Riding the combined assurance wave in the public sector

Source: ©wirojsid 123rf.com

The concept of working together to strengthen accountability – called combined assurance – calls on all roleplayers to work together and positively influence their areas of responsibility towards the better management of public resources.

In the public sector, successfully implementing combined assurance requires the involvement of mayors, municipal councils, municipal managers, municipal public accounts committees, public accounts committees, portfolio committees, audit committees, and internal and external auditors. Only if these roleplayers combine forces to ensure accountability will we see a solid foundation for service delivery.

One key assurance provider is the accounting officer/authority, whose responsibilities are outlined in the Public Finance Management Act (PFMA), the Municipal Finance Management Act (MFMA) and other enabling legislation. These responsibilities include establishing an effective, efficient, and transparent system of financial and risk management, as well as related internal controls. Accounting officers and authorities should also focus on creating a system of internal audit under the control and direction of the audit committee, and on implementing appropriate procurement systems. In short, accounting officers and authorities are responsible for the appropriate management and use of public resources.

Internal control system

The importance of an effective internal control system cannot be overstated – it is critical for mitigating risks to credible reporting on financial management, for service delivery and for compliance with legislation. If the combined assurance model is to be successfully implemented, accounting officers and authorities must carry out their PFMA and MFMA responsibilities effectively, which they can do by:

• Providing effective and ethical leadership, and overseeing financial and performance reporting and compliance with legislation
• Implementing effective human resource management to ensure that sufficiently skilled staff are employed, that their performance is monitored and that there are proper consequences for poor performance
• Establishing policies and procedures to enable sustainable internal control practices, and monitoring the implementation of action plans to address internal control deficiencies and audit findings
• Establishing an information technology (IT) governance framework that supports and enables the achievement of objectives, delivers value, and improves performance
• Conducting appropriate risk management activities to ensure that regular risk assessments, including for IT risks and fraud prevention, are performed and that an appropriate strategy to address the risks is developed and monitored
• Ensuring that an adequately resourced and functional internal audit unit is in place and that leadership responds to internal audit reports, and
• Supporting the audit committee in fulfilling its role in the combined assurance process

The relentless tide

Public sector institutions have generally been slow to embed combined assurance, and their risk management is not always robust. Every year, the Auditor-General of South Africa (AGSA) publishes general reports highlighting the outcomes of the PFMA and MFMA audit cycles. These reports are publicly accessible on the AGSA website.

Over the years, the AGSA has highlighted the following challenges:

• No real improvement in audit outcomes;
• An overall regression in the strength of internal controls;
• Weakening of basic financial and performance reporting controls, human resource controls and IT controls;
• Concerns about infrastructure project management;
• Assets that are not safeguarded, resulting in theft and vandalism;
• Payments to suppliers for poor-quality work;

Unfair procurement processes, with overpricing being a common practice

• Late payment of creditors;
• Extensive non-compliance with legislation;
• Poor-quality financial statements and performance reports submitted for auditing; and
• Increasing irregular expenditure with few, if any, consequences for this disrespect of the law

Most of the audit findings contained in these reports can be attributed to the slow response to address key risks and improved related internal controls. However, all these areas will improve if management, internal audit, and audit committees respond appropriately to the risks – combining the strength of their assurance activities.

The same applies to independent oversight, whether in the form of public accounts committees or portfolio committees. In executing their oversight responsibilities, these committees should insist on adequate risk management and related preventative controls, consistently interrogating failure and monitoring the implementation of consequences for failures. Oversight adds to the strength of assurance over and above the practices described above.

The intention of Public Audit Act amendments

On 1 April 2019, the amendments and supporting regulations to the Public Audit Act (PAA) came into effect. Rather than being punitive, these amendments are intended to strengthen the accountability mechanism in the public sector. They have been designed to empower accounting officers and authorities to uphold their responsibilities, rectify any breaches and compromises in the system, and strengthen accountability.

The ultimate purpose of these new powers is to enable accounting officers and authorities to deal with the underlying causes of system failures, strengthen preventative controls, support the case for optimised systems and processes, and enhance accountability. The AGSA brings any identified material irregularities (non-compliance, fraud, theft or breach of fiduciary duty that results in a financial loss, misuse of a public resource or substantial harm to a public sector institution or the general public) to the attention of accounting officers and authorities, empowering them to address these irregularities and take the appropriate actions in a timely manner. This significantly improves the availability of finances and resources, paving the way for enhanced service delivery.

The success of the amended powers, therefore, lies in turning the tide towards a culture of responsiveness, consequence management, good governance and accountability among accounting officers and authorities, as well as other internal and external assurance providers. The amendments clearly highlight the need to have consequences for wrongdoing and to set the tone for a culture of accountability.

By 28 February 2021, the AGSA had notified accounting officers and authorities of 75 material irregularities with an estimated financial loss totalling R6,9bn.

When the tide turns

If the public sector accountability value chain is to start improving, all assurance providers – especially accounting officers and authorities – need to remain relevant. They must insist on overcoming the waves of uncertainty and the risks that institutions face to meet financial, strategic, operational, and legislated objectives.

Smooth sailing will only be possible when:

• Risk identification improves and there are effective internal controls in place;
• Assurance providers have the relevant skills and experience to have a positive impact in their role in the combined assurance process, are firm on their findings and follow up the closure of any weaknesses identified; and
• Assurance activities are coordinated to achieve the most effective, economical, and efficient use of such activities

Success in the form of strong accountability is possible if all assurance providers work together with the same goal in mind – to safeguard the appropriate use of public resources for the benefit of the citizens of South Africa. There is no challenge bigger than the collective, and therefore the effective and deliberate implementation of the PAA will lead us to stronger structures and ultimately to the change we want to see.