0% found this document useful (0 votes)
104 views57 pagesInternal Audit Framework
The eThekwini Municipality Internal Audit Framework outlines the guidelines and best practices for internal auditing within the municipality, ensuring compliance with relevant legal frameworks and standards. It emphasizes the roles, responsibilities, and independence of key stakeholders, including the Audit Committee and the Chief Audit Executive, while detailing the processes for risk management, governance, and performance evaluation. This framework serves as a comprehensive guide for the effective operation of internal audit services to enhance transparency and accountability in municipal operations.
Uploaded by
Herbert NgwaraiCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
0% found this document useful (0 votes)
104 views57 pagesInternal Audit Framework
The eThekwini Municipality Internal Audit Framework outlines the guidelines and best practices for internal auditing within the municipality, ensuring compliance with relevant legal frameworks and standards. It emphasizes the roles, responsibilities, and independence of key stakeholders, including the Audit Committee and the Chief Audit Executive, while detailing the processes for risk management, governance, and performance evaluation. This framework serves as a comprehensive guide for the effective operation of internal audit services to enhance transparency and accountability in municipal operations.
Uploaded by
Herbert NgwaraiCopyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF or read online on Scribd
/ 57
Sa Ly
MUNICIPALITY
eThekwini Municipality Audit
Risk and Advisory Services /
INTERNAL AUDIT FRAMEWORK
DECEMBER 2021
eThekwini Municipality
EMARAS
Internal Audit Framework
CONTENTS
DEFINITIONS
Background
Legal Framework
‘The Constitution of the Republic of South Africa
‘Municipal Finance Management Act no. 56 of 2003,
Municipal Systems Act no. 32 of 2000
|. Local Government Municipal Planning and Performance Management Regulations 2001 14 (1):10
. King 4 10
e 10
Professional Mandate W
Mission 12
43 Cote Principles 12
144 Code of Ethics 12
1.4.4.1 Rules of Conduct 13
145 Standards 13
146 King IV 016) 14
Values of EMARAS 4
t ‘6 Profsioal Skepticism 15
1.7 Batho Pele Principles 16
1.8. Independence, Objectivity and Reporting lines 16
19. Applicability of the Framework 7
19.1 Major Components of an effective Internal Audit Function and definitions 7
2. EMARAS ACTIVITIES 18
2.1. Intemal audit evolved as the organization's risk management processes improved as depicted in the
figure below: 18
2.2 Key stakeholders in the internal audit function include: 20
ORGANIZATION AND STRUCTURE 20
Authority and Independence of EMARAS ai
Independence and objectivity 2
Organisational Structure 2
2B
ities of Internal Audit 2B
Internal Control and Assurance 2B
Governance 23
Fraud and Corruption 25
The Internal Audit Charter 25
THE ROLES, RESPONSIBILITIES AND ACCOUNTABILITIES OF KEY STAKEHOLDERS26
Management 26
The key responsibilities of the Audit Committee 27
EXCO/Council 28
Chief Audit Executive (CAE) 28
Accounting Officers and Boards 29
RESOURCES (MANAGEMENT OF THE UNIT) 30
Human Capital 30
Page 2157
eThekwini Municipality
EMARAS,
Internal Audit Framework
Resource Capacity 30
.. Skills and Expertise 30
‘Subject Matter Expert (Outsourced Vs Co Sourced) 30
2 Skills development 30
5.2.1 Professional Membership 31
5.2.2. Continuous Professional Development (CPD) 31
5.3 Tools of trade 31
54 Future Fit Internal Audit 32
5.5 Knowledge Management (KM) 32
5.6 Quality Review 32
5.6.1 Internal assessments 33
5.6.2 External QA reviews 33
5.7 Performance Measurement 33
6. eTHEKWINI AUDIT COMMITTEE 34
6.1 Appointment of the Audit Committee: 34
6.2 Removal from Office of Audit Committee Members 35
63 — Composition and Membership of the Audit and Risk Committees 35
6.4. _ Independence of members Disclosure of Interest 36
6.5. Code of conduct (Audit Committee) 36
6.6 The Audit Committee Charter 36
6.7 Power and Authority of the Audit Committee 7
6.8. Meetings 38
6.9, Training and Development of the members 38
7, NATURE OF WORK CONDUCTED BY EMARAS 38
7.1 Evaluation of Risk Management Functions 39
7.2 Governance Reviews 40
7.3 Information Technology (IT) Audits 41
7.4 Audit of Performance Information 43
7.5 Continuous Security Audits 8
7.7 Normal System/Management Audits and Financial audits 44
Evaluation of Controls 44
The Audit Process 46
Engagement Planning 46
Engagement Objectives 46
Engagement Scope 47
Engagement Resource Allocation 47
Engagement Work Program 47
Performing the Engagement 48
Documenting System Description 48
Verifying the System Description 48
Analysis and Evaluation: 48
7.8.10 Documenting Information 48
7.8.11 Engagement Supervision 49
7.8.12 Communicating Results 49
7.8.13 Overall Opinion 49
eThekwini Municipality
EMARAS
Internal Audit Framework
7.8.14 Use of “Conducted in Conformance with the International Standards for the Professional Practice of
Internal Auditing” 50
7.8.15 Engagement Disclosure of Nonconformance 50
7.8.16 Disseminating Results 30
7.8.17 Monitoring Progress and/or Follow up 31
78.18 Communicating the Acceptance of Risks 31
7.8.19 Disclosure of Nonconformance si
