ATC241122: Report of the Standing Committee on the Auditor-General on the Integrated Annual Report of the Auditor General of South Africa for the Financial Year 2023/24, dated 22 November 2024

Standing Committee on Auditor General

Report of the Standing Committee on the Auditor-General on the Integrated Annual Report of the Auditor General of South Africa for the Financial Year 2023/24, dated 22 November 2024
 

The Standing Committee on the Auditor-General (SCoAG), having considered the 2023/24 Integrated Annual Report of the Auditor-General of South Africa, reports as follows:

1.         Introduction

1.1       The Auditor-General of South Africa (AGSA) is established in terms of Chapter 9 of the Constitution and is a state institution supporting constitutional democracy. The Constitution guarantees the AGSA’s independence and requires that the institution operates in an impartial manner, and performs its functions without fear, favour or prejudice.

1.2       Section 10(3) of the Public Audit Act No 25 of 2004 (PAA) requires the National Assembly to provide for a mechanism to maintain oversight of the AGSA in terms of section 55(2)(b)(ii) of the Constitution. Accordingly, the Rules of the National Assembly provide for the establishment of the Standing Committee on the Auditor General (SCoAG). SCoAG is charged with assisting and protecting the AGSA for the latter to maintain its independence, impartiality, dignity and effectiveness.

1.3       According to section 10(1) and (2) of the PAA, the AGSA must annually submit the following documents to the National Assembly: a report on their activities and performance; a report on overall control of the administration; and the AGSA’s annual report, financial statements and the audit report on those statements. The AGSA’s 2023/24 Integrated Annual Report was tabled and referred to the SCoAG on 3 October 2024 for consideration and report.

1.4       This committee report comprises six parts:

-           Part A, providing an overview of the AGSA’s strategic objectives

-           Part B, on the AGSA’s 2023/24 non-financial and financial performance information;

-           Part C, on the 2023/24 audit committee report

-           Part D, on the AGSA’s argument for the retention of the surplus;

-           Part E, on the Audit Committee’s motivation for the extension of the external auditor contract;

-           Part F, containing SCoAG’s observations and recommendations.

Part A

2.         Overview of the AGSA Strategy

2.1       #Cultureshift 2030 strategy

2.1.1     The AGSA launched its #cultureshift2030 strategy in 2021/22. Through this strategy, the AGSA aspires to stronger, more direct and consistent impact on the daily lives of ordinary South Africans. To achieve this the AGSA contributes to creating a public sector that is characterised by performance, accountability, transparency and integrity (PATI), to better serve the people of South Africa.

2.1.2     The #cultureshift2030 strategy employs the AGSA’s knowledge of all three spheres of the public service to assist auditees to improve their financial performance, develop organisational cultures conducive to maintaining strong, financial management disciplines and, eventually, improve service delivery performance. The strategy is built around six strategic goals, which are summarised in paragraphs 2.1.3 to 2.1.8 below.

2.1.3     Strategic Goal 1: Shift Public Sector Culture aims to move a critical mass of auditees towards organisational cultures that are predominated by behaviours that reflect consistent performance, accountability, transparency and institutional integrity.

2.1.4     Strategic Goal 2: Insight aims to generate insights that illuminate understanding, drive action and yield results.

2.1.5     Strategic Goal 3: Influence aims to move stakeholders from mere awareness of the AGSA’s messaging to action and advocating for such awareness.

2.1.6     Strategic Goal 4: Enforcement focusses on applying the AGSA’s powers to directly or indirectly recover resources lost to the state and taxpayers and ensuring the application of consequences for wrongdoing.

2.1.7     Strategic Goal 5: Sustainably aims to unlock latent capacity in the AGSA’s existing resource base and lowering the cost and effort with which the institution derives each marginal unit of quality, insight, influence and enforcement.

2.1.8     Strategic Goal 6: Efficiently aims for the acquisition, development and maintenance of the quantity, quality and configuration of resources, and capabilities to achieve and sustain the AGSA’s desired levels of impact.

