Acts Online
GT Shield

Public Finance Management Act, 1999 (Act No. 1 of 1999)

Understanding and Using this Act

Normative Measures For Financial Management

Annexure B: User manual for Application of Normative Measures

A. Management Arrangements

 

Reference

Remarks

A1.1

In terms of section 12(2) of the Public Service Act, 1994 an employment contract should be concluded between an executive authority and a head of department on appointment. The employment contract provides for an annual performance agreement linked to a specific financial year. The annual performance agreement concluded between the executive authority and the departmental head must state clear performance areas/criteria/deliverables. In terms of section 36(5) of the PFMA the provisions of section 38 to 42 of the PFMA, as may be appropriate, must be regarded as forming part of the employment contract.

A1.2

The Treasury Regulations have given regard to international best practice in both the public and private sectors in recognising that the head of any department should, in fulfilling his/her financial management responsibilities (sec 38 - 40 of the PFMA), have the support of a strong and professional finance unit. The requirement for each accounting officer to appoint a CFO is intended to provide that support. The CFO's functions span the provision of advisory and operational services across the full range of financial management responsibilities of the accounting officer, from the preparation of strategic plans, to the provision of regular internal management reports to risk management, to other internal controls and external financial reporting.

A1.3

In terms of Resolution No. 13 of 1998 of the Public Service Coordinating Bargaining Council (PSCBC) senior managers must enter into a performance agreement on an annual basis. Performance management aims to enhance organisational efficiency and effectiveness, accountability for the use of resources and the achievements of results. Performance management processes must link to broad and consistent plans for staff development and align with the department’s strategic goals.

A1.4

In terms of Treasury Regulation 2.1.1 the CFO must be part of the senior management structure. It is important that the CFO support the accounting officer and other senior managers of the department through the provision of timely and accurate financial and other operational information necessary for strategic decision-making and for assessing the performance of the department.

A1.5

At the level of branches within the department, strategic plans should form the basis for identifying strategies necessary to achieve broader departmental objectives as set out in the departmental strategic plan. They should also form the basis for allocating responsibilities within the branch through operational plans for the directorates, etc. responsible for the delivery of specific outputs and thus for performance agreements.

A1.6

The CFO must be given the appropriate infrastructure and staff to minimise number crunching, allowing him of her sufficient opportunity to provide analysis, interpretation and appraisals that assist and improve decision-making in the department. In smaller departments the financial accountant and management accountant can be the same person.

A1.7

A1.8

A1.9

These measures address the pro-active manner by which a department:

retains staff;
recruits qualified/experienced staff; and
develops staff to become qualified/experienced.

The PFMA represents a fundamental change in Government's approach to the handling of public finances, as it shifts the emphasis away from a highly centralised system of expenditure control by the treasuries. It holds the heads of departments accountable for the use of resources to deliver services to communities. It will also change the accounting base from cash to accruals. These substantial changes will require finance staff to undergo significant training.

A1.10

In terms of PSR, Chapter 1, Part III.I, departments must establish job descriptions for each post or group of posts, with appropriate emphasis on service delivery –

a. the main objectives of the post or posts;
b. the inherent requirements of the job; and
c. the requirements for promotion or progression to the next salary range, in accordance with a relevant career path.

The job descriptions must be reviewed at least once every three years and, where necessary, be redefined to ensure that they remain appropriate and accurate.

A1.11

While the erstwhile Treasury Instructions contained a considerable number of prescripts and guidelines, the new Treasury Regulations only serve as a broad framework within which accounting officers can formulate procedures and processes that best serve the circumstances of their departments. Process and procedure manuals are essential for good corporate governance as it ensures that knowledge is available in hard/electronic format for other staff to access. This lessens the dependability on key individuals in finance components.

A1.12

The successful implementation of the PFMA is not only the responsibility of the accounting officer, CFO and the financial component. Without the support and commitment of line managers, the chances of success are slim. It is therefore imperative that all personnel be empowered through training to be able to fulfil their generic financial responsibilities effectively. The areas that should be addressed include:

the financial duties and responsibilities of line managers (sec 45 of PFMA);
the financial support (e.g. cost benefit analysis) that can be given by the CFO;
strategic planning and output formulation;
performance management; and
in-year management, monitoring and reporting.

A1.13

Departments must manage performance in a consultative, supportive and non-discriminatory manner in order to enhance organisational efficiency and effectiveness, accountability for the use of resources and the achievement of results. Performance management processes must be linked to broad and consistent plans for staff development and aligned with the department's strategic goals. The primary orientation of performance management shall be developmental but shall allow for effective response to consistent inadequate performance and for recognising outstanding performance.

