The Committee met in Parliament to receive briefings from the Auditor General South Africa (AGSA) on its 2022/23 Annual Report and the 2023 Municipal Material Irregularity Report. The Audit and Risk Committee (ARC) for AGSA stated that it was satisfied with the implementation of audit recommendations on the Chief People Officer incident, strengthening ICT, safeguarding against cyberattacks, and implementing the #cultureshift2030 strategy. It recommended retaining the R263 million surplus and reappointment of current auditor.
AGSA achieved an 84% audit quality rate of the auditees, which has been growing steadily over the years. It has improved professionalism by achieving a significant number of auditors qualified as chartered accountants. In fact, AGSA would need eight buses for its chartered accountants if it were to do a parade tour. Its contribution to the Thuthuka Bursary Fund (TBF) was R11.5 million. It continues to support smaller audit firms and transformation of the sector.
Key success was achieved through the implementation of a new IT audit program. Concerns about the ICT system were addressed by inviting the best hackers to assess the IT system and 90% of the IT audit findings were resolved. Significant progress was made on audit software and staff pooling resulted in savings of over R200 million. More and more trainees were retained instead of released to the market. AGSA has implemented ring-fencing, which yielded payment arrangements for auditees who owed.
The AGSA’s surplus rose to R263 million due to cost optimisation strategies. AGSA collected R60 million through ring-fencing agreements and short-term payment plans, and R199 million through litigation. The net surplus rose to R263 million due to cost optimisation strategies. AGSA collected R60 million through ring-fencing agreements and short-term payment plans, and R199 million through litigation.
Highlights for the year included a reduction in post-retirement medical aid obligation by R36 million (74%) to R13 million with 258 members accepting the buyout offer, which cost R42 million, mostly paid in 2022/23. AGSA requested Committee approval to retain a R263 million surplus for 2022/23 per Section 38(4) of the Public Audit Act, resulting from cost optimisation efforts during the year. AGSA will invest R1.6 billion over 5-7 years to digitise and automate audit and business processes using technology as part of #cultureshift2030. Retaining surplus funds was crucial to achieving these objectives.
AGSA identified 268 material irregularities in the 2022/23 municipality audits under the Municipal Financial Management Act, amounting to an estimated value of R5.19 billion. Most of these were related to procurement and payments, resource management, revenue management, and interest and penalties. The auditees took action to recover R182.75 million and prevented R18.86 million in financial losses, and some were recovering R310.16 million all due to the work of AGSA.
Committee members commended AGSA for its performance and supported the retention of its R263 million surplus and its auditor. Members were impressed that AGSA had increased its coverage of auditees from 9 in 2018/19 to 170 in 2021/22 in the identification of material irregularities.
The Chairperson announced that due to the Springboks' World Cup celebration parade happening outside the venue, the meeting might adjourn briefly.
He asked the AGSA team to be excused from the meeting briefly while the Audit Committee chairperson reflectied on the AGSA audit so she may speak freely about concerns or challenges in the AGSA audit performance.
Audit and Risk Committee briefing
Ms Grathel Motau, Audit and Risk Committee (ARC) chairperson, confirmed that ARC has discharged its responsibilities as per the Act and terms of reference that are reviewed annually. There was nothing significant in financial performance and risk management that concerned the Audit Committee. The actions taken by the Deputy AG to resolve findings have been noted and submitted. ARC is satisfied with the progress thus far. There are outstanding matters that are still to be assessed. Significant improvement in internal controls is noted.
There are new risks that have emerged because of IT security risks, as risks associated with cybersecurity intensify, more risks were identified. However, the Committee was aware of the ICT concerns at AGSA.
The Chairperson interjected and said the Committee needed to ascertain without the presence of AGSA if any concerns have been identified. Those in audit committees must be afforded opportunities to express themselves without the executive present. He welcomed the fact that there were no significant concerns. The AGSA team can return.
Ms Motau went through the report and expressed gratitude to the retired former ARC chairperson, Mr J Biesman-Simons, for his contribution. The ARC has three members who are qualified chartered accountants.
Key focus areas for ARC was supporting the executive in implementing the #cultureshift2030 strategy and information technology (IT) due to persistent audit outcomes within this area.
Secondly, ARC reviewed the recommendations arising from various reports following the unfortunate event involving the allegations by the former chief people officer (CPO) against the AG and ensured they were appropriately addressed. ARC provided guidance and support and is satisfied with the Deputy Auditor General (DAG) in implementing the audit recommendations. It remains available to provide the necessary support until all items have been remediated.
