Bank and Cash Cycle (Including Cash Flows and Liquidity Issues)

DOCUMENT TITLE
Review Internal Audit Report
NUMBER

DATE 06 November 2020

AUTHORIZATION

NAME SIGNED DATE

Prepared C 06 November 2020

Reviewed/ Approved Z
 SYSTEMS AND COMPLIANCE AUDIT

Confidential

INTERNAL AUDIT

FINAL REPORT

FUNCTIONALITY: INTERNAL AUDIT

PROJECT NAME: BANK AND CASH CYCLE (INCLUDING

CASH FLOWS AND LIQUIDITY ISSUES)

NOVEMBER 2020

This report contains 17 pages

Final Report – November 2020 Page 2 of 17

 CONTENTS

INTRODUCTION 7
SECTION A – EXECUTIVE SUMMARY
SCOPE 7
AUDIT OBJECTIVES 7
SOURCES OF INFORMATION 8
SAMPLING 8
FRAUD AND INTERNAL CONTROL 8
MANAGEMENT RESPONSIBILITY 9
RESPONSIBILITY FOR CORRECTIVE ACTION 9
SUMMARY OF FINDINGS 10
CONCLUSION 12

SECTION B – DETAILED AUDIT FINDINGS

UPDATING OF BANK RECORDS FOR
14
SIGNATORIES
SHARE CERTIFICATE COULD NOT BE OBTAINED 15

Final Report – November 2020 Page 3 of 17

 INTERNAL AUDIT

06 November 2020

TO: MR D
MR B
MR P

CC: MR I

Dear Sir

BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW INTERNAL
AUDIT REPORT:

We have conducted a risk based audit review of the controls and compliance over the Bank and Cash
Cycle (Including Cash Flows and Liquidity Issues) for SOC Limited in terms of the 2020/21 Internal Audit
Plan as agreed and approved by the Audit Committee.

The attached report has been set out into the following two sections:

Section A An Executive Summary documenting the objectives and scope of our work, a summary
of our findings and action plan.

Section B Contains the detailed findings on our review as well as recommendations for
improvement, management comments, action plan and implementation date.

Our report has been prepared for your information, and that of the management of SOC Limited. We do not
accept responsibility to any other party to whom it may be shown or who on their own volition may decide
to rely on it.

We would like to express our appreciation to management and various members of staff who assisted us in
carrying out our work.

We would be pleased to provide you with further assistance and request that you do not hesitate to
contact Mr Z

YOURS FAITHFULLY

Final Report – November 2020 Page 4 of 17

Z
ACTING HEAD OF INTERNAL AUDIT

Final Report – November 2020 Page 5 of 17

BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
SOC LIMITED
NOVEMBER 2020

SECTION A

EXECUTIVE SUMMARY

SOC Limited Page 6 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
SOC LIMITED
NOVEMBER 2020

EXECUTIVE SUMMARY

1. INTRODUCTION

 The Internal Audit review focused on the adequacy and effectiveness of controls over the Bank
and Cash Cycle (Including Cash Flows and Liquidity Issues) at SOC Limited as set out in the
engagement letters dated 12 August 2020.
 The audit was conducted in accordance with the audit objectives, scope and methodology as
described in the Audit Planning Memorandum dated 29 September 2020.
 Due professional care was exercised during the planning, execution and reporting of the results
in respect of the focus areas reviewed by us, however, absolute assurance cannot be given that
other non-compliance and irregularities do not exist, due to limited testing being performed
based on the risk based audit approach methodology, which is predominantly focused on high
risk and high impact areas.
 Our work consisted of discussions with management, together with evaluating a selected
sample of transactions and ensuring compliance to approved policies and procedures, as they
pertained SOC Limited.
 It should be noted that the Internal Audit was conducted in accordance with the PFMA, Treasury
Regulations and the Internal Audit Charter (mandate) as well as Standards for Professional
Practice of Internal Auditing. The Internal Audit Charter sets out the nature, role, responsibility,
status and authority of Internal Auditing". Internal Audit conforms with the International
Standards for the Professional Practice of Internal Auditing based on a quality review
performed. The procedures we performed did not constitute an examination or a review in
accordance with generally accepted auditing standards or attestation standards, except as may
be specified in this report or in our scope letter.

