FINAL MANAGEMENT REPORT INDEPENDENT DIRECTORATE POLICE INVESTIGATIVE 31 March 2019 Communicated to the acting accounting officer on: 31 July 2019 MANAGEMENT REPORT INDEPENDENT POLICE INVESTIGATIVE DIRECTORATE 2019-03-31 Discussed with the accounting officer on: 23 July 2019 CONTENT INTRODUCTION ............................................................................................................................ 4 SECTION 1: Interactions with stakeholders responsible for oversight and governance ... 7 SECTION 2: Matters relating to the auditor’s report ................................................................ 8 AUDIT OF THE FINANCIAL STATEMENTS ..................................................................... 8 MATTERS TO BE BROUGHT TO THE ATTENTION OF USERS .................................. 11 AUDIT OF THE ANNUAL PERFORMANCE REPORT ...................................................... 9 AUDIT OF COMPLIANCE WITH LEGISLATION ............................................................. 11 OTHER INFORMATION .................................................................................................... 11 INTERNAL CONTROLS.................................................................................................... 12 OTHER REPORTS............................................................................................................ 15 SECTION 3: Assurance providers and status of implementation of commitments and recommendations .......................................................................................................... 14 ASSESSMENT OF ASSURANCE PROVIDERS ............................................................. 14 STATUS OF IMPLEMENTING COMMITMENTS AND RECOMMENDATIONS ............. 15 SECTION 4: Specific focus areas ............................................................................................. 16 FINANCIAL VIABILITY ...................................................................................................... 17 PROCUREMENT AND CONTRACT MANAGEMENT ..................................................... 18 FRAUD AND CONSEQUENCE MANAGEMENT ............................................................. 18 SECTION 5. Using the work of internal audit .......................................................................... 20 SECTION 6: Emerging risks ....................................................................................................... 20 SECTION 8: Ratings of detailed audit findings ....................................................................... 22 SECTION 9: Conclusion............................................................................................................. 22 SECTION 10: Summary of detailed audit findings ................................................................. 23 Detailed audit findings: Annexures A to C ............................................................................ 36 Annexure D: Performance management and reporting framework .............................. 132 Annexure E: Auditor general’s responsibility for the audit of the reported performance information ..................................................................................................................... 139 QUALITY CONTROL RELATING TO ASSURANCE ENGAGEMENTS ........................ 139 REPORTED PERFORMANCE INFORMATION............................................................. 139 COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE ........................ 139 Annexure F: Assessment of internal controls ...................................................................... 141 Management report of Independent Police Investigative Directorate MANAGEMENT REPORT TO THE ACCOUNTING OFFICER ON THE AUDIT OF THE INDEPENDENT POLICE INVESTIGATIVE DIRECTORATE FOR THE YEAR ENDED 2019-03-31 INTRODUCTION 1. The purpose of the management report is to communicate audit findings and other key audit observations to the accounting officer and the report does not constitute public information. This management report includes audit findings arising from the audit of the financial statements, performance information and compliance with legislation for the year ended 31 March 2019. 2. These findings were communicated to management and this report details management’s response to these findings. The report includes information on the internal control deficiencies that we identified as the root causes of the matters reported. Addressing these deficiencies will help to improve the audit outcome. 3. In accordance with the terms of engagement, our responsibility in this regard is to: • • • express an opinion on the financial statements express an opinion in the management report on the usefulness and reliability of the reported performance information for selected programmes, and report the material findings in the auditor’s report report on material findings relating to compliance with specific requirements in key applicable legislation, as set out in the general notice issued in terms of the Public Audit Act, 2004 (Act No. 25 of 2004) (PAA). Our engagement letter sets out our responsibilities and those of the accounting officer in detail. 4. This management report consists of the overall message arising from the audit, summary of key findings and observations, annexures containing the detailed audit findings, annexures to the report on the audit of performance information as well as the annexure to internal control deficiencies reported. 5. The auditor’s report is finalised only after the management report has been communicated. All matters included in this report that relate to the auditor’s report remain in draft form until the final auditor’s report is signed. In adherence to section 50 of the PAA, we do not disclose any information obtained during the audit and contained in this management report. 6. The figure that follows provides a pictorial summary of the audit results and our key messages on how to improve and/or sustain the audit outcomes with the focus on the following: • Status of the audit outcomes • Status of the level of assurance provided by key role players • Status of the drivers of internal controls • Status of risk areas • Root causes to be addressed/Best practices that should be maintained Movement from the previous year is depicted as follows: 4 Page Management report of Independent Police Investigative Directorate 5 Page / Improved / Unchanged / slight improvement / slight regression / Regressed Management report of Independent Police Investigative Directorate Stagnant in audit outcomes Assurance levels Types of audit outcomes First level of assurance Second level of assurance Unqualified with findings 20162017 20172018 Unqualified with findings Senior management Qualified with findings Accounting officer Adverse with findings Executive authority 20182019 Disclaimed with findings 1 5 2 4 Internal audit Provides assurance To improve the audit outcome the root causes are addressed Audit committee … the risk areas, and Provides some assurance Provides limited/ no assurance Vacant/ not established … the key role players need to assure that 3 ... attention is given to the key controls, and the best practices are maintained. Risk areas Root causes should be addressed • • Improper record keeping of information to support financial and performance reporting Inadequate controls over the preparation and review of the annual financial statements and performance report Status of the drivers of internal controls Quality of submitted financial statements Financial health Quality of submitted performance information Human resource management Supply chain management Information technology Leadership Financial and performance management Effective leadership culture Proper record keeping Risk management Oversight responsibility Processing and reconciling controls Internal audit HR management Regular reporting Audit committee Policies and procedures Compliance monitoring Audit action plans IT system controls Governance IT governance Good 6 Page Concerning Intervention required Good Concerning Intervention required Management report of Independent Police Investigative Directorate OVERALL MESSAGE 7. The above graphic depicts the audit outcomes of the department, as summarised in the overall message below: • • • • • The audit outcome has remained unchanged from the prior year as it still unqualified with findings. The annual financial statements are unqualified and there are no material misstatements in the selected programme of the performance report. Senior management and accounting officer provide some assurance, as there were material misstatements identified in annual financial statements and performance reports submitted for audit. Material misstatements were subsequently corrected, and the department received an unqualified opinion on the annual financial statements and the selected programme of the performance report. The department did not maintain proper record keeping of information to support financial and performance reporting. There were also inadequate controls over the preparation and review of the annual financial statements and performance report. The status of key risks areas is still concerning, but there has been an improvement in the quality of annual financial statements submitted for audit and supply chain management. Notwithstanding, that they are still concerning, oversight responsibility and compliance monitoring have improved resulting in improved performance reported information and reduction in non-compliance. However, policies and procedures have regressed as the supply chain and management policy was not approved. SECTION 1: Interactions with stakeholders responsible for oversight and governance 8. During the audit cycle, we met with the following key stakeholders responsible for oversight and governance to communicate matters relating to the audit outcome and matters identified during our status of records review of the department: Key stakeholder Purpose of interaction Speaker of the portfolio committee on [name of committee] Standing committee on public accounts Minister of Police Executive Director and Acting Executive Director Audit committee TBC Number of interactions TBC TBC Kick off meeting, Status of records review, Steering committee meeting Review of Annual Financial statements, Quarterly audit committee meetings 1 3 9. At these interactions, we shared the following key matters affecting audit outcomes and the auditee include high-level summary of key matters or determinations not already included in the table above: • • • 7 Page Kick-off meeting: Engagement letter, audit strategy covering key risks identified Audit Steering committee meeting: Progress on the date and issues identified Audit committee meeting: Review of financial statements before submission Management report of Independent Police Investigative Directorate SECTION 2: Matters relating to the auditor’s report AUDIT OF THE FINANCIAL STATEMENTS 10. We identified material misstatements in the financial statements during the audit. These misstatements were not prevented or detected by the department’s system of internal control. These material misstatements also constitute non-compliance with section 40(1) of the Public Finance Management Act (PFMA). Material misstatement Finding (Include a brief description of the misstatement as per the findings and the auditor’s report. Include the reasons for the auditee not correcting the misstatement when applicable.) Material misstatements corrected Disclosure Commitments The commitment disclosure note amount was not materially misstated. However, the note, did not clearly disclose contracts that exceed one year. The value of those contracts was material. Financial statement item 8 Page Occurred in prior year (Insert Yes/No) No Impact Impact R current year R prior year 40 383 379 0 Management report of Independent Police Investigative Directorate MATTERS TO BE BROUGHT TO THE ATTENTION OF USERS Emphasis of matter paragraphs 11. The following emphasis of matter paragraphs will be included in our auditor’s report to draw the users’ attention to matters presented or disclosed in the financial statements: Changes in accounting estimate 12. As disclosed in note 27 to the annual financial statements, there has been a change in accounting estimates for Contingent Liabilities. The change has resulted in the contingent liabilities balance for the current year decreasing significantly by at least R47 931 000 from the prior year. Payables not recognised 13. As disclosed note 20.2 to the annual financial statements, payables not recognised of R4 303 000, exceeded the payment terms of 30 days, as required in treasury regulation 8.2.3. This amount, in turn exceed the R282 000 of voted to be surrendered by R4 021 000 as per the statement of financial performance. The amount of R4 022 000 would therefore have constituted unauthorised expenditure had the amounts been paid in time. This was due to budgetary constraints experienced by the department which led to the majority of the prior year (s) payables being settled in the current year. Other matter paragraphs 14. The following other matter paragraphs will be included in our auditor’s report to draw the users’ attention to matters regarding the audit, the auditor’s responsibilities and the auditor’s report: Unaudited supplementary schedules 15. The supplementary information set out on pages XX to XX does not form part of the financial statements and is presented as additional information. I have not audited these schedules and, accordingly, I do not express an opinion on it. AUDIT OF THE ANNUAL PERFORMANCE REPORT 16. In terms of the general notice issued in terms of the PAA, the opinion on the audit of reported information will be included in the management report. The report is included below to enable management and those charged with governance to see what the report will look like once it is published in the auditor’s report. We will report all the audit findings included under the basis for opinion/conclusion and the other matter sections of this report in the auditor’s report. Introduction and scope 17. We have undertaken a reasonable assurance engagement on the reported performance information for the following selected programmes presented in the annual performance report of the department for the year ended 31 March 2019: 9 Page Management report of Independent Police Investigative Directorate Programme Programme 2 – Investigation and Information management Pages in annual performance report Opinion x–x Unqualified Mov. 18. We conducted our reasonable assurance engagement in accordance with the International Standard on Assurance Engagements, ISAE 3000: Assurance engagements other than audits or reviews of historical financial information. 19. We believe that the evidence we have obtained is sufficient and appropriate to provide a basis for our opinion. Programme 2 – Investigation and Information management Opinion 20. In our opinion, the reported performance information for Programme 2 – Investigation and Information management is useful and reliable, in accordance with the applicable criteria as developed from the performance management and reporting framework as set out in annexure D to this report Other matter 21. We draw attention to the matter below. Our opinion is not modified in respect of this matter. Adjustment of material misstatements 22. We identified material misstatements in the annual performance report submitted for auditing. These material misstatements were on the reported performance information of Programme 2 – Investigation and Information management. As management subsequently corrected the misstatements, we did not raise any material findings on the usefulness and reliability of the reported performance information. Responsibilities of the party responsible for the annual performance report the reported performance information 23. The accounting officer is responsible for the preparation of the annual performance report in accordance with the prescribed performance management and reporting framework, as set out in annexure D to this report and for such internal control as the accounting officer determines is necessary to enable the preparation of performance information that is free from material misstatement in terms of its usefulness and reliability. Auditor-general’s responsibilities for the reasonable assurance engagement on the reported performance information 24. Our objectives are to obtain reasonable assurance about whether the reported performance information for the selected programmes presented in the annual performance report is free from material misstatement and to issue a management report that includes our opinion. Reasonable assurance is a high level of assurance, but is not a guarantee that the assurance engagement conducted in accordance with the relevant assurance standards will always detect 10 P a g e Management report of Independent Police Investigative Directorate a material misstatement when it exists. Misstatements can arise from fraud or error and are considered material if they could reasonably be expected to influence the relevant decisions of users taken on the basis of the reported performance information. 25. Our procedures address the reported performance information, which must be based on the approved performance planning documents of the department. We have not evaluated the appropriateness of the performance indicators established and included in the planning documents. Our procedures do not extend to any disclosures or assertions relating to planned performance strategies and information relating to future periods that may be included as part of the reported performance. Accordingly, our opinion does not extend to these matters. 26. A further description of our responsibilities for the reasonable assurance engagement on reported performance information is included in annexure E to this report. AUDIT OF COMPLIANCE WITH LEGISLATION 27. Included below are material findings on compliance with selected specific requirements of applicable legislation, as set out in the general notice issued in terms of the PAA Annual financial statements 28. The financial statements submitted for auditing were not prepared in accordance with the prescribed financial reporting framework and/or supported by full and proper records as required by section 40(1) (a) and/or (b)of the PFMA. 29. Material misstatements of disclosure items identified by the auditors in the submitted financial statement were corrected and the supporting records were provided subsequently, resulting in the financial statements receiving an unqualified opinion. Expenditure Management 30. Effective and appropriate steps were not taken to prevent irregular expenditure amounting to R1 824 000, as disclosed in note 23 to the annual financial statements, as required by section 38(1)(c)(ii) of the PFMA and treasury regulation 9.1.1. The majority of the current year irregular expenditure was caused by appointment of official without following DPSA processes. Consequence Management 31. I was unable to obtain sufficient appropriate audit evidence that disciplinary steps were taken against officials who had incurred irregular expenditure as required by section 38(1)(h)(iii) of the PFMA. This was due to proper and complete records that were not maintained as evidence to support the investigations into irregular expenditure, disciplinary recommendations and the actual actions taken. OTHER INFORMATION 32. The accounting officer is responsible for the other information. The other information comprises the information included in the annual report. The other information does not include the financial statements, the auditor’s report and the selected programme presented in the annual performance report that have been specifically reported in this auditor’s report. 11 P a g e Management report of Independent Police Investigative Directorate 33. Our opinion on the financial statements and findings on the reported performance information and compliance with legislation do not cover the other information and we do not express an audit opinion or any form of assurance conclusion thereon. 34. In connection with my audit, my responsibility is to read the other information and, in doing so, consider whether the other information is materially inconsistent with the financial statements and the selected programmes presented in the annual performance report, or my knowledge obtained in the audit, or otherwise appears to be materially misstated. INTERNAL CONTROLS 35. The significant deficiencies in internal control which led to our overall assessment of the status of the drivers of key controls, as included in the figure in paragraph x, are described below. The detailed assessment of the implementation of the drivers of internal control in the areas of financial statements, performance reporting and compliance with legislation is included in annexure F. Leadership Human resource management 36. The department did not have an approved organisational structure. This was because a communique from Department of Public Service and Administration (DPSA) on 30 November 2018 stated that the former minister had rejected the then proposed DPSA structure and recommended that the department revise and address a few functional and staff issues before implementation. Policies and procedures 37. The department’s revised supply chain management policy has not been approved. Information technology governance framework 38. The department’s IT Strategy was still in draft and not yet approved, this increase the risk that IT strategic objectives might not support and be aligned to the objectives of the entire department. This was due to the fact that the strategy was yet to be finalised as there were revisions recommended by EXCO. There was also change in the department’s senior leadership hence the delay in signing off reviewed strategy and policy documents. 39. There was one key vacant post (Network Controller) from the old organisational structure that had not yet been filled. Lack of an approved organisational structure increases the risk that some of the vacant positions may not be funded which in turn affects the organisations capabilities on delivering on strategic objectives. 40. The department had an approved ICT Governance policy framework which was signed off by management, however, the policy did not address some of the key aspects or processes of IT Governance. This could be due to oversight on the part of management. 41. IT security policies that were required to be reviewed annually as stipulated in the policy had not been reviewed since the last review date, this may increase the risk of IT to align with any changes in the strategic direction of the organization. The lack of review of policies could be 12 P a g e Management report of Independent Police Investigative Directorate due to leadership changes in the department, hence the review and signing of the policies was delayed. Financial and performance management Proper record keeping 42. The department did not implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial and performance reporting and compliance with key legislation. 43. Information requested for audit was not submitted on time as a result, findings on limitation of scope were issued. Management subsequently provided information and findings were cleared. Regular, accurate and complete financial and performance reports 44. There were inadequate controls over the preparation and review of the annual financial statements and performance report. 45. Misstatements were identified from the annual financial statements and performance report. Information technology systems 46. The department had procured a new 4th Generation firewall, however it was not operational at the time of the audit and still needed to be configured. Lack of a functional firewall could lead to failure to prevent and detect security incidents or vulnerabilities in a timely manner. 47. The IT operational plan requires submission of the information security status report on all systems to the Director: IT on a monthly basis. There was no evidence that was provided which demonstrated that management performed the monthly review of the information security status report (Active Directory, BAS, Flowcentric, LOGIS security logs, and Antivirus exception reports. Lack of review of security audit trails could lead to failure to identify/detect security incidents, violations or vulnerabilities in a timely manner. This was due to failure to comply with established and implemented information security policies and procedures. Summary 48. The matters above, as they relate to the basis for the findings on compliance with legislation, will be summarised in the auditor’s report as follows: Financial and performance management 49. Management did not perform adequate controls over the preparation and review of the annual financial statements to ensure annual financial statements are prepared in accordance the in accordance with the prescribed financial reporting framework and thus ensuring compliance with the applicable laws and regulations. 