ARC assessed the external auditor’s independence as required by section 39(2)(c) of the PAA and confirmed that Crowe JHB is independent and not conflicted in any way. It is satisfied that Crowe effectively conducted the 2022/23 audit. it recommends that Crowe be reappointed as external auditors for 2023/24. Transformation has significantly improved, achieving a B-BBEE level 2 contributor status.
[See presentation for details]
The Chairperson asked for AGSA’s view on the ARC report. The concerning IT challenges due to cybersecurity risks need to be ventilated further and how it was addressing this.
Auditor-General of South Africa briefing
Ms Tsakane Maluleke, Auditor-General, touched on high-level matters in the presentation including strategic goals, complex audit environment, persistent fraud and corruption, fiscal challenges, cyberattacks and new technologies, and insufficient improvement in audit outcomes.
[The meeting adjourned for half an hour to join in the Springbok celebrations outside Parliament.]
Mr Vonani Chauke, Deputy Auditor General, took over and reported that AGSA achieved 84% audit quality of auditees and it has been growing steadily over the years; it improved on professionalising AGSA Office by achieving significant numbers of auditors who are qualified as chartered accountants – AGSA would need eight busses for its chartered accountants if it were to do a parade tour. Thuthuka contribution amounted to R11.5 million and AGSA has a Level One B-BBEE certificate and continues to support smaller audit firms and being registered with SAICA as AGSA works to transform the sector. Key success included the implementation of a new IT audit programme; concerns about the ICT system were being attended to by inviting the best hackers to assess the IT system of the AGSA; 90% of the IT findings had been resolved; significant progress on audit software; staff pooling resulted in savings of over R200 million; more and more trainees were being retained instead of releasing them to the market once completed training. There was over R1 billion on the debtors book but AGSA has implemented ring-fencing which yielded to some payment arrangements.
Net surplus increased from R40 million in the previous financial year to R263 million. This increase was a result of cost optimisation strategies. Through ring-fencing, it collected R60 million (2021-22: R53 million) through ring-fencing agreements of R49 million and short-term payment plans of R11 million. Through litigation, AGSA collected R199 million, compared to R156 million in the prior year.
Some highlights for the year included the post-retirement medical aid obligation of R49 million has been reduced by R36 million (or 74%) to R13 million as of 31 March 2023. Two hundred fifty-eight members accepted our offer to buy out the liability. The buyout cost was R42 million, most of which was paid in 2022/23.
AGSA sought approval from the Committee to retain the 2022/23 surplus of R263 million in line with Section 38(4) of the Public Audit Act. This surplus was achieved through cost optimisation initiatives during the year.
As part of the #cultureshift2030 strategy, AGSA will embark on capital investment programmes to digitise and ensure improvement by leveraging technology to automate audit and business processes. This will require significant financial investment estimated at R1.6 billion over five to seven years. The retention of surplus funds is critical to achieving these objectives. [See presentation for details].
The Chairperson noted that the outlook of AGSA was impressive and continued to inspire confidence in the Committee. He emphasised the importance of support from the state as the lack thereof may compromise AGSA performance.
It needs firm resources for its IT systems as it deals with intricate areas of auditing. AGSA must always be ahead of its auditees on technological advances. It manages its risk impressively. He welcomed the training AGSA provides for young chartered accountants. He praised it for beefing up its capabilities through warm bodies.
Ms M Matuba (ANC) noted AGSA is seeking approval from the Committee to retain its 2022/23 R363 million surplus. She supported this recommendation that the Committee approve it as well as the recommendation to retain the current external auditor.
She accepted the report and acknowledged the improvement. AGSA is in the process of professionalising through a strategy called #CultureShift. There may be a threat where international companies are poaching its human capital. How is AGSA planning to mitigate this?
On the AGSA debtors, there is a Credit Watch List Committee that manages accounts overdue for more than 90 days. Has there been progress in recovering the debt? It is common for government auditees to make use of consultants to prepare their annual financial statements. What measures can the state take to reduce this practice? It is important to build internal capacity to address this.
She commended the level of professionalising of the AGSA, including the board appointed to look after its affairs. She hoped other departments would copy what AGSA has been able to do.
Mr O Mathafa (ANC) commended the professionalisation of AGSA. Having reviewed the annual report against its plans, he supported the retention of the surplus and external auditor. AGSA demonstrated how the surplus would be used.
He acknowledged the initiatives on ICT risks such as testing the system's vulnerabilities, but how flexible is the system as technology evolves? The outstanding fees are a worrying factor. Has ARC reviewed this area of financial sustainability, and is it reflected in the efforts to recover the outstanding fees? What advice or observations can the ARC share with the Committee on this? He was pleased with how National Treasury assisted AGSA.
