Professional Documents
Culture Documents
SC - XXXXX - Final - Bank and Cash Cycle (Including Cash Flows and Liquidity Issues) Internal Audit Report 202021
SC - XXXXX - Final - Bank and Cash Cycle (Including Cash Flows and Liquidity Issues) Internal Audit Report 202021
DOCUMENT TITLE
Review Internal Audit Report
NUMBER
AUTHORIZATION
Reviewed/ Approved Z
SYSTEMS AND COMPLIANCE AUDIT
Confidential
INTERNAL AUDIT
FINAL REPORT
NOVEMBER 2020
INTRODUCTION 7
SECTION A – EXECUTIVE SUMMARY
SCOPE 7
AUDIT OBJECTIVES 7
SOURCES OF INFORMATION 8
SAMPLING 8
FRAUD AND INTERNAL CONTROL 8
MANAGEMENT RESPONSIBILITY 9
RESPONSIBILITY FOR CORRECTIVE ACTION 9
SUMMARY OF FINDINGS 10
CONCLUSION 12
06 November 2020
TO: MR D
MR B
MR P
CC: MR I
Dear Sir
BANK AND CASH CYCLE (INCLUDING CASH FLOWS AND LIQUIDITY ISSUES) REVIEW INTERNAL
AUDIT REPORT:
We have conducted a risk based audit review of the controls and compliance over the Bank and Cash
Cycle (Including Cash Flows and Liquidity Issues) for SOC Limited in terms of the 2020/21 Internal Audit
Plan as agreed and approved by the Audit Committee.
The attached report has been set out into the following two sections:
Section A An Executive Summary documenting the objectives and scope of our work, a summary
of our findings and action plan.
Section B Contains the detailed findings on our review as well as recommendations for
improvement, management comments, action plan and implementation date.
Our report has been prepared for your information, and that of the management of SOC Limited. We do not
accept responsibility to any other party to whom it may be shown or who on their own volition may decide
to rely on it.
We would like to express our appreciation to management and various members of staff who assisted us in
carrying out our work.
We would be pleased to provide you with further assistance and request that you do not hesitate to
contact Mr Z
YOURS FAITHFULLY
SECTION A
EXECUTIVE SUMMARY
EXECUTIVE SUMMARY
1. INTRODUCTION
The Internal Audit review focused on the adequacy and effectiveness of controls over the Bank
and Cash Cycle (Including Cash Flows and Liquidity Issues) at SOC Limited as set out in the
engagement letters dated 12 August 2020.
The audit was conducted in accordance with the audit objectives, scope and methodology as
described in the Audit Planning Memorandum dated 29 September 2020.
Due professional care was exercised during the planning, execution and reporting of the results
in respect of the focus areas reviewed by us, however, absolute assurance cannot be given that
other non-compliance and irregularities do not exist, due to limited testing being performed
based on the risk based audit approach methodology, which is predominantly focused on high
risk and high impact areas.
Our work consisted of discussions with management, together with evaluating a selected
sample of transactions and ensuring compliance to approved policies and procedures, as they
pertained SOC Limited.
It should be noted that the Internal Audit was conducted in accordance with the PFMA, Treasury
Regulations and the Internal Audit Charter (mandate) as well as Standards for Professional
Practice of Internal Auditing. The Internal Audit Charter sets out the nature, role, responsibility,
status and authority of Internal Auditing". Internal Audit conforms with the International
Standards for the Professional Practice of Internal Auditing based on a quality review
performed. The procedures we performed did not constitute an examination or a review in
accordance with generally accepted auditing standards or attestation standards, except as may
be specified in this report or in our scope letter.
2. SCOPE
We have conducted the audit assignment in terms of the approved Internal Audit Plan for 2020/21.
