Conditions - Annexure G
13.07.2015 Views
Share Embed Flag

Conditions - Annexure G

Conditions - Annexure G

Conditions - Annexure G

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
poa.org.za

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

ANNEXURE GMANAGEMENT REPRESENTATION LETTER ON ANNUAL RENEWALDateThe AuditorAddressDear Sir or MadamMANAGEMENT REPRESENTATION LETTERWe are writing this management representation letter to confirm (insert the name of the company and the registration number’s) our understanding of therequirements of Section 13B of the Pension funds Act of 1956 (“the Act”) and the relevant <strong>Conditions</strong> as set out by Board Notice.It is our intention to provide the Registrar with accurate information in order to enable the Registrar to evaluate whether or not……………………………………………………………………………….(company name) is capable of performing……………………………………………………………………….(type of administration) administration services to pension funds in compliance with the <strong>Conditions</strong>determined under Section 13B of the Act, 1956 (‘the <strong>Conditions</strong>’).1

We confirm, to the best of our knowledge and belief, the following representations:1. We had ……. registered and …………. unregistered funds under our administration at the year/period end.2. The fidelity guarantee and professional indemnity insurance cover is adequate to cover the risks of losses due to fraud, dishonesty and negligence.2.1 Fidelity guarantee policy number………………………with……………….(name of insurer) and that such policy has been renewed for a periodof………….month ending on the…………………day of………….2.2 Professional indemnity policy number………………………with……………….(name of insurer) and that such policy has been renewed for aperiod of………….month ending on the…………………day of………….3. With reference to our audited financial statements for the year ended………….(date), we report that at year/period end the current assets exceeded thecurrent liabilities as contemplated in Condition 13.2 of the <strong>Conditions</strong>.4. With reference to our audited financial statements for the year/period ended………….(date), we report that at year/period end, the conditions as set out inCondition 13.3 have been conformed to throughout the year/period.5. Where we have managed facilitation (trust) accounts as stipulated in condition 15 of the <strong>Conditions</strong>, we have/have not complied with the conditions. Thefollowing exceptions have been noted:…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..6. We have/have not maintained an asset register as contemplated in section 5(2) of the Pension Funds Act, Condition 16 of the <strong>Conditions</strong>.7. The following administration agreements were terminated during the year/period ended…………………(insert date) and in respect of them condition 9 ofthe <strong>Conditions</strong> have been complied with:…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..2

8. We conducted the business within the limitations imposed in terms of section 13B(2) of the Act and the <strong>Conditions</strong> made under section 13B(1) of the Act.9. We are aware/ unaware of any illegal acts or irregularities which could affect the renewal register as an administrator. (should you be aware of any illegalacts or irregularities, please provide detail)…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..10. We believe that the business will/will not continue in operational existence for the foreseeable future. We would like to bring the following to yourattention:…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..11. The audit opinion on the financial statements……………(insert date) has/has not been modified. (if modified, please supply details of the modification)…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..…………………………………………………………………………………………………………………………………………………………………………………..3

13. The following are complete details of any current or proposed transactions and agreements with related parties:Description of current ortransaction and/or agreementCurrent or proposed Full name of Related Party Details of involvement withRelated Party14. We have/ have not appointed a responsible person as required in terms of Condition 10.15. We have/have not concluded and signed agreements with all parties where we have outsourced administrative functions as required in terms ofCondition 516. The relevant systems utlilised in the business of administering funds comply / do not comply with the conditions set out in Condition 20.17. We have/have not been convicted of any fraud18. The managing executives have/have not been convicted of fraud19. The responsible person has/has not reported in writing, any matter relating to the affairs of the pension fund, which, in the opinion of the responsibleperson, may prejudice the fund or its members5

Control Environment: The control environment sets the tone for the organisation, influencing the control consciousness of its people. This component is thefoundation for all other components of internal control, providing discipline and structure.ObjectiveReference toapplication(<strong>Annexure</strong> F)Key control activitiesAdministratorKey ControlsAuditProceduresFindings andexceptionsnotedExplanationformmanagementin respect ofexceptionsCommunication andenforcement of integrityand ethical values(including code ofconduct and anti-fraudprograms)1(a)1(e)Documented ethical and behaviouralstandards / policies and procedures arecommunicated and reinforced to ensureethical behaviour in the organisation.Management has documented andimplemented policies and procedures toensure that the business ofadministration is registered with thenecessary authorities.6