50. The department did not implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support compliance with key legislation. There is no evidence of consequence management against officials who had incurred or allowed the department to incur irregular expenditure. 13 P a g e Management report of Independent Police Investigative Directorate 51. Management did not implement adequate controls to review and monitor compliance with applicable laws and regulations, this resulted to irregular expenditure being incurred. SECTION 3: Assurance providers and status of implementation of commitments and recommendations ASSESSMENT OF ASSURANCE PROVIDERS 52. The annual report is used to report on the financial position of auditees, their performance against predetermined objectives and overall governance. One of the important oversight functions of Parliament is to consider auditees’ annual reports. To perform this oversight function, they need assurance that the information in the annual report is credible. To this end, the annual report includes our auditor’s report, which provides assurance on the credibility of the financial statements and the annual performance report, as well as on the auditee’s compliance with legislation. 53. Our reporting and the oversight processes reflect on past events, as it takes place after the end of the financial year. However, management, the leadership and those charged with governance contribute throughout the year to the credibility of financial and performance information and compliance with legislation by ensuring that adequate internal controls are implemented. 54. We assess the level of assurance provided by these assurance providers based on the status of internal controls (as reported in section 2.6) and the impact of the different role players on these controls. We provide our assessment for this audit cycle below. Senior management: provides some assurance • Management did not implement proper record keeping to support performance and some financial information. • There were misstatements identified from the annual financial statements and performance report. Accounting officer: provides some assurance • The accounting officer provided some assurance, however internal control deficiencies were identified as the supply chain management system and the organisational structure were not approved. Executive authority: provides some assurance • TBC Internal audit: provides assurance • Legislation in South Africa requires the establishment, roles and responsibilities of internal audit units. Internal audit units form part of the internal control and governance structures of the department and play an important role in its monitoring activities. Internal audit provides 14 P a g e Management report of Independent Police Investigative Directorate an independent assessment of the department’s governance, risk management and internal control processes. • The internal audit unit of a department must prepare a risk-based audit plan and internal audit programme for each financial year. It must advise the accounting officer and report to the audit committee on the implementation of the internal audit plan and matters relating to internal audit, internal controls, accounting procedures and practices, risk and risk management, performance management, loss control and compliance with the PFMA. The internal audit unit must also perform such other duties as may be assigned by the accounting officer. • The internal audit unit was adequately resourced and functioning. Internal audit quarterly reports were used for risk assessment. Findings, internal control deficiencies and recommendations by external auditors were consistent with those of internal audit. Further, internal audit was used to provide direct assistance in the audit. Audit committee: provides assurance • The audit committee is an independent advisory body to the accounting officer and the management and staff of the department on matters relating to internal financial control and internal audits; risk management; accounting policies; the adequacy, reliability and accuracy of financial reporting and information; performance management; effective governance; the PFMA, treasury regulations and any other applicable legislation; performance evaluation and any other issues. • The audit committee is also expected to review the annual financial statements to provide an authoritative and credible view of the department, its efficiency and effectiveness and its overall level of compliance with the applicable legislation. • The audit committee monitoring of financial and performance reporting and compliance with laws and regulations through it quarterly and special meetings was effective. STATUS OF IMPLEMENTING COMMITMENTS AND RECOMMENDATIONS 55. Below is our assessment of the progress in implementing the commitments made by the department to address the prior and current year’s audit findings. No. Commitment Made by Date Management agrees that there is no internal policy that governs the disclosure of contingent liability and has taken a decision to draft a policy IPID July 2018 Management have committed to improving controls relating to expenditure on fleet services IPID July 2018 Management to improved record keeping on performance information in the regional office and ensure consistency in internal controls. 15 P a g e IPID July 2018 Origin of commitment The department did not have a policy for accounting of contingent liabilities In the prior years, fuel slips were not consistently kept by officials of the department Evidence to support performance information was Status Implemented Implemented Progress Management report of Independent Police Investigative Directorate not provide timeously SECTION 4: Specific focus areas FINANCIAL VIABILITY 56. Our audit included a high-level overview of the Independent Police Investigative Directorate’s financial viability as at year-end. The financial viability assessment provides useful information for accountability and decision-making purposes and complements the financial statements by providing insights and perspectives thereon. The financial viability assessment is expected to enhance timely remedial decision-making and policy reforms where financial viability may be at risk. It will also highlight to management those issues that may require corrective action and the urgency and magnitude of the reforms and decisions necessary to maintain operations. The information should be used to complement, rather than substitute, management’s own financial assessment. It should be noted that the financial viability assessment below is based on the department’s financial statement amounts adjusted to reflect certain accrual accounting concepts. FINANCIAL VIABILITY ASSESSMENT AS AT 31 MARCH 2019 AS AT 31 MARCH 2018 EXPENDITURE MANAGEMENT 1.1 Creditor-payment period 31.3 Days 96 Days 52.2% 82.3% R 5 126 000 R 9 805 000 R 17 056 000 R 20 509 000 30+ day accruals as a percentage of total accruals 1.2 • Amount of 30+ day accruals • Amount of total accruals ASSET AND LIABILITY MANAGEMENT 3.1 3.2 An accrual-adjusted deficit for the year was realised (total expenditure exceeded total revenue) Yes Yes • Amount of accrual-adjusted surplus / (deficit) for the year (R46 562 000) (R38 988 000) An accrual-adjusted net current liability position was realised (total current liabilities exceeded total current assets) No Yes • Amount of accrual-adjusted net current assets / (liability) position R32 924 000 R40 414 000 No Yes R32 924 000 (R 1 046 000) An accrual-adjusted net liability position was realised (total liabilities exceeded total assets) 3.3 • Amount of accrual-adjusted net asset / (liability) position CASH MANAGEMENT 4.1 The year-end bank balance was in overdraft 16 P a g e Yes Yes Management report of Independent Police Investigative Directorate FINANCIAL VIABILITY ASSESSMENT AS AT 31 MARCH 2019 AS AT 31 MARCH 2018 (R 990 000) (R 861 000) 1.2% 1% R1 274 000 R107 100 000 R1 003 000 R 102 200 000 4.4% 15.9 % R79 403 000 R336 700 000 R51 015 000 R321 600 000 Guarantees issued by the department as a percentage of next year’s budget, excluding “compensation of employees” and "transfers and subsidies" No guarantees issued No guarantees issued • Amount of guarantees issued • Amount of next year’s appropriation (budget), excluding “compensation of employees" and "transfers and subsidies" R0 R107 100 00 R0 R 102 200 000 52.8% 86.2 % R56 527 000 R107 100 000 R86 967 000 R 102 000 000 • Amount of year-end bank balance (cash and cash equivalents) / (bank overdraft) Cash shortfall as a percentage of next year’s appropriation (budget), excluding “compensation of employees” and "transfers and subsidies" ** 4.2 • Amount of the cash surplus / (shortfall) • Amount of next year’s appropriation (budget), excluding “compensation of employees" and "transfers and subsidies" 4.3 Amounts payable in future periods as a percentage of the budget for the next three years, excluding “compensation of employees” and "transfers and subsidies" • Amounts payable in future periods • Amount of the next three years’ appropriation (budget), excluding “compensation of employees" and "transfers and subsidies" 4.4 4.5 Claims against the department as a percentage of next year’s budget, excluding “compensation of employees” and "transfers and subsidies" • Amount of claims against the department • Amount of next year’s appropriation (budget), excluding “compensation of employees" and "transfers and subsidies" OVERALL ASSESSMENT Overall the financial viability is assessed as: Yellow (Concerning) Yellow (Concerning) * This (these) amount(s) has (have) been adjusted for uncorrected misstatements that resulted in the modification of the audit opinion and will therefore not agree with the financial statement amounts. ** This indicator assumes that the unauthorised expenditure of R 891 000, per note 8 will not be approved with funding. High-level comments 57. The department’s overall financial viability is assessed as yellow, which is similar to the prior year’s assessment, however there are still concerns that have to be addressed by management. 17 P a g e Management report of Independent Police Investigative Directorate 58. The department will be able to continue as a going concern due to an increase in the budget allocation from National Treasury, that started in the current year and because of a reduction of total accruals and payables not recognised at year end. However, it should be noted that the department has a bank overdraft of R 990 000. 59. The department has been experiencing cash-flow difficulties which has resulted in the following adverse effects; the creditor-payment period remaining at 96 days when compared with prior year and accruals older than 30 days not paid from the current year’s budget which will have a negative impact on the following year’s available budget. 60. The department had an overdraft bank balance at year end and if the unauthorised expenditure is approved without funding, the cash shortfall will increase. PROCUREMENT AND CONTRACT MANAGEMENT 61. The audit included an assessment of procurement processes, contract management and the related controls in place. These processes and controls must comply with legislation to ensure a fair, equitable, transparent, competitive and cost-effective supply chain management (SCM) system and to reduce the likelihood of fraud, corruption, favouritism and unfair and other irregular practices. A summary of the findings from the audit are as follows: Irregular expenditure 62. R615 123 (34%) of irregular expenditure incurred in the current financial year was as a result of the contravention of SCM legislation. The transgressions occurred in previous years. FRAUD AND CONSEQUENCE MANAGEMENT 63. The primary responsibility for preventing and detecting fraud rests with management and those charged with governance. We are responsible for obtaining reasonable assurance that the financial statements are free from material misstatement, whether caused by fraud or error, and to issue an auditor’s report that includes our opinion. Due to the inherent limitations of an audit, there is a risk that some material misstatements, including fraud, may not be detected. 64. The PFMA and its regulations clearly stipulate that matters such as incurring unauthorised, irregular as well as fruitless and wasteful expenditure, the possible abuse of the SCM system (including fraud and improper conduct) and allegations of financial misconduct should be investigated. Disciplinary steps should be taken based on the results of the investigations. Our audits included an assessment of the department’s management of consequences. The significant findings are provided below: Measures to manage consequences 65. The following measures were not implemented to ensure that the environment is conducive to effective consequence management: • The role(s) relating to investigating allegations of misconduct have not been formally assigned to officials, units or committees of the auditee. • The department did not ensure that proper controls are in place to monitor progress made on investigations to ensure that they are completed in a timely manner and action is effected where required. 18 P a g e Management report of Independent Police Investigative Directorate Ongoing investigations 66. A total of 5 investigations were ongoing at year-end into allegations relating to financial misconduct, fraud and/or improper conduct in SCM. one of these investigations have been ongoing for a period exceeding 12 months. The table below provides a summary of investigations which had not been completed as at year-end: Total number of ongoing investigations as at year-end 5 • 1 Number of SCM-related investigations Number of investigations exceeding a period of six months 1 Sanctions/recommendations not implemented for completed investigations 67. The PFMA Treasury regulation requires that at completion of an investigation, disciplinary proceedings are held. For one completed investigation, appropriate action (sanction) was not taken as per the findings/ recommendations of the investigations. Failure to properly deal with allegations reported in the prior year 68. The table below provides a summary of findings from the previous year that were either not investigated or proper disciplinary steps were not taken after investigation. Irregular expenditure No evidence that Irregular expenditure identified in the previous year was investigated to determine if a person was liable for the expenditure 1 910 316 Fruitless and wasteful expenditure No evidence that Fruitless and wasteful expenditure identified in the previous year was investigated (properly) to determine whether a person was liable for the expenditure 3 201 622 Transgressions reported to management for investigation 69. Irregular/fruitless and wasteful expenditure disclosed in note 23 and note 24 to the financial statements must be investigated to determine whether any official is liable for losses incurred as a result of the irregular/fruitless and wasteful expenditure. Disciplinary steps must be taken against officials who caused or permitted the irregular/fruitless and wasteful expenditure and losses incurred as a result must be recovered from the person liable. 70. In terms of section 225 of the IESBA code, we have a responsibility to consider reporting identified and suspected non-compliance with laws and regulations to an appropriate authority. 19 P a g e Management report of Independent Police Investigative Directorate SECTION 5. Using the work of internal audit 71. The auditing standards allow external auditors the optional use of the work of internal audit for external audit purposes and for direct assistance. We have used internal audit as follows: • • Internal audit quarterly reports to the audit committee were used for risk identification and to amend the nature, timing and extent of audit procedures, where applicable. The internal audit function was used for external audit purposes for direct assistance as follows: Areas of the audit Audit of Predetermined objectives – Reliability testing (Programme 2) SECTION 6: Emerging risks Accounting, performance management/reporting and compliance matters New pronouncements Modified cash standard Componentisation of assets • Departments are encouraged to componentise assets in their asset registers as it will become a requirement in future. The effective date to componentise assets has not been determined yet. Inventory • Departments are encouraged to develop their inventory management systems as the inventory disclosure note will become a requirement in future. The effective date to disclose inventory is still to be determined by the accountant-general. • Due to the uncertainty surrounding the effective date of implementation, we have not included any findings in the auditor’s report relating to inventory. However, we include the following summary of findings from our review of the inventory management processes for your attention, to ensure that they are addressed in readiness for the eventual inclusion of inventory in the financial statement disclosures. It is further recommended that a process be put in place to determine the inventory held by the department at each year-end. New legislation Treasury Regulations • The treasury regulations are currently being revised, which may introduce a number of new requirements once effective. 20 P a g e Management report of Independent Police Investigative Directorate Subsequent events • No subsequent events were identified. Audit findings on the annual performance report that may have an impact on the audit opinion in future 72. The planned and reported performance information of selected [programmes/objectives] was audited against the following additional criteria as developed from the performance management and reporting framework: • Presentation and disclosure – Overall presentation: o • Overall presentation of the performance information in the annual performance report is comparable and understandable Relevance – Completeness of relevant indicators: o Completeness of relevant indicators in terms of the mandate of the auditee, including: • relevant core functions are prioritised in the period under review • relevant performance indicators are included for the core functions prioritised in the period under review • customised indicators related to the core functions prioritised for the year under review are included in planning documents (provincial departments only) 73. Material audit findings arising from the audit against the additional criteria do not have an impact on the audit opinion(s) of the selected programmes in this report. However, it may impact on the audit opinion in future. 74. No material findings were identified in respect of the additional criteria. 21 P a g e Management report of Independent Police Investigative Directorate SECTION 8: Ratings of detailed audit findings 75. For the purposes of this report, the detailed audit findings included in annexures A to C have been classified as follows: • Matters to be included in the auditor’s report: These matters should be addressed as a matter of urgency. • Other important matters: These matters should be addressed to prevent them from leading to material misstatements of the financial statements or material findings on the performance report and compliance with legislation in future. • Administrative matters: These matters are unlikely to result in material misstatements of the financial statements or material findings on the performance report and compliance with legislation. SECTION 9: Conclusion 76. The matters communicated throughout this report relate to the three fundamentals of internal control that should be addressed to achieve sustained clean administration. Our staff remains committed to assisting in identifying and communicating good practices to improve governance and accountability and to build public confidence in government’s ability to account for public resources in a transparent manner Yours faithfully Stephen Kheleli Senior Manager: National D 31 July 2019 Enquiries: Telephone: Email: Tsulo Possa 073 720 7534 Tsulop@agsa.co.za Distribution: Audit committee Head of internal audit unit Executive authority 22 P a g e Management report of Independent Police Investigative Directorate Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements SECTION 10: Summary of detailed audit findings Number of times reported in previous three years Status of implementation of previous year(s) recommendation Annexure A Commitments 32 Incorrect Lease Commitment balances 0 N/A 0 N/A No evidence of Consequence Management Year - 2 Not addressed Lease commitment balance that could not be recalculated 0 N/A Employee costs 33 Employees could not be verified Consequence Management 35 Leases 41 23 P a g e Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation Movable assets Moveable Assets could not be verified 0 N/A Year - 1 and 2 In progress Year - 1 and 2 In progress 49 Percentage of decision ready cases completed from total cases received – case was completed in 2014 Year - 1 and 2 In progress 50 Percentage of decision ready cases completed from total cases received – duplicated case Year - 1 and 2 In progress 52 Percentage of dockets referred to the National Prosecuting Authority within 30 days of being signed off – recommendation not stamped and signed off by a NPA official 0 N/A 43 Predetermined objectives 46 47 24 P a g e Number of investigations that are assault decision ready – General closure report not signed by the director of investigations Number of investigations that are assault decision ready – general closure form signed however flow centric is status is still decision ready. Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation 54 Percentage of dockets referred to the National Prosecuting Authority within 30 days of being signed off (Completeness) – not signed or stamped by NPA official 0 N/A 56 Death in Police Custody – closure report not attached Year - 1 and 2 In progress 58 Death in Police Custody Recommendation made in accordance with the CIR but recommendation report not attached on the physical file Year - 1 and 2 In progress Procurement and Contract management- Limitation of scope 0 N/A Limitation of scope payables and accruals not recognized at year end. 0 N/A Procurement and Contract Management (to confirm for removal) 59 Annexure B Accruals 63 Commitments 25 P a g e Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation 66 Limitation of scopeCommitments 0 N/A 68 Incorrect valuation of commitments Year - 1 In progress 0 N/A Contingent liabilities 69 Contingent liability incorrectly allocated General IT controls 72 Inadequate design and implementation of the ICT and organisational structure 0 N/A 73 Inadequately designed IT Governance framework policy 0 N/A 75 The IT Strategic Plan was not formally approved 0 N/A 26 P a g e Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation 76 Lack of security monitoring on the network and applications- rereporting Year - 1 In progress 77 Inadequate review of key ICT policies and procedures-Rereporting Year - 1 and 2 In progress 79 Firewall was not operational .Re-report Year - 1 In progress 80 Lease commitments disclosure 0 N/A 82 Incorrect lease Commitment balances 0 N/A Year 2 In progress Leases Movable assets 83 Assets under investigation not included in internal memorandum to disposal committee Operating expenditure 27 P a g e Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation 85 Payments not made within 30 days of receipt of invoice Year - 1 and 2 In progress 87 No proof of trip authorization 0 N/A Year - 1 In progress Year - 1 and 2 In progress Predetermined objectives 89 91 Percentage of investigations of other criminal and misconduct matters referred to in section 28(1)(h) and 35 (1)(b) of the IPID Act that are decision ready -Section 28(1)(h) matters not pre-approved by the Executive Director (E.D Number of investigations of discharge of an official firearm by a police officer that are decision ready – Preliminary investigations not done 96 Number of investigations that are torture decision ready – Decision ready case incorrectly classified Year - 1 and 2 97 Number of investigations of rape by police officer that are decision ready – recommendation report was not Year - 1 and 2 28 P a g e In progress In progress Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation signed by director of investigations. 