ANNUAL REPORT 2012 - University of South Africa

More documents

Recommendations

Info

UNISA ANNUAL REPORT 2012 On a more positive note, an ethical culture has been gradually infused into the university’s fibre throughout 2012 with activities such as n the establishment of an Ethics Office with an ethics helpline n the introduction of Mizzity Hics (Ms ET Hics) through the use of industrial theatre, who has become the Unisa ethics champion and mascot n second weekly ethics snippets from Mizzity n ethical communication via the Vice-Chancellor’s weekly blog In my life I have learned … n a discussion on Unisa Radio n an ethics awareness campaign n posters and banners containing the ethics helpline and ethics hotline numbers strategically placed throughout all the campuses n maintenance and response to the ethics helpline (an internal assisting line) and ethics hotline (an externally hosted anonymous reporting line). Information systems utilising modern information technology are mostly in use in the university with some exceptions where manual systems still exist. Although some information systems have been developed and implemented according to defined and documented standards to achieve efficiency, effectiveness, reliability and security, a number of these systems do not meet these requirements and are in the process of being revised. The governance of information communication and technology is receiving focused attention. Accepted standards are not yet applied in all respects to protect privacy and ensure control over all data, including disaster recovery and “back-up” procedures. The university has embarked on a process of ensuring that these standards are met and the implementation of a disaster recovery model and plan is a strategic imperative for 2013. Password controls are maintained with users required to change passwords on a monthly basis. Although there are regular reviews (monthly) to ensure that there are no clashes in user access rights and that the basic internal control concept of division of duties is maintained, the possibility of clashes may still have occurred in 2012. Unfortunately the manual controls to ensure that these clashes are mitigated are reactive and not proactive in nature. With the revision of systems, the control aspects of user access rights are also on the agenda for improvement. Systems are designed to promote ease of access for all users, but the systems are not sufficiently integrated to minimise duplication of effort and to ensure minimum manual intervention and reconciliation procedures. The development, maintenance and operation of all systems are mostly under the control of competently trained staff, although the ICT Department continues to be confronted with skills and capacity constraints (which appear to be a broader concern at national level). In utilising electronic technology to conduct transactions with staff and with third parties, control aspects are considered and procedures are in most instances designed and implemented to minimise the risk of fraud and error. Although corrective actions are taken to rectify control deficiencies and other opportunities for improving systems when identified, the actions are sometimes delayed or do not sufficiently address the root causes. The Council, operating through its Audit and Enterprise Risk Management Committee, provides oversight of the financial reporting process and holds management accountable and responsible for resolving weaknesses in internal controls or delayed action taken by management. Management holds line management accountable and responsible through the functioning of the Management Committee and the Risk, Ethics and Controls Committee, which is a subcommittee of the Management Committee. The findings and recommendations of both the internal audit and external audit reports are followed up by the Directorate of Compliance. (The directorate was established in the latter half of 2011 and was partially populated by the end of 2012. Its specific role includes assurance to management that there is compliance with internal and external audit recommendations, laws, regulations, policies and procedures.) The directorate has already developed a compliance risk universe and all recommendations from audit reports and assessments of internal controls are captured and tracked to monitor improvement. Unisa conducted a review of its risk assessment document and process. It also finalised its critical self-review of compliance with the King III requirements and identified areas where further improvements are required. As one of the major outcomes in this review, the governance of stakeholder relationships was identified as an area for improvement. There are inherent limitations to the effectiveness of any system of internal control, including the possibility of human errors and the circumvention of overriding controls. Accordingly, even an effective internal control system can provide only reasonable assurance with regard to financial statement preparation and the safeguarding of assets. Furthermore, the effectiveness of an internal control system can change according to circumstances. The university’s Internal Audit Department developed a three-year rolling internal audit coverage plan to examine the systems, procedures and controls in those areas considered as high risk. The internal audit coverage plan was approved by the AERMC of Council. Internal auditors monitor the operation of internal control systems and report findings and recommendations to management and the Council. The Internal Audit