduct had been reviewed, and fines from R10 000 to R1 million had been adjusted. There was a strengthening of the relationship between SAPS, the Department of Labour and the Department of Home Affairs. The key controls that had been implemented focused on risk management and a combined assurance model, risk-based audit plans, consequence management, a document management system and the implementation of a workplace skills plan. It was important to highlight that 57% of the action had been resolved, while 43% of the action plan remained unresolved.

To deal with issues affecting revenue management, PSIRA planned to partner with the State Attorney through a memorandum of understanding (MOU) to give it access to their platform for purposes of litigation through PSIRA resources by January 2018. PSIRA was also planning to implement automation and improvement of the debtors’ system, specifically the Enterprise Resource Planning (ERP) system, by April 2019. The interest and penalties to be implemented in the next financial year would be communicated during the 2017/18 annual fees review consultation by April 2018. A project plan had been developed and synchronised to ensure that there was adequate time for quality assurance by oversight structures. Monthly, quarterly and year-end cut off procedures would be intensified to ensure completeness and accuracy of financial information. The implementation of a compliance checklist to enhance compliance to legislation and standards like the PFMA and the PSIRA Act had been done. The financial Management Capability Maturity Model (MCMM) and Risk Maturity Model would be implemented in January 2018, to assess and improve internal controls.
           
There would be capacitating of asset management and financial reporting. PSIRA would empower staff, regional managers on asset processes and procedures to ensure that assets were accurately accounted for by 30 November 2017. The supply chain management (SCM) policy would be reviewed regularly to ensure alignment with National Treasury instructions.

Independent Police Investigative Directorate (IPID) on audit outcomes
 
Mr Robert McBride, Executive Director: IPID, said that the Directorate would report on 30 November 2017 and thereafter on a quarterly basis on the implementation of AGSA’s action plans and the Portfolio Committee’s Budgetary Review and Recommendation Report (BRRR) recommendations. Out of 56 AGSA audit findings, 40 had been implemented and the remaining 16 were in the process of being implemented, which included findings that had more than one action plan. The internal control systems were being strengthened to address gaps that had been identified.

Ms Lindokuhle Ngcongo, CFO: IPID, said that the Committee had recommended that an audit action plan must be developed and implemented by the Directorate as a matter of priority in order to ensure that the Directorate had an unqualified audit opinion in the 2017/18 financial year. Action plans had been developed by programme managers and responsible managers, internal audit was monitoring the implementation of action plans on a monthly basis, and reporting progress to the audit committee and the Portfolio Committee quarterly. The AG had recommended that the vacancies must be filled as a matter of urgency, especially in the investigation and information programme. The appointment of a qualified Chief Financial Officer (CFO) must be prioritised in an effort to ensure stability within the financial services component of the Directorate.  Appropriate consequence management also applied to the general poor performance and dereliction of duty. Currently the vacancy rate was at 7%. All positions were in the process of being filled. The shortlisting session for the vacant CFO post was conducted on 23 October 2017, and interviews were scheduled for 1 and 2 November 2017.
It had also been recommended that the SCM environment must be strengthened and upskilled to ensure that all quotations were awarded to bidders based on preference points allocated and calculated in accordance with the requirements of the Preferential Procurement Policy Framework Act and its regulations. IPID proposed that capacity in SCM would be strengthened to ensure compliance with SCM legislation. An additional four posts had been made available from the beginning of the 2018/19 financial year.
Regarding future funding, all correspondences had been shared with the Portfolio Committee and acknowledgement had been received. A second information note would be submitted to the Minister regarding the IPID in-year pressure and funding relief. In respect of under-performance, costing would be done to establish the performance that could be achieved, based on budget allocations. The annual performance plan would be aligned to envisage performance based on costing and the allocated budget.
The 2016/2017 AG review report for IPID identified a total of 56 audit findings which comprised of compliance and internal control issues. There were systems in place to strengthen internal control systems, and the capacitation of internal governance units/components within the Department. The IPID would also focus on the implementation of AGSA’s recommendations with management action plans. There would be continuous monitoring of strategies identified to improve performance of programmes. IPID remained adamant that financial constraints continued to hamper its ability to implement the IPID Act.
Discussion
The Chairperson asked what was being done by all the entities to deal with the AG’s recommendations, as it was critically important that they were implemented. The Committee welcomed the disciplinary action against 82 employees who had been identified to have done business with the state.  The implementation of the reviewed public service regulations that prohibited public servants from doing business with the state at SAPS was welcomed. Regarding the CSP, the Committee welcomed the filling of critical positions of Chief Financial Officer (CFO), Chief Director: Corporate Services and Director: Information Technology, which were critical in dealing with some of the audit findings.  