98 Procurement and Contract Management - Non- compliance to National Treasury Regulation and PFMA 0 N/A Annexure C General IT controls 101 Inadequate physical and environmental controls-Rereporting Year - 1 and 2 In progress 102 No formal process in place for monitoring value delivery on IT investments 0 N/A 104 Inadequate termination process in the Flowcentric system 0 N/A 105 Inadequate implementation of the user termination process on active directory 0 N/A Movable assets 29 P a g e 106 Moveable assets bar coded incorrectly (internal control deficiency) Administrative matters Other important matters Matters affecting the auditor’ s report Service delivery Internal control deficiency Non-compliance with legislation Finding Misstatements in annual performance report Page no. Misstatements in financial statements Management report of Independent Police Investigative Directorate Number of times reported in previous three years Status of implementation of previous year(s) recommendation 0 N/A Predetermined objectives 108 Investigation documents not included in case files: Internal control Year - 1 and 2 In progress 128 Death in Police Custody - IPID 5(crime scene) not counter signed by SAPS member at the scene to Validate that IPID member attended the scene 0 N/A 30 P a g e Management report of Independent Police Investigative Directorate 31 Page Management report of Independent Police Investigative Directorate Detailed audit findings: Annexures A to C ANNEXURE A: MATTERS AFFECTING THE AUDITOR’S REPORT Commitments 1. Incomplete commitments disclosure Audit finding Modified Cash Standard chapter 14, paragraph 66 states that: “Although all commitments (as defined) should be disclosed, a department shall further disclose which of its commitments are for projects / programs / contracts that exceed one year.” Note 26: commitments, did not clearly disclose contracts that exceed one year. However, the following contracts in the commitment schedule are for more than year: No. Supplier 1 2 3 MICROSOFT SSG Bidvest 4 ICAS 5 SITA CONTRACT 6 SITA CONTRACT 7 SITA CONTRACT 8 9 Total SITA CONTRACT SITA CONTRACT 32 P a g e Description Licence renewal Cleaning Services Security Services Employee Wellness Functions VPN shared internet services mainframe hosting services hosted batch printing services Web services Start date of the contract 2017/04/31 01/07/2018 01/08/2018 Expiry date of the contract 31-Mar-20 30/06/2021 30/07/2021 Contract period 36 36 36 4 715 852.13 5 946 684.62 32 127 221.74 05/02/2018 31/01/2021 36 739 380 .60 22 463 779.10 01/04/2018 31/03/2023 60 2 783 398.95 48 2 286 733.54 01/04/2018 31/03/2023 60 765 551.22 48 628 947.43 01/04/2018 31/03/2023 60 6 297 820.26 48 5 174 046.94 01/04/2018 01/04/2018 31/03/2023 31/03/2023 60 60 133 851.00 842 015.11 48 48 109 966.83 700 101.90 40 383 379 Contract amount Months left at 31 March 2019 12 27 28 Commitments as at 31 March 2019 1 571 950.71 4460 013.47 24 987 839.13 Management report of Independent Police Investigative Directorate Impact The commitment disclosure note is not fully complying with the Modified cash standards. Internal control deficiency Management did not adequately review the commitment disclosure note to ensure that it adheres to the Modified cash standards. Recommendation • Management must clearly disclose which of its commitments are for contracts that exceed one year. • Management must design and implement processes for adequate review of the financial statements to ensure they are prepared in accordance with the applicable reporting framework. Management’s response The audit finding is noted and the referred Note 26 has been reviewed accordingly in the revised AFS to reflect the all the contracts that exceed the period of one year. Date: 19 July 2019 Auditor’s conclusion The revised disclosure note was audited and the finding has been cleared. The control deficiency on the adequate review of the financial statements remain. Employee costs 2. Employees could not be verified 33 P a g e Management report of Independent Police Investigative Directorate Requirement In terms of Section 15(1)(a) of the Public Audit Act " when performing an audit, an authorized auditor has at all reasonable times full and unrestricted access to any document, book or written or electronic record or information of the auditee or which reflects or may elucidate the business, financial results, financial position or performance of the auditee". Section 38(1)(a)(i) of the Public Finance Management Act states that the Accounting Officer of a department should ensure that the department has and maintains an effective, efficient and transparent systems of financial and risk management and internal control. Audit finding We could not verify the following employees: No Persal number Surname Initials 1 22951547 MFIKOE OS 2 22951563 MAMORARE KS 3 27026060 MAHLANGU MML 4 28808533 MONYELA LF 5 28816927 MBATHA BM Impact We could not verify if the employees are in the employment of the department. Internal control deficiency Financial and performance management Management did not implement controls adequately to ensure that employees avail themselves for verification during the audit. Recommendation Management should ensure that employees are available for verification. 34 P a g e Management report of Independent Police Investigative Directorate Management’s response All employees were subsequently verified and the Auditors confirmed the verification of all employees who were outstanding. Date: 29 July 2019 Auditor’s conclusion All the employees were verified and the finding is cleared. Consequence Management 3. No evidence of Consequence Management Audit finding PFMA S38(1)(h) state that, “An accounting officer for a department must take effective and appropriate disciplinary steps against any employee of the department who: (i) Contravenes or fails to comply with a provision of this Act; (ii) Commits an act which undermines the financial management and internal control system of the public entity; or (iii) Makes or permits an irregular expenditure or a fruitless and wasteful expenditure” In terms of National Treasury Instruction, no:3 par 12 of 2016/17 states that “Irregular expenditure maybe condoned if there is evidence that Accounting Officer took effective and appropriate steps against any person found to cause it.” Audit finding There is no evidence that instances of irregular, fruitless and wasteful expenditure incurred by the department in the prior year (s) have been investigated to determine if disciplinary steps need to be taken against liable officials, and there is no evidence of disciplinary steps were taken against any officials who made or permitted irregular, fruitless and wasteful expenditure based on outcome of investigation. Financial Misconduct Committee made a recommendation to the Executive Director to condone these expenditures, however investigations and/or assessment reports, to support investigation were performed and the disciplinary were taken against affected officials were not provided for audit purposes. The following cases were identified: 35 P a g e Management report of Independent Police Investigative Directorate Irregular expenditure: Nature of case Appointment of Legal service Provider for disciplinary hearings without following SCM processes Appointment of Legal service Provider to provide legal advice and the registration of IPID logo without following SCM processes. Progress reported A letter was written to CD legal to provide progress on this case on the on the matter for the committee's consideration and finalisation. The information was only received on the 20 February 2018. The committee evaluated the information on the meeting held on 27 March 2018 and noted that there are gaps on the information provided, further engagement with Legal Unit is in progress. The committee recommended condonement on the meeting held on the 23 October 2018. A letter was written to CD legal to provide progress on this case on the on the matter for the committee's consideration and finalisation. The information was only received on the 20 February 2018. The committee evaluated the information on the meeting held on 27 March 2018 and noted that there are gaps on the information provided, further engagement with Legal Unit is in progress. Amount 1 459 769,94 600 611,69 On the meeting held on the 23 October 2018. The committee recommended that SCM to request condonement from National Treasury Appointment and payment of Services providers without SBD4 Forms Financial Misconduct Committee wrote a letter to request additional information was requested from finance on the 04 December 2017 However the Committee did not receive anything up to date to finalise the case. Follow-up was made on 20 February 2018, still information is still outstanding. On the meeting held on the 23 October 2018. The committee recommended that SCM to request condonement from National Treasury 274 269,47 36 P a g e Management report of Independent Police Investigative Directorate Quotations awarded not in accordance with the prescribed preference point system. A letter to request additional information was requested from Finance on 04 December 2017. However, Finance drafted a letter requesting condonement from National Treasury on 27 March 2018. On the meeting held on the 23 October 2018. The committee recommended that SCM to request condonement from National Treasury 303 139,63 Contract extensions not justifiable and exceeding 15% of original contracts without approval by National Treasury A letter to request additional information was requested from Finance on 04 December 2017. However, Finance drafted a letter requesting condonement from National Treasury on 27 March 2018. On the meeting held on the 23 October 2018. The committee recommended that SCM to request condonement from National Treasury 610 000,00 Contract extensions not justifiable A letter to request condonement was sent to National Treasury for consideration on 15 November 2017. Correspondence was received from National Treasury on 05 March 2018 requesting clarity why the Accounting Officer did not take action against the officials responsible for causing the irregular expenditure.Followup was done in June 2018 with treasury still awaiting response from treasury. 17 448 158,08 Contract extensions not justifiable A letter to request condonement was sent to National Treasury for consideration on 15 November 2017. Correspondence was received from National Treasury on 05 March 2018 requesting clarity why the Accounting Officer did not take action against the officials responsible for causing the irregular expenditure.Followup was done in June 2018 with treasury still awaiting response from treasury. 6 715 526,05 37 P a g e Management report of Independent Police Investigative Directorate Attendance of workshop by KZN Investigators prior the approval The matter was deliberated at Financial Misconduct Committee meeting and the expenditure be considered for condonement approval by the Executive Director was granted on the 16 April 2018 11 000,00 Non adherence to the Department Overtime and Petty Cash policies The matter was referred to Financial Misconduct Committee wrote letters to affected provinces on the 04 December 2017, follow-up was made on the 20 February 2018, but no information was provided to the Committee to finalise the case. The committee recommended condonement on the meeting held on the 23 October 2018. 36 000,00 27 458 475 Fruitless and wasteful expenditure: Nature of case Interest paid for overdue Telkom various invoices Progress reported Amount The Committee held a meeting on the 23 October 2018 a recommendation was made to recover 28% of the expenditure and 72% to be considered for condonement 2 664,88 38 P a g e Management report of Independent Police Investigative Directorate The matter was deliberated at Financial Misconduct Committee on the 27 March 2018, a recommendation was made to recover from the responsible official. The recommendation of the Committee was communicated to the official but there is no response in terms of recovery. Matter will be referred back to the Committee. FMC held a meeting on the 20 March 2019 and recommended condonement. 1 400,00 The committee resolved that a letter to the official through the Provincial Head should be written to request clarity and explain the booking made on the 17 may 2016 to 22 May 2016 that resulted to the department incurring fruitless and wasteful expenditure for the 5 days. The head of supply chain should also provide reasons why the official was double booked. FMC held a meeting on the 20 March 2019 and recommended condonement. 4 000,00 Expenditure incurred by advertising of a position which is not on the approved Organisational Structure The information relating to the expenditure was gathered for presentation to the Financial Misconduct Committee for evaluation and recommendation. FMC held a meeting on the 20 March 2019 and recommended further investigation and requested additional information to finalise the matter. 13 726,00 Payment of arrears and traffic penalty of DVN 806 EC for not renewing the license disc The matter was deliberated by the Financial Misconduct Committee Meeting and it resolved Eastern Cape should investigate the matter and provide reasons for nonrenewal. No progress received from the Province , the Matter will be referred back to the Committee. FMC held a meeting on the 20 March 2019 and recommended that follow-ups should be made with the EC Provincial Head to finalise the case 5 430,40 Expenditure incurred on the re-organisation process which was subsequently revised. The preliminary investigation process has commenced through Legal Services Unit 1 930 822,27 Suspension of Chief Director - Corporate Services The preliminary investigation process has commenced through Legal Services Unit. 1 269 787,68 Official from Limpopo Office incurred accommodation and T&S expenditure without confirmation of attended for the training. Double booking on hotel accommodation - Gauteng Province 39 P a g e Management report of Independent Police Investigative Directorate Interest charged on Telkom Overdue account- NW Matter was analysed and found that the invoice delayed at the Province, Currently communicating with the province to finalise the case 241,80 3 228 073 Impact This results into non-compliance with PFMA S38(1)(h) and National Treasury Instruction, no:3 of 2016/17 paragraph 12. Internal control deficiency Financial and performance management Management did not implement adequate controls to ensure that the department comply, review and monitor compliance with applicable laws and regulations pertaining to consequence management. Recommendation Management must design and implement adequate processes and controls to ensure that, instances of Unauthorised, irregular, fruitless & wasteful expenditure and other financial misconducts are properly investigated and disciplinary steps taken against affected officials Management’s response The supporting documents including the Financial Misconduct Committee` recommendations on the action taken and the progress made on various reported cases have been submitted to the Auditors for purpose. Date: 19 July 2019 Auditor’s conclusion Management submitted information and was it was audited. From the audit of the re-submitted information, we could not link the investigations to the incidents of prior year irregular, fruitless and wasteful expenditure for the following: 40 P a g e Management report of Independent Police Investigative Directorate Irregular expenditure: No Date of discovery Amount R` Description of Incident Appointment of Legal service Provider for disciplinary hearings without following SCM processes Appointment of the Chief Director: Corporate Service 1 2015/12/01 1 459 769,94 2 2017/03/01 450 546,44 2 510 928,07 Status per FMC schedule Auditor’s conclusion Not yet finalised. As of October 2018 Legal Services still awaiting legal opinion from counsel on how the matter must be handled. No evidence of briefing of and consultation with counsel. Not yet finalised No evidence of the investigation Fruitless and wasteful expenditure: Date of discovery 1 2017/03/01 1 930 822,27 Description of Incident Expenditure incurred on the reorganisation process which was subsequently revised. 2 2017/03/01 1 269 787,68 Suspension of Chief Director - Corporate Services Not yet finalised by the committee. Matter still handled by Legal Services 3 2017/07/01 1 012,56 3 201 622.51 Incorrect kilometres claimed by officials Not yet finalised by the committee. Matter still handled by Legal Services No Amount R` Leases 4. Lease commitment balance that could not be recalculated 41 P a g e Status per FMC schedule Not yet finalised by the committee. Matter still handled by Legal Services Auditor’s conclusion No evidence of investigations and no investigation/progress report provided. No evidence of investigations and no investigation/progress report provided. No evidence of investigations and no investigation/progress report provided. Management report of Independent Police Investigative Directorate Requirement Modified Cash Standard chapter 13, paragraph 22(a) states that: “A lessee department shall make the following disclosures for lease commitments, distinguishing clearly between finance and operating lease commitments: the total of future minimum lease payments at the reporting date, (i) not later than one year; (ii) later than one year and not later than five years; and (iii) later than five years”. Audit Finding Differences on lease commitment balance by management and lease commitment balances per supporting documentations were noted for the following leased items: Vehicle Description VW POLO 1.6 BASE S/D TOYOTA COROLLA QUEST 1.6 VW POLO1.6 BASE S/D 1.6 Total Registration Number GGT294G GGT453G GGT277G Stat date of the Contact 07-Apr-17 12-Apr-17 13-Jul-17 Expiry date of the Contact 08-Apr-20 11-Apr-20 12-Jul-20 Lease Commitment AS AT 31 March 2019 106 836 112 368 133 545 352 749 Impact We could not recalculate the lease commitment balances to confirm accuracy of these balances. Internal control deficiency Financial and performance management The department did not implement processes and controls to ensure they prepare financial statements are supported and evidenced by reliable information. Recommendation • Management should implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial statements. • Management should prepare accurate and complete annual financial statements that are supported and evidenced by reliable information. 42 P a g e Management report of Independent Police Investigative Directorate Management’s response The Supporting documents have since been submitted for audit purpose. Date: 19 July 2019 Auditor’s conclusion An alternative procedure was performed where G-Fleet confirmed the details and terms of the leased vehicles. We were able to recalculate the lease commitment balance for the item, and the finding is cleared. However, the control deficiency on improper record keeping remains. Movable assets 5. Moveable Assets could not be verified Requirement In terms of PFMA section 40 (1) (a): “The accounting officer for a department, trading entity or constitutional institution must keep full and proper records of the financial affairs of the department and trading entity” Furthermore, in terms of Assets management and disposal policy that was effective from 07 May 2015 under Asset register: The asset register must be updated immediately when new assets are received/bought or moved, it must be updated when assets are disposed as well. It is imperative that the asset holder and the cost centre manager secure and safeguard the asset and sign-off on the relevant document/form indicating the changes that occur with the procurement, transfer or disposal of asset. Audit finding The following assets which are in the asset register could not be physically verified: SERIAL NO 43 P a g e COST CENTRE DESCRIPTION ASSET CATEGORY DESC Cost price Asset Description (R) Reason asset not verified Management report of Independent Police Investigative Directorate 4LY7S1J 1551 3264 55879 VH1A1435003948 Director ICT SCM AND AM SCM AND AM CD: INVEST,INFO MANA OFFICE OF THE ED COMPUTER HARDWARE & SYSTEMS - DESKTOP FILE SERVER DELL POWEREDGE 2850 9 000 OFFICE FURNITURE TABLE BOARDROOM 5 204 OFFICE EQUIPMENT SHREDDER 5 800 ASSET MANAGER COULD NOT LOCATED THE ASSET ASSET MANAGER COULD NOT LOCATED THE ASSET 14 808 ASSET MANAGER COULD NOT LOCATED THE ASSET 14 018 ASSET MANAGER COULD NOT LOCATED THE ASSET AUDIO VISUAL EQUIPMENT AUDIO VISUAL EQUIPMENT TAPE RECORDER TECHNICAL EQUIPMENT RECORDER, DIGITAL Total 48 830 Impact The inclusion in the asset register of assets that do not exist, results into the overstatement of assets. Internal control deficiency Financial and performance management Management did not implement proper controls over regular monitoring and reviewing of the asset register to ensure it is accurate. 44 P a g e ASSET MANAGER COULD NOT LOCATED THE ASSET ONLY A SIMILAR ASSET WITH A DIFFERENT BARCODE Management report of Independent Police Investigative Directorate Recommendation • Assets that no longer exist, must be removed from the asset register and not form part of disclosure of capital assets at year end. • Management must design and implement adequate controls to regularly review and update the assets register. Management’s response: Serial Number Description AG Comment 4LY7S1J FILE SERVER DELL POWEREDGE 2850 ASSET MANAGER COULD NOT LOCATED THE ASSET ONLY A SIMILAR ASSET WITH A DIFFERENT BARCODE 1515 TABLE BOARDROOM SHREDDER ASSET MANAGER COULD NOT LOCATED THE ASSET ASSET MANAGER COULD NOT LOCATED THE ASSET ASSET MANAGER COULD NOT LOCATED THE ASSET 3264 55879 VH1A1435003948 Date: TAPE RECORDER TECHNICAL EQUIPMENT RECORDER, DIGITAL ASSET MANAGER COULD NOT LOCATED THE ASSET Management Comment In this case there was a serial number typing error identified in the Asset Register that happened during the capturing of the asset number. The asset was erroneously captured as 4LY7S1J instead of the correct asset number 4YL7S1J. The error has since been corrected in the Asset Register. The assets were supposed to be included in the list of assets under investigation however were omitted during the verification. The correction was made and all have since been included in the list with the correction of the Assets note in the revised AFS. 12 July 2019 Auditor’s conclusion The revised register of assets under investigation has been reviewed and we the assets have been included and the finding has been cleared. The control deficiency on the maintenance of asset register will remain. 