A1.14

The Code of Conduct should act as a guideline to employees as to what is expected of them from an ethical point of view, both in their individual conduct and in their relationship with others. Compliance with the code can be expected to enhance professionalism and help to ensure confidence in the public service. Heads of departments, by virtue of their responsibility in terms of section 7(3)(b) of the Public Service Act, are under a duty to ensure that the conduct of their employees conforms to the basic values and principles governing public administration. Heads of departments should also ensure that their staff are acquainted with these measures and that they accept and abide by them.

A1.15

The executive authority of a department must ensure that any public entities controlled by the department are listed in the appropriate schedule to the PFMA. In most cases, the executive authority is in the position of a shareholder and has an armslength relationship with the public entity. The fiduciary responsibility will lie with the Board, which is accountable to the executive authority via the head of department. The executive authority must ensure that public entities comply with the timescales for submitting corporate/strategic plans, budgets, shareholders compacts and quarterly reports regarding performance.

A1.16

A trading entity is regarded as an entity operating within the administration of a department. The accounting officer of the department operating a trading entity must ensure that the head of a trading entity complies with the PFMA and Treasury Regulations. In terms of TR 19.3 the accounting officer must formulate a policy and reporting framework for the head of the trading entity.

A1.17

An officer is likely to be severely hampered in fulfilling his/her responsibilities unless appropriately empowered to do what is necessary for those purposes. Delegations should ideally be in writing in order to have the desired legal effect. Furthermore, the person delegating or sub-delegating a power does not, by that action, divest him/her self of the responsibility for the exercise of that power or the performance of an assigned duty in terms of section 44 of the PFMA. It is thus incumbent on the delegator to ensure that adequate systems and processes are in place to document, monitor and review the exercise of those powers or assigned duties.

A1.18

In terms of the Public Service Regulations, Chapter 1, Part II B, the executive authority must provide the head of a department with appropriate powers and authority to enable him/her to manage his or her department effectively and efficiently. For the same reason, a head of department must empower employees in the department by means of appropriate delegations and authorisations, where necessary.

A2.1

Risk management can be defined as the identification and evaluation of actual and potential risk areas, as they pertain to the department as a total entity, followed by a process of either termination, transfer, acceptance (tolerance) or mitigation through a system of appropriate internal controls. This risk management process entails the planning, arranging and controlling of activities and resources to minimise the impacts of all risks. The accounting officer is responsible for the total process of risk management, as well as forming his/her own opinion on the effectiveness of the process. Management, especially the CFO, is accountable to the accounting officer for designing, implementing and integrating it into the day to day activities of the department.

A2.2

The risk management processes/systems should be based on a recognised model such as COSA (USA), Turnbull (UK), COCO (Canada), etc. The COSA model (also incorporated in Turnbull) highlights the following five aspects of control :

control environment;
risk assessment;
control activities;
information and communication; and
monitoring.

These should assist the organisation in maintaining a sound system of risk management and internal control. The objectives are to :

facilitate the department's effective and efficient operations;
safeguard the organisation's assets and investments;
support the organisation's objectives and sustainability (under normal as well as under adverse operating conditions); and
behave responsible towards all stakeholders having a legitimate interest in the department.

A2.3

The accounting officer is responsible for ensuring that a formal risk assessment is undertaken at least annually for the purpose of making a public statement (annual report) on risk management. The performance of a formal risk assessment must be designed to identify and evaluate the :

nature of the major risks;
extent/impact of major risks;
likelihood of major risks materialising; and
the department's ability to reduce the incidence and impacts of major risks that do materialise.

The risk assessment should address, both internal and external, physical, financial, operational and compliance risks to which the organisation is exposed.

A2.4

Identification of strategies and control activities to respond to and mitigate identified major risks is important. Consideration should be given to :

the effectiveness of strategies and existing control activities to appropriately mitigate the incidence and impact of major risks materialising;
the cost of controls relative to the benefit obtained in managing the related risks;
actions required by management to improve the efficiency and effectiveness of control activities; and
responsibility and accountability for strategies and control activities and required improvements.

Strategies and control activities should include, amongst others, written and approved :

vision, mission and values;
code of conduct – demonstrating a commitment to competence, integrity and trust;
policies and procedures for all key aspects – finance and accounting, operations and compliance with legal and regulatory requirements; and
delegation of authority, responsibility and accountability.

The considerations and evaluation of strategies/control activities should also be used to :

determined the skills required to manage risks; and
to direct internal audit effort and priority.

A2.5

Effective, continuous monitoring is an essential part of the risk management process. As the accounting officer cannot rely solely on the embedded monitoring processes within the department to discharge his/her responsibilities, he/she should at appropriately considered intervals receive and review reports on whether strategies and control activities implemented are adequate and appropriate.