 

 

Part B

3.         Overview of non-financial performance (Audit)

3.1       Strategic Goal 1: Shift Public Sector Culture

3.1.1     Table 1 below illustrates the AGSA’s performance in respect of this goal.

Targeted Outcome

KPI

Annual Target

YE Status

Favourable assessment of overall performance of the organisation and its delivery of #CultureShift2030 strategy

Assessment of overall performance by the AG

 

Favourable assessment

Achieved

            Table 1: Strategic Goal 1 performance

3.1.2     In the period under review the AGSA completed the Cultureshift Framework and socialised it internally with its audit teams to create alignment on how auditees will be assisted to make the necessary culture shifts.

3.1.3     The Cultureshift Continuum criteria for plotting auditees were finalised, and the scope of the plotting was extended from 422 auditees in the previous financial year, to all auditees in 2023/24. The AGSA took into consideration the following assessment areas: financial management; service delivery; compliance and ethics; and fraud and responsiveness. The results for local, provincial and national auditees revealed the following:

                        -           that 23% of PFMA and 45% of MFMA were doing harm;

                        -           that 40% of PFMA and 43% of MFMA were not doing the basics;

                        -           that 18% of PFMA, and 9% of MFMA auditees were doing the basics;

-           that 10% of PFMA, and 2% of MFMA auditees were doing more than the basics; and

-           that 9% of PFMA, and 1% of MFMA auditees were doing good.

3.1.4     After plotting, the AGSA selected high-impact auditees to assess their performance and whether they were improving in respect of their performance, accountability, transparency and institutional integrity (PATI).

 

 

 

3.2       Strategic Goal 2: Insight

3.2.1     Table 2 below illustrates the AGSA’s performance in respect of Strategic Goal 2. The key insights which will inform the review of planned targets and identify areas needing attention and prioritise outcomes within fiscal constraints, are summarised below.

Targeted Outcome

KPI

Annual Target

YE Status

Illuminate auditee understanding

MYAP with accompanying product vision

Exco-approved and AG endorsed MYAP

 

Achieved

% of signed-off commitment schedules

with executive authority and/or

oversight chairs

Metro Municipalities: 60% - 60.9%

Targeted Value Chains: 40% - 40.9%

Disclaimer Auditees: 100%

Clean audit cluster: 40%

Achieved

Drive Auditee Action

 

Recommendations Tracker

Exco-approved and AG-endorsed

recommendation tracker

Achieved

% completion of planned discretionary

audit work

100% completion of planned

discretionary audit work

Achieved

             Table 2: Strategic Goal 2 Performance

3.2.2     The AGSA finalised a multi-year audit plan (MYAP) aimed at bringing predictability and alignment to the work, and stability to audit teams. Additionally, the MYAP will result in the following benefits to the AGSA’s external stakeholders:

  • ensuring that audits deal with the full spectrum of inter-governmental value chains and performance relationships;
  • highlighting targeted material irregularities (MIs) to inform guidance and procedures for planning purposes; and
  • helping to inform the annual scoping, proposed messaging, resource requirements and tools needed to support the AGSA’s audit business in its audit planning, execution and reporting.

3.2.3     The AGSA secured signed commitments to promptly establish plans and procedures to tackle the key audit concerns from most executive authorities and oversight structures at local, provincial and national level. These commitments indicate that auditees understand the AGSA’s recommendations and recognise the importance of implementing them.

3.2.4     The AGSA developed a recommendations tracker and defined a process for providing quarterly status updates on the implementation of recommendations. The benefits of the tracker include:

-           ongoing monitoring of auditees’ implementation of our recommendations

-           enabling accounting officers and authorities to stay abreast of actions necessary to improve performance; and

-           assists executive authorities to hold auditees accountable for implementing AGSA recommendations.

3.2.5     The AGSA, in partnership with Afrosai-e, conducted a discretionary audit on the basic education sector, focusing specifically on special needs education. The audit report, which focusses on one of the fundamental rights in the Constitution i.e. the provision of education to persons with a disability, will have an enormous impact because it sheds light on areas of improvement by assessing government’s progress in addressing the educational needs of children with disabilities.