45 P a g e Management report of Independent Police Investigative Directorate Predetermined objectives 6. Number of investigations that are assault decision ready – General closure report not signed by the director of investigations Requirement In terms of Section 5.24 of The Independent Police Investigative Directorate standard operating procedures (IPID SOPs) – “Decision-Ready Investigation: refers to an investigation where an Investigator has conducted quality investigation and obtained all the necessary evidence to either refer the case to the NPA for a decision, or make recommendation to the SAPS/MPS, or make a Policy related recommendation or a General Recommendation”. Section 8.3.3 and 8.3.4 of the IPID SOPs further sates that: “All case investigative reports are internal reports and are not intended for distribution to any outside stakeholder; The case investigative report needs only to be signed by the Investigator as an indication of the investigative activities undertook and the result of his/her investigation. Based on the case investigative report, the Investigator will request their Provincial Management Group to approve/disapprove the referrals/reports/recommendation (s) which can be made or should be generated; All referrals/reports/recommendation (s) emanating from the case investigative report (s) are external reports and are to be sent to stakeholders if applicable The referrals/recommendation (s) needs to be signed by the Investigator, and Provincial Management in the case of a Provincial Investigation and by the Investigator and the programme Manager in the case of a National Investigation” Audit finding During the audit of predetermined objectives, it was noted that the case was recommended for general closure, however the general closure report was not signed by the director of investigations: No. 1 CCN number 2018040228 Province Limpopo Impact This resulted in non-compliance with IPID’s SOP 46 P a g e Section 28.1.f – Torture or assault Incident Assault Management report of Independent Police Investigative Directorate Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should design controls to monitor compliance with the approved Standard Operating Procedures (SOP) as approved by the Executive Director. Management’s response LIMPOPO PROVINCE The closure report could not be signed by Director of investigation because the case is not yet closed and the investigator has to finalise administrative requirements associated with initiation of closure e.g. uploading of the docket into the shared drive (see annexure A/1 and A/2). The General Recommendation Report was signed by the Director Investigations and uploaded (annexure A/3). It should be noted that the closure report is signed when all administrative requirements are confirmed. Date: 2019/07/09 Auditor’s conclusion Should the type of recommendation be general closure, a general closure form should be completed and signed in a timely manner, by the director of investigations. Finding will remain as a control decision finding under annexure C. 7. Number of investigations that are assault decision ready – general closure form signed however flow centric is status is still decision ready. Requirement 47 P a g e Management report of Independent Police Investigative Directorate Refer to section 7.3.2 Ensure all cases on the provincial workload is attended to and oversee the investigation and progress of all active cases; Also refer to section 7.5 and 7.5.4. The Director Investigations must, in addition to any duties imposed under Section 24 of the IPID Act and such other duties as may be imposed in the Regulations promulgated under that Act, must: Ensure data integrity, which is consistent with the CMS monthly, quarterly and annually; Audit finding During the audit of completeness relating to predetermined objectives it was noted that the below case file status is closed and a general closure report was signed, however on CMS it is still decision ready. Decision ready however the file was closed as general closure. No. CCN Province Section 1 2016090072 Western Cape 28.1 f - Torture or assault Impact This resulted in non-compliance with IPID’s SOP Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures (SOP) as approved by the Executive Director. Management’s response: WESTERN CAPE The province do not agree with the finding on the docket concerned in that the docket was indeed decision ready case on flowcentric, share-drive as loaded and on the docket that the auditors inspected. Upon peruse it is apparent that the auditors overlooked the fact that 48 P a g e Management report of Independent Police Investigative Directorate the closure document in the docket was a Closure Report that was unsigned, the caseworker concerned was preparing for the closure of the docket when we were requested to compile a list of dockets required by the auditors thus could not finalize further activities on the system and docket.it is therefore incorrect for the auditors to construe that the docket was closed. A closed docket/file is closed only if it has the signature of the Provincial Management group. This matter could have been resolved if the auditors sought clarity during the audit. Attached Annexure A Date: Date: Auditor’s conclusion Management should ensure data integrity, which is consistent with the CMS monthly, quarterly and annually. Finding will rema in as a control deficiency finding under annexure C 8. Percentage of decision ready cases completed from total cases received – case was completed in 2014 Requirement In terms of Section 5.24 of The Independent Police Investigative Directorate standard operating procedures (IPID SOPs) – “Decision-Ready Investigation: refers to an investigation where an Investigator has conducted quality investigation and obtained all the necessary evidence to either refer the case to the NPA for a decision, or make recommendation to the SAPS/MPS, or make a Policy related recommendation or a General Recommendation”. Audit finding 49 P a g e Management report of Independent Police Investigative Directorate The following General Closure case completed in 2016, is still appearing on the decision ready cases for 2018/19 year: No. 1 CCN 2014010572 Province Kwa Zulu Natal Section 28.1 f - Torture or assault Date case was decision ready, per supporting documentation 2016/03/02 Impact This resulted in overstatement of the current year reported information. Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures (SOP) as approved by the Executive Director. Management’s response KZN is unable to respond as an email was forwarded to Head Office on 30 March 2019 advising that this case is to be removed from the statistics. See a copy of the email as per Annexure A. Date: Auditor’s conclusion Management has agreed to the finding, they have since removed the case on the reported statistics for the current year. 9. Percentage of decision ready cases completed from total cases received – duplicated case 50 P a g e Management report of Independent Police Investigative Directorate Requirement In terms of Public Finance Management Act, section (40) (3)(a); “The annual report and audited financial statements must fairly present the state of affairs of the department, trading entity or constitutional institution, its business, its financial results, its performance against predetermined objectives and its financial position as at the end of the financial year concerned”. In terms of Section 5.36 of The Independent Police Investigative Directorate standard operating procedures – “Duplicate: refers to a manner of completion and closure where a case was registered as a duplicate of another case. The duplicated case, upon closure will be removed from the intake and will not generate any performance related statistic”. Audit finding The case docket for the case number 2014030064 was a duplicate to case number 2014050270: No. CCN 1 2014030064 Province Western Cape Section 28.1 f - Torture or assault Impact This result in overstatement of performance information reported. Internal control deficiency Financial and performance management • • The case management system is not configured to exclude the duplicate investigations in performance related statistics. Management did not ensure that internal controls are in place to ensure that the reported performance information is accurate and that the internal controls are working effectively. Recommendation Management must perform adequate reviews and reconciliations on the reported information against supported documentation which is kept at the regional offices. 51 P a g e Management report of Independent Police Investigative Directorate Management’s response: WESTERN CAPE We do not agree with the findings, the duplicate file accordingly attended by the caseworker and completed under general as a duplicate, however was recorded as decision ready due to system error (General duplicate) see attachments. Annexure B attached. Date: Auditor’s conclusion Management has agreed to the finding, they have since removed the case on the reported statistics for the current year. Management should perform adequate reviews and reconciliations on the reported information against supported documentation to ensure accurate reported information. 10. Percentage of dockets referred to the National Prosecuting Authority within 30 days of being signed off – recommendation not stamped and signed off by a NPA official Requirement The National Treasury Framework for Managing Programme Performance Information (FMPPI)paragraph 5.2.3 requires that institutions should have appropriate systems to collect, collate, verify and store performance information to ensure valid, accurate and complete reporting of actual achievements against planned objectives, indicators and targets. Audit finding 1.Recommendation report (memorandum) was not signed off and/or stamped by an official from NPA to acknowledge receipt of the docket referral from IPID therefore cannot determine the 30 days: 52 P a g e Management report of Independent Police Investigative Directorate No. CCN Province Section 1 2018010200 Western Cape 28.1 f - Torture or assault 2 2018090577 Western Cape 28.1 b – Death as a result of police action 2. Recommendation report was signed by the Deputy Director of investigations but acting letter was not attached. The Director of investigations signed underneath on the other day after it was submitted to the DPP: No. 1 CCN 2018040524 Province Kwa Zulu Natal Section 28.1 d - Rape by a police officer Impact We could not perform planned audit procedure to verify reported performance information. Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures (SOP) as approved by the Executive Director. Management’s response: KWAZULU-NATAL The acting letter was available and is attached as per Annexure AA. Date: 53 P a g e Management report of Independent Police Investigative Directorate Management’s response: WESTERN CAPE The province does not agree with the findings in that both cases had no stamped copies by NPA and same were uploaded proof was given to the auditor and saved in their memory stick as requested, therefore, submit that this finding must be removed. Annexure C & D Attached Auditor’s conclusion. Acting letter received therefore finding is then resolved. Stamped copies of NPA have been received finding has been resolved 11. Percentage of dockets referred to the National Prosecuting Authority within 30 days of being signed off (Completeness) – not signed or stamped by NPA official Requirement The National Treasury Framework for Managing Programme Performance Information (FMPPI)paragraph 5.2.3 requires that institutions should have appropriate systems to collect, collate, verify and store performance information to ensure valid, accurate and complete reporting of actual achievements against planned objectives, indicators and targets Audit finding Recommendation report (memorandum) was not signed off and/or stamped by an official from NPA to acknowledge receipt of the docket referral from IPID: No. CCN Province Section 1 2018080247 North west 28.1 (f) Assault GBH 2 2018120168 North west 28.1 (f) Assault Common 3 2018120212 North west 28.1 (f) Assault Common 54 P a g e Management report of Independent Police Investigative Directorate Impact We could not perform planned audit procedure to verify reported performance information Internal control deficiency Financial and performance management Management did not implement controls to ensure that the reported performance information is supported by reliably information Recommendation Management should prepare accurate and complete performance reports that are supported and evidenced by reliable information. Management’s response: NORTH WEST Recommendation report (memorandum) was not signed off and/ or stamped by an official from NPA to acknowledge receipt of the docket referral from IPID CCN Feedback on AGSA Report 1. 2018080247 NW office disagree 2. 2018120168 See attached Annexure H1,2,3 NW office disagree 3. 2018120212 See attached Annexure H1,2,3 NW office disagree See attached Annexure H1,2,3 Date: 55 P a g e Management report of Independent Police Investigative Directorate Auditor’s conclusion Stamped copies of NPA have been received finding has been resolved 12. Death in Police Custody – closure report not attached Requirement Refer to Section 8.3.4 - All referrals/reports/recommendation(s) emanating from the case investigative report(s) are external reports and are to be sent to stakeholders if applicable. The referrals/recommendation(s) needs to be signed by the Investigator, and Provincial Management in the case of a Provincial Investigation and by the Investigator and the Programme Manager in the case of a National Investigation; Section 8.3.5 Closure reports are a culmination of the entire investigation process and needs to be completed whenever the investigation has a criminal and/or departmental outcome. This report is brief summary of the case and includes all outcomes and needs to be Completed before the case can be closed Audit finding The following investigation was closed as general closure according to the CIR, but the closure report is not attached in the case file: No. 1 56 P a g e CCN 2019030354 Province Kwa Zulu Natal Section 28.1 a – Death in police custody CIR approved date 2019/03/19 Management report of Independent Police Investigative Directorate Impact This resulted in non-compliance with IPID’s SOP. Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures SOP) as approved by the Executive Director. Management’s response The case has not been closed off on Flowcentric and therefore it is premature to file a closure report, see Flowcentric printout as per Annexure AF. Date: Auditor’s conclusion Should the type of recommendation be general closure, a general closure form should be completed and signed in a timely manner, by the director of investigations. Finding will remain as a control decision finding under annexure C . 57 P a g e Management report of Independent Police Investigative Directorate 13. Death in Police Custody - Recommendation made in accordance with the CIR but recommendation report not attached on the physical file Audit finding In terms of Section 5.24 of The Independent Police Investigative Directorate standard operating procedures (IPID SOPs) – “Decision-Ready Investigation: refers to an investigation where an Investigator has conducted quality investigation and obtained all the necessary evidence to either refer the case to the NPA for a decision, or make recommendation to the SAPS/MPS, or make a Policy related recommendation or a General Recommendation” Audit finding Recommendation made in accordance with the CIR but recommendation report not attached on the physical file No. 1 CCN 2019010196 Province Western Cape Section 28.1 a – Death in police custody Date completed/decision ready 2019/02/28 Impact This result in the overstatement of performance information reported. Internal control deficiency Financial and performance management Management did not ensure that internal controls are in place to ensure that the reported performance information is accurate and that the internal controls are working effectively Recommendation Management must perform adequate reviews and reconciliations on the reported information to ensure that the reported information is valid and accurate, and supported by reliable evidence. 58 P a g e Management report of Independent Police Investigative Directorate Management’s response: WESTERN CAPE The Western Cape management do not agree with this finding our primary source of information is flowcentric (case management system) and support source (backup system our share-drive, the documents referred to were on the system and share-drive and in the file. The information that was required was in the aforesaid drives, if there were interaction from the auditors’ side with our official designated this matter could have been resolved and not amounted to a finding, the physical file was nevertheless update. We submit this finding should therefore be removed. Annexure E attached. Date: Auditor’s conclusion Recommendation report has been received from management, finding has been resolved Procurement and Contract Management (to confirm for removal) 14. Procurement and Contract management- Limitation of scope Requirement In terms of Section 15(1)(a) of the Public Audit Act " when performing an audit, an authorized auditor has at all reasonable times full and unrestricted access to any document, book or written or electronic record or information of the auditee or which reflects or may elucidate the business, financial results, financial position or performance of the auditee". Audit finding During the audit of procurement and contract management there were items that were requested by the audit team for the auditing purpose, however management could not provide all and/or some part of the information that was required. 59 P a g e Management report of Independent Police Investigative Directorate The information was requested in terms of the following request for information’s: Request no. 06 of 2018/19 on 06 June 2019 Request no. 10 of 2018/19 on 25 June 2019 No. Project Description Name of Supplier 1 Training Services - Compulsory Induction Programme (CIP) National School of government (NSG) Not provided 18 June 2018 Not provided Not provided 135 810.00 2 Branding materials- Retlhakane technology and projects IPID 18/19/221 Not provided Not provided Not provided 342 463.10 3 Tracking systems- Tracker Connect Retlhakane technology and projects Tracker Connect IPID 18/19/136 Not provided Not provided Not provided 144,800.00 4 Renewal of radio licence for 12 monthsSequre -Tronix Intergrated Security Systems Tronix Intergrated Security Systems Not provided 18/02/2019 Not provided Not provided 80,388.00 5 Security guard services Bidvest Protea Coin Security Name of Supplier IPID 02-18/19 17/06/2018 01/08/2018 31/07/2021 Contract start date Contract expiry Project Description RQF No. RQF No. Award Date Award Date Contract start date Contract expiry Award Amount (R) 32,127,221.74 Award Amount (R) 6 Cleaning services: IPID Provincial and Regional Offices Nationally SSG Cleaning Services IPID 01-18/19 27/06/2018 01/07/2018 30/06/2018 5,946,684.52 7 Travel and Accommodation IPID 03-18/19 10/30/2018 12/1/2018 11/30/2021 9,540,000.00 8 VW Polos X23 Travel With Flair (Pty) Ltd Volkswagen of South Africa IPID 18/19/214 Not provided Not provided Not provided 9 Software Licences Microsoft (September renewal) Not provided Not provided 9/1/2017 31/08/2020 60 P a g e 4952403.14 325,526.40 Document (s) not provided Quotation from National School of Government for Group (Level 1-5) at a cost of R69,414.00 for 23 employees. Payment stub reflecting the payment made. Payment stub reflecting the payment made. CSD printout Initial award to Tronix (i.e. SBD 4, SBD 6.1, SBD 8, SBD 9 etc.) BSC minutes Document (s) not provided BSC minutes SSG Tender submission file BSC minutes BSC minutes and the attendance register SSG Tender submission file (i.e. SBD 4, Management report of Independent Police Investigative Directorate SBD 6.1, SBD 8, SBD 9 etc.) 10 Lease photocopy machine Bytes Not provided 11 3G APN (NETWORK) Vodacom Not provided Not provided 17/11/2016 16/11/2019 21/10/2010 perpetual 27,820.80 Not provided 12 Pilas 13 Franking Machine Frama 14 Shared VPN Service - Sita Data Line Shared Internet Service - Internet Service Charges Hosting Service (Logis, BAS, Persal) Hosted Batch Printing Services Hosting Services (Web Maintenance & Support) per the invoice Alexandra Forbes SITA Not provided Not provided Not provided Not provided Not provided Not provided 01/01/2019 01/04/2018 Payment report Supplier evaluation report Request for quotation Bid evaluation report Quotation from Vodacom Invitation to the quotation 30/06/2019 25 019.40 31/03/2023 2 783 398.95 765 551.21 6 297 820.26 133 850.99 842 015.11 Approval for renewal Initial award Quotation specifications Initial award Payment report Quotation specifications Payment report Impact The non- submission of the requested information will result in limitation of scope, furthermore we would not be able to obtain evidence that all the procurement processes employed by the department comply with the legislated and SCM policy requirements. Internal control deficiency Financial and performance management Management did not ensure that the records are kept in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial and performance reporting. 61 P a g e Management report of Independent Police Investigative Directorate Recommendation Management must design and implement adequate controls to ensure that proper record keeping of all the documents that are related to the procurement process and that the documents are readily available for audit purposes. Management’s response All outstanding supporting documents from number 1 to 14 have since been identified and submitted to the Auditors for audit purpose. Date: 19 July 2019 Auditor’s conclusion Management subsequently provided information. 62 P a g e Management report of Independent Police Investigative Directorate ANNEXURE B: OTHER IMPORTANT MATTERS Accruals 15. Limitation of scope payables and accruals not recognized at year end Requirement In terms of Section 15(1)(a) of the Public Audit Act " when performing an audit, an authorized auditor has at all reasonable times full and unrestricted access to any document, book or written or electronic record or information of the auditee or which reflects or may elucidate the business, financial results, financial position or performance of the auditee". Section 38(1)(a)(i) of the Public Finance Management Act states that the Accounting Officer of a department should ensure that the department has and maintains an effective, efficient and transparent systems of financial and risk management and internal control. Audit finding We could not obtain the supporting documents of the following items in the below table to verify the amount of accruals and payables that is included in the accrual and payables note: 1. Request for information number 8 Payables not recognized: NAME OF SUPPLIER DESCRIPTION OF INVOICE INVOICE DATE INVOICE NUMBER AMOUNT TTS TTS FLIGHT: NOLOYISO M 15-17/04/2018 SHUTTLES:23/07/2018 04/05/2018 25/07/2018 PS16040 9745428 R 6 718.83 R 4 417.11 TTS SHUTTLES:06-08/08/2018 18/09/2019 96733 R 3 000.88 TWF AIR TRANSPORT MS VAHED 2018/6/21 DURBAN-JHB 21-Jun-18 PS18161 R 1 954.47 63 P a g e Management report of Independent Police Investigative Directorate TTS ACCOMMODATION FOR MS T BOTHA AT GARDEN COURT 30-31/10/2018 2018/10/31 SR-030012 R 1 540.88 TTS ACCOMMODATION FOR MR AUBRY MUKWEVHO@PROTEA HOTEL BLOEMFONTEIN FROM 02-07 DECEMBER PROCUREMENT OF EMEGENCY ASSEMBLY POINT SIGNAGE 07/12/2018 SR-030220 R 7 300.87 31/01/2019 SR-030433 R 1 550.00 TWF ACCOMMODATION FOR MR SESOKO@PROTEA HOTEL FIRE AND ICE FROM 10-13 FEBRUARY 13/02/2019 4227050 R 4 982.00 TWF FLIGHT FOR MR SESOKO FROM JHB-CPT-JHB ON 10-13 FEBRUARY 2019 13/02/2019 4211907 R 3 503.22 TENORAH 2. Request for information number 9 Accruals: Logis orders: ORDER NUMBER ORDER DATE NAME OF SUPPLIER DESCRIPTION OF SERVICE OR-026911 2018/04/17 ACCOMMODATION FOR MR SENNA AT PROTEA HOTELA FIRE TTS OR-026913 2018/04/17 ACCOMMODATION FOR MR MCBRIDE AT HOTEL SAVOY TTS OR-026914 2018/04/17 ACCOMMODATION FOR MR MOKOENA AT AKANANI TTS OR-026893 2018/04/16 FLIGHT FOR MR MAFUNA FROM JHB-CPT-EL-JHB TTS OR-026901 2018/04/16 CAR RENTAL FOR MR MAFUNA AT CPT TTS ORDER AMOUNT R 1487 Accruals: Manual orders: 64 P a g e R 1 600 R 1 500 R13 877 R 2 272 Management report of Independent Police Investigative Directorate MANUAL ORDER NUMBER ORDER DATE DESCRIPTION OF SERVICE NAME OF SUPPLIER ORDER AMOUNT AG-825296 2018/12/04 ACCOMMODATION FOR MR NK MTHEMBU@MAJUBA LODGE FROM 05/12/2018 UNTIL 07/12/2018 TRAVEL WITH FLAIR R 2 000.00 AG-825295 2018/12/04 TRAVEL WITH FLAIR R 2 810.00 AG-825037 2018/12/07 AI-102061 2019/11/03 ACCOMMODATION FOR MR MERUTI@KLONDIKE FROM 04/12/2018 UNTIL 07/12/2018 ACCOMMODATION FOR MR SG LETHELA@AKANANI APARTMENTS FROM 09-12 DECEMBER 2018 ACCOMMODATION FOR MR MAPONYA@ABSOLUTE FARENDEN FROM 13-15 MARCH 2019 TRAVEL WITH FLAIR R 3 900.00 TRAVEL WITH FLAIR R 2 782.00 Impact We could not perform audit procedures to confirm the accruals and payables not recognized at year end. Internal control deficiency Financial and performance management Management did not implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support performance reporting. Recommendation • Management should implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial statements. • Management should prepare accurate and complete financial statements that are supported and evidenced by reliable information. Management’s response 65 P a g e Management report of Independent Police Investigative Directorate All outstanding supporting documents have since been identified and submitted to the Auditors, however the Tenorah for procurement of emergency assembly point signage was by the reporting date a Commitment that was erroneously disclosed as payable for an amount of R1 5 50.00. The correction has since been made in the revised schedules and the updated AFS. Date: 19 July 2019 Auditor’s conclusion Management subsequently submitted the documents for audit and therefore the limitations were cleared. Commitments 16. Limitation of scope- Commitments Requirement In terms of Section 15(1)(a) of the Public Audit Act " when performing an audit, an authorized auditor has at all reasonable times full and unrestricted access to any document, book or written or electronic record or information of the auditee or which reflects or may elucidate the business, financial results, financial position or performance of the auditee". Audit finding We could not obtain the supporting documents of the following orders to verify the amount of orders that is included in the commitments note: SUPPLIER NAME ORDER NO: ORDER DATE AMOUNT( R ) Afrindlo OR-002416 25/04/2018 15 250,00 MNB Charted Accountants OR-029085 21/02/2019 442 428,00 Travel With Flair AH-570791 27/03/2019 23 582,00 Trans Union Credit Bureau OR-028737 2018/12/19 177,45 66 P a g e Management report of Independent Police Investigative Directorate Digital Audio Recording Trnascrip OR-027195 2018/11/05 4 053,75 Government Printing Works OR-002758 2018/09/11 282,03 Uzwano Investments 26 OR-002863 15/03/2019 5 548,00 Total 491 321 Impact We could not perform planned audit procedures for the line items. Internal control deficiency Management did not implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support performance reporting. Recommendation • • Management should implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial statements. Management should prepare accurate and complete financial statements that are supported and evidenced by reliable information. Management’s response All outstanding supporting documents have since been identified and submitted to the Auditors, however Afrindlo and Uzwano Investments 26 for an amounts of R15 250.00 and R5 548.00 respectively, have since been removed from the Commitments list as both orders were cancelled during the financial year under review. The correction has since been made in the revised schedules and the updated AFS. Date: Auditor’s conclusion Management provide the revised commitment schedule, which was agreed to the revised amount in the AFS. The items mentioned above which are not commitments have been removed. (confirm some details with Refilwe) 67 P a g e Management report of Independent Police Investigative Directorate 17. Incorrect valuation of commitments Requirement Modified Cash Standard chapter 14, paragraph 63 states that: “A department shall record its commitments, at cost (as evidenced by the contract value), as at the reporting date.” Audit finding The lease commitment balance as per the lease commitment schedule for the following leased items is different to the lease commitment balance recalculated using the provided supporting documentation (lease contract); Start date of the Contract Supplier Description SITA CONTRACT VPN SITA CONTRACT shared internet services SITA CONTRACT SITA CONTRACT SITA CONTRACT mainframe hosting services Commitments recalculated as at 31 March 2019 Difference-commitments 01/04/2018 2286733,54 2283953,07 -2780,47 01/04/2018 628947,43 628182,72 -764,71 01/04/2018 5174046,94 5167755,74 -6291,2 01/04/2018 109966,83 109833,13 -133,7 01/04/2018 700101,9 652598,53 -47503,37 8 899 796,64 8 842 323,19 -57 473,45 hosted batch printing services Web services Total Impact The commitments balance is overstated by at least R57 473,45. 