Sign In

Legislation - Constitutional Institutions

 

Contents

1       Introduction 

1.1    Accounting Officer / Authority 

1.1.1 Section 38 (1) (a) (i) of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA) 

1.1.2 Section 3.2.1 of the Treasury Regulations 

1.2    Management, Other Personnel, Chief Risk Officer, Risk Champions 

1.2.1 Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA) 

1.3    Internal Auditors 

1.3.1 Section 38 (1) (a) (ii) of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA) 

1.3.2 Section 3.2.6 of the Treasury Regulations 

1.3.3 Section 3.2.7 (a) of the Treasury Regulations 

1.3.4 Section 2110 - Risk Management of the International standards for the Professional Practice of Internal Auditing 

1.4    Audit Committee 

1.4.1 Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA) 

1.4.2 Section 3.1.10 of the Treasury Regulations 

1.4.3 Section 3.1.13 of the Treasury Regulations 

 

1 Introduction

1.1 Accounting Officer / Authority

1.1.1 Section 38 (1) (a) (i) of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA)

Section 38 (1) (a) (i) of the PFMA requires that:

"The accounting officer has and maintains:

·      "i) Effective, efficient and transparent systems of financial and risk management and internal control."

1.1.2 Section 3.2.1 of the Treasury Regulations

The roles and responsibilities for the implementation of the ERM strategy is contained in the Treasury Regulations published in terms of the PFMA. Section 3.2.1 of the regulations addresses risk management summarised as follows:

·    The accounting officer must ensure that a risk assessment is conducted regularly to identify emerging risks for the institution.

·     The risk management strategy, which must include a fraud prevention plan, must be used to direct internal audit effort and priority and to determine the skills required of managers and staff to improve controls and to manage these risks.

·      The risk management strategy must be clearly communicated to all officials to ensure that it is incorporated into the language and culture of the institution and embedded in the behaviour and mindset of its people.

1.2 Management, Other Personnel, Chief Risk Officer, Risk Champions

1.2.1 Section 45 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA)

The extension of general responsibilities in terms of Section 45 of the PFMA to all managers within the public sector implies that responsibility for risk management vests at all levels of management and that it is not limited to only the accounting officer and internal audit.

1.3 Internal Auditors

1.3.1 Section 38 (1) (a) (ii) of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA)

Section 38 (1) (a) (ii) of the PFMA requires that:

·     "(i) The accounting officer for a department, trading entity or constitutional institution-

·      must ensure that the department, trading entity or constitutional institution has and maintains -

·   (ii) a system of internal audit under the control and direction of an audit committee complying with and in accordance with regulations and instructions prescribed in terms of sections 76 and 77."

1.3.2 Section 3.2.6 of the Treasury Regulations

Section 3.2.6 of the Treasury Regulations states:

"Internal Audit must be conducted in accordance with the standards set by the Institute of Internal Auditors."

1.3.3 Section 3.2.7 (a) of the Treasury Regulations

Section 3.2.7.(a) of the Treasury regulations states:

"An internal audit unit must prepare, in consultation with and for approval by the audit committee -

·     (a) a rolling three-year strategic internal audit plan based on its assessment of key areas of risk for the institution, having regard to its current operations, those proposed in its strategic plan and its risk management strategy."

1.3.4 Section 2110 - Risk Management of the International standards for the Professional Practice of Internal Auditing

Section 2110 -  Risk Management of the International standards for the Professional Practice of Internal Auditing states:

"The internal audit activity should assist the organisation by identifying and evaluating significant exposures to risk and contributing to the improvements of risk management and control systems.

2110. A1 - The internal audit activity should monitor and evaluate the effectiveness of the organisation's risk management system.

2110. A2 - The internal audit activity should evaluate risk exposures relating to the organisation's governance, operations, and information systems regarding the:

·         Reliability an integrity of financial and operational information;

·         Effectiveness and efficiency of operations;

·         Safeguarding of assets;

·         Compliance with laws, regulations, and contracts.

2110. C1 - During consulting engagements, internal auditors should address risk consistent with the engagement's objectives and be alert to the existence of other significant risks.

2110. C2 -  Internal Auditors should incorporate knowledge of risks gained from consulting engagements into the process of identifying and evaluating significant risk exposures of the organisation."

1.4 Audit Committee

1.4.1 Section 77 of the Public Finance Management Act (Act 1 of 1999 as amended by Act 29 of 1999) (PFMA)

Section 77 of the PFMA states:

·         An audit committee -

a)      Must consist of at least three persons;

b)      Must meet at least twice a year;

c)       May be established for two or more departments or institutions if the relevant treasury considers it to be more economical."

1.4.2 Section 3.1.10 of the Treasury Regulations

·         Section 3.1.10 of the Treasury Regulations states:

a)    The effectiveness of the internal control system;

b)    The effectiveness of internal audit;

c)     The risk area's of the entity's operations to be covered in the scope of the internal and external audits;

d)    The adequacy, reliability and accuracy of financial information provided to management and other users of such information;

e)    Any accounting and auditing concerns identified as a result of internal and external audits;

f)     The entity's compliance with legal and regulatory provisions;

g)   The activities of the internal audit function, including its annual work programme, co-ordination with external auditors, the reports of significant investigations and responses of management to specific recommendations."

1.4.3 Section 3.1.13 of the Treasury Regulations

Section 3.1.13 of the Treasury Regulations states:

·         "In addition to the above, an audit committee must, in the annual report of the institution, comment on -

a)      "the effectiveness of internal control;

b)   The quality of in year management and monthly/quarterly reports submitted in terms of the Act and the Division of Revenue Act;

c)       Its evaluation of the annual financial statements."


© Maintained by the National Treasury. All Rights Reserved.