 

3.3       Strategic Goal 3: Influence

3.3.1     Table 3 below illustrates the AGSA’s performance in respect of Strategic Goal 3.

Targeted Outcome

KPI

Annual Target

YE Status

Action on messaging

Accountability ecosystem

effectiveness for targeted auditee segments

Exco-approved and AG endorsed accountability ecosystem effectiveness report

Partially achieved

Enabling reputation

Public sentiment rating

Establish baseline and develop improvement

Plan

Achieved

Optimally leverage partnerships

% achievement of outcomes as part of stakeholder programme

75%

Achieved

            Table 3: Strategic Goal 3 performance

3.3.2     The AGSA’s influence efforts were key in galvanising their stakeholders to work together and help create a positive shift in the public sector’s performance culture.

3.3.3     The AGSA did not fully achieve the target on the production of an accountability ecosystem effectiveness report to assess the impact of our influence work and identify areas of improvement. The report was completed and submitted after the year had ended, and did not receive the Auditor-General’s endorsement. This notwithstanding, the report had value for audit teams who could use it to develop their influence strategies for 2024/25 and beyond.

3.3.4     The AGSA launched its Stakeholder Perception Survey and succeeded in establishing a baseline rating of 2 for the organisation. The survey was aimed at amongst others, assessing how stakeholders perceive the AGSA’s effectiveness in meeting their needs; and evaluating how stakeholders perceive the impact of the AGSA’s findings on governance and financial accountability.

3.3.5     The survey revealed that the AGSA could improve in the following areas:

-           41% of auditees felt that there was room for the AGSA to improve its recommendations;

-           56% of auditees lacked awareness of the #cultureshift2030 strategy;

-           12% of auditees felt that the AGSA’s communication with them required improvement; and

-           5% of auditees did not view the AGSA as a strategic partner (and believed that the AGSA wanted to see auditees fail).

3.3.6     The survey confirmed several positive indicators regarding the AGSA’s work including that there was high familiarity and awareness of the AGSA’s role and responsibilities among auditees; and that 88% of auditees were of the view that implementing the AGSA’s recommendations improved their organisations

3.3.7     The AGSA reported that its influence engagements were wide-ranging and reached stakeholders in the accountability ecosystem and across key auditee value chains and clusters. The AGSA’s influence successes included in the Higher Education and Training sector, the revision of funding modalities; and among the executive and coordinating institutions, improvement in the timely submission of audited financial statements.

 

3.4       Strategic Goal 4: Enforcement

3.4.1     Table 4 below illustrates the AGSA’s performance in respect of the Strategic Goal 4.

Targeted outcome

KPI

Annual Target

YE Status

Implementation of MIs

across all auditees

% of auditees MI process in full implementation

At

80%

Achieved

Finalised MI processes

% MIs resolved within AGSA-defined timelines

60

Not achieved

% backlog MIs resolved

60

Over-achieved

High Impact MIs

High impact MIs as % of overall MIs

30

Over-achieved

Effective MI system

% implementation of the MIU capacitation plan

80% - 100% implementation

of capacitation initiatives

Achieved

AG assessment of effectiveness of MI system

Favourable assessment

Achieved

              Table 4: Strategic Goal 4 Performance

3.4.2     In terms of its performance, the AGSA could not meet its target of adhering to 60% of timelines in respect of newly raised MIs, and only achieved 41% adherence. They did however achieve the targets to implement the MI process at 80% of its auditees; and to implement the internal MI unit capacitation plan aimed at enhancing the efficiency and overall performance of the MI process. The target set in relation to eradicating 60% of the backlog MIs was exceeded by 35%; and the AGSA achieved 159 high impact MIs as opposed to the targeted 69.

3.4.3     A material irregularity refers to any non-compliance with or contravention of legislation; fraud; theft; or a breach of a fiduciary duty identified during an audit performed under the PAA that resulted in or was likely to result in a material financial loss, the misuse or loss of a material public resource or substantial harm to a public sector institution or the public.

3.4.4     If an accounting officer or authority failed to address an MI appropriately, the AGSA was empowered to refer MIs to relevant public bodies for further investigation; recommend actions in the audit report to resolve MIs and take binding remedial action for failure to implement the recommendations; and issue a certificate of debt for failure to implement remedial action if financial losses were involved.

