PRASA - Where were the Audit Committee and Internal Audit?
Deon van der Westhuizen
Governance | Risk | Combined Assurance | ESG now | Supply Chain Sustainability | AI | International speaker | Disruptor | Leadership | Agile Online Learning | Next Step Academy | Educational projects | MuniratingSA
The reports that covered the front of the newspapers over the weekend, once again indicated an alleged misuse of taxpayers money. Against the background of reeling economic conditions, and municipalities failing to deliver the services to specifically the poor, the situation needs an in-depth analysis of the role internal auditors and audit committees play in government institutions and public entities.
I cannot imagine that a transaction this size failed to trigger the dashboard of the first line of defense, namely management. This transaction should have been on the risk register as an inherent risk. Even if the internal auditors disagreed with the risk assessment, their own risk assessment should have identified the transaction by pure financial nature as a high risk. Thus it should have been on the audit plan, and thus the Audit Committee should have been aware of the risk, and the risk at value. The Audit Committee cannot look the other way now. They should have asked tough questions at the time, and management should have explained. The Audit Committee at the very least plays an important role in the accountability cycle.
It is my opinion that the Institute of Directors (IOD) should investigate the suitability and the effectiveness of the Audit Committee (AC) and its members. The contract under which the AC operated should be scrutinized for accountability by its members. This is the only way to determine whether they were effective, and if they were not, the investigation should form the basis of changing the accountability of AC members to be in line with the requirements of the Company's Act.
On a national basis the appointment of the AC members and the process to do so also needs urgent intervention from a National Treasury side. Too often AC members are not competent to deliver on their mandate and National Treasury should establish a database of potential Audit Committee members that are vetted. AC members should be appointed by the Minister of Finance, and should be replaced every three years. The contract of Audit Committee members should be revised to include explicit accountability if they fail to ask the right questions.
In addition the Chief Executive Officer of the Institute of Internal Auditors (IIA-SA) should now launch an investigation into the effectiveness of the Internal Audit function at PRASA. Tough questions should be asked about the risk assessment, the audit plan, the audit of the supply chain management process, the audit of the verification of qualifications of some of the role players and all other senior officials of PRASA. The issues above are inherently red risk areas as the newspapers report on these incidences daily.
In addition it should be determined if the governance process was audited during the last three years, the adequacy of such audit processes and the audit methodology. I would like to know if a quality assurance review (QAR) has been performed during the last five years, and if the result was to the satisfaction of the IIA-SA. I would consider forcing a QAR onto the internal audit unit to determine if and why they did not make a difference. As third line of defense, they need to be held accountable if they have failed the taxpayer in performing their duties effectively. If they did report on these issues, management's failure to act should have been brought to the attention of the Audit Committee.
It is time for the profession to be bold. We cannot stand by and watch anymore. We need to be counted.....now!
Snr Risk Auditor at City Power
8 年they were all there D but they are all friends with management!!!
Senior Audit Manager - Business Advisory Service at AngloGold Ashanti
8 年Very interesting comments Deon. The reports seem to indicate that there were serious lapses of corporate governance at PRASA -- that is, if any corporate governance existed at all, apart from what is documented in its financial reports. However, the outrage must not get the better of us. The title of your article falls into the familiar pitfall of blaming internal audiy and the audit committee for lapses of cprporate governance in organisations. Internal audit and the audit committee can put governance structures together and monitor adherence thereto. The executive makes the decisions and they need to abide by the governance rules. This means they can also choose not to abide by those rules -- in which case the board of directors need to call then to order. The Institute of Directors would have no grounds to haul the audit committee over the coals. Remember, not all directors are members of the institute of directors. The shareholders appoint the members of the audit committee, and they are in the best position to hold these directors to account. You also mention the IIA investigating the internal audit department. Here again, not all internal auditors belong to the IIA. Even if all the PRASA internal auditors belonged to the IIA, bear in mind that procurement is an executive prerogative. Internal audit can advise, raise red flags and report matters to the audit committee. But the executive does not always consult IA before making major decisions. There is simply no requirement for the executive to first consult IA before it makes an executive decision! We are rightly outraged by the fiasco at PRASA. But we must be careful not to let a "good crisis" go to waste by focusing our outrage on the wrong governance structure. In my opinion the questions we should be asking should rather be: "Where was the board of directors and the shareholders?"