Department currently has a partial conformance status with The Institute of Internal Auditors and complies mostly with the requirements as specified by the King III report. The department has sufficient organisational stature to fulfil its duties independently and objectively. It conducts continuous assessment of the systems of internal control. From the Internal Audit Department’s assessment of the system of internal controls in the university in 2012, it has improved and has pockets of excellence, but there is still some significant improvement required. Through internal audit reviews, compliance is often seen to be the cause for an internal control having failed. The impact of the non-compliance is inefficiencies (processes have to be repeated), uneconomical use of resources (money and time are wasted) and ineffectiveness (the university’s objectives are not met and a quality service is not delivered). Occasionally there is an absence of a guiding approved policy or procedure document, the impact of this being non-standardised activities and varying service levels. The critical control of a division of duties (manually or electronically) also surfaces which provides an opportunity for circumventing internal controls. The new Department of Compliance should ameliorate the identified concern through its evaluation and monitoring processes. 28
UNISA ANNUAL REPORT 2012 In 2012 the risk areas identified by the Internal Audit Department where controls were assessed as not being entirely adequate and/or effective were the following centres, institutes and bureaux, Despatch, Finance, Information Communication and Technology, Occupational Health and Safety, Print Production, Procurement, University Estates and Assessment Practices, with the latter being assessed by the Internal Audit team as the most impactful threat for the university as it pertains primarily to the fraudulent distribution of examination papers and questions the integrity of the assessment processes and Unisa qualifications. Noting the dire reputational risk, management has taken concerted steps to address this threat and the AERMC of Council has stipulated a requirement that the risk be contained as an institutional priority. During interim and statutory yearend audit processes, the appointed external auditors of the university also issue management letters documenting their assessment of the systems of internal control in the university. There is also liaison between internal and external audit to ensure maximum audit coverage and, as far as possible, no duplication of effort. Unisa assessed its internal control systems as at 31 December 2012 in relation to the criteria for effective internal control over financial reporting. It believes that its systems of internal control over its operational environment, information reporting and safeguarding of assets against the unauthorised acquisition, use or disposal of assets met most of the stipulated criteria. The AERMC of Council reviewed the report on internal administrative/ operational structures in the year under review at its meeting of 3 June 2013. The documentation for approval by the Committee was circulated with the meeting agenda in advance with due notice. 29
Page 1: ANNUAL REPORT 2012
Page 4 and 5: 2 UNISA ANNUAL REPORT 2012
Page 8 and 9: UNISA ANNUAL REPORT 2012 WE COMMIT
Page 10 and 11: UNISA ANNUAL REPORT 2012 Executive
Page 12 and 13: UNISA ANNUAL REPORT 2012 Student en
Page 16 and 17: UNISA ANNUAL REPORT 2012 formal ass
Page 20 and 21: UNISA ANNUAL REPORT 2012 Council an
Page 22 and 23: UNISA ANNUAL REPORT 2012 The Chairp
Page 24 and 25: UNISA ANNUAL REPORT 2012 of the Kin
Page 26 and 27: UNISA ANNUAL REPORT 2012 out increm
Page 34 and 35: UNISA ANNUAL REPORT 2012 The univer
Page 38 and 39: UNISA ANNUAL REPORT 2012 the Thabo
Page 40 and 41: UNISA ANNUAL REPORT 2012 positions
Page 44 and 45: UNISA ANNUAL REPORT 2012 Overall ge
Page 46 and 47: UNISA ANNUAL REPORT 2012 Persons wi
Page 50 and 51: UNISA ANNUAL REPORT 2012 reinforced
Page 52 and 53: UNISA ANNUAL REPORT 2012 Research a
Page 54 and 55: UNISA ANNUAL REPORT 2012 Awards A t
Page 60 and 61: UNISA ANNUAL REPORT 2012 Education
Page 62 and 63: UNISA ANNUAL REPORT 2012 Analysis o
Page 66 and 67: UNISA ANNUAL REPORT 2012 Statement
Page 68 and 69: UNISA ANNUAL REPORT 2012 Our findin
Page 70 and 71: UNISA ANNUAL REPORT 2012 Consolidat
Page 72 and 73: UNISA ANNUAL REPORT 2012 Consolidat
Page 74 and 75: UNISA ANNUAL REPORT 2012 as well as
Page 76 and 77: UNISA ANNUAL REPORT 2012 2.7.1 Rese
Page 78 and 79: UNISA ANNUAL REPORT 2012 2.12.2 Int
Page 80 and 81:
UNISA ANNUAL REPORT 2012 2.20.4 Gov
Page 82 and 83:
UNISA ANNUAL REPORT 2012 NOTE 1: PR
Page 84 and 85:
UNISA ANNUAL REPORT 2012 NOTE 4: IN
Page 86 and 87:
UNISA ANNUAL REPORT 2012 NOTE 10: I
Page 88 and 89:
UNISA ANNUAL REPORT 2012 Liability
Page 90 and 91:
UNISA ANNUAL REPORT 2012 At 31 Dece
Page 92 and 93:
UNISA ANNUAL REPORT 2012 The fund i
Page 94 and 95:
UNISA ANNUAL REPORT 2012 NOTE 14: I
Page 96 and 97:
UNISA ANNUAL REPORT 2012 NOTE 18: F
Page 98 and 99:
UNISA ANNUAL REPORT 2012 18.2 Marke
Page 100 and 101:
UNISA ANNUAL REPORT 2012 2012 2011
Page 102 and 103:
UNISA ANNUAL REPORT 2012 Level 1 Le
Page 104 and 105:
UNISA ANNUAL REPORT 2012 Name Offic
Page 106 and 107:
UNISA ANNUAL REPORT 2012 Name Reaso
Page 108 and 109:
UNISA ANNUAL REPORT 2012 24.2 Excha
Page 110 and 111:
UNISA ANNUAL REPORT 2012 The Univer
Page 112:
www.unisa.ac.za
show all

ANNUAL REPORT 2012 - University of South Africa

Create successful ePaper yourself

Delete template?

Save as template?