3.4.5     MIs were only considered resolved once all possible steps have been taken to recover financial losses or address the harm caused; effective consequences have been implemented against officials and third parties involved; and further losses and harm have been prevented including through improved internal controls.

3.4.6     The AGSA reported that its efforts to activate the accountability eco-system to support the MI process yielded positive results. In several instances proactive action taken by accounting officers and authorities resolved MIs before they had to be escalated to further stages. The MI process has also resulted in internal control improvements to prevent a recurrence of irregularities, the identification of responsible officials and disciplinary processes completed or in progress, the institution of fraud or criminal investigations, and supplier contracts being halted where money was lost.

3.4.7     The AGSA emphasised that preventing MIs was more effective than having to deal with their impact: money and public resources that have been lost were difficult, and sometimes impossible to recover, and harm caused to the public or public sector institutions was often irreversible. Furthermore, investigations and disciplinary processes to enable consequence management were costly and lengthy. Strong preventative and detective controls remained the best investment.

4.         Performance: Internal Operations

4.1       Overview

4.1.1     In the period under review, the AGSA’s operating environment was impacted by:

-           slow economic growth which resulted in further fiscal constraints to delivering on government programmes and generating revenue, especially at local government level which resulted in continued pressure on their ability to settle audit fees;

-           the persistent lack of prudence in spending, poor financial management and inadequate accountability for financial performance which eroded already limited public funds thus further limited the scope for beneficial spending on service delivery; and

-           continued difficulties to collect outstanding debt, predominantly from local government and ailing state-owned enterprises, remained a challenge that threatened the AGSA’s sustainability.

4.1.2     The AGSA wished to take full advantage of technological advancements that could make its operations more efficient. However, the continued influx of new technologies, especially the prevalent use of digital tools, robotic process automation, machine learning and the use of artificial intelligence came with benefits and risks. The AGSA has leveraged the opportunities through its digital transformation journey which focused on using audit software technology to make the audit and other business processes more efficient. The organisation remained vigilant about cyber-security.

 

4.2       Strategic Goal 5: Sustainably (Audit Operations)

4.2.1     Table 5 below illustrates the AGSA’s performance in respect of Strategic Goal 5.

Targeted Outcome

KPI

Annual Target

YE Status

Audits delivered on time

% of audits completed within legislated timelines (excluding late-submission of AFS)

90%

Achieved

Audits delivered within quality

% QC rating achieved

80%-90%

Not achieved

            Table 5: Strategic Goal 5 performance (Audit Operations)

4.2.2     The AGSA achieved a 69% quality rating, and thus failed to meet the targeted 80% to 90% quality rating. Despite this, the organisation still met the requirements of the International Standards on Quality Management (ISQM) and, thus, received full assurance. The AGSA continued to maintain a strong overall system of quality management that consistently monitored performance in all the components of the quality management system, and identified and corrected deficiencies, and annually evaluated the effectiveness of the corrective measures implemented.

 

4.3       Strategic Goal 5: Sustainably (Financials)

4.3.1     Table 6 below illustrates the AGSA’s performance in respect of strategic goal 5.

Targeted Outcome

KPI

Annual Target

YE Status

Optimal financial performance

Net surplus%

2%-5%

Achieved

Cash Safety Margin

2 – 3 months

Achieved

Overhead to income ratio

36%

Achieved

Audits delivered within defined resource and

productivity parameters

CWC as % of total revenue

16%

Achieved

Gross margin

40%

Achieved

Audit fees collected fully and in a timely

Manner

Average collection of debt

85%

Achieved

            Table 6: Strategic Goal 5 Performance

4.3.2     The AGSA highlighted the improvements in its financial performance outlined in Table 7 below.

 

2022/23

2023/24

Percentage improvement

Audit Income

R4 583 million

R4 849 million

6%

Own Hours Income

R3 502 million

R3 968 million

13%

CWC Revenue

R901 million

R649 million

28%

Gross Profit

R1 567 million

R1 925 million

23%

Overhead Expenses

R1 405 million

R 1 714 million

22%

Trading Surplus

R209 million

R256 million

22%

Net Surplus

R263 million

R370 million

41%

            Table 7: Financial Performance Highlights

4.3.3     The AGSA attributed the improvement in its financial performance to several key factors, including:

-           continuous improvements in productivity and recoverability of its resources increased the own hours’ revenue;

-           institutionalising the practice of resource pooling within audit, which resulted in significant savings on outsourcing costs and increased own hours’ revenue;

-           the implementation of cost optimisation initiatives at business unit level, across the whole organisation; and

-           enhanced debt-collection strategies, including tighter collection targets and successful engagements with stakeholders.