Commitment tocompetence anddevelopment of people2222Management establish and enforcestandards for employing the competentand trained individuals – emphasis oneducational background, prior workexperience, past accomplishments andevidence of integrity and ethicalbehaviour.Managing executives possess thenecessary knowledge and skill toperform the business of administrationManagement is committed todevelopment of personnel and providespersonnel with access to trainingprograms necessary to perform theirassigned duties.Management monitors the performanceof the staff in terms of training needs andtraining results and takes remedial actionwhere necessary7

Management’sphilosophy and operatingstyle1(f)2, 2321(e)Responsibilities and expectations for theadministrator’s business activities andthe administrator’s philosophy aboutidentification and acceptance of businessrisk are documented and clearlycommunicated to those in charge ofthose functions as well as policies andprocedures to detect, prevent fraud andmanage risk as well as to preventmisappropriation of funds assets aredocumented, communicated andreinforced.Management has documented andimplemented mechanisms to anticipate,identify, analyze, evaluate and managethrough exception reporting, anydeviations from any internal control,policies and procedures.Management responds to departuresfrom internal control, policies andprocedures in a timely manner.Management manages compliance withrelevant Acts and regulations pertainingto administration business8

Related parties andexternal parties1(b)1(c)Policies and procedures to identify andmanage related parties, related partytransactions and conflicts of interest thatmay arise are documented,communicated and reinforced.Any changes to established relationshipswith external parties are approved bymanagement. These relationships withexternal parties are periodically reviewedby management ensure association withonly reputable parties.Responsible person 7 Administrator has appointed aresponsible person in terms of therelevant conditions.9

Risk Assessment: Every entity faces a variety of risks from external and internal sources that must be assessed. Risk assessment is the identification and analysisof relevant risks and their impact on the achievement of the company’s objectives. Management must form a basis for determining how risk should be managed.Because economic, industry, regulatory, and operating conditions will continue to change, management will need to employ mechanisms that enable management toidentify and address the special risks that result from such change.Objective Key control activities AdministratorKey ControlsAuditProceduresFindings andexceptionsnotedExplanationformmanagementin respect ofexceptionsSafeguarding of assets16(d)16(a)Management of the administrator hasestablished risk identification practices inplace which include mechanisms toanticipate, identify, analyze, evaluate,manage and mitigate the risksassociated with safeguarding of assetswhich is communicated and reinforced.Management has ensured that duties aresegregated and that there are frequentreconciliationsWhere the administrator fulfils the duty ofsafe custody of assets, the administratorhas policies and procedures to complywith conditions 15 and 16 of the<strong>Conditions</strong>10

Maintaining suitablefunding levels (liquidity)16(f) and 16(g)Monitoring of continuous compliancethroughout the financial period as well asto ensure that procedures are in place todetect any deviation from compliance inensuring compliance with conditions 13.2and 13.3 of the <strong>Conditions</strong>.Management hasprofessional indemnityand fidelity cover.424Documented policies and procedures toassess adequacy thereof iscommunicated and reinforced.A register of professional indemnityclaims are kept. Corrective actionmechanisms, policies and proceduresare documented, communicated andreinforcedManage risk of systemand database failureswith business continuity,system recovery plan3 Management of the administrator has adocumented disaster recovery planincluding policies and procedures fordisaster recovery, which iscommunicated and tested on a regularbasis.11

Control Activities: Control activities help ensure that management’s directives are implemented and that necessary actions are taken to address risks, thus enablingthe entity to achieve its objectives. These activities take place throughout the organisation, at all levels, and in all functions, involving processes as diverse asapprovals, authorisations, verifications, reconciliations, reviews of operating performance, the security of assets, and the segregation of duties.Objective Key control activities AdministratorKey ControlsAuditProceduresFindings andexceptionsnotedExplanationformmanagementin respect ofexceptionsCompliance with controlactivities8(a)8(b)161(d)If the applicant administers insuredfunds, one bank account as required interms of section 5(2) of the Act must beopened and/ or if the administrator hasadministers funds other than insuredfunds, separate bank accounts areopened in the manner required byRegulationIf the applicant administers facilitation(trust) accounts, then the administratormust comply with condition 10 of the<strong>Conditions</strong>.Compliance audits, compliance reportsfrom third parties.Policies and procedures for thenecessary acceptance and termination ofadministration agreements in terms ofthe <strong>Conditions</strong>.12

