Internal
Audit Directorate
Objectives
The main objectives of the internal
audit unit are to provide independent, objective assurance and
consulting services designed to add value and improve the
provincial department's operations.
It helps provincial departments accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, controls and governance processes.
Scope
The role of the internal audit unit is to assist accounting officers and the audit committee in the effective discharge of their responsibilities. The scope of the internal audit unit can broadly be defined within three categories:
- Risk Management – assist management and audit committee in identifying, evaluating and implementing risk management methodologies and controls to address risks.
- Internal Controls – providing an independent evaluation
of the adequacy of internal controls to determine their
effectiveness and efficiency and by developing new controls
and providing recommendations for enhancements or
improvements to the existing controls.
-
Governance – evaluating and developing recommendations for the enhancement or improvement of the processes through which objectives and values are established and communicated; accountability is ensured and corporate values are preserved.
Internal Audit Unit Divisions
The internal audit unit is headed by a Chief Director and is divided into two directorates namely directorate assurance services and directorate special investigations.
-
Directorate Assurance Services – this directorate is
responsible for all internal audit function; facilitating
risk assessments; drawing up three year rolling audit plan
and preparing operational plans.
- Directorate Special Investigations –
this directorate is responsible for all fraud and corruption
related audits. It is also responsible for the hotline
services.
Internal Auditing Standards
The unit conducts its audits in accordance with the Standards for Professional Practice of Internal Auditors as set out by the South African Institute of Internal Auditors. These standards among other things include the following:
-
Purpose, Authority, and
Responsibility - the purpose, authority, and responsibility
of the internal audit activity should be formally defined in
a charter , consistent with the Standards.
-
Organisational Independence -
the head of internal audit should report to a level within
the organisation that allows the internal audit activity to
fulfil its responsibilities.
- Individual Objectivity - internal
auditors should have an impartial, unbiased attitude and
avoid conflicts of interest.
-
Professional Proficiency - internal auditors should possess the knowledge, skills, and
other competencies needed to perform their individual
responsibilities. The internal audit activity collectively
should possess or obtain the knowledge, skills, and other
competencies needed to perform its responsibilities.
-
Due Professional Care – internal
auditors should apply the care and skill expected of a
reasonably prudent and competent internal auditor.
-
Continuing Professional Development
- internal auditors should enhance their knowledge, skills,
and other competencies through continuing professional
development.
-
Quality Assurance and Improvement
Program – the head of internal audit should develop and
maintain a quality assurance and improvement program that
covers all aspects of the internal audit activity and
continuously monitors its effectiveness.
The Code of Ethics established by the Institute of Internal Auditors governs the
unit's daily activities. The Code of Ethics entails among other things the
following principles which internal auditors are expected to apply and uphold:
-
Integrity - the integrity of
internal auditors establishes trust and thus provides the
basis for reliance on their judgment.
- Objectivity - internal auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.
-
Confidentiality - internal auditors
respect the value and ownership of information they receive
and do not disclose information without appropriate
authority unless there is a legal or professional obligation
to do so.
-
Competency - internal auditors
apply the knowledge, skills, and experience needed in the
performance of internal auditing services.
The Role of the Audit Committee
Risk management is about decisions taken by management that contribute to the achievement of the department's objectives by applying it both at individual activity level and in functional areas. Risk management is therefore a series of activities that can be summarised as follows:
-
Assessing, identifying, evaluating
and monitoring or eliminating of actual and potential risks
that a department may be faced with in achieving its
objectives.
- The process of accepting, reducing,
mitigating or eliminating risks by implementing new or
improved internal controls that contribute to achieving
objectives.
-
Eliminating any management controls
that no longer serve as risk control function but only
stifle efficiency.
- Identifying opportunities that may otherwise be overlooked and consider exploiting opportunities previously considered too risky. An effective risk management strategy is pro-active and anticipatory enabling the department to achieve its objectives.
Contacts Details
Head Internal Audit: +27 13 766 2209
Director Internal Audit: +27 13 766 2334