WATERBERG FET COLLEGE

Internal Audit Plan

Strategic 3 year-rolling Internal Audit Plan 2012 – 2014

and

Operational Internal Audit Plan 2012

Page 1 of 16

WATERBERG FET COLLEGE

THREE-YEAR STRATEGIC INTERNAL AUDIT PLAN 2012–2014 AND

ONE YEAR OPERATIONAL PLAN FOR THE PERIOD ENDING 31 DECEMBER 2012

INDEX

PAGE

1INTRODUCTION

2INTERNAL AUDIT MANDATE

3STRATEGIC APPROACH

3.1Scope of internal audit

3.2Reporting and communications

3.3Methodology

3.4Quality Control

4UNDERSTANDING WATERBERG FET COLLEGE

5CO-ORDINATION OF INTERNAL AUDIT

5.1Internal Audit Team

5.2Contact with Waterberg FET College

5.3Contact with the external auditors

6OBJECTIVES AND RISKS

6.1Categories and risks

7OPERATIONAL PLAN

7.1Three-year rolling internal audit plan

7.2One - year audit plan for the period ending 31 December 2011

1INTRODUCTION

The objectives of the audit planning process determine what audit activities will be scheduled for the year and to help ensure qualified audit staff is assigned to the highest priority assignments. The principles and procedures discussed in this document have been developed to provide a process for fulfilling these objectives.

The internal audit process provides oversight to obtain reasonable assurance regarding management’s assertions that objectives are achieved for effectiveness and efficiency of operations, reliability of financial information, and compliance with laws and regulations. Internal audit will proactively partner with its business management on the performance of financial, compliance, information technology, operational audits, as well as consulting reviews and special projects, to maximise value added contributions from the process. Value is created with an integrated audit approach using well trained, knowledgeable professionals, total quality principles, teamwork, innovation and world-class audit tools and techniques.

The primary objective of the internal audit function is to provide a comprehensive service to ensure adequate measures and procedures are in place for sound economic, effective and efficient management.Internal Audit will conduct audits to assist management in the effectiveness of theCollege’ssystem of internal controls and quality performance.

2INTERNAL AUDIT MANDATE

The Internal Audit (IA) mandate is recorded in the approved Internal Audit Charter. Internal Audit best practice requires the following:

  • a rolling three-year strategic internal audit plan based on the assessment of key areas of risk for the College,taking into consideration current operations, future proposed operations, the strategic plan and the risk management strategy;
  • an annual internal audit plan for the first year of the rolling three-year strategic internal audit plan;
  • plans indicating the proposed scope of each audit in the annual internal audit plan; and
  • a quarterly report to the audit committee detailing its performance against the annual internal audit plan, to allow effective monitoring and possible intervention.

3STRATEGIC APPROACH

A risk based strategic approach is adopted which takes into account the results of the risk assessment workshop conducted byPWC(PriceWaterHouseCoopers) for Waterberg FET during 2011 as well as subsequent discussions with management. This approach involves a focus on understanding the work of each focus area and identifying risks associated with that focus area. It further includes a process of linking risk analysis to assigned planning and audit program development.

3.1Scope of internal audit

The scope of internal audit is to determine whether the College’s network of risk management, control, and governance processes, as designed and represented by management, is adequate and functioning in a manner to ensure:

  • Risks are appropriately identified and managed;
  • Interaction with the various governance groups occurs as needed;
  • Significant financial, managerial, and operating information is accurate, reliable and timely;
  • Employees actions are in compliance with policies, standards, procedures, and applicable laws and regulations;
  • Resources are acquired economically, used efficiently and adequately protected;
  • Programmes, plans and objectives are achieved;
  • Quality and continuous improvement are fostered in the organisation’s control process; and
  • Significant legislative or regulatory issues impactingthe organisation are recognised and addressed appropriately.

Although investigating fraud and other irregularities are not the primary focus of an internal audit approach, internal audit should maintain close liaison with management should any such issues be identified.

3.2Reporting and communications

Communication, orally and through reports, is an essential part of the internal audit process. The INTERNAL AUDIT FUNCTION will also communicate with management through a series of planned formal meetings.

A quarterly/progress report will be submitted to management with a copy going to the Audit Committee. Reports will clearly demonstrate the control and operational concerns arising from the reviews, the potential impact and the practical reasoned recommendations for change. Any critical issues will be reported orally or in writing to management and the Audit Committee immediately upon identification.

Management will be given 7 workingdays to respond to internal audit findings.

Internal Audit will follow-up corrective action taken on reported weaknesses. Follow-up audits will be carried out to ensure that control weaknesses have been adequately rectified, or that appropriate action is being planned.