The review was undertaken during October / November 2020 covering the period 01 April 2020 to
30 September 2020, and does not reflect any changes after this date.
The scope of work will include the review of adequacy and effectiveness of controls that ensure
mitigation of risks regarding the following sub-focus areas within the Bank and Cash Cycle
(Including Cash Flows and Liquidity Issues).
Receipts;
Payments;
Bank reconciliation;
Unknown deposits; and
Bank Accounts.
3. AUDIT OBJECTIVES
Gain an understanding of the various areas under review with regards to processes and
controls;
Document a system description for the processes in order to enable us to efficiently and
effectively conduct the internal audit review;
Review and appraise the controls included in the scope;
Report to management any area of perceived weakness; and
Make recommendations for improvement and identify non-compliance with control procedures.
4. SOURCES OF INFORMATION
Discussions were held with management and employees from Finance divisions and relevant
documentation was reviewed. Audit work was conducted on the basis of questionnaire, enquiry,
observation, confirmation, and verification of supporting documentation and identified processes.
Although key controls provide management with its prime source of internal control, inherent
limitations exist in the reliance on controls as errors and lapses in control can result from
carelessness, misunderstanding of instructions, collusion between individuals and management
override.
5. SAMPLING
The following sampling methodology was applied during the execution of our audit:
Annual 1 1
Quarterly 4 2
Weekly 52 5 10 15
Daily 250 20 30 40
Internal audit work is planned with a reasonable expectation of detecting significant control
weaknesses in the specific areas reviewed. However, internal audit procedures alone, even when
carried out with due professional care, do not guarantee that fraud will be detected. Accordingly,
our review as internal auditors should not be relied upon solely to disclose fraud, defalcation or
other irregularities, which may exist.
Management's attention is drawn to the fact that inherent limitations exist in the reliance on internal
controls and procedures as errors and lapses in control can result from misunderstanding of
instructions, collusion between individuals and management override of set controls.
It should be recognised that controls are designed to provide reasonable, but not absolute,
assurance that errors and irregularities will not occur, and that procedures are performed in
accordance with management's intentions. There are inherent limitations that should be recognised
in the considering of the potential effectiveness of any system of controls. In the performance of
most control procedures, errors can result from misunderstanding of instructions, mistakes in
judgment, carelessness, or other personal factors. Control procedures can be circumvented
intentionally by management, either with respect to the estimates and judgments required in the
processing of data.
Further, the projection of any evaluation of control to future periods is subject to the risk that the
procedures may become inadequate due to changes in conditions and deterioration in the degree
of compliance with procedures.
7. MANAGEMENT RESPONSIBILITY
Management is further responsible for the establishment and maintenance of an effective system of
internal control. The objectives of the system of internal control are, inter alia, to provide
management with reasonable, but not absolute, assurance that:
The organization's strategic objectives" forming part of the objectives of Internal Audit are
achieved.
Risks are properly managed;
Assets are safeguarded;
Financial and operational information is reliable;
Operations are effective and efficient; and
Laws, regulations and contracts are complied with.
9. SUMMARY OF FINDINGS
Our internal audit revealed the following findings that have been summarised below. Details of the
control weaknesses identified have been provided in Section B. Accordingly, management should
ensure that the control weaknesses identified by our work is remedied in a timely manner.
The table below summarises the positive findings in the sub-focus areas reviewed:
The table below summarises the weaknesses noted in the sub-focus areas reviewed. Our detailed recommendations are included in Sections B of this report.
Responsible
Audit Action Plan and Issue
Issue Description Official Page Status of issue
No. Finding Implementation previously
- Sub-Focus Area No. previously reported
Rating Date reported
SIGNIFICANT FINDINGS
1. Updating of bank records for Mr D M To obtain the said approval 14 2018/2019 Weakness previously
signatories. [ Bank Accounts] and supply these to RMB to & reported still prevails
action the changes 2019/2020
31 January 2021
2. Share certificate could not be Mr D M We will follow up with 15 2018/2019 Weakness previously
obtained. [ Bank Accounts] Computer Share to change & reported still prevails
the details of the contact 2019/2020
person.
