Importance of Internal Audit in mSCOA Project Implementation
Learn about the crucial role of internal audit during the implementation of the mSCOA project, ensuring transparency, oversight, and risk mitigation. Explore the legal framework and requirements for internal audit units in South Africa's government entities. Discover how corporate governance, revenue cycles, and various work streams are integrated into the mSCOA implementation process.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Role of Internal Audit during Implementation of mSCOA Project
Legal Framework iro Internal Audit and Audit Committees
Legal Framework In terms of section 216(1)(c) of the Constitution of the Republic of South Africa, (Act 108 of 1996), national legislation must prescribe measures to ensure both transparency and expenditure control in all spheres of government by introducing uniform treasury norms and standards. Good governance involves how an organization is managed, its organizational culture, policies, strategies and the way it deals with its stakeholders. The internal auditor and audit committee provide objective, independent advice to improve oversight, governance and help to mitigate risks. Working with the internal auditor, the audit committee brings different skills and expertise to assist in improving the performance of an institution. The internal auditor and audit committee does not assume any management functions nor should management exert any undue influence over the work of the internal auditor and audit committee.
Legal Framework Section 165 of the MFMA requires that each municipality and each municipal entity must have an internal audit unit. The internal audit unit of a municipality or municipal entity must: - Prepare a risk based audit plan and an internal audit program for each financial year; - Advise the accounting officer and report to the audit committee on the implementation of the internal audit plan and matters relating to: Compliance with Legislation Risk and risk management Internal audit Internal controls Performance management Accounting procedures and practices Loss control
mSCOA Implementation: Business/Organizational Reform
Corporate Governance Revenue Cycle Municipal Budgeting Work Streams Land Use Manageme nt Financial Accounting Business Processes Governance Structure Real Estate, Land Use & Grant Manageme nt IT Infrastruct ure & Valuation Roll Manageme nt Networks Costing & Reporting Conversion of Current Votes to mSCOA Segments Core System & Subsystems Seven (7) mSCOA Segments Customer Care, Credit Control Project Accounting HR Planning & Payroll Cash HR & Manageme nt Document Manageme nt Data Payroll Cleansing Real Estate & Resource Manageme nt Procureme nt Cycle Assets Life Cycle Manageme nt Grant Manageme nt
mSCOA Audit Value Chain (mSCOA Circular 3) Risk Management Audit Committee Internal Audit External Audit Process Evaluate both IT and organizational aspects of mSCOA system conversion project Audit process will not change Manage mSCOA project risks (as part of the normal risk management process) Oversee and provide advice on risk management matters Data conversion will be a risk during system conversion or re-implementation Ensure that a comprehensive risk management framework is in place Independent assessment of project plan mSCOA should not have an impact on GRAP reporting requirements Ensure that a sound and effective approach has been followed in developing a strategic risk management plan for the mSCOA project Ensure good mSCOA project governance Provide assurance to management and council mSCOA will not have impact on audit opinion unless audit trail is eliminated during the system conversion or system re-implementation. Evaluate and report on the adequacy and effectiveness of mSCOA project risk process
Why and When Should Internal Audit Be Involved in the Implementation of mSCOA Project
Why Involve Internal Audit in mSCOA Implementation? The International Standards for the Professional Practice of Internal Auditing (ISPPIA) defines internal auditing as an independent, objective assurance and consulting activity designed to add value and improve an organisation s operations . Internal Audit provides an independent and objective: - opinion (assurance) on risk management, control and governance, by measuring and evaluating their effectiveness in achieving the organisation s agreed objectives. - consultancy/advisory service specifically to help line management improve the municipality s risk management, control and governance.
Why Involve Internal Audit in mSCOA Implementation? Internal Audit should provide assurance and/or advice to Senior Management, Council, Audit Committee and other stakeholders on: - Project governance, including policies, procedures and controls. - Business case validity, viability and whether worthwhile and feasible. - Project planning matters such as the critical path, completeness and suitability. - Change management attending to adherence to controls in the business processes and timeliness. - Risk and issue management addressing depth, coverage and resolution. - Project costs considering actual, compared to budgeted. - Sign-off and criteria for achievements of milestones. - Approach to vendor management for example contracting, dependencies and management involvement in process ownership and decision making. - Business readiness pre-go-live . - Project communications being accurate, sufficiently detailed and realistic.
When Should Internal Audit Be Involved? - The earlier the internal auditors get involved the better since it will increase the internal auditors understanding of the project s lifecycle and its key benefits, requirements, drivers and objectives. This enables internal audit to contribute to the project as it defines its risk management approach and strategy. - Internal audit s involvement at an early stage ensures greater alignment of the risk management principles to those of the municipality itself.