Outstanding Audit Fees: local government

4.3.4     At the end of the period under review the local government debt amounted to R487 million or 42% of the AGSA’s debt book. The collection challenges in this category were mainly concentrated from the outstanding R308 million debt owed by the Free State, Mpumalanga, Northern Cape, and Northwest provinces. Their debt accounted for 63% of the local government debt. Majority of the municipalities from these provinces were in financial distress and were based in impoverished locations with low income generation. At R102 million, the outstanding debt for the Mpumalanga and Limpopo provinces was also high.

4.3.5     Some auditees made payment arrangements to settle their debt but found it difficult to service both their current and old debt. The challenges were exacerbated because some of the outstanding fees were owed by financially distressed municipalities that did not qualify for the provision in section 23(6) of the PAA which allowed that if the audit fee of an auditee, other than a department, exceeded one percent of the total current and capital expenditure, and the National Treasury was consulted, and was of the opinion that the auditee had financial difficulty to pay, the excess had to be defrayed as a direct charge against the National Revenue Fund.

4.3.6     Some municipalities were scheduled to receive an allocation of R128 million which has been collected from National Treasury as part of the 1% process outlined above. However, this amount was not sufficient to settle the long outstanding debt owed by these auditees. Engagements between the National Treasury and the AGSA to settle this amount were ongoing.

 

Outstanding audit fees: State-owned enterprises

4.3.8     The debt owed by state-owned entities was R364 million or 22 per cent of the total debt book. Of this amount R168 million was owed by entities in financial distress, those under liquidation, and those undergoing business rescue processes. The long outstanding debt of these organisations amounted to R144 million. Attempts to provide these auditees with opportunities to settle their debt through ringfencing arrangements have been yielding some results.

 

4.4       Strategic Goal 5: Sustainably (Risk Management)

4.4.1     Table 8 below outlines the AGSA’s performance in respect of this goal.

Targeted Outcome

KPI

Annual Target

YE Status

Maintain good governance, compliance with relevant regulations and standards, high ethical standards and diligent risk management.

 

% of strategic risks managed

(as per ISO31000 Standard)

80%

Achieved

Risk management maturity level

Managed

Achieved

Ethics maturity level

Maintaining AA rating

Partially achieved

Evaluation of an effective AGSA system of quality management by the Auditor-General

System of quality management provides AGSA with reasonable assurance that the objectives of the system of quality management are being achieved.

Achieved

Table 8: Strategic Goal 5 performance (Risk Management)

4.4.2     The AGSA failed in meeting the ethics maturity target and instead regressed from an AA rating to an A rating. They reported that while an A rating was not inherently bad—it was still within the top quadrant of industry ethics ratings—it did indicate a regression from the set baseline the organisation was capable of in terms of its ethics standards. An implementation plan has been developed to address concerns raised in the independent assessment.

 

4.5       Strategic Goal 5: Sustainably (People and Culture)

4.5.1     Table 9 below outlines the AGSA’s performance in respect of this goal.

Targeted Outcome

KPI

Annual Target

YE Status

Leadership that role models desirable behaviours and develops other leaders

AGSA Culture Index

Establish Culture Index baseline

Achieved

360-degree leadership rating/ Leadership confidence indicator

Establish 360-degree leadership rating baseline

Achieved

% of people tracking above benchmark relative to target leadership profile

20%

Achieved

Productive people

Achievement of assessment of professional competence pass rate

50%

Partially achieved

Support efficiency ratio (ratio between nr of audit staff and nr of support staff)

1 support to 6 audits

Achieved

% of people in top 20th percentile of performers retained

Establish baseline and develop 2024-25 improvement initiatives

Achieved

Turnover of high-performing employees

<6%

Achieved

            Table 9: Strategic Goal 5 Performance (People and Culture)

4.5.2     The AGSA achieved most of the targets under this goal. The target set in relation to the achievement of the professional competence pass rate was only partially achieved: the organisation achieved 37% instead of the targeted 50%.