3.3Methodology

The platform to harvest internal audit staff’s knowledge is the use of a capable methodology that is supported by information technology. The use of such a methodology has the following benefits:

  • Speeds up planning;
  • Improves management and audit information;
  • Keeps track of major issues arising;
  • Improves liaison between internal audit staff; and
  • Enables internal audit staff to share information from a common source.

3.4Quality Control

It is important to monitor both the extent and the quality of the internal audit service to the College on an ongoing basis.

The quality of the internal audit assignments will be addressed by adhering to the Institute of Internal Auditors’ (IIA) Standards on quality control and the Internal Auditor’s internal audit procedures such as the involvement of the partners and managers in charge of functional areas in the planning and ongoing review of the work of field staff.

4UNDERSTANDING WATERBERG FET COLLEGE

It is important that internal audit understand the College and it’s functions fully, to ensure that the Internal Audit effort is focussed appropriately.

5CO-ORDINATION OF INTERNAL AUDIT

The co-ordination of internal audit will consist of:

5.1Internal Audit Team

Name / Position / Telephone no / Cellphone no / E – mail
Ntebo Hlungwane / Internal Auditor / 015 491 8581/8602 / 082 500 4834 /

5.2Contact with Waterberg FET College

Name / Position / Telephone No / Contact no. / E - mail
Mr. SP Mailula / Chief Executive Officer / 015 491 8581/8602 / 015 491 8581/8602 /
Ms. YSM Mathabatha / Audit Committee Chairperson / 082 578 5978 /

The Chief Executive Officerwill be responsible for all administrative arrangements of the internal audit for example approval of expenses of the Internal Audit Function. The Chief Executive Officer will approve the budget of the Internal Audit Function and the Chief Executive Officer together with the Audit Committee, the annual operation plan.

It is accepted that the co-operation and availability of Waterberg FET College’s personnel plays a significant role in impacting the effectiveness and efficiency of the Internal Audit Function. Every effort must be made to obtain the complete co-operation of the College’s management. Any excessive delays should be reported to the Chief Executive Officer and the Audit Committee.

5.3Contact with the external auditors

Internal Audit should liaise closely with the external auditors to avoid unnecessary duplication of audit work. Liaison with the external auditors will include holding regular meetings between the external auditors and the Internal Audit Function to ensure that there is proper co-ordination.

Contact details of the management team:

Name / Position / E - mail / Telephone No
Mr. Barry Bolink / Partner / / 015 297 2731

6OBJECTIVES AND RISKS

Risk analysis consists of two crucial elements, identification and the quantification of risks. Identification depends to a large extent on the knowledge of the College and the environment in which it operates.

Quantification depends on a combination of mathematics and judgement. Judgement depends on the knowledge of the assessors and the required objectives. Risk analysis is not a static process. Assessments need to be revised as new information becomes available. The ultimate action will depend on how risk-averse those responsible for the risks are.

6.1Categories and risks

One of the reasons for the risk assessment exercise, as set out earlier in the document, was to ensure that internal audit work is properly focussed and represents value for money for the College’s and the risks identified are listed below:

RATING / RISK NAME / DESCRIPTION / INHERENT RISK
(VALUE) / CURRENT RESIDUAL RISK
(VALUE) / DESIRED RESIDUAL RISK
(VALUE)
1 / Residence Management / Cleaning; Meals; Lack of Physical Security; Provision of health facilities; Residence sites do not belong to the college (Belong to the department of education); Hostel management by students / High-25 / High-20 / Low-5
2 / Availability of facilities and office space / Business centre does not have admin block. Lack of space at central office Inadequate budget to provide office space Occupational safety and health standards not followed. No space to accommodate newly appointed staff Inadequate planning with regard to office space Government not increasing funds for college infrastructure Dependency on state funds. / High-25 / High-20 / Low-5
3 / Marketing / No engagement with the departments; Lack of public communication strategy / High-25 / High-20 / Medium -10
4 / Supply Chain Management / Non adherence to policies and procedures; Fraud; Timeous delivery; Poor Quality of goods by suppliers; Procurement planning and sourcing decision; Emergency procurement services and processes; Poor supplier management; Poor warranties and after sales support; Poor warranty management process; By passing payment processes / High-25 / High-16 / Low-3
5 / Revenue collection including other sources of revenue e.g. Hotel school, farm. / Rentals facilities revenue collections; Cash deposited in the bank; Separate bank accounts; Goods and service sales(Farms, training centres and hotels school); Project revenue; Disposals; Physical Cash security; Inadequate use of opportunities to collect own revenue / High-25 / High-16 / Low-3
6 / Records Management / Employee Records; Confidentiality of Records; Student Records / High-25 / High-16 / Low-3
7 / Extra curricula activities / Lack Recreational Facilities; Lack Induction Function; Lack of library facilities / High-20 / High-16 / Medium-8
8 / Occupational Health and Hygiene / Engineering workshops; Central Office exit and health risk; Fire risks; Centres which do not belong to the college are not maintained to the desired standards of the College; First aid kits; Electricity supply. / High-20 / High-16 / Low-2
9 / Business Continuity / Power failure; Water Shortages; Natural Disasters; Services; Threat to human life; Systems Failure / High-20 / Medium -13 / Medium-8
10 / Information System Disaster Recovery / Development and implementation of strategy. Recovery of data. / High-20 / Medium -13 / Medium-8

