Amazon Web Services



CONTENTS

1. Introduction 1

2. Audit opinion history 5

3. Key focus areas 7

4. Drivers of internal controls 17

5. Other matters of interest 18

6. Other reports 18

7. Commitments 19

8. Feedback on previous resolutions 19

Introduction

1.1 Reputation promise of the Auditor-General of South Africa

The Auditor-General has a constitutional mandate and, as the Supreme Audit Institution (SAI) of South Africa, it exists to strengthen our country’s democracy by enabling oversight, accountability and governance in the public sector through auditing, thereby building public confidence.

1.2 Purpose of document

The purpose of this briefing document is for the Auditor-General of South Africa (AGSA) to provide an overview of the audit outcomes and other findings in respect of the Department of Correctional Services for the 2013/14 financial year.

3. Overview

Vision

The Vision of the Department remains to be one of the best service providers in the world by delivering correctional services with integrity and commitment to excellence.

Mission

The Vision of the Department is to contribute to maintaining and protecting a just, peaceful and safe society:

• By enforcing decisions and sentences of courts in the manner prescribed in legislation.

• By detaining all inmates in safe custody while ensuring their human dignity, and

• By promoting the rehabilitation, social responsibility and human development of all offenders.

1.4 Organisational structure

Chief Deputy Commissioners

Regional Commissioners

1.5 Funding

The department is primarily funded through funds appropriated in terms of the annual Appropriation Act (and the Adjustments Appropriation Act), the final appropriation for the 2013/14 financial year amounted to R18, 7 billion (2012/13: R17.7 billion).

• Audit opinion history

|Audit opinions |09/10 |10/11 |11/12 |12/13 |13/14 |

|Movable tangible capital assets |( |( |( |( |( |

|Other Findings | | | | | |

| Predetermined objectives |( |( |( |( |( |

| Non-compliance with applicable Legislation |( |( |( |( |( |

|Financial statements – material misstatements identified by auditors and |( |( |( |( |( |

|corrected by management | | | | | |

| | |

| | |

|AUDIT OPINION | |

| |X | |

| |UNQUALIFIED with findings on PDO and Compliance | |

| |QUALIFIED AUDIT OPINION (with/without findings) | |

| |DISCLAIMER/ADVERSE AUDIT OPINION | |

| | |

2.1 Significant emphasis of matters

None.

2.2 Significant additional matters

There were significant finding on audit committee and internal audit, providing limited or no assurance to the audit.

2.3 Qualification paragraphs

The department‘s movable tangible capital assets to the financial were understated by an approximate value of R73 million (2013: R88 million). We were unable to physically trace these assets to the asset register. These movable tangible capital assets were further overstated by an approximate value of R67 million (2013: R36 million) as I could not physically verify them. Furthermore, these movable tangible capital assets were overstated by an approximate value of R27 million (2013: R16 million), as they did not reflect appropriate costs or fair values. Furthermore, we were unable to verify the valuation and completeness of assets to the value of R85 million, which were included in the suspense register as this register was not timeously made available to the auditors.

3. Key focus areas

|Auditee | | | |

|Department of |Performance at correctional centre level|Control over daily and |Consolidated reports should be reviewed and |

|Correctional Services |does not reconcile with performance at |monthly processing and |compared to the totals per Correctional Centres.|

| |management area level, performance at |reconciling of transactions|A standard consolidation should be implemented |

| |management area level does not reconcile|not implemented. |for consolidation where formulas are used to add|

| |with performance at regional level and |Oversight responsibility |the Correctional Centres to ensure accuracy of |

| |regional levels do not reconcile with |regarding performance |information documented in the Management Area |

| |annual performance report. |reporting not exercised. |reports. |

| | | |In instances where figures reported by |

| | | |Correctional Centres are clearly not a true |

| | | |reflection, Centres should be requested to |

| | | |adjust and send the final copy to avoid |

| | | |inconsistencies between what has been reported |

| | | |by the Correctional Centres and Management Area.|

| |Consolidated quarterly performance does |Controls are not in place |Management should ensure that reported |

| |not reconcile with the annual |to ensure that reported |performance information is reviewed for |

| |performance report. |performance information is |validity, accuracy and completeness before it is|

| | |reviewed for validity, |submitted for audit. |

| | |accuracy and completeness. | |

| |Requested information not provided for |Oversight responsibility |Area commissioners responsible for compiling |