4.5.3     Since the start of the AGSA’s trainee auditor scheme, the organisation has produced 2 017 CAs(SA), 700 of whom were produced over the last three years illustrating the impact the AGSA has made in professionalising the organisation and the auditing profession.

4.5.4     The AGSA-Thuthuka partnership continued to highlight the importance of the AGSA as a training institution in the public sector. In the 2023 academic year, the AGSA contributed R15 006 247 million to Thuthuka, an increase from the R11 497 125 million contributed in 2022-23. In return, 45 Thuthuka candidates began their articles with the AGSA in 2024.

 

4.6.      Strategic Goal 6: Efficiently (Digital Technology and Information)

4.6.1     Table 10 below outlines the AGSA’s performance in respect of this goal.

Targeted Outcome

KPI

Annual Target

YE Status

Benefits realisation

Portfolio Return on Investment

80% - 90%

Achieved

Functionality

Percentage implementation of Exco approved audit software project plan

80% - 90%

Achieved

Percentage implementation of Exco approved ERP road map

Exco-approved ERP business case and journey map

Achieved

Percentage implementation of intelligent automation roadmap

80% - 90%

Achieved

Project Delivery

% over-expenditure on CAPEX project costs

5% (maximum)

Achieved

Cyber Security

Data/system recovery time on critical systems

100% compliance with SLA and DRP

Achieved

Table 10: Strategic Goal 6 (Digital Technology and Information)

4.6.2     The AGSA implemented 100% of the audit software project activities earmarked for 2023-24, above the targeted 80% - 90%.

4.6.3     By the end of the period under review the organisation had an Exco-approved ERP business case and journey map, as targeted. In the coming years the plan will be implemented in a staggered manner.

4.6.4     The AGSA has also developed a benefits realisation framework for all the organisation’s strategic technological investments. The framework will support the assessment of all major new projects for both qualitative and quantitative benefits to the organisation.

4.6.5     The target for the implementation of the intelligent automation roadmap was exceeded and a number of manual business processes were digitised to improve efficiencies.

4.6.6     The organisation achieved a 99% availability rate for their critical systems thereby ensuring that there was no significant disruption of business operations.

 

            The digital transformation journey

4.6.7     The AGSA’s digital transformation project comprises the following six components: the audit software programme; infrastructure modernisation; an ERP solution; intelligent automation; data and business intelligence; and enhanced technology governance. In 2022/23 and 2023/24 the organisation focussed on setting up the foundations and plans for sustainable digital transformation. From 2024/25 to 2030 the focus will be on building strategic digital capabilities.

 

Part C

5.         Report of the Audit Committee

5.1       Committee Governance

5.1.1     The audit committee is a statutory oversight structure, constituted in terms of section 40(1)(a) of the PAA. It is accountable to the Auditor-General as well as to SCoAG. As required, all committee members were independent of the AGSA, and periodically declared their independence by confirming that they were not conflicted in discharging their statutory duties.

5.1.2     The committee was governed by terms of reference developed in line with best practices, which were reviewed annually and approved by the Auditor-General, as necessary. The committee developed annual work plans that directed its activities.

 

5.2       Annual Financial Statements

5.2.1     The audit committee reviewed the annual financial statements and agreed that the AGSA is a going concern.

5.2.2     They considered the appropriateness of the accounting policies, accounting treatments, and any significant unusual transactions and judgement areas, and reviewed compliance with International Financial Reporting Standards (IFRS) and the PAA.

5.2.3     They considered the audit approach and audit risks in approving the external audit plan and considered and reviewed the management reports and the summary of unadjusted differences. None was recorded for the period under review.