On lost time due to auditees reworking their financial statements, does AGSA charge auditees for reviewing these reworked financial statements to ensure they are up to standard? Does AGSA reflect on the internal audit structure / system for local governments? He recalled when he was a councillor leading the Municipal Public Accounts Committee (MPAC) in Tshwane, they had a standing invitation to AGSA to attend and receive advice. Bilateral agreements would be signed. Unfortunately, they lost power in 2016 and these initiatives fell through the cracks. The collaboration between AGSA and the municipality assisted in strengthening oversight and accountability in the capital city of the country.
Ms Z Kota-Mpeko (ANC) also supported the retention of the surplus. The cybersecurity issue is concerning. Does AGSA have indicators or an early warning system to counter ICT-related risks? She expressed her interest in derelict mines and felt that AGSA could assist government a great deal in dealing with these mines. What are the core drivers of the Culture Shift strategy?
Mr N Singh (IFP) was concerned about the auditees who owed AGSA audit fees. Who are the serial offenders on audit fees owed to AGSA? Does “Other” debtors include the state-owned enterprises?
Mr Z Mlenzana (ANC) asked how much was owed by auditees to AGSA. He supported that AGSA retain its surplus. He wondered if it would be possible to regulate the payment of audit fees. On its IT security, is it not time that AGSA was fully funded from the government fiscus? Perhaps the Committee would make this recommendation in its report to the House.
The Chairperson was pleased that challenges were being addressed speedily on the CPO disciplinary process, the certification, and the authenticity of payments to the trust fund of the late AG, Mr Kimi Makwetu. This work is appreciated as this is an Office of integrity and high standards.
The Chairperson was concerned about the threats to AGSA officials executing their duties at some auditees. We do not want to see professionals frightened by “auditees” when they do their work, especially women. Officials must do their work without fear or favour. AGSA has demonstrated this through all the challenges that its officials experience. The Committee welcomed these efforts.
Audit Risk Committee response
Ms Motau explained that accounts receivable is an area where detailed focus is placed because it is important for the sustainability of the Office. Before statements are signed off, management conducts a going concern assessment with solvency and liquidity tests of the auditee over 12 months. Accounts receivable is an area of concern for ARC. However, it notes all actions taken including the resolution with Treasury and establishing the Credit Watch List committee. The ARC is satisfied with the efforts taken. The team was working on a financial strategy to improve the financial sustainability of AGSA on an ongoing basis. Overdue receivables is under constant review.
On cybersecurity, awareness is critical. Workshops have taken place to raise awareness of cybersecurity risks, what officials should do where there is hacking or a change of banking details, and how they can respond to such challenges when they come up. This means as risks are being identified, they are assessed and resolved in real-time.
Ms Carol Roskruge, ARC Member, added that over the past 12 to 18 months, the ICT focus area has been two-pronged. There have been ongoing strategic conversations about improving technological capabilities. A lot of work has gone into improving the control environment. ARC was satisfied that the AGSA team had done a lot of work in reviewing IT policies. Areas such as vulnerability management to ensure systems are safe from data breaches and cyber-attacks, configuration management to ensure hardware and software systems are kept in a desired state; user access management, and physical security controls were given attention and taken care of. The team has moved to adopt ISO 27001, which is one of the best cybersecurity standards in the world. It will also give the organisation strong governance conformance and control on security matters. This work will be pushed to 31 March 2024.
The ARC has been providing oversight over key areas, including the ongoing IT security reviews, the ongoing closure of audit findings, and IT architecture work which will respond to the flexibility of the system. The ICT function has had a new head for some time, and it has been given leadership and focus. The team has been working on repositioning IT as a strategic enabler to the business and strategy IT capability to embrace digitisation. Indeed, there is a case for change.
Between February and November 2023, the team conducted an enterprise architecture assessment that was presented to ARC in April 2023. Two emerging themes from that work are that the current architecture needs to be optimised and a future architecture has been designed. The future architecture talks about how data can be used as a strategic asset, ensuring that AGSA systems and applications talk to the needs of AGSA, adopting a cloud strategy and integrating wholly the system and processes to drive efficiencies. The investments towards ICT are huge, so the architecture work done is a blueprint. They will enable AGSA to obtain flexible systems that are reusable, agile, modular, and adaptable in the future. Therefore, ARC is satisfied that this will move the IT function forward and enable business change.