7OPERATIONAL PLAN

It is important to demonstrate how the internal audit process integrates with and contributes to the College’s ability to achieve its mission and vision.

Internal audit is a protective, assurance service that should be viewed in the context of:

  • The challenges facing the College and how these challenges affect its vision and ability to meet the expectations of a diverse group of stakeholders, and
  • The impact that these challenges have on internal audit, for example the increase in risk.

Page 1 of 16

WATERBERG FET COLLEGE

THREE-YEAR STRATEGIC INTERNAL AUDIT PLAN 2012– 2014 AND

ONE YEAR OPERATIONAL PLAN FOR THE PERIOD ENDING 31 DECEMBER 2012

7.1Three-year rolling internal audit plan

Activity / Planned hours / Comments
2012 / 2013 / 2014
1 / Prepare a 3 year strategic internal audit plan and budget based on identified high impact risks / 24 / 16 / 16 / 3 days, from Year 2 onwards, 2 days
2 / Developing an annual operational internal audit plan and budget / 24 / 16 / 16 / 3 days, from Year 2onwards, 2 days
3 / Reporting results of reviews to Executive Management and the Audit Committee / 160 / 128 / 128 / One week per quarter, from year 2onwards, 4 days per quarter
4 / Preparing quarterly activity reports on the internal audit function / 160 / 160 / 160 / One week per quarter
5 / Follow-up and reporting of previously raised internal and external audit findings / 96 / 96 / 96 / 3 days per quarter
6 / Execution of internal audit plan / 1000 / 1850 / 1410 / Refer plan below
1464 / 2306 / 1906
Execution of Internal Audits / Planned Hours / Comments
2012 / 2013 / 2014
1 / Designing / updating an internal financial control framework to enable Audit Committee to sign off on internal control environment / 200 / 160 / 120 / Annual
2 / Residence Management / 0 / 100 / 100 / Annual Internal Audit - rotation of audit emphasis
3 / Supply Chain Management / 150 / 150 / 150 / Annual Internal Audit - rotation of audit emphasis
4 / Revenue Collection (including student debtors. / 100 / 100 / 100 / Annual Internal Audit - rotation of audit emphasis
5 / Records Management / 100 / 40 / 100 / Internal Audit in year 1 and 3, follow-up in year 2 (All campuses)
6 / Occupational Health and Hygiene / 0 / 100 / 40 / Internal Audit in year 1 and 3, follow-up in year 2 (All campuses)
7 / Management of Assets / 150 / 150 / 100 / Internal Audit in year 1 and 3, follow-up in year 2 (All campuses)
8 / Business Continuity / 0 / 150 / 150 / Internal Audit in year 1 and 3, follow-up in year 2 (All campuses)
9 / Integrity of IT systems / 100 / 100 / 100 / Annual Internal Audit - rotation of audit emphasis
10 / Adherence to required standards in workshops / 0 / 60 / 60 / Compliance Audit
11 / Governance / 40 / 40 / 100 / Follow-up in year 1 and 2, Internal audit year 3
12 / Program Content / 0 / 100 / 0 / High inherent risks - to be added to year 3 if audit outcome is negative
13 / Emerging risk / 0 / 100 / 0 / Emerging risks identified from Annual Risk Assessment Process
14 / Emerging risk / 0 / 100 / 0 / Emerging risks identified from Annual Risk Assessment Process
15 / Emerging risk / 0 / 100 / 0 / Emerging risks identified from Annual Risk Assessment Process
16 / Emerging risk / 0 / 100 / 0 / Emerging risks identified from Annual Risk Assessment Process
17 / Emerging risk / 0 / 100 / 0 / Emerging risks identified from Annual Risk Assessment Process
18 / Emerging risk / 0 / 0 / 100 / Emerging risks identified from Annual Risk Assessment Process
18 / Ad hoc requests / 160 / 100 / 190 / Provision for annual ad hoc assignments
1000 / 1850 / 1410

