HOME
   Latest news
   News archive

 MUNICIPALITY
   Overview
   Mayor
   Municipal Manager
   Directorates
   City branding
   Key documents
   Financial Reporting
   Council meetings
   Demographics
   By-laws
   Vacancies
   Events

 RESIDENTS
   Overview
   FAQs
   City services
   Tariffs
   Contact us
   Contact a councillor
   Useful stuff
   People of the City

 BUSINESS
   Overview
   I D Z
   The province
   Infrastructure
   Key sectors

 VISITORS
   Overview
   Attractions
   Introduction to SA
   Did you know?
   Maps
   Gallery

 2010
   Buffalo City on 2010
INTERNAL AUDIT CHARTER

INDEX
  1. Purpose
  2. Approval
  3. Role of Internal Audit
  4. Responsibilities of management
  5. Responsibilities of internal audit
  6. Relationship with external auditors
  7. Status of internal audit
  8. Scope and authority of internal audit work
  9. Planning and reporting
  10. Conclusion
Power Point presentations:
1. PURPOSE
The purpose of this charter is to set out the nature, role, responsibility, status and authority of the Internal Audit Department and to outline the scope of their work.

top

2. APPROVAL
This charter establishes the authority and responsibility conferred by management and was approved by the City Manager on 2001.

top

3.ROLE OF INTERNAL AUDIT
The role of the Internal Audit Department is to assist the City Manager and the General Managers to meet their objectives and to discharge their responsibilities by providing an independent appraisal of the adequacy and effectiveness of the controls set up by management to help run the respective Directorates.

top

4. RESPONSIBILITIES OF MANAGEMENT
The Head of the Internal Audit Department is responsible for determining the scope of internal audit work, and for deciding the action to be taken on the outcome of or findings from their work.

top

      Management is responsible for:

  • proposing the areas of investigation by internal audit
  • ensuring the internal audit function has:
    • the support of top management;
    • direct access and freedom to report to top management, including the Audit Committee.
  • maintaining internal control, including proper accounting records and other management information suitable for running the Directorate.
  • reviewing internal audit reports within a period not exceeding two weeks and implementation of recommendations as considered appropriate.
Nothing set out above shall restrict the freedom of the Internal Audit Department to conduct their own independent investigation on any matter

top

5. RESPONSIBILITIES OF INTERNAL AUDIT

Internal Audit is responsible for conducting their work in accordance with the standards for the Professional Practice of Internal Audit established by the Institute of Internal Auditors (IIA)

Internal audit is not responsible for any of the activities, which they audit. Members of the Internal Audit function will not assume responsibility for the operation or control of any procedures.

Internal Audit should be consulted on significant proposed changes in internal control systems and the implementation of new systems and should make recommendations on the standards of control to be applied. This is without prejudice to their ability to review the system.

Internal Audit will not prepare or document internal control procedures for Directorates.

Internal Audit will not undertake non-internal audit duties save with the express permission of the City Manager.

top

6. RELATIONSHIP WITH THE EXTERNAL AUDITORS
The Internal Audit Department will co-ordinate their work with the External Auditors. The external auditors will be notified of the activities of internal audit in order to minimise duplication of audit effort. This will be accomplished by:
  • regular meetings between the Internal Audit Department and External Audit to discuss the annual internal and external audit plans;
  • access by the external auditors to the internal audit documentation;
  • exchange of management letters;
  • access to systems documentation.
top

7. STATUS OF INTERNAL AUDIT IN THE ORGANISATION
The Internal Audit Department will remain independent of all line and functional management and will be answerable solely to the City Manager and Audit Committee.

Independence of the Internal Audit Department will be ensured by:

  • the clear policy that internal audit will have full access at all times to any records, properties and resources relevant to the subjects under review.
  • access to the Chairperson of the Audit Committee.
  • not assuming any line management control
  • the Internal Audit function being free of any undue influences which could restrict, over-rule or otherwise affect the judgement as to the content of a report or in any way require the Department to function under duress or which could affect the institution or conduct of an investigation.
top

8. SCOPE AND AUTHORITY OF INTERNAL AUDIT WORK
There are no restrictions placed upon the scope of the Internal Audit Department's work. Members of the internal audit function engaged on internal audit work are entitled to receive whatever information or explanations they consider necessary to fulfil their responsibilities to senior management.