Mr Cedric Mampuru, ARC Member, agreed about the work done on IT. On the funding model, ARC had received a presentation about three months ago from the Executive, which was still under consideration. He wanted to flag the allocation of work to CWC and was not certain if Members were aware of how the model works. There has been a challenge with the working capital cycle because the CWC firms do the work and are paid within 30 days by AGSA; however, the auditees take longer to pay AGSA. This strains the working capital cycle, and ARC had asked the CFO to devise a plan to address the challenge of outstanding audit fees. AGSA does not add any margin to the fee. National Treasury would now allocate the funds fully and directly to AGSA, which will assist in stabilising the working capital.
In addition, the ring-fencing of debt is assisting with AGSA cash flow. The target for margin of safety is 2:3 and the R700 million balance is below the safety target. ARC has asked the CFO to finalise this funding model to achieve the 2:3 margin of safety to avoid the strain on operations.
Ms Maluleke commented on the #CultureShift2030 strategy which is to ensure all role players in the ecosystem are capable people who are responsible and responsive to the insights shared with them oi dealing with improving public institutions, investing in preventative controls to prevent problems and being able to pick up on those problems and act on them swiftly. If we can get these things right, we will have a good chance of shifting the culture.
On use of consultants, she confirmed that some municipalities prioritise paying consultants to compile financial statements. They still struggle to get credible statements and benefit from our input when they finally get the audit done. This is where responsible leadership is lacking, and there is poor prioritisation of important items. These practices do not prevail in better-run municipalities but in poorly run ones. Our response has been to issue material irregularities where we have seen that there is an inefficient use of public funds by over-relying on consultants and not getting the value associated with that.
The Chairperson requested that AGSA compile a list of such municipalities so that the Committee was aware of this going forward.
Ms Maluleke added that having reviewed this over several years, there is a tendency to prioritise other items rather than the critical matters that make for good governance. Municipalities get into a spiral and end up paying for all sorts of things rather than Eskom, the water boards and SARS because they have now gotten into a spiral.
Mr Chauke added that the market is tough for staff retention. AGSA is competing with private firms, and there are global firms that contract people from one country to do work in another remotely. Even though the Office cannot compete financially; however, we tend to give our people real purpose for why they do their work. We find that some of the people who stay remain for long, including core people. AGSA is not at the stage where it is concerned. AGSA is a training institution and there will be candidates who will be trained and leave. Those who decide to stay normally stay for longer.
As for 'Other debtors', the 'other' referred to the SOEs indeed. This would be the likes of Denel. There has been a success because AGSA ring-fenced the Denel debt, and it agreed to pay R8 million. The reported figure is up to March, but it has been honouring its monthly payments. That R87 million outstanding as of 31 March has reduced significantly. The bulk of debtors are within local government.
The ARC members have thoroughly answered the questions on the IT environment. It gives comfort when people who are not full-time in the organisation understand what you are dealing with. It shows the kind of focus that AGSA has been giving to IT matters. It commenced by appointing a full-time Chief Technology Officer (CTO).
The Executive Committee (EXCO) adopted an IT strategy that addresses the organisational strategy. It also adopted an IT Steering Committee that deals with IT issues and ensures the strategies implemented make long-term sense. In the internal risk assessment, cybersecurity has been elevated to be the highest threat. This gives the office of AGSA a specific focus on various tools to assess its vulnerabilities. In most cases, the more there is traffic, it is understood that we need to up the game. There is a team that reports to a cyber manager. We must play in that safe to protect ourselves.
The other SOEs were the likes of SA Express, which has since been liquidated. It was liquidated when it owed AGSA money, so, it will stay in the books. Others include SAA and Transnet. SA Express owed AGSA R16 million until a discussion with the relevant ministry that overlooks it to find a plan. This also concerns the funding model because what do we do when the work is done, and an entity goes down? Does it go after the bailout through the National Treasury?
Mr Chauke expressed appreciation for the comments from Members on retaining the surplus. It will go a long way to assist in the funding needs.
Ms Maluleke confirmed that AGSA does interact with the MPACs, internal auditors and municipal council committees because we must get every player in the ecosystem to fulfil their part. So we do spend time with each one of them as a key discipline everywhere we audit.
The Chairperson said alternative models must be compiled to interact with National Treasury. The gap in not prioritising audit fees needs to be closed with National Treasury. Those audit samples of institutions are reflecting negative results. This requires AGSA to move further but to do so; it will require more resources. A discussion with Treasury should include this. The Finance Minister instructed that attention must be on efficiencies, and AGSA is at the centre of these efficiencies. AGSA has saved over R1 billion for the fiscus but, in turn, does not benefit while it struggles with auditees to pay their debts. There should be a percentage allocation of those realised savings.