2. SCOPE

We have conducted the audit assignment in terms of the approved Internal Audit Plan for 2020/21.

The review was undertaken during October / November 2020 covering the period 01 April 2020 to
30 September 2020, and does not reflect any changes after this date.

The scope of work will include the review of adequacy and effectiveness of controls that ensure
mitigation of risks regarding the following sub-focus areas within the Bank and Cash Cycle
(Including Cash Flows and Liquidity Issues).

 Receipts;
 Payments;
 Bank reconciliation;
 Unknown deposits; and
 Bank Accounts.

3. AUDIT OBJECTIVES

The objectives of our internal audit review are:

 Gain an understanding of the various areas under review with regards to processes and
controls;

SOC Limited Page 7 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
SOC LIMITED
NOVEMBER 2020

 Document a system description for the processes in order to enable us to efficiently and
effectively conduct the internal audit review;
 Review and appraise the controls included in the scope;
 Report to management any area of perceived weakness; and
 Make recommendations for improvement and identify non-compliance with control procedures.

4. SOURCES OF INFORMATION

Discussions were held with management and employees from Finance divisions and relevant
documentation was reviewed. Audit work was conducted on the basis of questionnaire, enquiry,
observation, confirmation, and verification of supporting documentation and identified processes.
Although key controls provide management with its prime source of internal control, inherent
limitations exist in the reliance on controls as errors and lapses in control can result from
carelessness, misunderstanding of instructions, collusion between individuals and management
override.

5. SAMPLING

The following sampling methodology was applied during the execution of our audit:

Assumed Number of Items to Test

Frequency of Population of
Control Control
Occurrences Low Mid High

Annual 1 1

Quarterly 4 2

Monthly 12 2               to              5

Weekly 52 5 10 15

Daily 250 20 30 40

Multiple times per

Over 250 25, 30 45 60
day

6. FRAUD AND INTERNAL CONTROL

Internal audit work is planned with a reasonable expectation of detecting significant control
weaknesses in the specific areas reviewed. However, internal audit procedures alone, even when
carried out with due professional care, do not guarantee that fraud will be detected. Accordingly,
our review as internal auditors should not be relied upon solely to disclose fraud, defalcation or
other irregularities, which may exist.

SOC Limited Page 8 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
SOC LIMITED
NOVEMBER 2020

Management's attention is drawn to the fact that inherent limitations exist in the reliance on internal
controls and procedures as errors and lapses in control can result from misunderstanding of
instructions, collusion between individuals and management override of set controls.

It should be recognised that controls are designed to provide reasonable, but not absolute,
assurance that errors and irregularities will not occur, and that procedures are performed in
accordance with management's intentions. There are inherent limitations that should be recognised
in the considering of the potential effectiveness of any system of controls. In the performance of
most control procedures, errors can result from misunderstanding of instructions, mistakes in
judgment, carelessness, or other personal factors. Control procedures can be circumvented
intentionally by management, either with respect to the estimates and judgments required in the
processing of data.
Further, the projection of any evaluation of control to future periods is subject to the risk that the
procedures may become inadequate due to changes in conditions and deterioration in the degree
of compliance with procedures.

7. MANAGEMENT RESPONSIBILITY

Management is responsible for the establishment and maintenance of an effective system of

governance to:

 Establish and communicate organisational goals and values.

 Monitor the accomplishment of goals.
 Ensure accountability and values are preserved.

Management is responsible for risk management.

Management is responsible for the process to:

 Identify, assess, manage and control potential events.

Management is further responsible for the establishment and maintenance of an effective system of
internal control. The objectives of the system of internal control are, inter alia, to provide
management with reasonable, but not absolute, assurance that:

 The organization's strategic objectives" forming part of the objectives of Internal Audit are
achieved.
 Risks are properly managed;
 Assets are safeguarded;
 Financial and operational information is reliable;
 Operations are effective and efficient; and
 Laws, regulations and contracts are complied with.