A2.6

In terms of Treasury Regulation 3.2.1 the accounting officer must facilitate a risk assessment to determine the material risks to which the department may be exposed and to evaluate the strategy for managing the risks. Such a strategy must include a fraud prevention plan.

A3.1

Internal controls are the systems (whether manual, electronic or otherwise), procedures and processes that an accounting officer must have in place to minimise the financial risk to which the department might otherwise be exposed, whether as a result of fraud, negligence, inadvertence, error or any other cause. The absolute avoidance of risk through internal control measures is a virtual impossibility or, typically, could only be achieved at high cost, possibly higher than the cost of the risks they seek to avoid. Thus like most investments, investments in internal control measures must themselves be put to the test of benefit/cost assessment before being implemented. Internal control measures should have regard to the control environments, including :

the governance structures and functions of the department;
management's philosophy towards risks and its style of operation;
the department's method of assigning authority and responsibility;
the nature and extent of the risks involved;
systems for controlling expenditure;
the control systems in place, including internal audit, personnel policies and procedures, segregation of duties, access to computer based systems, physical protection of cash and securities; and
the management information system.

A3.2

A3.3

A3.4

Transactions and significant events are to be authorised and executed only by persons acting within the scope of their authority. Authorisation is the principal means of ensuring that only valid transactions and events are initiated as intended by management. Authorisation, which should be documented and clearly communicated to managers and employees, should include the specific conditions and terms (including levels of authority) under which authorisations are to be made.

 

Key duties and responsibilities in authorising, processing, recording and reconciling transactions and events should be separated amongst individuals. To reduce the risk or error, waste, or wrongful acts and the risk of not detecting such problems, no one individual or section should control all key stages of a transaction or event. Duties and responsibilities should rather be assigned systematically to a number of individuals to ensure that effective checks and balances exist. Key duties include authorising and recording transactions, issuing and receiving assets, making payments and reconciling or auditing transactions.

A3.5

The external audit process normally entails a pre-engagement, planning, fieldwork and reporting stage. Audit issues are discussed with the first level of management during the first three phases of the audit as they come up. If not resolved immediately or if it raises an issue needing further clarification or evidence, a written audit query is raised. This should be early enough in the audit to allow 30 days (a month) for resolving it, and there should be an agreed contact person at the department who receives, records, disseminates and follows up the query. As the audit comes closer to the finalisation stage (reporting phase), the response time should be shorter as management need to focus on the PFMA timescale period between 31 May and 31 July during which these matters should receive priority treatment. When the query is not resolved or if further clarification or evidence is needed, a management letter is issued to an appropriately senior level of management, preferably at least the CFO. The interim letter is intended to enable corrective action and to comply with auditing standards which require concerns over internal control to be communicated timeously to the appropriate level of management. Here the period is shorter because, due to audit discussions and audit queries, the matter should already be receiving attention. The final management letter is a step in the audit that is at a formal level and for which there are specific timescales which are tracked inside the Office of the Auditor-General to ensure that the audit is finalised on time. More than 14 days (two weeks) can also not be allowed for this purpose because these issues should be material issues that are of concern for both the auditors and senior management and which, failing the resolving thereof, could result in a modification of the audit report which in turn could affect the performance agreement of the accounting officer. A proper register of queries and management letters needs to be maintained which records, with signatures, the dates of receipt and response.

A4.1

The objective of internal auditing is to assist the accounting officer in the effective discharge of his/her duties and responsibilities. To this end, internal auditing furnishes the accounting officer with analyses, appraisals, recommendations and information concerning the activities reviewed. Although the internal audit function must have an independent status within the department, the internal audit unit must interact with and compliment other divisions within the department to provide the growth of the department. In particular the internal audit unit must :

co-ordinate all reviews, evaluations and/or investigation of activities within the department;
liaise with the external auditors and ensure that the audit programmes are complementary;
act as secretary for the audit committee; and
comply with standards, codes of conduct and ethics that are promulgated from time to time by the relevant professional bodies.

A4.2

Heads of internal audit are. amongst other, responsible for :

providing periodic management assurance that appropriate risk management and risk avoidance techniques including internal control are used within the department;
providing awareness and training where appropriate; and
supporting the accounting officer and senior management regarding their duties and responsibilities.

The individual who occupies this post must have qualifications such as B Com (Honours), CIA/CA/ACIS preferably with MBA/MBL. The incumbent should be able to :

provide strategic direction for the audit department;
develop and manage a formalised risk-based three year strategic plan;
develop and manage an annual plan; and
certify that all audits are properly planned and executed.

A4.3

Internal audit should report to a level within the department that allows it to accomplish its responsibilities. The head of internal audit must report directly to the accounting officer. He should also have ready and regular access to the chairperson of the audit committee.