Ms M Molebatsi (ANC) asked PSIRA about the progress around the Arcadia building, as this had been a strategic objective to be achieved. PSIRA should brief the Committee on the strategy in place to deal with the problem of poor record-keeping.

Ms D Kohler Barnard (DA) commented that there had been a general decline in many entities in respect of fiscal responsibility, and this was something that should be noted with concern. The AG had “hammered” many entities within the Department, with a particular concern directed at leadership and management. There should be zero fruitless and wasteful expenditure from the Department and its entities. It had also been highlighted that PSIRA had regressed in terms of audit findings, while SAPS had regressed in leadership. It seemed like SAPS was being held to ransom by the Department of Public Works (DPW) regarding the leasing of buildings. There were no clear plans from SAPS and its entities on how to address the AG’s findings. There had been a notable improvement from the CSP, while IPID was regressing on service delivery. It would be important to ask why the DPW was taking about five years to fix dilapidated buildings.

Ms M Mmola (ANC) wanted to know if the station commanders were adequately trained on internal controls. The Committee should be briefed on the issue of asset verification with the State Information Technology Agency (SITA).

Mr Z Mbhele (DA) asked if SAPS had any transversal programmes in place to deal with the disjuncture in different entities. It would be important to also hear if SAPS had any detection mechanism in place to deal with various challenges experienced by entities. The CSP should brief the Committee on the consequence management and sanctions that had been applied in a number of concluded cases. The Committee should note with concern the incorrect allocation of Broad-Based Black Economic Empowerment (B-BBEE) points. Who were those suppliers that were involved in those cases? It was concerning that there was a problem of poor-recording keeping from PSIRA. The AG’s report had shown that the basics within SAPS were not adhered to. What were the remedial actions that would be taken in this regard? It was unclear if there was any capacity in the internal audit unit within SAPS. IPID should elaborate to the Committee on the issue of its assets. It was worrisome that the internal audit unit within SAPS was not doing well on procurement. Was there any capacity problem in that regard? The Committee should be briefed on whether this was caused by bad management. Was there any possible recurrence of this problem?

Mr J Maake (ANC) commented that most of the challenges faced by SAPS and various entities were as a result of changes in standard operational procedures. Why were there such changes? What were the standard operational procedures before the changes? There were reported cases of individuals who had left the SAPS but who still had access to its computers. How was this possible?

Mr P Mhlongo (EFF) said that there had been a huge prioritisation in reskilling people after 1994, and this had been aimed primarily at organisational development. The issues that had been identified by the AG should have been picked up by the various audit committees. The problem that was facing South Africa was corruption, which was rendering of the organs of state useless. There was a high level of backstabbing within these organisations. The fact that the internal controls were not being implemented meant that it was impossible for any organisation to be effective. There was a problem of nepotism that was eroding the capacity of the organs of state. Was South Africa heading towards a lawless state? The issues that had been flagged by the AG were serious and demeaning, and therefore needed to be treated as such. Was there any possible sustainability within these organisations? There was a general problem of the protection of thieves within the organs of state. The main issue was the lack of consequence management. The reality was that people remained in worse conditions because of BEE tenders that were given to cronies and friends.

SAPS response

SAPS responded that the SAPS had had a meeting last year where a lot of concerns had been raised around the performance of the CSP, but the entity had managed to improve on many grounds, including obtaining an unqualified audit opinion. The Department was going do well, focusing on avoiding irregular expenditure by putting mechanisms in place, as well as implementing consequence management.  The IT environment needed to be revamped in order to deal with the protection of data, and also to put in place a data recovery plan in case there was a loss or damage of information.

Lt Gen Stefanus Schutte, Deputy National Commissioner: Asset and Legal Management, SAPS, said there were four audit committee meetings every year, but there were plans to have these meetings on a monthly basis. It was the first time that SAPS got a qualification. This was related to assets and would need to be addressed in cooperation with the DPW and National Treasury. SAPS relied heavily on the internal audit committee. There was a need to deal with the root causes of the audit findings. It was critically important to coordinate the audits. There should be a steering committee that would notify management on the issues that were of particular concern. Certain vacancies still needed to be filled. Irregular expenditure had to be dealt with in accordance with the PFMA. There were constraints in risk management. SAPS was more focused on the AG’s findings, including putting in place internal controls. There were also external controls in place. SAPS was also looking to focus more on the demilitarisation of SAPS.