5.2.4     Non-audit services were monitored regularly to ensure that they were not significant in relation to the audit fees, and to ensure the external auditor’s independence was not compromised.

5.2.5     The audit committee reviewed the external audit report on the annual financial statements. For the period under review, the AGSA obtained an unqualified audit opinion.

5.2.6     The audit committee considered key factors and risks that may affect the integrity of information in the integrated annual report and found that the report accurately presented the economic, social and environmental performance of the AGSA.

5.2.7     The audit committee reviewed the management representation and the audit report on the performance information and found that there were no significant matters.

 

5.3       Internal Audit

5.3.1     SNG – Grant Thornton was the outsourced internal auditing firm of the AGSA and completed the second year of their three-year contract. They presented an audit plan that operated on a three-year rolling basis, within which all key finance functions of the organisation were covered at least once during the cycle.

5.3.2     In accordance with the terms of reference and the internal audit charter, the audit committee reviewed and approved the annual internal audit plan and the internal audit charter; and considered reports from the internal auditors on the internal audit work performed throughout the year.

5.3.3     In their annual written assessment, the audit committee concluded that the internal controls in the areas tested were adequate and effective. IT security, however, remained an area of concern. Although controls were found to be adequate, they were partially effective because new vulnerabilities were identified based on an environment review conducted during the year. Through the ongoing IT security reviews, and a heightened awareness of the cyber-security threat and more robust risk identification, there was much needed focus in this area in the period under review.

5.3.4     The audit committee was assured that the systems of internal control in place at the AGSA were adequate and operating effectively; and that the risk posed by the weaknesses in the IT Security environment was receiving ongoing attention.

5.3.5     The audit committee engaged separately with the internal auditors and was satisfied that the independence, quality, credibility and effectiveness of the internal audit process were maintained; and that there had been no interference in the work of the internal auditors.

 

5.4       Risk Management

5.4.1     The Risk and Ethics business unit led by the chief risk officer, was responsible for co-ordinating the risk management function of the AGSA. The audit committee exercised oversight on, amongst others, the strategic risks of the organisation including the mitigation strategies and was satisfied that risks had been managed to an acceptable level.

 

5.5       Other matters

5.5.1     During the 2023-24 performance period, the audit committee’s focus was on supporting the executive committee in implementing the #cultureshift2030 strategy, as well as on the IT function.

5.5.2     Given the inherent risk associated with the AGSA’s legacy systems, cybersecurity remained an area of focus. The AGSA has developed a digitisation strategy which is the blueprint for modernising the environment, and incorporated cybersecurity risk management. Mitigating controls have been put in place to address high risks in the short term, while the digitisation strategy focused on the long-term interventions. The audit committee’s terms of reference will be amended to include IT-related matters.

 

Part D

6.         Retention of Surplus

6.1       Section 38(4) of the PAA provide that the Auditor-General may, after consultation with the National Treasury and by agreement with the oversight mechanism, at the end of a financial year retain for working capital and general reserve requirements, any surplus as reflected in the financial statements or a portion thereof. The portion of surplus not retained must be paid into the National Revenue Fund.

6.2       The AGSA pointed out that thus far the retention of surplus funds had been an academic exercise since the funds were tied up in long outstanding debt, especially from local government and certain state-owned entities. As part of the #cultureshift2030 strategy, the organisation has embarked on key capital investment programmes to digitise the business and ensure that operational processes and efficiencies were improved as indicated above. This digitisation journey required significant financial investment estimated at R1,6 billion over 5 to 7 years, and the retention of surplus funds was critical to achieving this, as well as other key strategic initiatives.

6.3       The AGSA accordingly sought the SCoAG’s approval to retain the 2023-24 surplus of R370 million. This surplus was achieved through the interventions highlighted in paragraph 4.3.3.

 

Part E

7.         External Auditor

7.1       Section 39(1) of the PAA provided that the SCoAG had the authority to appoint the external auditor on an annual basis.

7.2       The audit committee engaged with the external auditors, Crowe JHB (Crowe) which was appointed in 2017 and whose contract expired in 2028, to ensure that the quality, credibility and effectiveness of the external audit process were maintained. They also received confirmation that no undue pressure was exerted on the external auditors to suppress any findings or place limitations on their scope.