| |audit purposes (monthly statistical |regarding performance |Operational plans should ensure that the |

| |reports and operational plans). |reporting not exercised. |Operational plans are complete and accurate, and|

| | | |available in a timely manner. |

| |AOPO - Targets not Specific, Measurable,|The department did not |Directors responsible for the targets should |

| |Achievable, Relevant and Time-bound |prepare regular, accurate |ensure that the targets are prepared in |

| |(SMART) |and complete financial and |accordance with the National Treasury Framework |

| | |performance reports that |for Managing Performance Information. |

| | |are supported and evidenced| |

| | |by reliable information. | |

| |Technical indicator descriptions (TID) |The department did not |The directors responsible for the indicators |

| |were not prepared as required by the |prepare regular, accurate |should ensure that the TID’s are prepared in |

| |National Treasury Framework. |and complete financial and |accordance with the National Treasury framework |

| | |performance reports that |annexure E. |

| | |are supported and evidenced| |

| | |by reliable information. | |

| |Incorrect information/denominators used |Leadership: Oversight |Centre Coordinators responsible for compiling |

| |for reporting. |responsibility regarding |operational plans and monthly statistics should |

| | |performance reporting not |ensure that information reported is compared and|

| | |exercised. |agrees to the supporting documents. |

| | | |Head of Correctional Centre should review the |

| | | |monthly statistics for accuracy, validity and |

| | | |completeness. |

1. Supply chain management

|Entity |Finding |Root Cause |Recommendation |

|Procurement and contract management |

|Department of Correctional |Contract Performance Measures are |Management did not exercise |The DCS should develop a strategy to |

|Services |Insufficient to Monitor the Contracts.|oversight responsibility |govern the use of consultants which |

| | |regarding compliance and |should outline instances when |

| |Departments’ overdependence on |related internal controls. |consultants should be used, the process|

| |consultants. | |to be followed before engaging a |

| |Deviation from contract specification.|Lack of oversight |consultant, the maximum duration for |

| | |responsibility regarding |which the consultant may be used to |

| |Contracts were amended or extended |compliance with laws and |perform similar tasks as well as the |

| |without following the proper contract |regulations and related |process to be followed when a |

| |manual requirements. |internal controls. |consultant is re-appointed. The |

| | | |strategy document must also address |

| | | |ways to reduce the use of consultants |

| | | |and the dependency on consultants by |

| | | |the Internal Audit function. |

| | | | |

| | | |A plan for transfer of knowledge and |

| | | |skills should be completed prior to the|

| | | |consultant commencing work on the |

| | | |project and the officials, to whom |

| | | |skills are to be transferred to, must |

| | | |also be identified beforehand. |

| | | | |

| | | |The contract management directorate |

| | | |should address the issue of record |

| | | |keeping as most of the important |

| | | |documents are not filed properly. All |

| | | |documentation relating to the project |

| | | |(i.e. appointment documentation, |

| | | |approvals, minutes, progress reports, |

| | | |etc.) must be properly filed to ensure |

| | | |transparency, further reviews and for |

| | | |audit purposes. |

| |Some persons in service of the |There is a lack of oversight |Controls must be implemented to ensure |

| |Department who had a private or |responsibility with regard to|that employees follow the correct |

| |business interest in contracts awarded|compliance with applicable |processes as prescribed by legislation.|

| |by the Department failed to disclose |laws and regulations and | |

| |such interest, as required by Treasury|internal control. |The department should ensure that |

| |Regulations. | |adequate review and monitoring is |

| | | |exercised over compliance with |

| | | |applicable laws and regulations. |

| | | | |

| | | |Internal control deficiencies should be|

| | | |identified and communicated in a timely|

| | | |manner to ensure timely corrective |

| | | |action. |

2. Human resources management

|Entity |Finding |Root cause |Recommendation |

|Department of Correctional |Overtime: |Lack of effective |The Accounting Officer must ensure that |

|Services |A written policy on |communication of policies |there is an approved overtime policy as |

| |overtime was not in place |and procedures to enable |required by the Public Service |

| |as required by Public |and support understanding |Regulations. |

| |Service Regulations. |and execution of internal | |

| | |control objectives, | |

| | |processes and | |

| | |responsibilities. | |

| |Vacancies: |Lack of effective HR |The executing authority must develop an |

| |Some funded vacant posts |management to ensure that |action plan or retention strategies to |

| |were not filled within 12 |adequate and sufficiently |address the vacancy rate and such action|

