Public Finance Management Act, 1999 (Act No. 1 of 1999)

Regulations

Treasury Regulations for Departments, Constitutional Institutions and Public Entities

Part 2: Management Arrangements

3. Internal control

Purchase cart Previous page Return to chapter overview Next page

 

3.1Audit committees [Section 76(4)(d) and 77 of the PFMA]

 

3.1.1If considered feasible, the relevant treasury may direct that institutions share audit committees. If such a determination is made, the Auditor-General must be informed within 30 days of the determination.

 

3.1.2In the case of a non-shared audit committee, the accounting officer of an institution must appoint audit committee members in consultation with the relevant executive authority.

 

3.1.3In the case of a shared audit committee, the head of the relevant treasury must appoint audit committee members after consultation with the relevant executive authorities.

 

3.1.4The chairperson of an audit committee must be independent, be knowledgeable of the status of the position, have the requisite business, financial and leadership skills and may not be a political office bearer.

 

3.1.5Audit committees must be constituted so as to ensure their independence and its membership must be disclosed in the annual report of the institution.

 

3.1.6Members of an audit committee who have been appointed from outside the public service pursuant to section 77(a)(i) of the Act must have appropriate experience, be appointed on contract and be remunerated in accordance with paragraph 20.2.2 of these regulations. Should it be deemed necessary, such members may be remunerated taking into account tariffs determined by the South African Institute of Chartered Accountants in consultation with the Auditor-General as provided for in paragraph 20.2.3.

 

3.1.7The relevant executive authority must concur with any premature termination of the services of a person serving on an audit committee.

 

3.1.8An audit committee must operate in terms of a written terms of reference, which must deal adequately with its membership, authority and responsibilities. The terms of reference must be reviewed at least annually to ensure its relevance.

 

3.1.9It must be disclosed in the institution’s annual report whether or not the audit commit tee has adopted a formal terms of reference and if so, whether the committee satisfied its responsibilities for the year, in compliance with its terms of reference.

 

3.1.10The audit committee must, amongst others review the following:
(a)the effectiveness of the internal control systems;
(b)the effectiveness of the internal audit function;
(c)the risk areas of the institution’s operations to be covered in the scope of internal and external audits;
(d)the adequacy, reliability and accuracy of the financial information provided to management and other users of such information;
(e)any accounting and auditing concerns identified as a result of internal and external audits;
(f)the institution’s compliance with legal and regulatory provisions; and
(g)the activities of the internal audit function, including its annual work programme, co-ordination with the external auditors, the reports of significant investigations and the responses of management to specific recommendations.

 

3.1.11The audit committee must have explicit authority to investigate matters within its powers, as identified in the written terms of reference. The audit committee must be provided with the resources it needs to investigate such matters and shall have full access to information. The audit committee must safeguard all the information supplied to it within the ambit of the law.

 

3.1.12An audit committee must report and make recommendations to the accounting officer, but the accounting officer retains responsibility for implementing such recommendations.

 

3.1.13In addition to the above, an audit committee must, in the annual report of the institution, comment on—
(a)the effectiveness of internal control;
(b)the quality of in year management and monthly/quarterly reports submitted in terms of the Act and the Division of Revenue Act; and
(c)its evaluation of the annual financial statements.

 

3.1.14Should a report to an audit committee, whether from the internal audit function or any other source, implicate the accounting officer in fraud, corruption or gross negligence, the chairperson of the audit committee must promptly report this to the relevant executive authority.

 

3.1.15An audit committee may communicate any concerns it deems necessary to the executive authority, the relevant treasury and the Auditor-General.

 

3.1.16The audit committee must meet at least annually with the Auditor-General to ensure that there are no unresolved issues of concern.

 

3.2 Internal controls and internal audit [Sections 38(1)(a)(i) and 76(4)(e) of the PFMA]

 

3.2.1The accounting officer must ensure that a risk assessment is conducted regularly to identify emerging risks of the institution. A risk management strategy, which must include a fraud prevention plan, must be used to direct internal audit effort and priority, and to determine the skills required of managers and staff to improve controls and to manage these risks. The strategy must be clearly communicated to all officials to ensure that the risk management strategy is incorporated into the language and culture of the institution.

 

3.2.2Each institution to which these Regulations apply must have an internal audit function.

 

3.2.3If considered feasible, the relevant treasury may direct that institutions share internal audit functions. If such a determination is made, the Auditor-General must be informed within 30 days of the determination.

 

3.2.4An internal audit function may be partly or wholly contracted to an external organisation with specialist audit expertise, provided that its selection is in accordance with the relevant government’s competitive tendering procedures.

 

3.2.5The purpose, authority and responsibility of the internal audit function must, in consultation with the audit committee, be formally defined in an audit charter and be consistent with the Institute of Internal Auditors ("IIA") definition of internal auditing.

 

3.2.6Internal audit must be conducted in accordance with the standards set by the Institute of Internal Auditors.

 

3.2.7An internal audit function must prepare, in consultation with and for approval by the audit committee –
(a)a rolling three-year strategic internal audit plan based on its assessment of key areas of risk for the institution, having regard to its current operations, those proposed in its strategic plan and its risk management strategy;
(b)an annual internal audit plan for the first year of the rolling three-year strategic internal audit plan;
(c)plans indicating the proposed scope of each audit in the annual internal audit plan; and
(d)a quarterly report to the audit committee detailing its performance against the annual internal audit plan, to allow effective monitoring and possible intervention.

 

3.2.8An internal audit function must assess the operational procedure and monitoring mechanisms over all transfers made and received, including transfers in terms of the annual Division of Revenue Act.

 

3.2.9An internal audit function must report directly to the accounting officer and shall report at all audit committee meetings. The function must be independent of activities that are audited, with no limitation on its access to information.

 

3.2.10The internal audit function must co-ordinate with other internal and external providers of assurance to ensure proper coverage and to minimise duplication of effort.

 

3.2.11The internal audit function must assist the accounting officer in maintaining efficient and effective controls by evaluating those controls to determine their effectiveness and efficiency, and by developing recommendations for enhancement or improvement. The controls subject to evaluation should encompass the following—
(a)the information systems environment;
(b)the reliability and integrity of financial and operational information;
(c)the effectiveness of operations;
(d)safeguarding of assets; and
(e)compliance with laws, regulations and controls.

 

3.2.12The internal audit function must assist the accounting officer in achieving the objectives of the institution by evaluating and developing recommendations for the enhancement or improvement of the processes through which—
(a)objectives and values are established and communicated;
(b)the accomplishment of objectives is monitored;
(c)accountability is ensured; and
(d)corporate values are preserved.