1(e), 15, 165, 15Policies and procedures to ensurecompliance with regulation and relevantActs are documented, communicatedand reinforced.Administration and service levelagreements with pension funds are inwriting and are documented and theyconform to the provisions of the relevantlegislation, including condition 4 of the<strong>Conditions</strong>. The conditions arecommunicated, reinforced and monitoredCompliance with rules9(a)9(b)The administrators has procedures inplace to ensure all funds administered byadministrator have registered rulesThe administrator has procedures inplace to administer all funds inaccordance with approved rules and ruleamendments13

Effective contributionmanagement10, 16 Administrator has adequate segregationof duties between the receipt andprocessing of contribution transactionsAdministrator ensures that contributionsare administered in terms of the relevantlegislationAdministrator ensures that contributionsare valid, accurate and completeEffective investmentmanagement1212All funds administered by theadministrator have current investmentmandates between the fund and theasset/investment administratorsAdministrators ensure that investmentsand disinvestments are valid, accurateand complete12Administrator invests cash/transfersassets in terms of service levelagreement. (timing as well as investing interms of mandates)14

Effective member recordkeeping11, 13 Administrator must have policies andprocedures in place to ensure accurateand timely reconciliations betweenadministration systems and accountingrecords. (investments, benefits,withdrawals, contributions, housingloans, property, plant and equipment,s14’s, membership etc)Effective incomeadministration16(g)Administrator ensures that memberrecords are updated in a timely andaccurate manner and that the recordsare valid and completeFeesAdministrator levies fees in accordancewith administration agreement(administrator not taking more than whatis due and disclosing fully)Effective benefitadministration14 BenefitsBenefits paid in terms of the Act and therules of the fund and there is segregationof duties between the capturing andpaying of the benefit.15

Effective general ITcontrol16(e), 2916(b), 30Administrator has documented thegeneral control environment with regardto the computer systems in use in itsoperations (please note it is not onlylimited to the administration system, butalso the financing function)Administrator has documented policyand procedure for system developmentlife cyclesSafeguarding of data 3, 32 Policies and procedures have beenestablished to ensure the adequacy ofsystem recovery plans, data backup andaccess controls.Effective generaladministration controlsEffective financial controlmanagement16(c)20, 2416(f)GeneralAdministrator has documented policyand procedures for each of thetransaction cycles in the businessAdministrator has service levelagreements for any outsourced functionsfor its funds under administration andthat deviations/exceptions are closelymonitored and followed up on.Administrator monitors compliance withconditions 13.2 and 13.3 of the<strong>Conditions</strong>.16

Information and Communication: Pertinent information must be selected and communicated in a manner and time frame that enables people to carry out theirresponsibilities. Information systems produce reports containing operational, financial, and compliance-related information to enable management to run and controlthe business. This component includes not only internally generated data, but also information regarding external events, activities, and conditions necessary forinformed decision-making and external reporting. Effective communication also must occur in a broader sense, flowing down, across, and up the organisation.Top management must clearly convey to all personnel that its control responsibilities must be taken seriously. Personnel must understand their role in the internalcontrol system, as well as how their individual activities relate to the work of others. Personnel must also have a means of communicating significant informationfurther up in the organisation, and there must be effective communication with external parties, such as customers, suppliers, regulators, and shareholders.Objective Key control activities AdministratorKey ControlsAuditProceduresFindings andexceptionsnotedExplanationformmanagementin respect ofexceptionsInformation andcommunication atadministrator (andmember level) whereapplicable17 Administrator has the system capabilityto produce accurate legislative and fundreporting requirements (e.g. financialaccounting, member benefit statements,financial statements etc)Policies and procedures are documentedto ensure appropriate and necessaryinformation is obtained from andprovided to the fund and theadministrator.Information is gathered from anddisseminated to the appropriate peopleon a timely basis.Administrator effectively communicatesfinancial reporting roles and17

esponsibilities and significant mattersrelating to financial reporting.Open communication channels existpertaining to financial reporting mattersbetween the fund, administrator,management and the trustees as well asexternal communications such as thosewith regulatory authorities.Information andcommunication withregulatory bodies18 Administrator has documentedprocesses in place to ensure that theentity can comply with any and/orregulatory reporting requirements suchas reporting to the Registrar of PensionFunds, South African Revenue Services(SARS), FAIS reporting, FICA reporting,Internal and External auditors etcThe administrator consults with experts(internal and external) in addressingsignificant matters relating to internalcontrol, regulatory requirements,accounting and financial reportingissues.The Trustees regularly receiveinformation from the administratorrelating to key developments that mayimpact financial reporting, regulatoryrequirements, etc. A process is in placeby which the Trustees are informedtimely (anonymously when appropriate)of significant issues.18