Lt Gen Schutte said that SAPS still experienced challenges in the leasing of buildings, but it was working in accordance with the Government Immovable Asset Management Act (GIAMA). There were internal controls in place, but they were not effective in identifying the root causes and addressing the main issues.

Maj Gen Rabie said that record keeping within SAPS was regulated, with clear instructions and clear requirements. There was an exercise to train station commanders and management in internal controls and key performance indicators (KPIs).

SAPS said that the monitoring of asset verification was the responsibility of SITA, and SAPS provided only network assets.

Lt Gen Schutte said that SAPS was paying 1.4 million invoices per year, so this was making it difficult to have transversal agreements with other entities. There was a problem of dwindling personnel within SAPS, and this was adding another challenge in terms of operations.

PSIRA response

Ms Lindinkosi Mbonambi, Audit Committee: PSIRA, said that the Committee had reviewed the action plan of the audit committee and the main focus was on the root causes and looking at ways to tackle control deficiencies. The next stage was now to test the action plan in order to ascertain whether it was effective. There had been an engagement to address the issues that had been highlighted by the AG. There were plans to have an interim internal audit committee by January 2018. PSIRA was comfortable with the progress that had been made thus far, but there was still a need to capacitate the risk management unit in order to identify risks and come up with mitigating factors. The contract registers were reviewed on a quarterly basis in order to improve on audit outcomes. PSIRA did not have a problem with irregular expenditure. There was a problem of fruitless and wasteful expenditure, but PSIRA was addressing this problem with a particular focus on recovering the money. There was emphasis on the internal audit committee needing to be as independent as possible.

Mr Chauke said that PSIRA had looked at the root causes of the audit findings in all areas like HR, and had explored ways to strengthen oversight management. Policies were grouped together in order to deal with a number of issues in management. With regard to the building in Arcadia, PSIRA was looking at working with the Treasury, although there was still a challenge in moving from the satellite office. The procurement process for finding a suitable office had been completed. Consequence management was effective and played an important role in addressing misconduct. PSIRA had received no qualification in the unmodified audit opinion. 

Mr Zwile Zulu, Chairperson: Finance Committee, PSIRA, said it would be important to find ways to review policies on annual basis. The AG had raised the problem of policies, and this was one of the areas that PSIRA would be focused on going forward. The regulator had assumed that it was doing well in regard to policies, but the AG had flagged the issue as of particular concern. PSIRA had identified the top 10 risks to be addressed, and strategies were in place to address those risks.

IPID’s response

Mr Ismael Motala, Chairperson: IPID Audit Committee, explained that there were two areas of concern which were related to audits and on-going investigations. There would be performance management and verification of information. 71% of audit findings had been to be attended to and addressed in order to prevent the recurrence of those issues in the next financial year. There was a lack of adequate skills in the internal audit committee, and IPID continued to outsource this function.

Mr McBride said that IPID had received a qualified audit opinion, and this had been because the entity was dealing with the conceptualisation of IPID and the growing responsibility of IPID in terms of case intake. There had also been a significant reduction in funding for IPID, with posts remaining frozen, and this had resulted in insufficient personnel or capacity to do the controls. The qualified audit opinion might also have been due to the fact that IPID had been complacent, as it had been receiving unqualified audit opinions for four years. It had engaged with the SAPS to try to address the issues of funding and the responsibility of IPID. Regarding the question on assets, three laptops had been lost through house breaking and theft, and another was damaged by fire, and those items had a combined cost of R93 000. The audit findings had been due to insufficient capacity and the lack of adequate funding.

CSP’s response

Mr Rapea said that there was a transversal approach in place in order to ensure that there was cooperation. There was a fraud and corruption unit within the CSP which aimed to root out corruption and fraud within the entity. It had a strategy in place to prevent irregular expenditure. There was a human resource (HR) strategy that was being formulated, and identification of the risks involved. The State Information Technology Agency (SITA) was responsible for the CSP’s IT issues, but there was a lack of support being provided. Sanctions were instituted against those individuals who had committed misconduct but the issues involved were minor, like failure to understand a job description. There was a presiding officer in cases that were considered to be serious in nature. The consequence management must go hand-in-hand with investigation. There were cases were BEE certificates were invalid, or a lack of submission of BEE certificates.

The meeting was adjourned.