A4.4

The purpose, authority and responsibility of the internal audit unit should be formally defined in an audit charter and be consistent with the Institute of Internal Auditors (IIA) definition of internal auditing. Internal audits must be conducted in accordance with the standards set by the institute of Internal Auditors (IIA). The internal audit unit must prepare, in consultation with and for approval by the audit committee :

a rolling three year strategic internal audit plan based on its assessment of key areas of risk for the department, having regard to its current operations, those proposed in its strategic plan and its risk management strategy;
an annual internal audit plan for the first year of the rolling three year strategic internal audit plan; and
plans indicating the proposed scope of each audit in the annual internal audit plan.

A4.5

The total process of risk management, which includes a strategy to manage the risks, is the responsibility of the accounting officer and senior management. The internal audit function should assist management in evaluating and assessing significant departmental risks, and by providing assurance as to the effectiveness of related internal controls.

A4.6

A4.7

A4.8

An important role of the audit committee is to monitor and supervise the effectiveness of the internal audit unit. This will include :

evaluating the performance of internal audit;
reviewing the internal audit function's compliance with its mandate as approved by the committee;
considering the appointment, dismissal or re-assignment of the head of the internal audit function;
reviewing the activities and the operations of the internal audit function, against the approved annual plan;
assessing the adequacy of the internal audit function and the adequacy of available internal audit resources; and
evaluating the independence and effectiveness of the internal auditors.

The external auditor or any other independent external party should conduct a quality control review of the activities of the internal audit component at regular intervals (at least every 5 years).

A4.9

In terms of Treasury Regulation 3.2.8 the internal audit unit must assess the operational procedures and monitoring mechanisms over all transfers made and received, including transfers in terms of the annual Division of Revenue Act.

A5.1

An audit committee can assist the accounting officer in discharging his/her accountability responsibilities relating to the safeguarding of assets, the operation of adequate systems and control processes, maintenance of an effective system of internal audit and the preparation of accurate financial reports and statements in compliance with all applicable legal requirements and accounting standards. The audit committee should be large enough to represent a balance of views and experience, yet be small enough to operate efficiently. Other qualifications/attributes of audit committee members include:

integrity;
understanding of the organisation, its services, risks and controls;
independent judgement; and
dedication and commitment.

The CFO, head of internal audit and external auditor are not formal members of the audit committee but attend meetings on invitation.

A5.2

The audit committee should have written terms of reference, by the accounting officer, which clearly sets out its :

role, purpose and objectives;
membership, composition and qualifications;
authority and rights;
responsibilities and duties; and
reporting lines and independence.

The audit committee's terms of reference may be supported by detailed policies and operating procedures – including formats and frequency of meetings (for a model terms of reference see King Report on Corporate Governance for South Africa, 2002)

A5.3

The audit committee and the external auditors should develop a direct, strong and candid relationship. Lines of communication and reporting should facilitate independence from management and encourage the external auditors to speak freely, regularly and on a confidential basis with the audit committee. The audit committee should have a formal discussion with the external auditors at least once a year, without the accounting officer being present, to ensure that there are no unresolved issues of concern.

A5.4

The audit committee must report and make recommendations to the accounting officer, but the accounting officer retains responsibility for implementing such recommendations. The Committee may, however, communicate any concerns it deems necessary to the executive authority, the relevant treasury and/or the external auditor.

A5.5

The audit committee's activities and effectiveness should be assessed periodically and reviewed by the accounting officer. Membership of the audit committee should be disclosed in the annual report and the chairperson of the committee should be available to answer questions about its work at management meetings. Departments should disclose, in their annual reports, whether or not the audit committee has adopted a formal terms of reference and, if so, whether or not the committee satisfied its responsibilities for the year in compliance with its terms of reference.

A5.6

The audit committee should be advisory and not executive and will probably meet quarterly (section 77 of the PFMA determines that the audit committee must meet at least twice a year). The audit committee should not perform any management functions or assume any managerial responsibilities, as this would prejudice objectivity.

A5.7

The audit committee should review the following :

The functioning of the internal audit component;
the functioning of the internal control system;
the risk areas of the department's operations to be covered in the internal and external audits;
the reliability and accuracy of the financial information provided to management and other users of financial information;
any accounting or auditing concerns identified as a result of the internal or external audits; and
the department's compliance with legal and regulatory provisions, its code of conduct, by laws and the rules established by management.

The duties of the audit committee include reviewing the scope and results of the external audit and its cost effectiveness, as well as the independence and objectivity of the external auditors. The audit committee should confirm the internal audit unit's charter and the internal audit plan.

A5.8

In terms of Treasury Regulation 3.1.10 an audit committee must, in the annual report of the department, comment on :

the effectiveness of internal control;
the quality of in-year management and monthly reports submitted in terms of the PFMA and the annual Division of Revenue Act; and
its evaluation of the annual financial statements.