31 January 2021
In order to assist management with the allocation of resources to address the weaknesses and improve
controls as included in this section, we have assigned subjective ratings to each of our
recommendations. These ratings are for guidance purposes only and management must evaluate them
in light of their own experience and risk appetite. The key to these ratings is as follows:
10. CONCLUSION
Based on the findings in par. 9 here above and on the samples tested and audit procedures
performed for the period 01 April 2020 to 30 September 2020, we are of an opinion that the controls
and compliance over Bank and Cash Cycle (Including Cash Flows and Liquidity Issues) at Xxxx
SOC Limited, are partially achieving their intended objectives. However, care should be taken by
management and corrective action taken of those areas where internal control deficiencies have
been identified and highlighted in this report, in order to prevent deterioration of the relevant internal
controls implemented by management and enforce compliance to Public Finance Management Act.
SECTION B
SIGNIFICANT FINDINGS
CRITERIA
(a) take effective and appropriate steps to prevent any overspending of the vote of the department or a
main division within the vote;
“The accounting authority for a public entity must ensure that the public entity has and maintains
effective, efficient and transparent systems of financial and risk management and internal control."
FINDING
During our review of investment, it was noted that the signatories for the Rand Merchant bank account
could not be made available for audit purposes thus we could not verify whether the signatories were
updated with the current Xxxx members.
CAUSE
EFFECT
CLASSIFICATION
Control ineffectiveness.
RECOMMENDATION
Employees who are no longer employed by Xxxx are removed from the list of bank signatories.
Bank signatories are updated as and when the need arise.
Compliance to the Public Finance Management Act is enforced and any non-compliance should be
dealt with accordingly.
MANAGEMENT COMMENT
Management agrees with the finding. We are in continuous engagement with RMB in this regard. There
have been multiple requests from the bank with regards to various information that they require. These
were duly supplied and we are awaiting board approval of the removal of ex-employees and the
appointments of current employees as signatories to this account.
ACTION PLAN
To obtain the said approval and supply these to RMB to action the changes.
RESPONSIBLE PERSON
Mr D
IMPLEMENTATION DATE
31 January 2021
AUDITOR'S RESPONSE
Management comment noted. The audit finding will be followed up during the audit of the 2021 / 2022
financial year to ensure that management has implemented corrective actions by the respective due
date, and that the control environment has since improved.
CRITERIA
(a) take effective and appropriate steps to prevent any overspending of the vote of the department or a
main division within the vote;
“The accounting authority for a public entity must ensure that the public entity has and maintains
effective, efficient and transparent systems of financial and risk management and internal control."
FINDING
It was noted that the Sanlam share certificate could not be obtained by Xxxx.
The key contact person on the account is Mr H who left the employ of Xxxx 31 May 2019.
CAUSE
EFFECT
CLASSIFICATION
Control ineffectiveness.
RECOMMENDATION
The Organisations banking profile is continuously updated as and when the need arise so as to
ensure continues access to all the organisations banking activities.
Compliance to the Public Finance Management Act is enforced and any non-compliance should be
dealt with accordingly.
MANAGEMENT COMMENT
We acknowledge the finding. It must be noted that the relevant communication to remove Mr. H and add
Mr. P. as the contact person on the account was sent to Computer Share as part of the action points
from the prior year’s audit findings. This was done earlier this year and their offices were closed during
the Lockdown when we tried following up to obtain such for the 2019/2020 AG audit.
ACTION PLAN
We will follow up with Computer Share to change the details of the contact person.
RESPONSIBLE PERSON
Mr D
IMPLEMENTATION DATE
31 January 2021
AUDITOR'S RESPONSE
Management comment noted. The audit finding will be followed up during the audit of the 2021 / 2022
financial year to ensure that management has implemented corrective actions by the respective due
date, and that the control environment has since improved.