Internal audit work will normally include but is not restricted to:

  • reviewing the systems established by management to ensure compliance with those policies, plans, procedures, laws and regulations which could have a significant impact on operations, and determining whether the Directorate is in compliance.
  • reviewing the means of safeguarding assets and, as appropriate, verifying the existence of assets;
  • reviewing operations or programmes to ascertain whether results are consistent with established objectives and goals and whether the operations or programmes are being carried out as planned.
  • reviewing the reliability and integrity of financial and operating information and the means used to identify, measure, classify and report such information;

8.1 Compliance and regularity Audit
Compliance Auditing is performed after the internal controls have been evaluated and is defined as a test of controls. The overall objective of this is to express an opinion - i.e. satisfactory, needs improvement, or unsatisfactory on the achievement of the control objectives of each significant system.

  • auditing of financial transactions which includes the evaluation of compliance with applicable laws, regulations, policies and instructions.
  • audit of the policy and propriety of administrative decisions taken within the Directorate; and
  • reporting of any other matter arising from or relating to the audit that the auditor considers should be disclosed.

Internal Audit is aimed at promoting efficient, economicaI and effective management processes and evaluating the soundness, adequacy and effectiveness of internal controls by:

  • appraising the effective conduct of Directorate operations;
  • reviewing the reliability and integrity of financial, operating and management information;
  • ascertaining the extent to which assets and departmental interests are being properly controlled and safeguarded from losses of any kind;
  • appraising the economy and efficiency with which financial, human and other resources are employed and
  • monitoring the accomplishment of established objectives and goals for programmes.

8.2 Performance Auditing
The promotion of economy, eficiency and effectiveness depends on adequate overall management arrangements for planning, budgeting, authorisation, control and evaluation of the use of resources. Directors are responsible for the implementation and functioning of overall management arrangements.The responsibility of a performance audit is to confirm independently that these measures do exist and are effective and to report to the management and the Audit Committee on these issues. In the course of an investigation into overall management arrangements in a Directorate the following will receive attention:

  • systems planning, budgeting, authorisation, control and evaluation in respect of revenue, expenditure and the allocation of resources;
  • the effect of decisions beyond the control of the Directorate which have had an adverse influence on the Directorate;
  • measures ensuring the proper management of all the resources of the Directorate;
  • measures developed to derive benefit from economies of scale of expertise, especially in the provision of goods and services;
  • specific steps aimed at improving the economy, efficiency and effectiveness of the activities of the Directorate;
  • proper assignment of responsibilities, powers and accountability;
  • measures to monitor results against predetermined objectives, to ensure that unacceptable performance is corrected timeously;
  • whether policy objectives were set and policy decisions taken with the necessary authority;
  • the extent to which policy objectives were set and decisions taken on the basis of adequate, appropriate and reliable financial and other information and whether the critical underlying assumptions have been disclosed;
  • if satisfactory arrangements for the consideration of alternative possibilities were made;
  • whether established policy goals and objectives as well as decisions on the implementation of policy are clearly defined and in line with the priorities of the Council, and whether they were taken with proper authority at the appropriate level;
  • whether conflict exists between the various policy goals or objectives, or between the methods chosen to implement them;
8.3 Computer Reviews
A review of the Information Technology (IT) control to obtain an understanding of the control environment to support the audit risk assessment and to ensure that proper IT controls are in place.

Apart from the review referred to above it can also review specific computer and applications controls, control over changes in the computer systems, the methodology of systems development, internal controls and procedures, back up and recovery procedures, disaster recovery plan and the physical control of the computer facilities.

Segregation of duties other than those enforced by manual procedures, like programmed procedures and passwords may be audited. Risk rating of all systems and functional areas as seen by management may be reviewed, and the management of these risks should be reported on.