7.3       Having assessed the external auditor’s independence as required by section 39(2)(c) of the PAA, the audit committee was satisfied that they were independent and not conflicted in any way.

7.4       The audit committee explained that in line with the AGSA and the external auditing firm’s rotation policy, the engagement partner of the past seven years, Mr Raakesh Khandoo, would be rotated off. Mr Gary Kartsounis, a chartered accountant and registered auditor with over 20 years of audit experience with JSE listed companies, subsidiaries of international companies and some large local companies, was proposed as the new engagement partner. The audit committee was satisfied with his expertise, experience and that he is independent.

7.5       The audit committee recommended that Crowe be re-appointed as the AGSA’s external auditors for the 2024-25 financial year.

 

Part F

8.         Observations and Recommendations

8.1       Implementation of amendments to the PAA

8.1.1     The SCoAG commends the AGSA for recovering R1.55 billion in financial losses, for the R1.14 billion in financial losses that were in process of recovery, and for preventing the financial loss of R0.78 billion for both the Public Finance Management Act (PFMA) auditees and Municipal Finance Management Act (MFMA) auditees during 2023/24.

8.1.2     The SCoAG notes that the amendments to the PAA afforded the AGSA additional powers particularly to pursue material irregularities to recover funds lost through financial mismanagement, corruption, and fruitless and wasteful expenditure. It is also noted that to date the AGSA has not fully made use of its new powers to issue certificates of debt to accounting officers under whose watch such mismanagement has occurred.

8.1.3     The Auditor-General should provide a report on the progress made in the implementation of the amendments to the PAA, and impediments, if any, in this regard.

 

8.2       Risk management: cyber-security

8.2.1     The SCoAG notes that the audit committee has for three consecutive years reported its concerns about the AGSA’s weak cyber-security, and the risk this posed to the organisation’s information systems. The short-term measures put in place to manage the risks were welcomed, as well as the digitisation strategy to be implemented over the next several years which promised more long-term and permanent interventions.

8.2.2     The Auditor-General should provide the SCoAG with quarterly progress reports on efforts to address cyber-security weaknesses and the building of strategic digital capabilities.

 

8.3       Risk management: ethics maturity target

8.3.1     The SCoAG notes the slight regression in the AGSA’s ethics maturity rating, shifting from an AA rating in 2022/23 to an A rating in the period under review. Some of the matters the audit committee observed that had impacted the shift in rating related to work-life balance, reward and recognition, timeous communication, consistent application of policies, and accountability and consequence management. A plan has been developed to address the regression.

8.3.2     The SCoAG should be provided with quarterly reports on progress made to address the weaknesses referred to above, and to achieve the ethics maturity target.

 

8.4       Appointment of External Auditor

8.4.1     The SCoAG had had concerns about the length of time the external auditing firm recommended for appointment had audited the AGSA, and that the long period may have impaired their independence. The matter was extensively discussed and the audit committee explained that the current contract would end in January 2028, and gave assurance that a new audit partner would be handling the audit, and that therefore there were no concerns on the audit committee’s part about the independence of the external auditor.

8.4.2     The SCoAG therefore approves that Crowe be appointed for a further year until 31 January 2026. The Audit Committee must provide the SCoAG with a detailed report on the process around the appointment of external auditors and how the current multi-year contract was arrived at, as well as the details of the current contractual arrangements.

 

8.5       Retention of 2023/24 surplus

8.5.1     Although the SCoAG is concerned about the long-term impact of the non-payment of audit fees, it is satisfied with the AGSA’s financial management. The efficiencies built into the operational environment so far, which have resulted in the R370 million surplus, are also commendable. SCoAG further notes that the AGSA will require R1,6 billion over approximately 7 years to implement a digitisation strategy aimed at making its business processes including its audits more efficient.

8.5.2     The SCoAG therefore approves that the AGSA retain the 2023-24 surplus of R370 million.

8.5.3     The National Treasury is to provide regular reports to SCoAG on interventions with regards to financially distressed auditees that are unable to pay outstanding fees to the AGSA.

 

Report to be considered