| |months as required by |skilled resources are in |plan and/or strategies should be |

| |Public Service Regulations.|place and |included in the human resources plan. |

| | |available at all time. | |

| | | |Head of Human resources must monitor |

| | | |compliance with the action plan and/or |

| | | |strategies through regular intervention |

| | | |with the appropriate structures within |

| | | |Human resources and other sections |

| | | |within the department to ensure that |

| | | |posts are filled within appropriate time|

| | | |frames. |

| |Performance agreements and |The Department did not |The accounting officer should ensure |

| |bonuses: |always establish and |that policies and procedures for the |

| |An approved performance and|communicate policies and |department are developed and approved by|

| |career management policy |procedures to enable and |appropriate officials. |

| |was not in place for |support understanding and |These should be reviewed, communicated |

| |employees other than senior|execution of internal |and made readily available for use by |

| |managers as required by |control objectives, |all officials within the department. |

| |Public Service Regulations.|processes and | |

| | |responsibilities. | |

3. Information technology controls

|Entity |Finding |Root Cause |Recommendation |

|Department of |Security management: | | |

|Correctional Services |Lack of adequate security controls on Active |The password management policy has|Management should upgrade |

| |Directory and database supporting the |not been implemented on Active |databases to enable |

| |Admissions and Release Systems. |Directory. |comprehensive support of the|

| | |Lack of sufficient tools and |Structured Query Language |

| | |infrastructure for analysing and |SQL databases or |

| | |reporting on suspicious events on |alternatively, upgrade to |

| | |the Active Directory. |SQL Server 2005 with |

| | |Windows baseline configuration |extended support to include |

| | |standards not designed. |security updates. |

| | |The on-going infrastructure |The Director responsible for|

| | |project was delayed by the |Information Technology |

| | |procurement processes of the State|Infrastructure and Telephony|

| | |Information Technology Agency |should investigate and |

| | |(SITA) as most of the procurement |recommend a tool or software|

| | |of infrastructure at the |that will log suspicious |

| | |department was done in terms of |activities on the production|

| | |mandatory services. |environment. |

| | | |All users to undergo |

| | | |training and management |

| | | |should monitor compliance to|

| | | |the password policy. The |

| | | |password account lockout |

| | | |duration parameter should be|

| | | |configured to 1440 minutes |

| | | |(24 hours). |

| |User Account Management: | | |

| |The transversal system user account |The department had not defined and|Management should define, |

| |management policies and procedures are not |appropriately assigned the |approve and implement the |

| |adequately designed for the transversals and |responsibility for monitoring and |processes for reviewing |

| |Admissions and Release systems. Furthermore, |reviewing the user account |activities performed by both|

| |activities performed by the regional and |management activities performed by|the national and regional |

| |national system controllers for the Personnel|the national and regional system |system controllers at the |

| |and Salary System (PERSAL) and Basic |controller. |appropriate level. Evidence |

| |Accounting System (BAS) are not reviewed. |Separate user accounts had not |of these reviews should be |

| | |been created for each network |filled for future reference.|

| | |administrator in the regions since|User account management on |

| | |the implementation of the security|the Admission and Release |

| | |system. |application should be |

| | | |centralised at head office. |

| | | | |

| |Program Change Management: | | |

| |High and medium-risk IT changes that impacted|Change control policies and |The change management |

| |critical applications and infrastructure |procedures had been submitted to |standard should be approved |

| |supporting the department were not adequately|internal audit for review prior to|at the appropriate level of |

| |managed. |approval. The change management |management. A Change |

| | |committee (CMC) had, however, been|Management Committee should |

| | |dissolved, which led to changes |be appointed to ensure a |

| | |not being appropriately managed. |business impact assessment |

| | |Furthermore, the lack of a testing|is undertaken for each |

| | |environment resulted in the |change and changes are |

| | |inadequate testing of changes to |authorised and communicated |

| | |the Admission and Release |to all affected parties. A |

| | |application. |testing environment should |

| | | |be deployed. |

| |Information Technology Service Continuity: | | |

| |A formal Disaster Recovery Plan (DRP) has not|The department was in the process |The Government Information |

| |been documented for non-transversal systems |of centralising the infrastructure|Technology Officer (GITO) |

| |and infrastructure within the department. |and part of the process would be |should ensure that a |

| |Furthermore, Management had documented an |the rolling out of the basic |comprehensive Disaster |

