Diámetros Oseos

The empirical results of the study identified weaknesses that emerged from examining the experiences and expectations of the IAF customers. In addition participants shared their perceptions of the challenges facing the IAF in the National Treasury. Recommendations on how to address these weaknesses follow:

176 6.5.2.1 Focus of the IAF

Based on the empirical results, participating key IAF customers revealed that they were reasonably satisfied with the work of the IAF in the National Treasury. Hence it is recommended that the IAF should continue to advise and provide assurance on risk management, control and governance processes to their customers efficiently, effectively and ethically. It is furthermore recommended that the CAE becomes involved in higher-level meetings in order to improve his or her awareness of the department’s strategic objectives, on the understanding that this knowledge and insight is to be incorporated into the activities of the IAF. It is also recommended that the IAF should educate management on how to deal with the weaknesses identified in the internal audit reports, and on the IAF’s ongoing role in the governance processes of the department.

6.5.2.2 The AGSA’s reliance on the work of the IAF

In order to increase the AGSA’s reliance on the work of the IAF, the study recommends that the National Treasury IAF should regularly meet with the AGSA to discuss each other’s audit scope and their respective audit programmes, audit plans and reports. Such consultation should occur at an early stage of developing the internal audit plan. It is thus envisaged that the involvement of the AGSA in the development of the internal audit plan could increase its willingness to rely on the work performed by the IAF in the National Treasury. It is recommended therefore, that the AC simultaneously evaluate the audit plans of the IAF and the external auditors, again, to facilitate greater reliance by the external auditor on the work of the IAF.

This recommendation conforms with Standard 2050, Coordination, which “requires that the CAE should share information and coordinate activities with other internal and external providers of assurance and consulting services to ensure proper coverage and minimise duplication of efforts” (IIA, 2009a).

177 6.5.2.3 IT skills

The empirical data indicate that the key IAF customers’ participants expect the IAF to already be in possession of suitable IT skills. Hence the researcher recommends that the National Treasury IAF should provide guidelines that ensure that IT skills are well represented in an internal audit team. This could assist the IAF to better understand the risks and controls in the National Treasury. It would also help the IAF to evaluate the systems’ ability to protect information and assets against unauthorised users. Hence the benefit could improve the efficiency of the IAF’s efforts to identify possible risks and to recommend mitigating strategies. The participants also require the National Treasury IAF to increase its competence levels in respect of IT skills. This could be achieved if the IAF management recruitment strategy is changed to require that new staff must already have a demonstrable knowledge of information systems. In addition management should provide its existing internal audit staff with IT training so that they will also be in a position to execute their IT-related tasks.

6.5.2.4 Findings register and audit action monitoring processes

The National Treasury IAF should implement and constantly update its formal findings register with the internal and external audit findings. This could be an effective strategy to assist the AC, the executive and senior managers and the programme and operating managers to track and trace any resolved and unresolved audit findings. The development of an audit action monitoring committee could help the AO to allocate accountability in order to ensure the prompt implementation of the IAF and AGSA’s recommendations. Such an audit action monitoring committee should be led by the AO on behalf of the AC, and be formally tasked to monitor the progress of the implementation of the IAF’s and the AGSA’s recommendations. This could also be viewed as an effective strategy on the part of the AC to add value to the IAF.

178 6.5.2.5 Knowledge of the business

It is recommended that the IAF should conduct an ongoing risk review covering the existing and potential risks that the organisation could face. Hence the National Treasury IAF should regularly consult with the executive and senior managers and the programme and operating managers in order to gain knowledge of the business. Such consultations could assist the IAF to obtain a holistic understanding of the key risks faced by the organisation. It should also be possible for the IAF to gain an enhanced understanding of the business operations and environment by reviewing the organisation’s systems, risk assessment processes and strategies. The IAF could also use the risk analysis and risk profile information that the chief risk officer already has on hand, to learn more about the business.

6.5.2.6 Participation at strategic level

It is recommended that the IAF should continue to participate at a strategic level in the National Treasury in order to improve its understanding of issues and risks facing the organisation. Such participation should be exercised professionally and the IAF should treat the information and issues discussed at strategic meetings as confidential.

6.5.2.7 Realistic audit plans

It is recommended that the IAF should develop a realistic audit plan that prioritises the strategic and operational risks identified by the chief risk officer. Such a plan should be aligned to the organisational strategies and should include follow-up audits and ad hoc and special audit requests originating from the AC and the executive and senior managers. Accordingly, the study recommends that the audit plan should be flexible (with component audits ranked in order to accommodate ad hoc audit work), that the audit plan should also involve the department’s risk management unit, and finally that it be approved by the AC.

179 6.5.2.8 Consultation and openness

Since the IAF does not know everything about the organisation it is working with, the study recommends that the IAF should consider a consultative and open approach to obtain an understanding of the organisation. The National Treasury IAF should introduce a formal consultation policy that would allow and encourage it to interact openly with its customers. Following an open communication policy and obtaining regular feedback from customers should promote a consultative approach to internal audit. This consultative approach could be implemented in terms of Standard 2200, Engagement planning, which requires the internal auditors to hold meetings with programme and operating managers responsible for the area covered by the internal audit engagement (IIA, 2009a).

6.5.2.9 Training

Training National Treasury IAF staff on financial information and controls could be beneficial to the National Treasury. This would enhance the efficiency and effectiveness of IAF staff in the evaluation of risks and controls relating to financial information. It is also recommended that the IAF staff attend regular refresher courses on financial information reporting to expand their knowledge to include the latest developments and requirements.

6.5.2.10 Feedback sessions

The IAF’s feedback sessions should be viewed as opportunities to explain, validate and justify its role in the department. The study therefore recommends that the junior staff should be involved in the exit meeting (where the IAF discusses the audit findings and recommendations with its customers), and the meeting should be conducted in such a way that the IAF adds value and not only focuses on providing assurance. Such feedback sessions would assist both those tasked with the implementation of the audit recommendations and the IAF to mutually agree on the implementation process and timetable for the recommendations.

180 6.5.2.11 Independence and objectivity

Independence and objectivity are the cornerstones of the IAF, underpinning their activities from the beginning to the end of the audit engagement. These two principles are fundamental to the integrity of the IAF’s practices. These principles should also be defined in the IAF’s charter as required in terms of Standard 1000, Purpose, authority and responsibility (IIA, 2009a). Therefore the study recommends that the AC should fulfil its oversight role to ensure that these fundamental principles are honoured by having frequent one-on-one meetings with the CAE, without management being present.

6.5.2.12 Management support

The presence or absence of management support determines the operational effectiveness of and the value added by the IAF. It is therefore recommended that the executive and senior management of National Treasury should set a positive tone by involving the IAF at strategic level, and by supporting the recommendations made by the IAF.