He echoed the Committee about retaining the surplus, the external auditor of AGSA and progress made about the CPO. The Committee notes the progress in IT developments, and the realised surplus would contribute towards it. The Committee encourages AGSA to continue working on its cybersecurity and compile motivational factual data for discussions with National Treasury.
Material Irregularities in Municipal Financial Management Act (MFMA)
Ms Maluleke took Members through the presentation and said that if AGSA utilises its powers, there must be responses from the leadership and decision-makers to support municipalities on addressing the identified material irregularities.
AGSA commenced this exercise with just nine auditees in 2018/19 and it has since increased to 170 auditees processed for material irregularity in 2021/22 where 268 material irregularities were identified, with an estimated value of R5.19 billion. No actions had been taken to address 86% of matters until notifications were issued.
Actions taken by auditees resulted in R182.75 million financial loss recovered, R18.86 million in financial loss prevented from taking place, and R310.16 million financial loss in the process of being recovered.
Material irregularities had been identified in procurement and payments, resource management (assets not safeguarded, loss of investment and inefficient use of resources), revenue management (revenue not billed and debt not recovered), and interest and penalties (Eskom, water boards and other creditors not paid on time).
The Chairperson welcomed the progress covering 170 auditees with a visible number of 268 material irregularities. This tells the Committee there has been significant progress because AGSA started with nine municipalities. Now at 170, more than half of the municipalities have been through this exercise and a loss of R5 billion discovered.
Mr Mlenzana appreciated the work done by AGSA on material irregularities. How long will it take for the auditees to respond so this Committee can assist where necessary? Do AGSA officials experience security threats when investigating the material irregularities?
Ms Matuba welcomed the MI Report. Interventions are required at a political level to address these. There is one KwaZulu-Natal municipality that appears in two categories. Things cannot be simply left where they are. AGSA says if the municipal councils can play their role, the accounting officers will be forced to do what is expected of them. Some municipalities have been receiving disclaimers for years, and nothing has changed. Something must be done to change. It should be an upward slope, not a regression.
Ms C Phillips (DA) noted how enlightening the presentation was. When AGSA referred to the instability of accounting officers, was it referring to the short amount of time before they change or the acting positions that we have? Is there anything that the Committee can do to assist? Secondly, we need to intensify measures to hold the MPAC chairpersons accountable. Often, the MPAC chairperson serves at the pleasure of the party holding control of the municipality. If they investigate too vigorously, they stand a chance of losing their job as the MPAC chairperson, which comes with a nice remuneration. Thus, there is a bit of a conflict of interest, which might need to be investigated.
Mr Mathafa welcomed the MI Report. The Committee should consider focusing on and visiting North West municipalities, as five North West municipalities were identified for MIs.
The Chairperson welcomed the suggestion and said he considered calling the North West Premier to let them know that they are headed on a downward spiral. The President had recently visited eMfuleni Municipality, and during the visit, there was a stream of sewage waste that they would have to jump over. It was embarrassing. It is senseless to have a perfect balance sheet if the people you serve are subjected to such conditions. The money spent should translate into practical delivery. There must be value for money. When he was a mayor, he used to say once a budget is adopted, it becomes law, and once it is tampered with, you are breaking the law. The adopted budget is a decision of the legislature.
The late AG, Mr Makwetu, told the story about a Free State municipality that claimed to spend money on a sports field but when the auditors went to inspect the sports field, there was no sports field but the money was spent. In Canada, they audit government performance against strategic objectives and the environmental impact.
Ms Maluleke welcomed the Members' comments and said that examples will be provided when it reports on the PFMA Report. The support pushes the team. They have seen hundreds of projects nationwide and can articulate these findings. Some make it to material irregularity (MI); others do not because the accounting officers respond.
We have been at pains to say every single player must do their part and articulate what the law expects them to do. Pretty soon, AGSA may go back to assessing individual performance to start entrenching the idea that everyone must do their part.
Unfortunately, security threats come in different forms, such as pushback, intimidation and stress to individuals. So far, there has not been anything unusual, but in the next engagement, AGSA could articulate some of the examples for the Committee.
The Chairperson welcomed the comments and expressed the comfort it brings listening to the AGSA. He thanked Members and AGSA for their contributions.
The meeting was adjourned.
Download as PDF
You can download this page as a PDF using your browser's print functionality. Click on the "Print" button below and select the "PDF" option under destinations/printers.
See detailed instructions for your browser here.