68 P a g e Commitments as at 31 March 2019 Management report of Independent Police Investigative Directorate Internal control deficiency Financial and performance management Management responsible for reviewing of commitments did not perform an adequate review of the commitments schedule using supporting documents. Recommendation Management should review entire population of commitments and ensure that the commitments schedule agrees to contract details such as dates as well as amount of the contract and recalculate the commitment. Management’s response The SITA contract has since been recalculated with the 15% VAT and the projected CPI of 5.8% in year one (2018/19), 5.3% in year two (2019/20), 5.5% in year three (2020/21), 5.5% in year four (2021/22) and 5.8% in year five as it was used as projected CPI in the contra ct. All above mentioned SITA services were for period of five years’ period except the Web services that was only for period of Four years. The correction has since been made in the revised commitment schedule and the updated AFS. Date: 19 July 2019 Auditor’s conclusion Management provide the revised commitment schedule, which was agreed to the revised amount in the AFS. The revised calculations were reperformed and agreed. The finding is cleared. Contingent liabilities 18. Contingent liability incorrectly allocated 69 P a g e Management report of Independent Police Investigative Directorate Requirement Paragraph 04 of Chapter 14 – Provisions and contingents of modified cash standards, defines: “A contingent liability as: (a) a possible obligation that arises from past events, and whose existence will be confirmed only by the occurrence or non-occurrence of one or more uncertain future events not wholly within the control of the department; or (b) a present obligation that arises from past events but is not recognised because: (i) it is not probable that an outflow of resources embodying economic benefits or service potential will be required to settle the obligation; or (ii) the amount of the obligation cannot be measured with sufficient reliability”. Liabilities as present obligations of the department arising from past events, the settlement of which is expected to result in an outflow from the department of resources embodying economic benefits or service potential”. A provision is a liability of uncertain timing or amount”. Paragraph 09 of Chapter 14 – Provisions and contingents of modified cash standards, states that: “For the purposes of disclosure only, a provision shall be recorded when: (a) a department has a present obligation (legal or constructive) as a result of a past event; (b) it is probable that an outflow of resources embodying economic benefits or service potential will be required to settle the obligation; and (c) a reliable estimate can be made of the amount of the obligation. If these conditions are not met, no provision shall be recorded or disclosed” Paragraph 04 of Chapter 14 – Provisions and contingents of modified cash standards, defines: “A constructive obligation is an obligation that derives from a department’s actions where: (a) by an established pattern of past practice, published policies or a sufficiently specific current statement, the department has indicated to other parties that it will accept certain responsibilities; and (b) as a result, the department has created a valid expectation on the part of those other parties that it will discharge those responsibilities”. Background Both Mr Khuba and Mr Sesoko were criminally charged for Fraud and defeating the ends justice. According to both officials, the charges arose from the two recommendation reports which were made in Diepsloot CAS 390/07/2017. On the 21 st May 2015, both Mr Khuba and Mr Sesoko were placed on suspension and served with charges on the 06th July 2015 by the then Acting Executive Director Mr Kgamanyane. Mr Khuba was subsequently dismissed on the 30th September 2015 whereas Mr Sesoko’s dismissal was on the 16 th August 2016.According to the officials; they could not request 70 P a g e Management report of Independent Police Investigative Directorate the department to assist with their legal costs then due to among others, their relationship with the Acting Executive Director then which had then which had broken down. Mr khuba on his personal capacity appointed Madiba attorneys to represent him and assist with the criminal case against him.The total amount incurred by Mr. Khuba in respect on legal costs was R290965.00 of which he paid R 100 000 . leaving a balance of R 190965.00 payable to Madiba attorneys.Mr Sesoko was represented by Mathibe Thabang attorneys who charged him an amount of R 135 930.00 a which is still outstanding and payable .Mr Sesoko has not paid any amount to Mathibe Thabang Attorney to date. Audit finding During the financial year the executive director approved reimbursing and settlement of the officials of the department’s legal fees that were incurred while acting in their official capacity. These outstanding payments were disclosed as contingent liability. However, the present obligation already exists as the executive director has approved the payment of outstanding legal fees for the officials. Furthermore, the department has already reimbursed Mr Khuba, the R100000 amount, already paid for his legal fees. This has created a constructive obligation to pay for Mr Sesoko as well: Nature of liability: Claims against the department Khuba and others vs IPID Opening Balance Incurred during the year Amount already paid Closing Balance - R 427000.00 R 100000.00 R 327 000 Impact This has resulted to the overstatement of contingent liabilities disclosed in the AFS, while understating the liabilities/provisions. Internal control deficiency Financial and performance management • • Management did not adequately review and evaluate the nature of the financial information prior to recording and submission for disclosure. Management did not adequately review the contingent liability schedule that was used to prepare the disclosure note to ensure that the contingent liabilities disclosed are valid and accurate. Recommendation • Management must review the financial statements to ensure that all Contingent Liabilities a disclosed are in accordance with Modified cash standards. • Management should adjust the financial statements in accordance to the applicable framework. 71 P a g e Management report of Independent Police Investigative Directorate Management’s response The approval was granted by the Executive Director with condition that the indicated amounts must still be paid first by the Claimants and submit the proof of payments to the Department for reimbursement. Therefore, the department did not confirm the reliability of the source documents since the affected parties were still expected to put their claims for reimbursement with the proof of payment that was going to be used to process their claims. In terms of economic classifications (SCOA), all employees` claims that are arise from legal actions taken against the Department by employees are classified as Claims against the Department that are also disclosed under Contingent liabilities in line with the AFS reporting guides. The expenditure on the same item is therefore accounted for under transfers, Claims against the Department which results in the contingent liabilities in the AFS as both items are linked. Date: 19 July 2019 Auditor’s conclusion The auditors are in disagreement with management’s classification. However, the matter is not material. National Treasury must be requested to assist with the SCOA classification. General IT controls 19. Inadequate design and implementation of the ICT and organisational structure Audit finding There was one key vacant post (Network Controller) from the old organisational structure that had not yet been filled. The proposed new structure was still pending approval from DPSA after being initially rejected in 2018 as a result the department had reverted back to the IT structure from the previous years. Lack of an approved organisational structure increases the risk that some of the vacant positions may not be funded which in turn affects the organisations capabilities on delivering on strategic objectives. Further, delays in approving the proposed structure which w as meant to align with the current skills and capacity needs of the organisation may limit the ability of the organisation to efficiently achieve its objectives. 72 P a g e Management report of Independent Police Investigative Directorate Internal control deficiency Leadership: Establish an IT governance framework The department did not have an approved organisational structure. This was because a communique from Department of Public Service and Administration (DPSA) on 30 November 2018 stated that the former minister had rejected the then proposed DPSA structure and recommended that the department revise and address a few functional and staff issues before implementation. Recommendation Management should ensure that they address the functional and staff issues outlined by the DPSA and have the organisational structure approved. Management response Management agrees with the finding and internal control deficiency. The structure was approved by the Minister of Police and subsequently submitted to DPSA for concurrence. However, the DPSA did not concur due to a number of issues they raised. The IPID continues to engage DPSA. Name: Nomkhosi Netsianda Position: Chief Director Date: N/A Auditor’s conclusion Management comments are noted and the implementation of action plans will be followed up in the next audit 20. Inadequately designed IT Governance framework policy Audit finding The department had an approved ICT Governance Policy Framework which was signed off by management; however, the policy did not address or cover the following critical areas in the Policy Framework: • Information security management practices; • Information technology strategy as part of the strategic business planning process; • IT benefits realisation process; 73 P a g e Management report of Independent Police Investigative Directorate • • IT value and performance measurement processes; and IT acquisition and disposal processes. Failure to develop an ICT Governance Framework policy which comprehensively covers the principles of industry standard Governance Framework to support and enable the business to deliver value to its stakeholders may lead to poor governance practices. Internal control deficiency Leadership: Establish an IT governance framework This was due to oversight on the part of management. Recommendation Management should ensure that the ICT Governance Framework Policy is aligned to the industry’s leading Frameworks and best practices including the recommendations issued by the DPSA. Management response Management agrees with the finding and the internal control deficiency, however the department was currently in the process of reviewing and signing off the existing ICT Governance Framework Policy to include the following sections: • • Information security management practices; Information technology strategy as part of the strategic business planning process Recommendations from the auditor of IT benefits realisation and performance measurement will also be included in the reviewed policy. Further to this it should be noted that the IT department makes use of the departments SCM (Supply Chain Management) policies to address the IT acquisition and disposal process. This will be clearly indicated in the ongoing review of the ICT Governance Framework. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 August 2019 Auditor’s conclusion 74 P a g e Management report of Independent Police Investigative Directorate Management comments are noted and the implementation of action plans will be followed up in the next audit. 21. The IT Strategic Plan was not formally approved Audit finding The department’s IT Strategy (2015 – 2020) was still in draft and not yet approved. Without a formally approved IT strategy, there is a risk that the IT strategic objectives of the IT division might not support and be aligned to the objectives of the entire department. Further, IT needs might also not be communicated to those charged with governance possibly resulting in insufficient budget allocations and inadequate monitoring on ICT spending resulting in fruitless and wasteful expenditure. Internal control deficiency Leadership: Establish an IT governance framework The ICT Strategy was yet to be finalised as there were revisions recommended by EXCO. There was also change in the department’s senior leadership hence the delay in signing off reviewed strategy and policy documents. Recommendation Management is encouraged to finalize the current ICT Strategy and ensure that the recommendations of the Board are taken into account in the final draft. Management response Management agrees with the finding and the internal control deficiency. The ICT Strategy is currently being reviewed to address financial implication inputs and will be signed-off by 31 July 2019. Name: Takalani Nemusimbori Position: Director: ICT 75 P a g e Management report of Independent Police Investigative Directorate Date: 31 July 2019 Auditor’s conclusion Management comments are noted and the implementation of action plans will be followed up in the next audit. 22. Lack of security monitoring on the network and applications- re-reporting Audit finding The IT operational plan requires submission of the information security status report on all systems to the Director: IT on a monthly basis. There was no evidence that was provided which demonstrated that management performed the monthly review of the following: • • • • • Active Directory security logs (logon violations) BAS security logs Flowcentric security logs LOGIS security logs Antivirus exception reports Lack of review of security audit trails could lead to failure to identify/detect security incidents, violations or vulnerabilities in a timely manner. Internal control deficiency Financial and performance management: Implement formal controls over IT systems Failure to comply with information security policies and procedures Recommendation IT Management should comply with the information security policies and procedures, and ensure all security logs have been submitted to management and reviewed on a monthly basis in line with the policy prescripts. Management response Management agrees with the finding and the internal control deficiency. 76 P a g e Management report of Independent Police Investigative Directorate A register will be developed which will show all the systems and the schedule of review. This register will cover all systems and each respective system manager will be required to review the logs and sign off in the register. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 July 2019 Auditor’s conclusion Management comments are note and will be reviewed in the next audit cycle. 23. Inadequate review of key ICT policies and procedures reporting Audit finding The following IT security policies that were required to be reviewed annually as stipulated in the policy had not been reviewed since the last review date. Policy Name BAS User Access Management policy PERSAL User Access management policy ICT Procedure Manual Disaster Recovery Plan(DRP) IT Governance Policy IT Governance Framework and Charter IT Implementation Plan 77 P a g e Review Frequency stated on the Last Review Date policy schedule Annually 01 April 2016 Annually 29 August 2016 Annually 30 April 2015 Annually 30 April 2015 Annually 22 September 2014 Annually 22 September 2014 Annually 21 September 2016 Management report of Independent Police Investigative Directorate Firewall Policy IT Standard Operating Procedures Annually Annually 30 April 2015 30 April 2015 Failure to regularly revise IT security policies in a timely manner could result in the following: • • • Failure to comply with new legislation and industry standards or best practices. Failure to address risks associated with the changes to the internal or external operating environment Failure to align with any changes in the strategic direction of the organization Internal control deficiency Financial and performance management: Implement formal controls over IT systems There was change in the department’s senior leadership and hence the review and signing of the policies had been postponed Recommendation Management should ensure that all policies are reviewed on an annual basis as stipulated in the documents. The following factors should be considered when reviewing policies: • • • • The emerging risks associated with the changes to the internal or external operating environment; Any budgetary impact on the implementation thereof; The impact of changes to other related processes; and Communication of new / updated policies and procedures to all relevant stakeholders. Management response Management agrees with the finding and the internal control deficiency. There was a delay in review and signing off the policies due to change in leadership. However; some of the policies have since been signed and below is the list of policies which have since been signed-off: Persal User Access Management Policy IT Disaster Recovery Plan IT Firewall Policy Consolidated ICT Policies IT Standard Operating Procedures Further, the BAS Policy is now with the Finance division for review and the IT Governance Policy is also in the process of be ing finalised. As stated above, the IT Strategy and IT Governance Framework is also pending review as a priority. Name: Takalani Nemusimbori 78 P a g e Management report of Independent Police Investigative Directorate Position: Director: ICT Date: 31 July 2019 Auditor’s conclusion Management comments are noted and the implementation of action plans will be followed up in the next audit. 24. Firewall was not operational. Re-report Audit finding The firewall was not operational at the time of the audit. It was established that the department had procured a new 4th Generation Firewall. However, it was yet to be configured and hence the firewall protection is still not in place. Lack of a functional firewall could lead to failure in the prevention and detection of security incidents or vulnerabilities in a timely manner. The finding was reported in the prior year. Internal control deficiency Financial and performance management: Implement formal controls over IT systems Non – compliance with information security policies and procedures. Recommendation IT Management should ensure that the firewall is configured and operational to reduce the likelihood of unauthorised access to sensitive information. Management response Management agrees with the finding and the internal control deficiency. 79 P a g e Management report of Independent Police Investigative Directorate The department is currently struggling with the configurations of the firewall and we have since outsourced a firewall consul tant to assist. The firewall should be fully functionally by July of the current year. Previously, the activation of the firewall resulted in key applications such as BAS and PERSAL being blocked from operating smoothly, thus it was removed to enable business to continue. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 July 2019 Auditor’s conclusion Management comments are noted and the implementation of action plans will be followed up in the next audit . Leases 25. Lease commitments disclosure Audit finding Modified Cash Standard chapter 13, paragraph 22(c) states that: “A lessee department shall make the following disclosures for lease commitments, distinguishing clearly between finance and operating lease commitments: general description of renewal or purchase options as well as escalation clauses (if any) per lease agreement”. Note 29: Lease commitments, did not disclose general description of renewal options. However, from the sample of items selected for testing we identified the following lease agreements have renewal options: No. 1 2 80 P a g e Supplier Bytes Minolta Start date of the Contract 4/05/2017 01/10/2018 Expiry date of the Contract 3/05/2020 30/09/2021 Contract amount Monthly rental for initial period 59 471.64 1 651.99 89 220.96 2 478.36 Monthly rental of extension 413 619 Commitments as at 31 March 2019 21 476 74 351 Management report of Independent Police Investigative Directorate No. Supplier 3 4 Total Konica Minolta Bytes Start date of the Contract 01/11/2016 19/01/2017 Expiry date of the Contract 31/10/2019 18/01/2020 Contract amount Monthly rental for initial period 59 573.16 1 654.81 59 471.64 1 651.99 Monthly rental of extension 413 413 Commitments as at 31 March 2019 11 584 14 868 122 278 Impact The lease commitment disclosure note is not fully complying with the Modified cash standards. Internal control deficiency Management did not adequately review the lease commitment disclosure note to ensure that it adheres to the Modified cash standards. Recommendation • Management must disclose general description of renewal options as indicated in lease agreements. • Management must design and implement processes for adequate review of the financial statements to ensure they are prepared in accordance with the applicable reporting framework. Management’s response The disclosure Note 26 of AFS word document has been revised to include general description of renewal options for all photocopier machines contracts that includes that option. Date: 19 July 2019 Auditor’s conclusion Management has corrected the disclosure note and the finding has been cleared. 