Page 1 of 16

WATERBERG FET COLLEGE

THREE-YEAR STRATEGIC INTERNAL AUDIT PLAN 2012– 2014 AND

ONE YEAR OPERATIONAL PLAN FOR THE PERIOD ENDING 31 DECEMBER 2012

7.2One - year audit plan for the period ending 31 December 2011

Activity / 2012 hours
1 / Prepare a 3 year strategic internal audit plan and budget based on identified high impact risks / 24
2 / Developing an annual operational internal audit plan and budget / 24
3 / Reporting results of reviews to Executive Management and the Audit Committee / 160
4 / Preparing quarterly activity reports on the internal audit function / 160
5 / Follow-up and reporting of previously raised internal and external audit findings / 96
6 / Execution of internal audit plan / 1000
1464
Execution of Internal Audits / 2012 allocated hours / Anticipated Timing / Planned scope of internal audit
1 / Designing / updating an internal financial control framework to enable Audit Committee to sign off on internal control / 200 / The Audit Committee recommended that this audit be co-sourced in the first year to external services as this is a complex Audit. / Referencing Best Practice to design a financial control framework
2 / Supply Chain Management / 150 / May/June
21/05/2012(Start)
15/06/2012(Report) / Evaluate controls relating to:
  • Compliance to the Supply Chain Policy;
  • Authorisation, completeness of information on the supplier database.
  • Review controls relating to supplier performance (VAT vetting, evaluation of suppliers).
Review controls relating to :
  • Approval of payments in terms of delegation of authority;
  • Compliance to policy and procedure regarding the various expenses;
  • Expenditure control to prevent fruitless & wasteful expenditure;
  • Allocation of expenditure to correct ledger accounts; and
  • General ledger reconciliations.
Review the effectiveness of procurement committees
Review of the travel and subsistence process, compliance to policy and procedure, proper approval
Regular monitoring of Supply Chain Management process
3 / Revenue Collection (Student debtors) / 100 / June
18/06/2012(Start)
6/07/2012(Report) / Evaluate controls relating to:
Compliance with finance and student debt policy
Review controls relating to :
  • Invoices relating to student application forms
  • Registration and tuition fees
  • Effectiveness of procedure to be followed when on revenue collection (Revenue collected will be banked on a weekly basis).
  • Transfer of funds(Remittances)
  • Handling of bursary and/or donation Income
  • Interest Received
  • Income generating projects
  • Debt Collection
  • Monitoring of controls
Follow up on monthly student account
4 / Records Management / 100 / July
09/07/2012
31/07/2012 / Review the adequacy and effectiveness of controls over the Records management, in particular:
  • Evaluate the adequacy of the Records Management Policies and Procedures.
  • Ensure that Policies and Procedures are developed in line with the National Archives Act and other relevant legislation.
  • Ensure compliance with approved Records Management Policies and Procedures and relevant legislation.
  • Evaluate the adequacy and effectiveness of controls to ensure that the Registry is a complete hub of all key documents and other records.
  • Evaluate the adequacy and effectiveness of the documents / records classification (restricted vs. non restricted) and filing systems (manual and electronic).
  • Evaluate the adequacy and effectiveness of controls to access (employees and public) and return documents /records.
Evaluate the adequacy and effectiveness of physical access controls as well as safeguarding of documentation / records against fire and other hazards.
5 / Management of Assets / 150 / August
01/08/2012(Start)
31/08/2012(Report) / Review the adequacy and effectiveness of controls over Assets Management, in particular:
  • Evaluate the adequacy of the Asset Management Policies and Procedures.
  • Evaluate the adequacy of insurance over the College’s assets
  • Review acquisition of asset processes
  • Review receipts and distribution of assets
  • Evaluate the maintenance of the fixed Assets Register
  • Evaluate transfer of assets processes
  • Evaluate the writing off of Assets procedures or processes
  • Review disposal or selling of assets processes
  • Review the general processes/procedures on Asset management

6 / Integrity of IT systems(Information System Disaster Recovery) / 100 / September
03/09/2012(start)
21/09/2012(Report) / Evaluate the adequacy and effectiveness of controls relating to:
IT Policy
IT planning process
Access controls to the system
7 / Governance
(Follow up audit) / 40 / October
01/10/2012(Start)
12/10/2012(Report) / Evaluate the adequacy and effectiveness of controls relating to:
  • College Governance Structures;
  • Risk Management;
  • Policies and Procedures;
  • IT Governance;
  • Organisational Strategy;
  • Performance measurement;
  • Stakeholder interaction; and
  • Statutory Report.

8 / Ad hoc requests / 160 / November
Follow up and ad hoc audits as requested by management. / As agreed upon commencement of assignments.
1000
RECOMMENDED BY:
Chief Executive Officer / Date
Mr. S. P. Mailula
APPROVED BY:
Chairperson of the Audit Committee / Date
PREPARED BY:
Ntebo Hlungwane
Internal Auditor / Date

Page 1 of 16