8. RESPONSIBILITY FOR CORRECTIVE ACTION

It is the responsibility of management to ensure that corrective actions documented are

implemented by the respective due dates. The impact and recommendations contained in this
report should not be considered to be an exhaustive list, but serve to highlight potential effects of
issues identified and possible remedial actions to improve the current control environment

SOC Limited Page 9 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
SOC LIMITED
NOVEMBER 2020

9. SUMMARY OF FINDINGS

Our internal audit revealed the following findings that have been summarised below. Details of the
control weaknesses identified have been provided in Section B. Accordingly, management should
ensure that the control weaknesses identified by our work is remedied in a timely manner.

The table below summarises the positive findings in the sub-focus areas reviewed:

No. Sub-Focus Area – Description Audit Results

1. No exceptions were
Receipts
identified
2. No exceptions were
Payments
identified
3. No exceptions were
Bank reconciliation
identified
4. No exceptions were
Unknown deposits
identified

SOC Limited Page 10 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
XXXX SOC LIMITED
NOVEMBER 2020

The table below summarises the weaknesses noted in the sub-focus areas reviewed. Our detailed recommendations are included in Sections B of this report.

Responsible
Audit Action Plan and Issue
Issue Description Official Page Status of issue
No. Finding Implementation previously
- Sub-Focus Area No. previously reported
Rating Date reported

SIGNIFICANT FINDINGS

1. Updating of bank records for Mr D M To obtain the said approval 14 2018/2019 Weakness previously
signatories. [ Bank Accounts] and supply these to RMB to & reported still prevails
action the changes 2019/2020

31 January 2021

2. Share certificate could not be Mr D M We will follow up with 15 2018/2019 Weakness previously
obtained. [ Bank Accounts] Computer Share to change & reported still prevails
the details of the contact 2019/2020
person.

31 January 2021

SOC Limited Page 11 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION A
XXXX SOC LIMITED
NOVEMBER 2020

 A summary of our ratings is attached in the table below:

In order to assist management with the allocation of resources to address the weaknesses and improve
controls as included in this section, we have assigned subjective ratings to each of our
recommendations. These ratings are for guidance purposes only and management must evaluate them
in light of their own experience and risk appetite. The key to these ratings is as follows:

Audit Finding Rating Definition

Pervasive weakness in the control environment and/or instances
Critical
of non-compliance with internal controls.
Significant weakness in the control environment and/or instances
Significant
of non-compliance with internal controls.
Less Isolated areas of weakness in the control environment and/or
significant instances of non-compliance with internal controls identified.
No material weakness in the control environment or material
Minor
instances of non-compliance with internal controls identified.

 A summary of our reporting classification framework is attached in the table below:

Weakness classification Definition

Control inadequacy (CIA) Laid down accounting and internal control

procedures were either inadequate or non-
existent. This may indicate a residual risk
exposure.

Noncompliance to (NCT) Employees were not following/ (complying to)

procedures/ (standards)/ (an act). This may
indicate lack of proper governance and
employee diligence.

Control ineffectiveness (CIE) Employees were performing their duties

ineffectively. This may indicate a lack of
performance in order to achieve objectives.

Housekeeping (HK) These do not necessarily require immediate

attention but should have an agreed program
for action.

10. CONCLUSION

Based on the findings in par. 9 here above and on the samples tested and audit procedures
performed for the period 01 April 2020 to 30 September 2020, we are of an opinion that the controls
and compliance over Bank and Cash Cycle (Including Cash Flows and Liquidity Issues) at Xxxx
SOC Limited, are partially achieving their intended objectives. However, care should be taken by
management and corrective action taken of those areas where internal control deficiencies have
been identified and highlighted in this report, in order to prevent deterioration of the relevant internal
controls implemented by management and enforce compliance to Public Finance Management Act.