81 P a g e Management report of Independent Police Investigative Directorate 26. Incorrect Lease Commitment balances Requirement Modified Cash Standard chapter 13, paragraph 22(a) states that: “A lessee department shall make the following disclosures for lease commitments, distinguishing clearly between finance and operating lease commitments: the total of future minimum lease payments at the reporting date, (i) not later than one year; (ii) later than one year and not later than five years; and (iii) later than five years”. Audit Finding Differences on lease commitment balance by management and lease commitment balances per supporting documentations were noted for the following leased items: Vehicle Description TOYOTA COROLLA 1.6 QUEST TOYOTA COROLLA 1.6 QUEST Total Registration Number Stat date of the Contact Expiry date of the Contact Audited lease commencement at 31 March Differences GGV516G 24-May-18 23-May-21 254 566,00 244 775,00 (9 791,00) GGV507G 22-Jun-18 21-Jun-21 264 357,00 254 566,00 (9 791,00) (19 582) Impact The lease commitment disclosure note is overstated by at least R19 582. Internal control deficiency Financial and performance management 82 P a g e Lease Commitment AS AT 31 March 2019 Management report of Independent Police Investigative Directorate Management did not adequately review the lease commitment schedule that was used to prepare the disclosure note to ensure that the lease commitment balance disclosed is correct. Recommendation • Management must review the whole population to identify similar instances and revised the lease commitment schedule. • Management must design and implement processes for adequate review of the financial statements and relevant supporting schedules to ensure that are annual financial statements are free from error. Management’s response The lease commitment schedule has since been recalculated and corrected accordingly. The revised commitment amount has been included in the updated AFS. Date: 19 July 2019 Auditor’s conclusion The revised lease commitment schedule that ties up to the revised AFS was provided. After auditing the following misstatements were identified, but are not material: Vehicle Description Polo Vivio 1.4 Polo Vivio 1.4 Total Registration Number GGV620G GGV621G Stat date of the Contact 20-Apr-18 20-Apr-18 Expiry date of the Contact 19-Apr-21 19-Apr-21 Lease Commitment AS AT 31 March 2019 199 632 199 632 Audited lease commencement at 31 March 207 950 207 950 Differences 8 318 8 318 16 636 Movable assets 27. Assets under investigation not included in internal memorandum to disposal committee 83 P a g e Management report of Independent Police Investigative Directorate Audit finding As per the Asset management and disposal policy effective from 07 May 2015 under Disposal: The identified assets must be separated or removed from other assets for safekeeping and updating of the assets register accompanied by approved asset movement form. A memorandum listing all redundant/obsolete/damaged assets must be compiled and forwarded to chairperson of disposal committee. The following asset which was in the asset register, and included in the assets under investigation tab, could not be traced to the memorandum listing for assets under investigation forwarded to the chairperson of disposal committee: Cost price SERIAL NO COST CENTRE DESCRIPTION ASSET CATEGORY DESC Asset Description (R) 2937 SCM AND AM MACHINERY AND EQUIPMENT SHREDDER 6 585 Impact As a result of this, the assets under investigation in the assets register may have been overstated. Internal control deficiency Financial and performance management Management did not implement proper controls over monitoring and reviewing the asset register to ensure that all assets disclosed as “under investigation” are actually approved by the disposal committee. Recommendation 84 P a g e Management report of Independent Police Investigative Directorate The assets must be removed from assets under investigation register and due process followed with the disposal committee first. Management’s response The identification of assets for disposal is an ongoing process depending on the condition of the asset. Therefore, the reason this identified asset was not part of the submission for disposal is because that at that time this disposal list was compiled, the referred asset was not yet identified for disposal hence not in the list. The item will be included in the list of the next assets that will be identified for disposal. Date: 12 July 2019 Auditor’s conclusion The finding will be cleared. Operating expenditure 28. Payments not made within 30 days of receipt of invoice Requirement Treasury Regulations 8.2.3 states that, “Unless determined otherwise in a contract or other agreement, all payments due to cr editors must be settled within 30 days from receipt of an invoice or, in the case of civil claims, from the date of settlement or court judgement.” Audit finding While auditing Goods and Services expenses, we identified that the following supplier invoices were not paid within 30 days from the date of receipt the invoice: 85 P a g e Management report of Independent Police Investigative Directorate No. Payment number Supplier Invoice received date Payment date Number of days Amount 1 2406474 RISE SECURITY SERVICES 2018/03/01 2018/04/18 48 51 739 2 2411229 PROPERTY MANAGEMENT TRADING ENTI 2019/01/15 2019/02/15 31 73 693 3 2411229 PROPERTY MANAGEMENT TRADING ENTI 2019/01/15 2019/02/15 31 258 699 4 2408243 NAT: DEPT JUSTICE & CONST DEV 2018/07/02 2018/08/08 37 109 500 5 2411746 GAUTENG PROVINCIAL GOVERNMENT G- 2019/02/15 2019/03/20 33 611 801 6 2406334 TOURVEST TRAVEL SERVICES 2018/02/20 2018/04/10 49 2 823 7 2406335 TOURVEST TRAVEL SERVICES 2018/03/02 2018/04/10 39 3 013 Total 1 111 270 Impact This result to non-compliance with Treasury regulation and has potential to be fruitless and wasteful expenditure if interest on late payments is being charged. Internal control deficiency Financial and performance management Management did not implement adequate processes and controls to ensure all suppliers are paid within legislated period, and ensure compliance treasury regulation. Recommendation Management must implement design and implement adequate controls to ensure that all invoices are settled within 30 days from receipt of the invoice to ensure compliance with treasury regulations. 86 P a g e Management report of Independent Police Investigative Directorate Management’s response The above listed invoices that were paid in the previous year 2018, were mainly due to the decision that was taken by Department Budget Control Committee to put aside some of the invoices in favour of the contractual obligations due to the budget constraints that was e xperienced towards the end of the financial year 2017/18. The invoices were received and evaluated by the committee in order to reprioritise those that have a significant impact to the service delivery. Those invoices that were set aside at the end of the financial year, were paid in the following financial year with the new budget allocation. Some of the invoices such as property management trading entity (DPW) were delayed due to the dispute on the invoice amount, however the Entity was unable to revise the date of their invoice with the latest one after dispute. Date: 19 July 2019 Auditor’s conclusion The instances of non-compliance will be assessed to establish if they are not material. 29. No proof of trip authorization Audit finding Section 40(1)(a) of PFMA states that: the accounting officer for a department, trading entity or constitutional institution must keep full and proper records of the financial affairs of the department, trading entity or constitutional institution in accordance with any prescribed norms and standards. Audit finding Fleet service costs relate mainly to toll fee, petrol, car wash costs and other vehicle tariffs... 87 P a g e Management report of Independent Police Investigative Directorate Each IPID vehicle (Whether owned or leased from G-fleet) is allocated a card that is linked to standard bank. This card is used to pay for costs associated with that car, e.g petrol, toll fees, etc... Standard bank then sends IPID an invoice of all costs that they were paid by Standard bank on behalf of IPID. However, there is no supporting documents or Trip authorization form that is signed by delegated person. We therefore cannot confirm that the actual costs charged for fleets services were costs related for IPID work purposes since there was no proof authorization form for the following payment number: No Supplier Payment no Amount 1 THE STANDARD BANK OF SOUTH AFRIC 2410841 14 717,69 2 THE STANDARD BANK OF SOUTH AFRIC 2409454 15 133,82 3 THE STANDARD BANK OF SOUTH AFRIC 2410841 14 454,76 4 THE STANDARD BANK OF SOUTH AFRIC 2409454 23 000,00 5 THE STANDARD BANK OF SOUTH AFRIC 2411154 16 564,82 6 THE STANDARD BANK OF SOUTH AFRIC 2411154 25 556,27 7 THE STANDARD BANK OF SOUTH AFRIC 2411154 11 133,58 8 GAUTENG PROVINCIAL GOVERNMENT G- 2408936 23 553,06 9 GAUTENG PROVINCIAL GOVERNMENT G- 2408936 50 044,61 10 GAUTENG PROVINCIAL GOVERNMENT G- 2411950 17 278,03 11 GAUTENG PROVINCIAL GOVERNMENT G- 2410844 29 993,05 12 GAUTENG PROVINCIAL GOVERNMENT G- 2410844 21 470,97 Total Impact We cannot confirm if the fleet services were received by the department. Internal control deficiency Financial and performance management The department did not have a proper record management system to maintain information that supported fleet services expenditure. 88 P a g e 262 900.00 Management report of Independent Police Investigative Directorate Management did not put in place adequate reconciliation controls to ensure that the payment made for fleet services are for expenditure that was incurred by IPID. Recommendation The department must put in place adequate controls to ensure valid supporting documents are kept to support payments for fleet services. These should include trip authorisation forms signed by a delegated person. before the expenditure can incurred there must be approval of trip authorisation form. Management’s response All requested supporting documents have been submitted to the Auditors for audit purpose. Date: 19 July 2019 Auditor’s conclusion The trip authorisation have been provided. The finding has been cleared. Predetermined objectives 30. Percentage of investigations of other criminal and misconduct matters referred to in section 28(1)(h) and 35 (1)(b) of the IPID Act that are decision ready -Section 28(1)(h) matters not pre-approved by the Executive Director (E.D Requirement In terms of the Standard Operating Procedures (SOP) for IPID, paragraph 8.4.6 states that “upon registration of a matter that could fall within 28(1)(h), after the CIC has provisionally confirmed and allocated the case, the case will be routed to the provincial management to write a memo addressed to the Executive Director via the Programme Manager outlining the merits of the case and recommendation if the case should be investigated by IPID or not. This memo must be scanned and attached and upon submission of the activity will be sent to the Programme Manager, who will discuss with the Executive Director and complete the activity with the Executive Director’s decision”. Audit finding 89 P a g e Management report of Independent Police Investigative Directorate During the audit of the performance information, it was noted that the below cases were registered and allocated as a section 28(1) (h) case and were investigated without the approval of the Executive Director. The approval was then done post investigation: No. Case Control Number Province Section Incident Code 1 2018030501 Free State 28.2 - Systemic corruption involving the police Suffocation Impact This result in non-compliance with IPID’s SOP. Furthermore, the department investigated cases that could have been avoided as in some cases the E. D’s ruling was that it must not be investigated rather be ‘referred’ Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures (SOP) as approved by the Executive Director. Management’s response (FREE STATE) 1. Management disagree with this finding. 2. Approval was obtained and all processes unfolded with full compliance to the Standard Operating Procedures (SOPs) 3. The requesting memorandum was prepared and send by the Acting Provincial Head on 20 March 2018 to Head Office and the signed approval was received back by the Province on the 28 March 2018. The case was accordingly registered on this date at 11h30. (A copy of the signed/approved memorandum is attached as Annexure A) 90 P a g e Management report of Independent Police Investigative Directorate Submitted by: Mr. CJF. Ontong Title: Provincial Head –IPID Free State Province Date: 2019/07/10 Date: Auditor’s conclusion Finding resolved 31. Number of investigations of discharge of an official firearm by a police officer that are decision ready – Preliminary investigations not done Requirement In terms of Paragraph 8.5 of The Independent Police Investigative Directorate standard operating procedures: “All Section 28 (1) (c) matters Reg. 6(3) - Must conduct preliminary investigation, not exceeding 30 days, to establish if full investigation is warranted Reg. 6(4) - Duties in terms of discharge complaint investigation. Reg. 6(5) - Complete investigation within 90 days or give reasons Audit finding Preliminary investigations were not completed for the following section 28 (1) (c) matters of the IPID Act: No. 2018040245 CCN Northern Cape Province Section 28.1 c - Discharge of an official firearm 2018050179 Northern Cape 28.1 c - Discharge of an official firearm 1 2 91 P a g e Management report of Independent Police Investigative Directorate 2018060446 Northern Cape 28.1 c - Discharge of an official firearm 2018080096 Northern Cape 28.1 c - Discharge of an official firearm 2018120375 Northern Cape 28.1 c - Discharge of an official firearm 2018040062 North West 28.1 c - Discharge of an official firearm 2018050166 Western Cape 28.1 c - Discharge of an official firearm 2018050181 Western Cape 28.1 c - Discharge of an official firearm 2018080254 Western Cape 28.1 c - Discharge of an official firearm 2018090575 Western Cape 28.1 c - Discharge of an official firearm 2018050216 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018050222 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018050721 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018080626 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018090036 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018090163 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 3 4 5 6 7 8 9 10 11 12 13 14 15 18 Management’s response (NORTHERN CAPE) 1. Number of investigation of discharge of an official firearm by a police officer that are decision ready. 92 P a g e Management report of Independent Police Investigative Directorate Preliminary Report not attached NO CCN 1 PROVINCE 2018040245 Northern Cape 2 2018050179 Northern Cape 3 2018060446 Northern Cape 4 2018080096 Northern Cape 5 2018120375 Northern Cape SECTION RESPONSE 28.1c- Discharge of an No preliminary report. Full investigation was necessary. official firearm 28.1c- Discharge of an official firearm 28.1c- Discharge of an 28.1c- Discharge of an No preliminary report. Full investigation was necessary. official firearm 28.1c- Discharge of an official firearm Preliminary Report not attached 93 P a g e Preliminary report attached Annexure A official firearm Management’s response (NORTH WEST) CCN No preliminary report. Full investigation was necessary. Feedback on AGSA Report Preliminary report attached Annexure B Management report of Independent Police Investigative Directorate 1. 2018040062 NW office concedes and will ensure that it does not happen again in future Management’s response: WESTERN CAPE We do not agree with the above finding all the cases referred above were full investigation thus a preliminary investigation report was not required as per SOPS. 5.59 and 8.10.10 thereof. Management’s response: KWAZULU NATAL We do not agree with the above finding all the cases referred above were full investigation thus a preliminary investigation report was not required as per SOPS. Auditor’s conclusion For all section 28 (1) (c) cases that do not have a preliminary investigation report, finding will remain as control deficiency. The following Preliminary reports were not signed by director of investigations: No. CCN Province Section 1 2018060364 Limpopo 28.1 c - Discharge of an official firearm 2 2018050741 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 3 2018080179 Kwa Zulu Natal 28.1 c - Discharge of an official firearm Impact This is not in compliance with the Standards Operating Procedures (SOP) of IPID. 94 P a g e Management report of Independent Police Investigative Directorate Internal control deficiency Financial and performance management Management did not implement adequate processes and controls to ensure compliance with SOP when performing investigations of discharge of an official firearm by a police officer. Recommendation Management should implement adequate processes to ensure compliance with its SOP when performing investigations. Management’s response (Limpopo – 2018060364) The preliminary report was signed by the Assistant Director Investigation dully appointed by the Provincial Head as the Head of the office in the absence of both the PH and DPH (Director of investigations). This is in line with the SOP (see Annexure B/1, B/2 AND B/3). Date: 2019/07/09 Management’s response (KWAZULU-NATAL) In all the KZN cases listed above the SAPS dockets were uplifted for full investigations and therefore Preliminary reports were not compiled. Date: Auditor’s conclusion Limpopo – acting letter received finding resolved. 95 P a g e Management report of Independent Police Investigative Directorate Kwa Zulu Natal - no preliminary reports received therefore finding remains as a control deficiency. 32. Number of investigations that are torture decision ready – Decision ready case incorrectly classified Audit finding In terms of the Standard Operating Procedures (SOP) for IPID, paragraph 5.9 states that if a case falls within the mandate of the IPID, the investigator must record the case as a section 28(a)-(g) in the CMS. Audit finding During the audit of the annual performance information, it was noted that the below case was incorrectly classified as section 28.1.f. The investigation should be classified as Section 28.1.g: Number of investigations of corruption that are decision ready: No. CCN 1 2018090147 Province Kwa Zulu Natal Incident Section 28.1 f - Torture or assault Torture Date completed 2018/09/27 Impact This has resulted in the reported information per indicator not being accurate. The indicator for number of investigations that are torture decision ready is overstated while the Number of investigations of corruption that are decision ready is understated. Internal control deficiency Financial and performance management Management did not have an effective record classification system which is able to classify reported cases in accordance with the nature of the case. Recommendation • • Management should ensure that they classify reported cases in accordance with the nature of the case. Management should adequately review case classification before approving case as decision ready. 96 P a g e Management report of Independent Police Investigative Directorate Management’s response It is conceded that the incorrect classification was registered as the main complaint relates to corruption however the complainant does also make reference to the fact that he was also assaulted by means of torture so therefore the classification was not completely unrelated. See the emailed complaint received as per Annexure AG. Date: Auditor’s conclusion Management’s above explanation is sufficient. Finding has been resolved 33. Number of investigations of rape by police officer that are decision ready – recommendation report was not signed by director of investigations. Audit finding Section 8.3.4 of SOP: All referrals/reports/recommendation(s) emanating from the case investigative report(s) are external reports and are to be sent to stakeholders if applicable. The referrals/recommendation(s) needs to be signed by the Investigator, and Provincial Management in the case of a Provincial Investigation and by the Investigator and the Programme Manager in the case of a National Investigation; Audit finding Recommendation report was signed by the Deputy Director of investigations however acting letter was not attached: No. 1 CCN 2018040524 Impact This resulted in non-compliance with IPID’s SOP. 97 P a g e Province Kwa Zulu Natal Section 28.1 d - Rape by a police officer Management report of Independent Police Investigative Directorate Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures (SOP) as approved by the Executive Director. Management’s response This query has already been dealt with on Page 29, paragraph 10.2 of this report. Date: Auditor’s conclusion Acting letter received. Finding has been resolved. Procurement and Contract Management 34. Procurement and Contract Management - Non- compliance to National Treasury Regulation and PFMA Requirement 98 P a g e Management report of Independent Police Investigative Directorate In terms of section (3) of the National Treasury Instruction, the accounting officer musti.Submit an approved annual procurement plan to the relevant Treasury by 31 March of each year; ii.Align the procurement plan with the institution’s budget and annual performance plan for a specific financial year; iii.Include all expenditure on goods, works and services in excess of R500 000 (including VAT), per transaction, on the template whether or not the expenditure; 1. To be incurred is in terms of the transversal contract or by any other means; 2. Relates to items where the tender process has already commenced; 3. Is procured by the institutions or through an agency. Section 38 (1) (b) of the Public Finance Management Act 1 of 1999, states that “The accounting officer for a department is responsible for the effective, efficient, economical and transparent use of the resources of the department, trading entity or constitutional institution”. Section 38 (1) (a) (iv) of the Public Finance Management Act 1 of 1999, states that “The accounting officer for a department is responsible for the system for properly evaluating all major capital projects prior to a final decision on the project” Audit finding During the audit of the competitive bids it was identified that a procurement of 23 VW Polo vehicles was done through quote IPID 18/19/214 by Independent Police Investigative Directorate without the project being in the approved procurement plan of 2018/19 financial period. The procurement of the vehicles whereas the project was not approved as part of the annual procurement plan was due to the decision taken by the management to utilise the savings that were obtained after the capital injection that the department received in 2018: RFQ Received date 24/08/2018 RFQ Number IPID 18/19/214 Description of goods VW POLOS X23 Recommended Supplier Volkswagen of South Africa Amount Date sent to client 4 952 403.14 06/09/2018 Impact The procurement of capital project where the needs assessment and the financial impact are not evaluated will result in the non-compliance of the PFMA as well as the department’s SCM policy which indicates that the supply chain Management department must submit the procurement plan to the relevant treasury by 31 March of each financial year which is duly approved by the Accounting Officer or his/her delegate. Internal control deficiency Leadership 99 P a g e Management report of Independent Police Investigative Directorate Management did not ensure that they exercise oversight on the procurement and contract management to ensure that all the legislated and internal policy requirements are complied with. Management did not implement controls to review and monitor compliance with applicable laws and regulations. Recommendation Management should ensure that they exercise due care and diligence when exercising oversight to ensure that all the legislated and internal policy requirements are complied with. Management’s response The referred procurement happened after the 2018/19 adjustment budget process where the savings were realised to accommodate prioritise the procurement of vehicles for investigators. The adjustment budget process only happened after the development, approval, and s ubmission of the procurement plan hence the identified items could not be included in the procurement plan that was already submitted in April 2018 whilst the adjusted budget was approved in October 2018. Date: 12 July 2019 Auditor’s conclusion This will remain as control deficiency. 100 P a g e Management report of Independent Police Investigative Directorate ANNEXURE C: ADMINISTRATIVE MATTERS General IT controls 35. Inadequate physical and environmental Controls-Re-reporting Audit finding The server room equipment was not adequately designed and maintained. For instance, the following deficiencies were noted; • • The server-room did not have an automated fire-suppression system in place and relied on manual fire-extinguishers. The UPS in the server-room was not functional as the department had not installed the recently procured UPS. Physical resources that are damaged and/or compromised may result in the loss of business data, reputational and/or financial losses to the department due to service disruption on critical financial systems. This was reported in the previous two years. Internal control deficiency Financial and performance management: Implement formal controls over IT systems Inadequate budget available to implement all key controls in the server-room. The procurement of the UPS was concluded however it was yet still to be installed. Recommendation Management (IT and Facilities) should ensure that adequate environmental controls are implemented in the server room to secure the IT environment, this will assist in ensuring that the department’s ICT resources are in good working condition. Management response 101 P a g e Management report of Independent Police Investigative Directorate Management agrees with the finding and internal control deficiency. We will procure an automated fire suppression system as soon as the department moves to a new building as the current lease has expired. Previously there was inadequate budget to install a fire-suppression system. Furthermore; the delay in installing the UPS was due to the fact that the department had only procured the UPS in the later part of the year. Hence the product was only delivered in March 2019 and was installed in April 2019. The finding shall be fully addressed after relocation to the new building has taken place. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 March 2020 Auditor’s conclusion Management comments are noted and progress on this will be assessed in the next audit cycle. 36. No formal process in place for monitoring value delivery on IT investments Audit finding There was no formal process in place to measure or monitor value delivery and or benefit realisation for spending on IT relating to infrastructure and software. Lack of a formal processes to monitor the return and benefit of IT spending in the department might result in inconsistent acquisition and implementation processes of business systems outside budget and acceptable timelines. This might in turn result in financial loss and wasteful expenditure. Internal control deficiency 102 P a g e Management report of Independent Police Investigative Directorate Leadership: Establish an IT governance framework that supports and enables the business, delivers value and improves performance The IT Governance Framework did not define processes for measuring or monitoring value delivery and or benefit realisation for spending on IT relating to infrastructure and software. Recommendation IT Management should develop and formalise processes / policies relating to benefits realisation on IT spending. This is to enable the department to increase the effectiveness of their governance and oversight on all IT spend and align with its strategic goals, including maximising on investments. As a minimum, a benefits relation plan / program should be formally documented and monitored for each IT investment or project. Management should continually evaluate the portfolio of IT-enabled investments, services and assets to determine the likelihood of achieving the department’s objectives and delivering value at a reasonable cost. This would help them identify and make judgement on any changes in direction that need to be given to management to optimise value creation. Management response Management agrees with the finding and the internal control deficiency. It should be noted that for a prolonged period, the department did not have funds to inject towards ICT infrastructure. This is improving and we are currently on a stage whereby basic ICT infrastructure renewal is in progress. A formal process for portfolio management, benefits realisation and performance measurement will be developed and documented for all key IT projects and procurement once an analysis of business enhancing systems required by IPID to move from basics is done. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 December 2019 Auditor’s conclusion Management comments are noted and the implementation of action plans will be followed up in the next audit. 103 P a g e Management report of Independent Police Investigative Directorate 37. Inadequate termination process in the Flowcentric system Audit finding The department had terminated employees during the year under review, however evidence of termination forms were not provided as per requirement of the user access management policy and procedure. In terms of the policy, employee who resigns should fill a termination form and immediately be disabled from the system. Failure to comply with user access management policy and procedures may lead to unauthorised fraudulent transactions be ing executed by unauthorised users using terminated employees’ profiles who still have access to the system. Internal control deficiency Financial and performance management: Implement formal controls over IT systems Noncompliance with user access management policies and procedures. Recommendation Management should ensure that employees comply with established and formal user access management policies and procedures, further all user accounts of terminated employees should be disabled on all applications along with the assigned privileges. Management response Management agrees with the finding and the internal control deficiency. A new activity was introduced to assist the provincial management to perform a monthly user activities review for their respective provinces. With this new function, the system also disables inactive user accounts automatically if they are not active for a period exceeding 30 days. Termination of users will be done in sequential to Active Directory termination as per the user access management procedure. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 July 2019 104 P a g e Management report of Independent Police Investigative Directorate Auditor’s conclusion Management’s comments are noted and progress will be reviewed in the next audit cycle. 38. Inadequate implementation of the user termination process on active directory Audit finding The user termination process was not adequate as some users on the user termination list from HR did not match with active directory user termination list. Below are the PERSAL numbers from both the HR (Human Resources) and AD (Active Directory) which do not match either dataset: AD Termination List with no match on HR List 22951563 10771891 18714901 21938768 22142983 23214708 23181788 23214708 HR Termination list with no match on the AD Termination List 23311126 23752980 25991175 26796457 27348393 28242688 28276434 28432797 If user account termination procedures are not adhered to, attackers who gain access to user IDs may masquerade as legitimate system users and gain unauthorised access to critical information for fraudulent purposes. Internal control deficiency Financial and performance management: Implement formal controls over IT systems Failure to comply with user access management policies and procedures Recommendation Management should comply with user access management policies and procedures, and ensure all terminated users are correctly and promptly removed system. Furthermore, management is encouraged to ensure any termination on the systems is accompanied by supporting d ocumentation from the Human Resources and the user has signed the termination forms accordingly. 105 P a g e Management report of Independent Police Investigative Directorate Management response Management agrees with the finding and internal control deficiency. This was due to the change and in personnel in the Human Resources department, hence compliance with sending a list of organisational changes was not achieved. HRM shall be engaged to ensure that organisational changes are communicated to ICT timeously. Further to that, the process needs re-orientantion and made more efficient through training of the new personnel. Name: Takalani Nemusimbori Position: Director: ICT Date: 31 July 2019 Auditor’s conclusion Management comments are noted and progress will be assessed during the next audit cycle. Movable assets 39. Moveable assets bar coded incorrectly (internal control deficiency) Audit finding 106 P a g e Management report of Independent Police Investigative Directorate As per the Asset management and disposal policy under assets identification, an asset and asset register must be maintained, and all assets(major/minor) must have a bar code for reference. A bar code is affixed to an area of the asset where they can be easily read. The following assets were labelled differently from the serial number recorded on the asset register: COST CENTRE DESCRIPTION SD:SECURITY MANAGEMT NORTHERN CAPE PROV OFF ASSET CATEGORY DESC ASSET DESCRIPTION BAR CODE PER ASSET REGISTER BAR CODE ON ASSET OFFICE FURNITURE PRINTER 13341 13173 COMPUTER HARDWARE & SYSTEMS - DESKTOP DESK 12321 13604 Internal control deficiency Management did not implement proper controls over monitoring and reviewing the asset register to ensure that all assets are recorded with th e accurate bar codes. Recommendation Management should design and implement adequate reconciliation controls between assets and the asset register. Management’s response The finding is noted, this was error that was identified and it has since been corrected. The Asset Register has also been updated with the correct assets barcode and log forms to confirm the corrections were submitted to the Auditors. Date: 12 July 2019 107 P a g e Management report of Independent Police Investigative Directorate Auditor’s conclusion The control deficiency will remain. Predetermined objectives 40. Investigation documents not included in case files: Internal control Requirement Section 38(1)(a)(i) of PFMA states that: the accounting officer must ensure that department, trading entity or constitutional institution has and maintains internal control effective, efficient and transparent systems of financial and risk management and internal control Audit finding While performing the audit of performance information, we identified that some documents relating to the investigation were not part of the case file as stated in the department’s standard operating procedure. The following investigations have been affected; Ballistic report not attached to file: CCN 2018040245 Province Northern Cape Section 28.1 c - Discharge of an official firearm 2018050179 Northern Cape 28.1 c - Discharge of an official firearm 2018060446 Northern Cape 28.1 c - Discharge of an official firearm 2018080096 Northern Cape 28.1 c - Discharge of an official firearm 108 P a g e Management report of Independent Police Investigative Directorate 2018120375 Northern Cape 28.1 c - Discharge of an official firearm 2018050181 Western Cape 28.1 c - Discharge of an official firearm 2018100662 Western Cape 28.1 c - Discharge of an official firearm 2018110199 Western Cape 28.1 c - Discharge of an official firearm 2019010425 Western Cape 28.1 c - Discharge of an official firearm 2018040217 Limpopo 28.1 c - Discharge of an official firearm 2018040254 Kwa Zulu Natal 28.1 b – Death as a result of police action 2018060029 Kwa Zulu Natal 28.1 b – Death as a result of police action 2019010232 Kwa Zulu Natal 28.1 b – Death as a result of police action 2018070196 Limpopo 28.1 b – Death as a result of police action 2018120376 Limpopo 28.1 b – Death as a result of police action 2015120439 Limpopo 28.1 c - Discharge of an official firearm 2016070406 Limpopo 28.1 c - Discharge of an official firearm Permit to handle firearm not attached: CCN 2018040245 109 P a g e Province Northern Cape Section 28.1 c - Discharge of an official firearm Management report of Independent Police Investigative Directorate 2018050179 Northern Cape 28.1 c - Discharge of an official firearm 2018060446 Northern Cape 28.1 c - Discharge of an official firearm 2018080096 Northern Cape 28.1 c - Discharge of an official firearm 2018120375 Northern Cape 28.1 c - Discharge of an official firearm 2018050100 North West 28.1 c - Discharge of an official firearm 2018050181 Western Cape 28.1 c - Discharge of an official firearm 2018080254 Western Cape 28.1 c - Discharge of an official firearm 2018090575 Western Cape 28.1 c - Discharge of an official firearm 2018100662 Western Cape 28.1 c - Discharge of an official firearm 2018110199 Western Cape 28.1 c - Discharge of an official firearm 2019010425 Western Cape 28.1 c - Discharge of an official firearm 2018050222 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018050721 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018080626 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018090163 Kwa Zulu Natal 28.1 c - Discharge of an official firearm J88 forms not attached: 110 P a g e Management report of Independent Police Investigative Directorate 2018050166 CCN Province Western Cape Section 28.1 c - Discharge of an official firearm 2018110199 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018040217 28.1 c - Discharge of an official firearm 2018070261 Polokwane Western Cape 2018100159 Western Cape 2018100436 Western Cape 2018040002 North West 28.1 f - Torture or assault 28.1 f - Torture or assault 2018040391 Kwa Zulu Natal 28.1 f - Torture or assault 2019010336 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018080626 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018050222 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018090575 Western Cape 28.1 c - Discharge of an official firearm 2018040011 Kwa Zulu Natal 2018070520 Kwa Zulu Natal 2019010176 Limpopo 28.1 f - Torture or assault 28.1 b – Death as a result of police action 2016010404 Kwa Zulu Natal 28.1 b – Death as a result of police action 28.1 f - Torture or assault 28.1 f - Torture or assault 28.1 f - Torture or assault 111 P a g e Management report of Independent Police Investigative Directorate 2016080275 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2017080491 Kwa Zulu Natal 28.1 f - Torture or assault 2018040069 Western Cape 2018040524 Kwa Zulu Natal 2019030258 Northern Cape 2018060030 Kwa Zulu Natal 28.1 d - Rape by a police officer 33.3 – Failure to comply with section 29 2013050558 Western Cape 28.1 c - Discharge of an official firearm 2016010177 Kwa Zulu Natal 2016010404 Kwa Zulu Natal 2016080275 Kwa Zulu Natal 2016120383 Kwa Zulu Natal 2015060116 Kwa Zulu Natal 28.1 b – Death as a result of police action 28.1 h - Any other referred matter 2019010176 Limpopo 28.1 b – Death as a result of police action 28.1 d - Rape by a police officer 28.1 d - Rape by a police officer 28.1 e - Rape while in police custody 28.1 b – Death as a result of police action 28.1 c - Discharge of an official firearm General closure, no closure report attached: CCN Province 2019010336 Kwa Zulu Natal 2018070513 Kwa Zulu Natal Section 28.1 c - Discharge of an official firearm 28.1 f - Torture or assault 112 P a g e Management report of Independent Police Investigative Directorate 2018060263 Kwa Zulu Natal 28.1 f - Torture or assault 2016080040 Kwa Zulu Natal 28.1 g - Corruption matters within the police 2019030354 Kwa Zulu Natal 28.1 a – Death in police custody 2018070104 Free State 28.1 g - Corruption matters within the police 2018070452 Free State 28.1 g - Corruption matters within the police 2019030052 Free State 28.1 g - Corruption matters within the police Memorandums not attached: CCN Province Section 2018080304 Western Cape 28.1 f - Torture or assault 2018080647 Western Cape 28.1 f - Torture or assault 2018090313 Western Cape 28.1 f - Torture or assault 2018100159 Western Cape 28.1 f - Torture or assault 2018100436 Western Cape 28.1 f - Torture or assault 2018110190 Western Cape 28.1 f - Torture or assault 2018110195 Western Cape 28.1 f - Torture or assault 2018060263 Kwa Zulu Natal 28.1 f - Torture or assault 113 P a g e Management report of Independent Police Investigative Directorate 2017090267 Western Cape 28.1 f - Torture or assault 2016110269 KwaZulu-Natal 28(1)(g) 2019030120 Limpopo 28.1 g - Corruption matters within the police 2018050446 Kwa Zulu Natal 28.1 b – Death as a result of police action 2018070261 Western Cape 2018100490 Western Cape 2018040220 Western Cape 28.1 f - Torture or assault 28.1 b – Death as a result of police action 2018040291 Western Cape 28.1 b – Death as a result of police action 2018040346 Western Cape 28.1 b – Death as a result of police action 2019010232 Kwa Zulu Natal 28.1 b – Death as a result of police action 2019030258 Northern Cape 2018090121 North West 2018060602 Kwa Zulu Natal 2018050267 North West 28.1 d - Rape by a police officer 33.3 – Failure to comply with section 29 2018090012 Western Cape 33.3 – Failure to comply with section 29 2016010177 Western Cape 28.1 f - Torture or assault 28.1 d - Rape by a police officer 28.1 d - Rape by a police officer 28.1 e - Rape while in police custody 114 P a g e Management report of Independent Police Investigative Directorate 2017010007 Western Cape 2015060116 Kwa Zulu Natal 2018080666 Western Cape 28.1 e - Rape while in police custody 28.1 h - Any other referred matter 28.1 d - Rape by a police officer 2019010196 Western Cape 28.1 a – Death in police custody Post mortem reports not attached: CCN Province Section 2018090070 Kwa Zulu Natal 28.1 a – Death in police custody 2019030354 Kwa Zulu Natal 28.1 a – Death in police custody 2018040311 Limpopo 28.1 a – Death in police custody 2018040469 Limpopo 28.1 a – Death in police custody 2018050111 Limpopo 28.1 a – Death in police custody 2018060029 Kwa Zulu Natal 28.1 b – Death as a result of police action 2018070196 Limpopo 2018120376 Limpopo 28.1 b – Death as a result of police action 28.1 b – Death as a result of police action Impact 115 P a g e Management report of Independent Police Investigative Directorate Failure to comply with Standard operating procedures could result in the quality of the investigations being compromised Internal control deficiency Management did not implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support performance reporting. Recommendation • • Management should implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support performance reporting. Management should prepare accurate and complete performance reports that are supported and evidenced by reliable information. Management’s response Management’s response NORTHERN CAPE i. Ballistic Report not attached NO CCN PROVINCE SECTION RESPONSE 1 Northern Cape 28.1c- Discharge Justified shooting. Ballistic report is not the determining factor for DPP to make decision. Once the investigation is complete and shooting is justified, IPID management can send the report to DPP for decision. 2018040245 of an official firearm 116 P a g e Management report of Independent Police Investigative Directorate 2 2018050179 Northern Cape 28.1c- Discharge Justified Shooting. No need for Ballistic Report of an official firearm 3 2018060446 Northern Cape 28.1c- Discharge of an official Ballistic report attached Annexure C NB: Report was received after the case was finalised. firearm 4 2018080096 Northern Cape 28.1c- Discharge of an official Suspect unknown. General Closure Closure report attached Annexure D firearm 5 2018120375 Northern Cape 28.1c- Discharge of an official Ballistic report attached Annexure E NB: Report was received after the case was finalised. firearm ii. NO CCN 117 P a g e Permits to handle firearms not attached PROVINCE SECTION RESPONSE Management report of Independent Police Investigative Directorate 1 2018040245 Northern Cape 28.1c- Discharge SAPS 96 attached Annexure F of an official firearm 2 2018050179 Northern Cape 28.1c- Discharge SAPS 96 attached Annexure G of an official firearm 3 2018060446 Northern Cape 28.1c- Discharge Permit attached Annexure H of an official firearm 4 2018080096 Northern Cape 28.1c- Discharge Suspect Unknown. No need for permit of an official firearm 5 2018120375 Northern Cape 28.1c- Discharge of an official firearm 118 P a g e Permits attached Annexure I Management report of Independent Police Investigative Directorate iii. J88 form was not attached on the docket. Further inspected the checklist report and noted that the J88 report was completed and done NO CCN PROVINCE SECTION RESPONSE 1 2019030258 Northern Cape 28.1 d – Rape by a Rectified – The checklist was attached by mistake. J88 was not completed for the incident as the matter was reported two years after the alleged incident. (Minor who fell pregnant) police officer iv. Number of investigations of rape by police officer that are decision ready Recommendation report signed by the Director of Investigations was not attached. Further inspected the checklist report and noted that the recommendation report was completed and done NO CCN PROVINCE SECTION RESPONSE 1 2019030258 Northern Cape 28.1 d – Rape by a Rectified – The checklist was attached by mistake. The suspect was arrested and the Case Management System record it as decision ready. No recommendation report was required for DPP. The case is on the court roll. police officer Date: 2019/07/09 Management Response: WESTERN CAPE 119 P a g e Management report of Independent Police Investigative Directorate CCN 2018050181 We do not agree with the finding because at the time of the shooting no injuries were sustained by the complainant therefore it was not necessary for investigation purposes that the firearm must be taken for ballistics. Further there were no exhibits collected from the crime scene because the incident took place 19/12/2017 and the complaint was reported to IPID on the 10/01/2018. Attach copy of the docket. Annexure F attached 2018100662 we do not agree with the finding a copy of the ballistic report has been uploaded and docket update, attach is the copy of the ballistic report; Annexure G attached CCN 2018110199 we do not agree with this finding this case was a preliminary investigation and a ballistic report is not a requirement to conduct a preliminary investigation see preliminary report; Annexure H attached CCN 2019010425 we do not agree with this finding this case was a preliminary investigation and a ballistic report is not a requirement to conduct a preliminary investigation see preliminary report; Annexure I attached Management’s response: KWAZULU-NATAL In respect of the Ballistic Reports not being filed in the following cases: • CCN 2018040254 – Arrest occurred at the scene and therefore on registration on CMS the cases moves directly to Decision Ready even though investigations are not finalized, see Annexure T • CCN 2019010232 – Arrest occurred at the scene and therefore on registration on CMS the cases moves directly to Decision Ready even though investigations are not finalized’ see Annexure V. • CCN 2018060029 – Ballistic report has been filed see the CIR where the reference is made to the reports as per Annexure V. In response to the firearms not being filed in respect of CCN 2018050222; CCN 2018050721; CCN 2018080626 and CCN 2018090163 it is conceded that the reports were filed. The office had challenges in obtaining those permits from the SAPS. It must also be noted that despite the permit not being filed the SPP was able to made a decision on the case in particular CCN 2018050222, see Annexure H. In respect of the J88 not being filed in the dockets. • CCN 2018110199 is not a KZN case but is a Western Cape case. 120 P a g e Management report of Independent Police Investigative Directorate • • • • There were cases that were revisited and the J88 reports were filed in the dockets, see CCN 2018040391 (Annexure X) and CCN 2018040011 (Annexure AH). In response to CCN 2016010404, which was repeated twice, the case description states it’s a death as a result of police action therefore no J88 is to be expected. In respect of CCN 2018060030 and CCN 2015060116 the respective classifications of Section 33 and Section 28(1)(h), no J88 can be expected in these cases. In respect of the other cases mentioned there were no injuries or medical examination done and therefore no J88 would be expected. This like all other technical reports is determined by the merits of the case. In response to the following cases where there were no closure reports filed. • • • CCN 2019010336 – Case not closed off on CMS therefore the report is premature, see Annexure K. CCN 2018070513 – Case not closed off on CMS therefore the report is premature, see Annexure P CCN 2018060263 – Case not closed off on CMS therefore the report is premature, see Annexure W In respect of CCN 2016080040 report is attached as per Annexure AE. In response to CCN 2019030354; refer to page 21 paragraph 12 where this query is dealt with. In the section that deals with the memos that were not attached in the following cases: • • • • • CCN 2018060263 - Report attached see Annexure W CCN 2016110269 – Report attached see Annexure Y CCN 2018050446 - Report attached see Annexure B CCN 2019010232 -The suspects were arrested at the scene therefore no report was prepared. CCN 2018060602 – The suspects were arrested at the scene therefore no report was prepared In respect of the Post Mortems not being filed in the following cases: 121 P a g e Management report of Independent Police Investigative Directorate • • CCN 2018090070 and CCN 2019030354 it is accepted that there was no Post Mortems filed as these cases are death in custody cases where the IPID investigation’s focus was on whether the police were negligent in their care of the deceased whilst in custody. CCN 2019010232 – the CIR stipulates that the Post Mortem is filed see Annexure U Management’s response LIMPOPO Memorandums not attached No Ballistic report attached (2018040217-Limpopo) The case was withdrawn by the complainant before the completion of investigation that could have acquired the ballistic report. Once the complainant withdraws the case the investigation immediately stops (see annexure F/1 AND F/2). (2018070196 – Limpopo) The victim is a SAPS member who committed suicide using a state owned firearm. There was no need for further investigation since the member committed suicide. The case was referred to SAPS inquest investigation and completed under general (see annexure C/1, C/2 AND C/3). (2018120376 - Limpopo) This is a case where a suspect was immediately arrested and brought before court which made the case decision ready before all investigation could be completed (see annexure D/1 AND D/2). (2015120439- Limpopo) Ballistic report was attached as A10 (see annexure E/1 AND E/2) (2016070406-Limpopo) Ballistic report is in the file attached as A25 (annexure G/1 ANG G/2) 122 P a g e Management report of Independent Police Investigative Directorate No J88 attached (2019010176-Limpopo) There is no need for J88 because the matter falls under 28(1)(b) (annexure H/1 and H/2). No memo to NPA (2019030120 – Limpopo) The memo to the NPA is available and attached (see annexure I/, I/2 AND I/3). No post mortem report attached (2018040469-Limpopo) The post mortem report signed by the doctor is filed as per B4 and attached (annexure J). (2018050111-Limpopo) The post mortem report signed by the doctor is filed as per B4 and attached (annexure K). (2018040311-Limpopo) This is the case in which the victim was assaulted and killed by members of the community and the case was completed under General since it was referred to SAPS (annexure L). (2018070196-Limpopo) The victim is a SAPS member who committed suicide using a state owned firearm. There was no need for further investigation since the member committed suicide. The case was referred to SAPS inquest investigation and completed under general (see annexure C/1, C/2 AND C/3). (2018120376- Limpopo) The PM report is attached and has always been in the file (see annexure M) Date: 2019/07/09 123 P a g e Management report of Independent Police Investigative Directorate Date: Auditor’s conclusion. Supporting documents not received will remain as control deficiency findings i.Ballistic report not attached to file: CCN 2018040245 Province Northern Cape CONCLUSION Absence of ballistic report justified as full investigation was necessary 2018050179 Northern Cape 2018060446 Northern Cape Absence of ballistic report justified as full investigation was necessary Received 2018080096 Northern Cape Absence of ballistic report justified- general closure 2018120375 Northern Cape Received 2018050181 Western Cape Not received 2018100662 Western Cape Not received 2018110199 Western Cape Not received 2019010425 Western Cape Not received 2018040217 Limpopo Case withdrawn by the complainant therefore absence of ballistic report is justified 2018040254 Kwa Zulu Natal Immediate arrest 124 P a g e Management report of Independent Police Investigative Directorate 2018060029 Kwa Zulu Natal DPP memo received but no ballistic report 2019010232 Kwa Zulu Natal Immediate arrest 2018070196 Limpopo Committed suicide using a state owned firearm therefore the absence of ballistic report is justified 2018120376 Limpopo Immediate arrest Front cover of docket received which confirms court dates. 