| |interim strategy for performing backups at |infrastructure project. The |Recovery Plan is developed |

| |the department. However, this document was |documentation of the Disaster |and formally approved once |

| |not aligned to the current processes followed|Recovery Plan was dependent on the|the infrastructure upgrade |

| |to take backups on the Microsoft SQL server |completion of the infrastructure |has been completed. |

| |database supporting the Admission and Release|upgrade. |A Disaster Recovery Plan |

| |application. |In addition, there are no |champion should be elected |

| | |consequences for lack of |from the business to |

| | |management commitment to resolve |coordinate Disaster Recovery|

| | |weaknesses identified. |Plan functions. Management |

| | |The sites at which the databases |should ensure that all the |

| | |were hosted were either being |databases in the regions are|

| | |renovated or there were network |replicated successfully and |

| | |connection problems due to the |any exceptions are followed |

| | |theft of data cables. |up and resolved. |

| | | | |

| | | | |

| | | | |

4. Material errors/ommissions in submitted Annual Financial Statements (AFS)

|Entity |Finding |Root cause |Recommendation |

|Department of Correctional|There was a lack of adequate review|This was mainly due to a lack |Management should compile action |

|Services |of the financial statements, |of review and monitoring of |plans to address findings in |

| |including the performance |financial reporting. |order to resolve the issues. |

| |information, prior to submission | | |

| |for audit. | | |

| |Material misstatements in the | | |

| |following areas, were therefore not| | |

| |identified and corrected before | | |

| |submission: | | |

| |Commitments | | |

| |Irregular expenditure | | |

| |Capital Expenditure | | |

| |Leases | | |

5. Financial health status

None.

• Drivers of internal controls

|  |  |

|  |Leadership |Financial and performance management |Governance |

|  |

|Financial | | | |

• Other matters of interest

a) Unauthorised expenditure:

No unauthorised expenditure incurred by the department.

(b) Fruitless and wasteful expenditure:

|Auditee |Fruitless and wasteful expenditure |

| |Movemen|Amount |Amount |

| |t |R |R |

| | |2014 |2013 |

| |Department of Correctional Services |[pic] |8.058 |34.754 |

(c) Irregular expenditure:

|Auditee |Irregular expenditure |

| |Movemen|Amount |Amount |

| |t |R |R |

| | |2014 |2013 |

| |Department of Correctional Services |[pic] |187.076 |363.790 |

| |

• Other reports

Investigations

No investigations are currently underway as undertaken by the AGSA.

Performance audits

No performance audits are currently underway as undertaken by the AGSA.

• Commitments

The following commitments were received from the Minister during our engagements and are being reinforced as these commitments are still applicable:

|Commitment |Progress |Status |

|The minister expects to have a good working |There has not been any progress from the |In progress |

|relationship with AGSA and will always be |previous financial period. | |

|available when needed. | | |

|The minister further committed himself to be |There has not been any progress from the |In progress |

|available for the all quarterly key control |previous financial period. | |

|meetings and also to drive the implementation | | |

|process of his commitments as well as to report | | |

|to AGSA on quarterly basis, the status of the | | |

|implementation process. | | |

• Feedback on previous resolutions

None.

-----------------------

PC

PFMA audit outcomes of the 2013-14 financial year for

15 October 2014

Department of Correctional Services

Minister

Adv. M Masutha

Deputy Minister

Mr T Makwetla

National Commissioner (Acting)

Mr Z I Modise

Mr TB Raseroka

Acting CDC Strategic Management

Ms NV Mareka

Acting Chief Financial Officer

MS B Rotman

CDC Remand Detention

Ms NJ Jolingana

Chief Operating Officer

Ms GP Mathibela

CDC Community Corrections

Mr JG Smalberger

CDC Incarcerations and Corrections

Mr TIM Mokoena

CDC Human Resources

Ms IN Mosupye

CDC GITO

Mr NC Breakfast

RC Eastern Cape

Mr ZI Modise

RC Gauteng

Mr M Nxele

RC KwaZulu Natal

Mr DJ Klaas

RC Western Cape

Ms S Moodley

RC Free State and Northern Cape

Ms S. Kunene

Act, RC Limpopo, Mpumalanga and North West

Supply chain management

No improvement

Predetermined objectives

No improvement

HR Management

No improvement

IT controls

No improvement

Material errors/ omissions in AFS submitted for audit

No improvement

Financial Health

No matters

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download