World Bank Institute Regional Workshop on Auditing and Financial Accountability Addis Ababa Implementing an Internal Audit Reform Program Case study for National Department of Health South Africa

1
World Bank InstituteRegional Workshop on
Auditing and Financial Accountability Addis
AbabaImplementing an Internal Audit Reform
ProgramCase study for National Department of
Health South Africa

• Gloria Spelman
• Head Shared Internal Audit Services
• Eastern Cape Provincial Administration
• South Africa
• E-mail spelmg_at_otpoecd.ecape.gov.za

2
Agenda

• Background
• What we sought to achieve
• Indicators for success or failure
• Creating an effective IA structure for reform
• Establishing an effective Audit Committee
• Conclusion

3
Background

• Status of the department.
• People (professionals)
• Attitudes,
• Empowerment,
• Political influences,
• Gender issues (affirmative action),
• Level of understanding of IA function,
• Work ethic, respect and awareness of government
  policies (comparison of the ECPA, DPSA and NDoH.)

4
Vision

• Seeing the bigger picture.
• Passion for IA
• Belonging to the IIA
• Passion to empower others.
• Commitment to make a difference and be an agent
  of change
• Academic vs practical approach

5
What we sought to achieve?

• Development of a five year strategic plan
• identification of core objectives
• setting our goals
• setting targets
• establishing indicators

6
What we sought to achieve (2)

• Core objectives
• Service all levels of management, AO and AC ,
  providing them with independent, management
  oriented advice on the departments internal
  control systems, operating and performance, risk
  management and governance with a view to
  improving accountability.
• Give assurance to the Accounting Officer and
  audit Committee that the standard of the
  financial and administration management is
  maintained at a satisfactory level, internal
  controls are appropriate and effective and that
  legislation and departmental policies and
  procedures are being observed.

7
What we sought to achieve (3)

• Goal
• To ensure that the department achieves its goals
  and objectives, by
• Improving risk management, and
• Creating a control conscious and corruption free
  environment, as well as
• Giving feedback (timely reporting) of independent
  and objective reviews and evaluation of
  activities with recommendations for improvement
  to management.

8
What we sought to achieve (4)

• Target
• All the department personnel,
• All levels of management,
• Accounting Officer, and
• Provincial Departments of where and when
  necessary.
• By continuously assessing changing risks and
  encouraging control self assessment.

9
Indicators for success or failure

• General indicators
• Target groups approaching internal audit for
  pro-active advice with regard to internal
  control, risk management and corporate governance
  issues
• Implementation of recommendations.
• Specific indicators
• Look at specific goals

10
Approach Adopted

• Things we did to build relationships with the
  client
• Staying relevant to Management needs (using ad
  hoc assignments to get a buy-in)
• Staying abreast of IA issues (consistent
  research)
• Staying abreast of government issues( i.e.
  educating management on new pertinent
  legislation)
• Build confidence with client by being pro-active
  and not re-active

11
Approach Adopted (2)

• Encourage management to take control of their
  situation (control self assessment)
• Display a high degree of honesty when giving
  informal advice
• Set an example by your own honesty and integrity
  (honor God in the way you do business)
• Honor departmental invitations
• Introduce your staff to management at the start
  of an assignment
• When handling disagreements on findings with
  management always do it in way that will make you
  win the confidence of management

12
Approach Adopted (3)

• Things to do in the management of IA function
• Encourage your IA staff to research IA issues and
  ensure that they are members of IIA
• Ensure that IA staff have personal development
  plans
• Develop a structure that ensures and/or
  encompasses future growth (succession plan), to
  create a sense of belonging to the IA staff
• Allow your staff to chair your internal IA
  meetings where you are a participant
• Have experiential training program both as a
  socially responsible way to develop skills and
  empowerment but also as a means to address staff
  shortages (this also makes your recruitment
  easier)

13
Approach Adopted (4)

• Things to avoid
• Creating an impression that IA is a fraud
  investigation unit
• Serving in departmental committees to make
  decisions
• Do not bark at everything that comes your way
• Being reactive

14
Creating an effective IA structure

• Linking assurance and consulting on internal
  control, risk management and governance to ensure
  achievement of goals by improving accountability,
  adding value and improving performance
  (encompassing the IIA definition of internal
  auditing)
• Compliance with laws, regulations, procedures
  function
• Performance function
• Information technology function
• Fraud prevention and investigation

15
Creating an effective IA structure (2)

• Linking structure to
• IA core function (specialization)
• Strategic plans
• Social responsibility
• Annual plan and budget

16
Creating an effective IA structure (3)

• Job evaluation (developing clear roles and
  responsibilities)
• Approval
• Recruitment and resourcing focusing on your
  strategic plan and risk profile
• Staff empowerment, development and structure
  (i.e. co-sourcing and skills transfer)

17
Impact of an effective Audit Committee

• Audit Committee mandate (Terms of reference and
  its approval).
• PFMA
• Treasury Regulations
• King Report
• IIA standards
• Audit Committee and independence of the IA
  function.
• Composition
• - skills and capacity,
• - executive vs non executive and independent.
• Involvement of IA, Accounting Officer and
  Executing Authority in establishing the AC.
• Secretariat to the AC.
• Appointment of members (conflict of interest
  being one of the major consideration even before
  expertise).

18
Impact of an effective Audit Committee (2)

• Key responsibilities
• Evaluation of performance of IA function.
• Co-ordination of scope and communication of IA
  with external auditors.
• Enhance relationships and communication between
  Internal Audit, External Audit and Management
  (Confidential meetings with IA, EA and Management)

19
Results

• General
• To a greater extent the unit achieved results.
  Since this was a five year strategy we would not
  have fully achieved all what we set ourselves to
  do. The function will have its Quality Assurance
  Review done by the IIA during the course of this
  year as approved by the Audit Committee.
• Specific
• Core objectives this is an ongoing process
  which cannot be achieved in a short term. The
  solid infrastructure that has been established
  serves as an assurance that these objectives will
  be achieved as intended i.e. the first IA
  nationally to achieve its true independence in
  the midst of arguments that IA cannot be
  completely independent i.e. IA that is truly
  under the control and the direction of the Audit
  Committee with no interference at all from
  management.

20
Results

• Goals
• Control-conscious and corruption free culture
  the solid infrastructure for this has been
  established not only for the DoH but for the
  entire National Health System and has been partly
  achieved (the rate of whistle blowing throughout
  has increased through our ethics hotline)
• Timely feedback - this was the biggest challenge
  as we did not fully use the software, the
  unavailability of client staff, training and
  orientation of staff, shortage of staff
  (structure was still developed)
• Achievement of goals and objectives this is an
  ongoing issue and the challenge is identification
  of risk at the right level by the right people.
• Targets
• Achieved the message was sent to the target
  groups but not fully as intended with the
  Provincial Departments due to constitutional
  demarcation.

21
Conclusion

• In conclusion ladies and gentlemen, I have
  experienced that when you are committed to make a
  difference you are the hardest hit by the
  reactions and you feel like giving up. But,
  remember the 6 Cs as the pillars of your
  efforts
• - compassion (dont condemn always bring hope),
• - community (serve),
• - communication (build relationships),
• - challenge (do not give up) ,
• - commitment ( you are the beneficiary)
• - compromise (preserve your values, they reflect
  the legacy you leave behind).

22

• Thank you
• QUESTIONS