2015120439 Limpopo Received 2016070406 Limpopo Received ii.Permit to handle firearm not attached: CCN Conclusion Province 2018040245 Northern Cape Not received 2018050179 Northern Cape Not received 2018060446 Northern Cape Received 2018080096 Northern Cape Suspect was unknown therefore no need for permit 125 P a g e Management report of Independent Police Investigative Directorate 2018120375 Northern Cape Received 2018050100 North West Management agrees 2018050181 Western Cape Not received 2018080254 Western Cape Not received 2018090575 Western Cape Not received 2018100662 Western Cape Not received 2018110199 Western Cape Not received 2019010425 Western Cape Not received 2018050222 Kwa Zulu Natal Not received 2018050721 Kwa Zulu Natal Not received 2018080626 Kwa Zulu Natal Not received 2018090163 Kwa Zulu Natal Not received 2018050166 Province Western Cape Not received 2018110199 Kwa Zulu Natal This is a Western Cape case iii. J88 forms not attached: CCN 126 P a g e Conclusion Management report of Independent Police Investigative Directorate 2018040217 Case was withdrawn by the complainant therefore absence of J88 is Justified 2018070261 Polokwane Western Cape 2018100159 Western Cape 2018100436 Western Cape 2018040002 North West 2018040391 Kwa Zulu Natal Received 2019010336 Kwa Zulu Natal J88 not attached 2018080626 Kwa Zulu Natal 28.1 c - Discharge of an official firearm 2018050222 Kwa Zulu Natal 2018090575 Western Cape 2018040011 Kwa Zulu Natal 2018070520 Kwa Zulu Natal 2019010176 Limpopo 2016010404 Kwa Zulu Natal 2016080275 Kwa Zulu Natal 2017080491 Kwa Zulu Natal 2018040069 Western Cape Complainant refused to submit J88 Case was opened months later Case was opened months later 127 P a g e Management report of Independent Police Investigative Directorate 2018040524 Kwa Zulu Natal 2019030258 Northern Cape 2018060030 Kwa Zulu Natal 2013050558 Western Cape 2016010177 Kwa Zulu Natal 2016010404 Kwa Zulu Natal 2016080275 Kwa Zulu Natal 2016120383 Kwa Zulu Natal 2015060116 Kwa Zulu Natal 2019010176 Limpopo 41. Death in Police Custody - IPID 5(crime scene) not counter signed by SAPS member at the scene to Validate that IPID member attended the scene Audit finding SOP 8.7.11 Complete the applicable sections on the IPID crime scene form, with all the required crime scene information (This includes obtaining the signature of the SAPS member in charge at the scene) IPID 5(crime scene form) not counter signed by SAPS member at the scene to validate that IPID member attended the scene No. CCN 2018070534 1 128 P a g e Province Northern Cape Section 28.1 a – Death in police custody Date completed/decision ready 2018/09/28 Management report of Independent Police Investigative Directorate Impact This resulted in non-compliance with IPID’s SOP Internal control deficiency Financial and performance management Management did not ensure that they have sufficient monitoring controls to ensure adherence with the approved Standard Operating Procedures (SOP). Recommendation Management should ensure that they comply with the approved Standard Operating Procedures SOP) as approved by the Executive Director. Management’s response NORTHERN CAPE IPID 5 (crime scene) not counter signed by SAPS member at the scene to validate that IPID member attended the scene NO CCN PROVINCE SECTION RESPONSE 1 2018070534 Northern Cape 28. 1a- Death in Scene was cleared before IPID investigator arrived. Comments made on the Scene Form Evidence Attached Annexure L police Custody Date: 2019/07/09 129 P a g e Management report of Independent Police Investigative Directorate Auditor’s conclusion Finding will remain as a control deficiency finding 130 P a g e Management report of Independent Police Investigative Directorate 131 Page Management report of Independent Police Investigative Directorate Annexure D: Performance management and reporting framework The Performance Management and Reporting Framework (PMRF) consists of the following: • Legislation applicable to performance planning, management and reporting, which includes the following: o Public Finance Management Act, 1999 (Act No. 1 of 1999) (PFMA) o Treasury Regulations, 2005 issued in terms of the PFMA o National treasury practice note 4 of 2009-10 o Public Service Act, 1994 (PSA) o Public Service Regulations, 2016 issued in terms of the Public Service Act o Financial Management of Parliament and Provincial Legislatures Act, 2009 (Act No. 10 of 2009) (FMPPL) o Regulations for reporting by public higher education institutions, 2014, issued in terms of the Higher Education Act, 1997 (applicable to universities only). • The Framework for Managing Programme Performance Information (FMPPI), issued by the National Treasury. This framework is applicable to all spheres of government. • The Framework for Strategic Plans and Annual Performance Plans (FSAPP), issued by the National Treasury. This framework is applicable to all national and provincial departments, constitutional institutions and those public entities listed in parts A and C of schedule 3 of the PFMA. • Circulars and guidance issued by the National Treasury, Department of Public Service and Administration (DPSA) and supported by the Department of Planning Monitoring and Evaluation (DPME) regarding the planning, management, monitoring and reporting of performance against predetermined objectives. 132 P a g e Management report of Independent Police Investigative Directorate Annexure D – Criteria developed from the performance management and reporting framework CRITERIA REFERENCES TO THE PMRF PER TYPE OF ENTITY Departments / Universities Parliament / provincial constitutional Public entities legislatures institutions / trading entities Consistency: Objectives, performance measures / indicators and targets are consistent between planning and reporting documents 1. Reported strategic or development objectives are consistent or complete when compared to planned objectives Section 40(3)(a) of the PFMA NT Instruction Note 33: Implementation of the FSAPP TR 5.1.1 NT Instruction Note 33: Implementation of the FSAPP Sec 4 of FSAPP Sec 5(2)(k) & 7(4)(a)of the regulations for reporting by Public Higher Education Institutions Section 15(1) and (2)(b) of the FMPPLA Sec 5(2)(m) & 7(4)(a) of the regulations for reporting by Public Higher Education Institutions Applicable to 3A & 3C public entities: TR 30.1.3(g) NT Instruction Note 33: Implementation of the FSAPP Applicable to 2; 3B & 3D public entities: TR 29.1.1 & TR 29.2 Applicable to schedule 3A & 3C public entities: TR 30.1.1 NT Instruction Note 33: Implementation of the FSAPP Sec 4 of FSAPP Applicable to schedule 2, 3B & 3D public entities:TR 29.1.1 and TR 29.2 133 P a g e Section 55(3)(d) of the FMPPLA TR 5.2.4 Sec 25(1) and 31(1) of the PSR 2. Changes to strategic or development objectives are approved Section 55(2)(a) of the PFMA TR 28.2.2 Management report of Independent Police Investigative Directorate CRITERIA 3. Reported measures or indicators are consistent or complete when compared to planned measures or indicators REFERENCES TO THE PMRF PER TYPE OF ENTITY Departments / constitutional institutions / trading entities Section 40(3)(a) of the PFMA TR 5.2.4 NT Instruction Note 33: Implementation of the FSAPP Sec 25(1) of the PSR Public entities Section 55(2)(a) of the PFMA TR 28.2.2 Parliament / provincial legislatures Universities Section 55(3)(d) of the FMPPLA Sec 5(2)(k) & 7(4)(a) of the regulations for reporting by Public Higher Education Institutions Section 15(1) and (2)(b) of the FMPPLA Sec 5(2)(m) of the regulations for reporting by Public Higher Education Institutions Section 55(3)(d) of the FMPPLA Sec 5(2)(k) & 7(4)(a) of the regulations for reporting by Public Higher Education Institutions Applicable to 3A & 3C public entities: TR 30.1.3(g) NT Instruction Note 33: Implementation of the FSAPP Applicable to 2; 3B & 3D public entities: TR 29.1.1 & TR 29.2 4. Changes to measures or indicators are approved TR 5.1.1 NT Instruction Note 33: Implementation of the FSAPP Sec 4 of FSAPP Applicable to 3A & 3C public entities: TR 30.1.1 NT Instruction Note 33: Implementation of the FSAPP Sec 4 of FSAPP Applicable to 2; 3B & 3D public entities: TR 29.1.1 & TR 29.2 5. Reported targets are consistent or complete when compared to planned targets 134 P a g e Section 40(3)(a) of the PFMA TR 5.2.4 NT Instruction Note 33: Implementation of the FSAPP Section 55(2)(a) of the PFMA TR 28.2.2 Applicable to 3A & 3C public entities: TR 30.1.3(g) Management report of Independent Police Investigative Directorate CRITERIA REFERENCES TO THE PMRF PER TYPE OF ENTITY Departments / constitutional institutions / trading entities Sec 25(1) of the PSR 6. Changes to targets are approved TR 5.1.1 NT Instruction Note 33: Implementation of the FSAPP Sec 4 of FSAPP Public entities Parliament / provincial legislatures Universities Section 15(1) and (2)(b) of the FMPPLA Sec 5(2)(m) of the regulations for reporting by Public Higher Education Sec 55(3)(d) of the FMPPLA Sec 7(4)(a) of the regulations for reporting by Public Higher Education Institutions Applicable to 2; 3B & 3D public entities: TR 29.1.1 & TR 29.2 Applicable to 3A & 3C public entities: TR 30.1.1 NT Instruction Note 33: Implementation of the FSAPP Sec 4 of FSAPP Applicable to 2; 3B & 3D public entities: TR 29.1.1 & TR 29.2 7. Reported achievements are consistent with the planned and reported indicator and target Sec 40(3)(a) of the PFMA Sec 55(2)(a) of the PFMA Measurability: Performance measures / indicators are well defined and verifiable, and targets are specific, measurable and time bound 8. A performance measure or indicator is well defined when it has a clear definition so that data will 135 P a g e FMPPI Chapter 3.2 Criteria not applicable Sec 1(d) of the regulations for reporting by Public Higher Education Institutions Management report of Independent Police Investigative Directorate CRITERIA REFERENCES TO THE PMRF PER TYPE OF ENTITY Departments / constitutional institutions / trading entities Public entities Parliament / provincial legislatures Universities be collected consistently and is easy to understand and use 9. A performance measure / FMPPI Chapter 3.2 Criteria not applicable indicator is verifiable when it is possible to validate or verify the processes and systems that produce the indicator 10. A target is specific when FMPPI Chapter 3.3 Criteria not applicable the nature and the required level of performance of the target are clearly identifiable 11. A target is measurable FMPPI Chapter 3.3 Criteria not applicable when the required performance can be measured 12. A target is time bound FMPPI Chapter 3.3 Criteria not applicable when the time frames for the achievement of the target are indicated Relevance: Performance measures / indicators relate logically and directly to an aspect of the entity’s mandate and the realisation of its strategic goals and objectives 13. The performance FMPPI Chapter 3.2 Criteria not applicable measure / indicator and target relate logically and directly to an aspect of 136 P a g e Sec 1(a) of the regulations for reporting by Public Higher Education Institutions Sec 1(b) of the regulations for reporting by Public Higher Education Institutions Sec 1(c) of the regulations for reporting by Public Higher Education Institutions Sec 1(e) of the regulations for reporting by Public Higher Education Institutions Management report of Independent Police Investigative Directorate CRITERIA REFERENCES TO THE PMRF PER TYPE OF ENTITY Departments / constitutional institutions / trading entities Public entities Parliament / provincial legislatures the entity’s mandate and the realisation of its strategic goals and objectives Presentation and disclosure: Performance information in the annual performance report is presented and disclosed in accordance with the requirements contained in legislation, frameworks, circulars and guidance 14. Reasons for variances The NT’s annual report guide Applicable to schedule 3A & Criteria not applicable between planned and 3C public entities: for national and provincial actual performance are departments The NT’s annual report guide disclosed in the annual for schedule 3A and 3C public performance report. Sec 31(1) of the PSR entities 15. Reasons for variances are corroborated by source documentation The NT’s annual report guide for national and provincial Applicable to schedule 3A & 3C public entities: departments The NT’s annual report guide FMPPI chapter 5 Criteria not applicable for schedule 3A and 3C public entities FMPPI chapter 5 16. Changes to objectives, performance indicators and performance targets are disclosed in the annual performance report 137 P a g e NT annual report guide for national and provincial departments Sec 31(1) of the PSR Applicable to 3A & 3C public entities: NT annual report guide for schedule 3A and 3C public entities Criteria not applicable Universities Management report of Independent Police Investigative Directorate CRITERIA REFERENCES TO THE PMRF PER TYPE OF ENTITY Departments / Parliament / provincial constitutional Public entities legislatures institutions / trading entities Reliability: Recording, measuring, collating, preparing and presenting information on actual performance / target achievements that is valid, accurate and complete 1. Reported performance occurred and pertains to the reporting entity 2. Reported performance is recorded and reported accurately 3. All actual performance is recorded and included in the reported performance information 138 P a g e Section 40(3)(a) of the PFMA Chapter 5 of the FMPPI Sec 25(1)(e) of the PSR Section 55(2)(a) of the PFMA Chapter 5 of the FMPPI Section 55 of the FMPPLA Universities Section 7 of the regulations for reporting by Public Higher Education Institutions Management report of Independent Police Investigative Directorate Annexure E: Auditor general’s responsibility for the audit of the reported performance information 1. As part of our engagement conducted in accordance with ISAE 3000, we exercise professional judgement and maintain professional scepticism throughout our reasonable assurance engagement on reported performance information for selected programmes. 2. We are independent of the department in accordance with the International Ethics Standards Board for Accountants’ Code of ethics for professional accountants (IESBA code) together with the ethical requirements that are relevant to our audit in South Africa. We have fulfilled our other ethical responsibilities in accordance with these requirements and the IESBA code. QUALITY CONTROL RELATING TO ASSURANCE ENGAGEMENTS 3. In accordance with the International Standard on Quality Control 1, the Auditor-General of South Africa maintains a comprehensive system of quality control that includes documented policies and procedures on compliance with ethical requirements and professional standards. REPORTED PERFORMANCE INFORMATION 4. In addition to our responsibility for the assurance engagement on reported performance information as described in the auditor’s report, we also: • identify and assess risks of material misstatement of the reported performance information, whether due to fraud or error, design and perform audit procedures responsive to those risks, and obtain audit evidence that is sufficient and appropriate to provide a basis for our opinion. In making those risk assessments, we consider internal control relevant to the management and reporting of performance information per selected [programme/ objective] in order to design audit procedures that are appropriate in the circumstances, but not for the purpose of expressing an opinion on the effectiveness of the department’s internal control. • evaluate the documentation maintained by the department that supports the generation, collation, aggregation, monitoring and reporting of performance indicators/measures and their related targets for the selected programmes. • evaluate and test the usefulness of planned and reported performance information, including presentation in the annual performance report, its consistency with the approved performance planning documents of the department and whether the indicators and related targets were measurable and relevant. • evaluate and test the reliability of information on performance achievement to determine whether it is valid, accurate and complete. COMMUNICATION WITH THOSE CHARGED WITH GOVERNANCE 5. We communicate with the accounting officer regarding, among other matters, the planned scope and timing of the audit and significant audit findings, including any significant deficiencies in internal control that we identify during our audit. 139 P a g e Management report of Independent Police Investigative Directorate We also confirm to the accounting officer that we have complied with relevant ethical requirements regarding independence, and communicate all relationships and other matters that may reasonably be thought to bear on our independence and, where applicable, related safeguards. 140 P a g e Management report of Independent Police Investigative Directorate Annexure F: Assessment of internal controls Below is our assessment of implementing the drivers of internal control based on significant deficiencies identified during our audit of the financial statements, the annual performance report and compliance with legislation. Significant deficiencies occur when internal controls do not exist, are not appropriately designed to address the risk, or are not implemented. These either had caused, or could cause, the financial statements or the annual performance report to be materially misstated, and material instances of non-compliance with legislation to occur. The internal controls were assessed as follows: The required preventative or detective controls were in place. Progress was made on implementing preventative or detective controls, but improvement is still required, or actions taken were not or have not been sustainable. Internal controls were either not in place, were not properly designed, were not implemented or were not operating effectively. Intervention is required to design and/or implement appropriate controls. The movement in the status of the drivers from the previous year-end to the current year-end is indicated collectively for each of the three audit dimensions under the three fundamentals of internal control. The movement is assessed as follows: Improved Unchanged Regressed Financial statements Performance reporting Compliance with legislation Current Prior year Current Prior year Current Prior year year year year Leadership Overall movement from previous assessment • Provide effective leadership based on a culture of honesty, ethical business practices and good governance, and protecting and enhancing the best interests of the entity • Exercise oversight responsibility regarding financial and performance reporting and compliance as well as related internal controls • Implement effective human resource management to ensure that adequate and 141 P a g e Management report of Independent Police Investigative Directorate Financial statements Performance reporting Compliance with legislation Current Prior year Current Prior year Current Prior year year year year sufficiently skilled resources are in place and that performance is monitored • Establish and communicate policies and procedures to enable and support the understanding and execution of internal control objectives, processes and responsibilities • Develop and monitor the implementation of action plans to address internal control deficiencies • Establish and implement an information technology governance framework that supports and enables the business, delivers value and improves performance Financial and performance management Overall movement from previous assessment • Implement proper record keeping in a timely manner to ensure that complete, relevant and accurate information is accessible and available to support financial and performance reporting • Implement controls over daily and monthly processing and reconciling transactions • Prepare regular, accurate and complete financial and performance reports that are supported and evidenced by reliable information • Review and monitor compliance with applicable legislation • Design and implement formal controls over information technology systems to ensure the reliability of the systems and the availability, accuracy and protection of information relating to user access management , program change control and IT service continuity. Governance Overall movement from previous assessment • Implement appropriate risk management activities to ensure that regular risk assessments, including the consideration of information technology risks and fraud prevention, are conducted and that a risk 142 P a g e N/A N/A Management report of Independent Police Investigative Directorate Financial statements Performance reporting Compliance with legislation Current Prior year Current Prior year Current Prior year year year year strategy to address the risks is developed and monitored • Ensure that there is an adequately resourced and functioning internal audit unit that identifies internal control deficiencies and recommends corrective action effectively • Ensure that the audit committee promotes accountability and service delivery through evaluating and monitoring responses to risks and overseeing the effectiveness of the internal control environment, including financial and performance reporting and compliance with legislation 143 P a g e