Effective Internalcommunication19 Administrator has documentedprocesses in place to ensure that there iscommunication of policies andprocedures, risk assessments, anychanges in applicable legislationWhen an error or deficiency is detected –the cause is evaluated and appropriateremedial actions are taken on a timelybasis (including training, reassignment,additional resources, or appropriateconsultation).There is a process for identifying andresponding to the changing informationand communication needsPolicies and procedures that help ensurethat management directives are carriedout. (Specific control activities includethose relating to: authorisation,performance reviews, informationprocessing, physical controls,segregation of duties.)Internal meetings are an effective meansof providing feedback as to whethercontrols are operating effectively.19

Information andcommunication withexternal vendors’20 Administrator has Service LevelAgreements in place for the purposes ofcontracting with external vendors and theSLA’s comply with the minimumrequirements as prescribed in therelevant <strong>Conditions</strong>.Monitoring Controls: The quality of internal control systems must be monitored, either continuously or periodically. Ongoing monitoring occurs in the course ofoperations and includes regular management and supervisory activities and other actions personnel take in performing their duties. The scope and frequency ofmanagement’s separate evaluations will depend primarily on an assessment of (1) risks and (2) the effectiveness of ongoing monitoring procedures.Objective Key control activities AdministratorKey ControlsAuditProceduresFindings andexceptionsnotedExplanationformmanagementin respect ofexceptionsEstablish and maintaininternal control on anongoing basis21 Administrator has documentedprocesses in place to monitorcompliance with regulatory frameworks22 Administrator has a process in place tomonitor compliance with theorganisation’s internal control, policiesand procedures20

241(a), 1(f)Administrator has processes andcontrols in place to monitor compliancewith external service providersManagement satisfactorily addressissues raised by internal and externalauditors to verify that controls arefunctioning as designed.General Computer Controls: General computer controls are one of the types of information processing controls included in the internal control component of controlactivities. These are the processes and procedures that are used to manage and control a company’s information technology activities and computer environment.Objective Key control activities AdministratorKey ControlsAuditProceduresFindings andexceptionsnotedExplanationformmanagementin respect ofexceptionsThe informationtechnology controlenvironment set correcttone at the top(The IT controlenvironment is theextension of theoverall controlenvironment componentinto the informationtechnology25 Information technology controlenvironment policies and proceduresare documented, communicated andreinforce and address:Integrity and ethical valuesCommitment to competenceand development of peopleManagement’s philosophy andoperating style21

organisation. Thisrepresents the “toneat the top” of theinformation technologyorganisation and wouldbe assessed in a similarway to the controlenvironment of thecompany as a whole)Organisational structureAssignment of authority andresponsibilityHuman resources policies andproceduresParticipation by those chargedwith governanceSafeguarding and protection ofhardware and softwareEntity has programdevelopment controls.(The processes andcontrols used by acompany to develop,configure, andimplement newapplications in order tomeet the company’sfinancial,operational, andcompliance businessobjectives. This processis often referredto as the SoftwareDevelopmentLifecycle).26 Documented policies and procedures ofprogram development address:Program management ofdevelopment activitiesPerforming feasibility studiesProject initiation (project planning,scope definition, and approvalrequirements)Analysis and design, includingbusiness and technical specificationsSoftware/hardware package selectionprocedures22

Testing and quality assuranceData conversion“Go-live” proceduresUser and technical documentationand trainingProgram changecontrols.(The processes andcontrols used by acompany to ensure thatmodifications toprograms continue tomeet thecompany’s financial,operational, andcompliance businessobjectives).27 Documented program changesaddress:Management of program changeactivitiesSpecification, authorisation, andtrackingConstruction, including developmentenvironments and source codecontrolsTesting and quality assuranceAuthorisation to live environmentUser and technical documentationand trainingEntity has access toprograms28 Security and access to programs anddata policies and procedures are23

and data (Security)controls(The processes andcontrols in place toensure that access tosystem resourcesand data is authenticatedand authorizedto meet the company’sfinancial,operational, andcompliance businessobjectives).documented and address:Organisation and managementApplication security administrationData security administrationOperating system securityadministrationInternal network securityPerimeter network securityPhysical securitySoftware licenses 631Management has current licenseagreements for all softwareFinancial ReportingFramework18, 33 Accounting principles and regulatoryrequirements are properly applied in thepreparation of financial statementsManagement has adopted a recognisedaccounting framework as prescribed byregulations.24

Responsible PersonManaging Director / Financial Director /OwnerPrint name Print nameDate Date25

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!