8.4 Fraud Limitation
The identification and prevention of fraud is clearly a management responsibility. Internal audit is well qualified to assist management to identify the main fraud risks facing the Directorates and could assist management in designing appropriate controls to minimise the risks.

top

9. PLANNING, CONTROLLING, RECORDING AND REPORTING
9.1 Strategic internal audit plan
The Internal Audit Department will in consultation with management present an annual internal audit plan to the Audit Committee for approval. The plan shall set out the recommended scope of their work in the period.

The annual plan will be developed with reference to a long term strategic outlook for internal audit work, prepared in conjunction with management and approved by the Audit Committee, and should have regard to the business plans and strategic outlook of the department as a whole.

    9.1.1 Planning

    The primary purpose of internal audit planning includes:

  • determination of priorities in order to establish the most cost-effective means of achieving audit objectives
  • assist in the direction and control of audit work
  • help ensure that attention is devoted to practical aspects of internal audit work
  • help ensure that work is completed in accordance with predetermined targets.

    The stages of internal audit planning include:

  • defining internal audit objectives
  • taking account of relevant changes in legislation and other factors
  • obtaining a comprehensive understanding of the system, structure and operations
  • identifying, evaluate and rank risks to which the Department is exposed
  • taking account of changes in structures or major systems
  • taking account of the known strengths and weaknesses in the internal control system
  • taking account of management concerns and expectations
  • identifying audit areas by component and major systems
  • determining the type of audit;
  • taking account of the plans of external audit

    Operational work plans should be prepared for each internal audit assignment, including:

  • objectives and scope of the audit
  • time budget and staff allocations
  • methods, procedures and reporting arrangements, including supervision and allocation of responsibilities

    All internal audit plans should be sufficiently flexible to respond to changing priorities.

    9.1.2 Controlling

    Control of the individual assignments is needed to ensure that internal audit objectives are achieved and work is performed effectively. This is facilitated by an established internal audit approach and standard documentation. The Head of Internal Audit shall ensure that the necessary degree of control and supervision is exercised.

    The Head of Internal Audit shall establish arrangements to:

  • allocate internal assignments according to the level and proficiency of internal audit staff
  • ensure that internal auditors clearly understand their responsibilities and internal audit objectives.
  • communicate the scope of work to be performed and agree the programme of work with each internal auditor
  • provide and document evidence of adequate supervision, review and guidance during the internal audit assignment
  • ensure that adequate working papers are prepared to support internal audit findings and conclusions
  • ensure that internal audit's performance is in accordance with the internal audit plan or that any significant variations have been explained

    9.1.3 Recording

    Internal audit work shall be recorded because:

  • the Head of Internal Audit needs to be able to ensure that work delegated to staff has been properly performed. This will be done through reference to detailed working papers prepared by the internal audit staff who performed the work.
  • working papers provide, for future reference, evidence of work performed, details of problems encountered and conclusions drawn
  • the preparation of working papers should encourage each internal auditor to adopt a methodical approach to his work
  • the Head of Internal Audit shall specify the required standard audit documentation and working papers and ensure those standards are maintained. Internal audit working papers should be sufficiently complete and detailed to enable an experienced internal auditor with no previous connection with the internal audit assignment to subsequently ascertain from them what work was performed to support the conclusions reached.

    Working papers must be prepared as the internal audit assignment proceeds so that critical details are not omitted or problems overlooked.

9.2 Evaluation of the internal control system

The main objectives of the internal control system are to:

  • ensure adherence to management policies and directives in order to achieve the objectives
  • safeguard assets
  • secure the relevance, reliability and integrity of information and as far as possible the completeness and accuracy of records
  • ensure compliance with statutory requirements.
When evaluating internal control systems Internal Audit should consider the effect which all the controls have on each other and or related systems. The stages of a systems audit include:

  • identifying the system parameters
  • determining the control objectives
  • identifying the expected controls to meet control objectives
  • reviewing the system against expected controls
  • appraising the controls designed into the system against control objectives
  • testing the operation of controls in practice
  • giving an opinion based on audit objectives as to whether the system provides an adequate basis for effective control and whether it is properly operated in practice.