SOC Limited Page 12 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION B
XXXX SOC LIMITED
NOVEMBER 2020

SECTION B

DETAILED AUDIT FINDINGS

SOC Limited Page 13 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION B
XXXX SOC LIMITED
NOVEMBER 2020

SIGNIFICANT FINDINGS

1. UPDATING OF BANK RECORDS FOR SIGNATORIES

CRITERIA

Public Finance Management Act, Section 39 (a):

(a) take effective and appropriate steps to prevent any overspending of the vote of the department or a
main division within the vote;

Public Finance Management Act, Section 51(a) (i):

“The accounting authority for a public entity must ensure that the public entity has and maintains
effective, efficient and transparent systems of financial and risk management and internal control."

FINDING

During our review of investment, it was noted that the signatories for the Rand Merchant bank account
could not be made available for audit purposes thus we could not verify whether the signatories were
updated with the current Xxxx members.

CAUSE

Lack of proper management and internal controls.

EFFECT

 Non-compliance to the Public Finance Management Act.

CLASSIFICATION

Control ineffectiveness.

RECOMMENDATION

Management should ensure that:

 Employees who are no longer employed by Xxxx are removed from the list of bank signatories.
 Bank signatories are updated as and when the need arise.
 Compliance to the Public Finance Management Act is enforced and any non-compliance should be
dealt with accordingly.

MANAGEMENT COMMENT

Management agrees with the finding. We are in continuous engagement with RMB in this regard. There
have been multiple requests from the bank with regards to various information that they require. These
were duly supplied and we are awaiting board approval of the removal of ex-employees and the
appointments of current employees as signatories to this account.

ACTION PLAN

To obtain the said approval and supply these to RMB to action the changes.

RESPONSIBLE PERSON

Mr D

SOC Limited Page 14 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION B
XXXX SOC LIMITED
NOVEMBER 2020

IMPLEMENTATION DATE

31 January 2021

AUDITOR'S RESPONSE

Management comment noted. The audit finding will be followed up during the audit of the 2021 / 2022
financial year to ensure that management has implemented corrective actions by the respective due
date, and that the control environment has since improved.

2. SHARE CERTIFICATE COULD NOT BE OBTAINED

CRITERIA

SOC Limited Page 15 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION B
XXXX SOC LIMITED
NOVEMBER 2020

Public Finance Management Act, Section 39 (a) :

(a) take effective and appropriate steps to prevent any overspending of the vote of the department or a
main division within the vote;

Public Finance Management Act, Section 51(a) (i):

“The accounting authority for a public entity must ensure that the public entity has and maintains
effective, efficient and transparent systems of financial and risk management and internal control."

FINDING

 It was noted that the Sanlam share certificate could not be obtained by Xxxx.
 The key contact person on the account is Mr H who left the employ of Xxxx 31 May 2019.

CAUSE

Lack of proper management and internal controls.

EFFECT

 Non-compliance to the Public Finance Management Act.

CLASSIFICATION

Control ineffectiveness.

RECOMMENDATION

Management should ensure that:

 The Organisations banking profile is continuously updated as and when the need arise so as to
ensure continues access to all the organisations banking activities.
 Compliance to the Public Finance Management Act is enforced and any non-compliance should be
dealt with accordingly.

MANAGEMENT COMMENT

We acknowledge the finding. It must be noted that the relevant communication to remove Mr. H and add
Mr. P. as the contact person on the account was sent to Computer Share as part of the action points
from the prior year’s audit findings. This was done earlier this year and their offices were closed during
the Lockdown when we tried following up to obtain such for the 2019/2020 AG audit.

ACTION PLAN

We will follow up with Computer Share to change the details of the contact person.

RESPONSIBLE PERSON

Mr D

IMPLEMENTATION DATE

31 January 2021

SOC Limited Page 16 of 17

Final Report – November 2020
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW
INTERNAL AUDIT REPORT SECTION B
XXXX SOC LIMITED
NOVEMBER 2020

AUDITOR'S RESPONSE

Management comment noted. The audit finding will be followed up during the audit of the 2021 / 2022
financial year to ensure that management has implemented corrective actions by the respective due
date, and that the control environment has since improved.

SOC Limited Page 17 of 17

Final Report – November 2020