Role of Internal Audit Throughout Project Life Cycle
The Role Of Internal Audit Through The Project Lifecycle Project Initiation & Planning Project Execution & Control Project Completion Review of business case and its internal governance processes Participate in steering committee Organisational readiness Clear articulation of expected benefits Adequacy and accuracy project reporting milestones, risks, costs and schedules Data migration accuracy/ completeness Validation of expected cost and related due diligence Review business controls structure, change management, employee engagement and training Contingency planning Articulation of key strategic and project risks and how they will be managed Evaluate impact on IT application and general controls Controlled testing of effectiveness Identification of roles, responsibilities and accountabilities Assess business impact and strategic changes required Postimplementation review Clear articulation of expected benefits Provide independent assurance to the Executive Management / Municipal Council Review policy/ procedure changes necessary Project governance process
Better organisational readinessBetter organisational readiness Improved ability of the internal audit and risk management functions to provide a thorough assurance solution. Early identification, greater understanding and improved resolution of issues Benefits Of Engaging Internal Audit Early on in The Project Lifecycle Increased likelihood of delivering the project on scope, on time and on budget Increased project control to maximise efficiency Better change management so that new systems are embraced.
Role of Internal Audit during mSCOA Project Implementation Stage iro Risk Process Technology People Management
Role of Internal Audit in mSCOA Project: Project Implementation Stage Process: Internal Audit can help: - Verify that standard operating procedures are in place. - Validate completion of testing and data conversion processes. - Advise and help identify relevant key process-level risks and control gaps. - Support the design of business process controls to mitigate process-level risks and provide certification analysis. - Evaluate go-live processes such as the creation of a transition team, parallel runs, crossover steps, contingency plans (including roll-back), end-user computing and output demands, risk management and issue escalation and resolution.
Role of Internal Audit in mSCOA Project: Project Implementation Stage Process: (cont .) Internal Audit can help: - Evaluate go-live processes such as the creation of a transition team, parallel runs, crossover steps, contingency plans (including roll-back), end-user computing and output demands, risk management and issue escalation and resolution. - Evaluate transition plans and identify any operational and organisational issues that are critical to launch. - Assess whether any duplications exist in systems or efforts. - Ensure interdependent risks are being managed.
Role of Internal Audit in mSCOA Project: Project Implementation Stage Technology: Internal Audit can help: - Ensure that functional needs, including forms and reports, are in place. - Audit hardware and software environment (operating system, network, user workstations, printers). - Check interface projects. - Measure application, operating system and network security. - Evaluate transition plans for technical processes and data. - Evaluate IT system integration and data migration in terms of both quality and security. - Validate and track benefits and cost savings.
Role of Internal Audit in mSCOA Project: Project Implementation Stage People Internal Audit can help: - Check whether end-user training and guides, including transition readiness are in place. - Provide an analysis on post-implementation sustainability. - Measure resource utilisation. - Control and assess culture within the organisation. - Analyse whether skills and capability of the team are well suited to the project.
Role of Internal Audit in mSCOA Project: Project Implementation Stage Risk Management Internal Audit can help: - Be the eyes and ears of the audit committee. - Evaluate the risks inherent in the conversion process. - Monitor changes to the overall organisation risk profile. - Re-prioritise audit focus, as appropriate, given the demands of conversion. - Communicate audit plan focus and changes to the audit committee. - Collaborate and coordinate with other risk management functions. - Monitor the conversion impact on the internal controls.
The Role Of Internal Audit in System Conversion or Re-implementation
THE ROLE OF INTERNAL AUDIT IN SYSTEM CONVERSION OR RE-IMPLEMENTATION Internal auditors play a valuable role in ensuring that information technology (IT) investments are well-managed and have a positive impact on the environment. Implementing a new system usually requires a variety of system changes; production data conversion and migration, new operational policies and procedures. Each of these areas poses significant risk to the municipality during the actual system conversion When planning system conversion audits, internal auditors need a good understanding of the business requirements for the system, the project s risks and how the proposed system will work. Internal auditors should determine their level of involvement and approach during the project's initiation phase. Conversion audits should be done commencing with the project planning, and frequent and timely reporting of the findings.
THE ROLE OF INTERNAL AUDIT IN SYSTEM CONVERSION OR RE-IMPLEMENTATION Internal auditors play a valuable role in ensuring that information technology (IT) investments are well-managed and have a positive impact on the environment. Implementing a new system usually requires a variety of system changes; production data conversion and migration, new operational policies and procedures. Each of these areas poses significant risk to the municipality during the actual system conversion When planning system conversion audits, internal auditors need a good understanding of the business requirements for the system, the project s risks and how the proposed system will work. Internal auditors should determine their level of involvement and approach during the project's initiation phase. Conversion audits should be done commencing with the project planning, and frequent and timely reporting of the findings.
EIGHT-STEPS TO CONSIDER IN THE INTERNAL AUDIT PROCESS Step 7: Develop and execute the audit verification plan Step 1: Understand the IT Initiative and Project Plan Step 5: Assess the Adequacy of Testing Plans Step 3: Assess the Project and Implementation Plans Step 8: Complete the Overall Audit Analysis of the Implementation Step 2: Complete a Risk Assessment of the Operational Changes Planned relating to the mSCOA System Implementation Step 6: Complete an Implementation Readiness Assessment Step 4: Assess the Data Mapping efforts and the Operational Changes Planned
SOURCES OF REFERENCE: National Treasury mSCOA Circular 3 National Treasury Project Summary Document & mSCOA Position Papers National Treasury MFMA Circulars