9.3 Evidence

Internal audit evidence is information obtained by an internal auditor which enables conclusions to be formed on which recommendations can be based.

Internal Audit should determine what evidence will be necessary by exercising judgment in the light of the objectives of the internal audit assignment. This judgement will be influenced by the scope of the assignment, the significance of the matters under review, their relevance and the reliability of available evidence and the cost and time involved in obtaining it.

The collection and assessment of internal audit evidence should be reviewed to provide reasonable assurance that conclusions are soundly based and internal audit objectives achieved.

The Internal Audit Department should obtain the evidence considered necessary for the achievement of the internal audit assignment objectives. This is influenced by the following:

  • the level of assurance required
  • the objectives and scope of the audit assignment
  • the scale of activity under review and the degree of risk involved
  • the cost/benefit involved in obtaining evidence
  • the reliability of the evidence
The relevance of the internal audit evidence should be considered in relation to the objectives of the internal audit assignment. Reliable evidence can be achieved through the use of appropriate internal audit techniques which would normally be selected in advance, but which may be expanded or altered as necessary during, the internal audit assignment.

In order to place reliance on evidence, the Internal Audit Department should be satisfied with its nature, extent, adequacy, consistency and relevance to the internal audit assignment and with the methods governing it's collection.

9.4 Reporting

The primary purposes of internal audit reports are to provide management with an opinion on the adequacy of the internal control system, and to inform management of significant audit findings, conclusions and recommendations.

The aim of every internal audit report should be:

  • to prompt management to implement recommendations for change leading to improvement in performance and control
  • to provide a formal record of points arising from the internal audit assignment and, where appropriate, of agreements reached with management

Reporting arrangements, including the format and distribution of internal audit reports, should be agreed with management. The Head of the Internal Audit Department should ensure that reports are sent to managers who have a direct responsibility for the unit being audited and who have the authority to take action on the internal audit recommendations. Internal audit reports are confidential documents and their distribution should therefore be restricted to those managers who need to know, the Audit Committee and the External Auditors.

The Internal Audit Department should produce clear, constructive and concise written reports based on sufficient, relevant and reliable evidence, which:

  • state the scope, purpose, extent and conclusions of the internal audit assignment
  • make recommendations which are appropriate and relevant, and which flow from the conclusions
  • acknowledge the actions taken, or proposed, by management
The Internal Audit Department should prepare flash reports to alert management to the need to take control, or when there are reasonable grounds for suspicion of fraud or theft.

Consideration should also be given to reporting where there is a significant change in the scope of the internal audit assignment or where it is desirable to inform management of progress. Interim reporting should not diminish or eliminate the need for final reporting.

The Head of Internal Audit should meet with management to discuss the audit findings during, and at the completion of fieldwork for each internal audit assignment and the formal written report should be presented to management as soon as possible thereafter.

Before issuing the final report, the Internal Audit should discuss the content with appropriate levels of management, and submit a draft report to them, for confirmation of factual accuracy.

If the Head of Internal Audit and management disagree about the factual content of the draft audit report, internal audit should reviewing the situation and if reference should be made to this in the final report. No Director may alter the content of any report by the Head of Internal Audit to the Audit Committee, but may furnish comment thereon on the Agenda.

It is management's responsibility to ensure that proper consideration is given to internal audit reports. Internal Audit should ensure that appropriate arrangements are made to determine whether action has been taken on internal audit recommendations or that management has understood and assumed the risk of not taking such action.

top

10. CONCLUSION
It is management's responsibility to maintain the internal control system and to ensure that resources are properly applied in the manner and to the activities intended. This includes responsibility for the prevention and detection of fraud and other illegal acts.

top

Print this Page
Email this article to a friend


  Contact us:
Open weekdays 6am to 10pm
(043) 705 3150
 Useful links:
IDZ
Daily Dispatch
Border Kei Chamber of Business
East Cape Development Corporation
Amatola Water
Buffalo City Development Agency

Value Me

South African
Cities Network
| webmaster | contact us |

Web development by