8. CONSULTING ACTIVITIES St
8.1 Acceptance of Consulting Activities 52
9 RELATIONSHIPS WITH INTERNAL CONTROL FUNCTIONS 53
10. COMBINED ASSURANCE 54
REFERENCES 37
4157
eThekwini Municipality
EMARAS
Internal Audit Framework
1 DEFINITIONS
Accounting Officer:
Constitution:
coso:
CAE:
eThekwini/City:
MSA:
Auditor - General:
Province:
Refers to the Accounting Officer as defined in terms of Section 60 of the
Municipal Finance Management Act
Refers to the Executive Committee of Council
Refers to the municipal council of eThekwini as set out in the Municipal
Structures Act 117 of 1998 paragraph 18
Refers to eThekwini's Executive Management Committee consisting of the City
Manager, Deputy City Managers and key strategic employees as set out in the
EMC Terms of Reference
Refers to the Constitution of the Republic of South Africa, 1996 (Act 108 of
1996)
Refers to Committee of Sponsoring Organisations of the Treadway Commission,
‘m organisation dedicated to providing guidance to executive management and
governance entities on critical aspects of organisational governance, business
ethics, internal control, enterprise risk management, fraud, and financial
reporting;
Refers to the Chief Audit Executive as appointed by eThekwini in accordance
with the approved organogram under the Office of the City Manager. The IA
defines the Chief Audit Executive as a person in a senior position responsible for
effectively managing the internal audit activity in accordance with the intemal
audit charter and the mandatory elements of the International Professional
Practices Framework,
Refers to eThekwini Municipality as the sole metro of the province of Kwa-Zithu
‘Natal; and includes both its entities namely Durban Marine Theme Park (DMP)
AND Durban International Convention Centre (DICC)
Refers to Municipal Finance Management Act, (Act no. 56 of 2003)
Refers to Municipal Systems Act, (no. 32 of 2000)
Refers to the Office of the Auditor General of South Affice, a Chepter 9
institution mandated by the Constitution of 1996 to fulfil certain functions and is
responsible for the auditing of national and provincial state units and
administrations, all municipalities and any other institution or accounting entity
required by national and provincial legislation to be audited by the Office of the
‘Auditor-General
Refers to the Province of KwaZulu-Natal as contemplated in section
103(1)(4) of the Constitution
Page 5137
eThekwini Municipality
EMARAS
Internal Audit Framework
“Audit Committee:
EMARAS:
Refers to the eThekwini Audit Committee appointed by the municipality's
council as set out in Section 166 of the MFMA. The Main Audit Committee is
responsible for the City and its Entities.
Refers to the eThekwini Municipality Audit and Risk Assurance Services being
the in-house unit responsible for all intemal audit and risk activities located
within the Office of the City Manager
EMARAS Enterprise Risk Management
Framework
‘Companies Act:
rer:
Refers to the eThekwini’s Enterprise Risk Management Framework developed
and adopted by the city to govern all risk-based activities
Refers to the Companies Act 71 of 2008
Refers to the Intemational Professional Practices Framework governing the
practices over intemal auditing
Page 6187
eThekwini Municipality
EMARAS
Internal Audit Framework
|
POOP OP OOOO SEEDED ORE DO OOO OEHESESODEOEDE
International Professional Practices Framework (IPPF)
International Standards for the Professional Practice of Internal Auditing (ISPPIA)
Committee of Sponsoring Organisations (COS)
Municipal Finance Management Act (MFMA)
‘Municipal Systems Act (MSA)
CChicf Audit Executive (CAE)
eThekwini Municipality Audit and Risk Assurance Services (EMARAS)
Performance Management System (PMS)
Auditor General (AG)
Office of the City Manager (OCM)
Institute of Internal Auditors (ILA)
Enterprise Risk Management Framework (ERM);
City Integrity and Investigations Unit (CU)
Deputy City Managers (DCM’s)
‘Cooperative Governance and Traditional Affairs (COGTA)
City Manager (CM)
EMC (Executive Management Committee)
Continuous Professional Development (CPD)
Institute of Internal Auditors of South Africa (IIASA)
South African Institute of Chartered Accountants (SAICA)
Certified Fraud Examiners (CFE)
Institute of Risk Management of South Africa (IRMSA)
Information Systems Audit and Control Association (ISACA)
Information Technology (IT)
Artificial intelligence (AL)
computer-assisted audit tools and techniques (CAATS)
quality assurance (QA) programme
Knowledge Management (KM)
Service Delivery Budget Implementation Plan (SDBIP)
Performance Indictors (PD)
Miunicipal owned entities (MOE’s)
Integrated Development Plan (IDP)
Control Objectives for Information and Related Technology (COBIT)
systems development life cycles (SDLC)
IT Governance Institute (TTGI)
‘Audit Risk Compliance (ARC)
EEE’s (ie. efficient, effective and economy)
Accounting Officers (AOs)
© 1187
eThekwini Municipality
EMARAS.
Internal Audit Framework
1 Background
This framework has been developed to consolidate all internal audit best practices and regulated prescripts or guidelines
such that it includes practical implementation that relates to the public service. It further reflects developments in the
