2011-12

More documents

Recommendations

Info

Root cause • IT management considered the proactive review of logs as a labour-intensive exercise, given the high number of users to whom access had been granted to the network and applications and the volume of logs generated by the system. 3.4.4.2. District and local municipalities At most district and local municipalities IT security policies had not been adequately designed. Most municipalities did not have mechanisms in place for reviewing security violations or failed logon attempts. Consequently, security breaches on the network or application systems might not be detected. Although no instances of unauthorised access were identified at municipalities, appropriate IT controls should be implemented to prevent this risk from materialising in future. Root causes • Municipalities that lacked IT resources relied on third-party service providers to maintain the IT security infrastructure and consequently did not have staff with sufficient capacity or technical skills to review security logs. • There were no processes in place for transferring IT knowledge and skills from third-party service providers to internal resources at municipalities. • IT resources at some municipalities did not have sufficient knowledge regarding password security parameters and relied on prior-year audit findings to provide guidance. • IT resources at municipalities focused on day-to-day operations and considered the proactive reviewing of security reports to be a labour-intensive, lowpriority task. Good practices No weaknesses were identified in the management of IT security at the Eden District, Knysna and Overstrand Municipalities. This could be attributed to the leadership demonstrated by the IT manager, hands-on management and efficient use of available IT resources. 3.4.5 User access management User access controls are measures designed by management to prevent and detect the risk of unauthorised access, creation or amendment of financial and performance information stored in the application system. This responsibility normally resides within core and supporting business units. User access management controls at the municipalities were evaluated in terms of their status in relation to the IT control life cycle, namely design, implementation and operating effectiveness. Outcomes are shown below: Figure 16: User access audit outcomes – municipalities 91
Minimal improvement Controls not designed Controls designed but not implemented Controls implemented but not operating effectively No control weaknesses Beaufort West Bitou Breede Valley Cape Winelands District Central Karoo Drakenstein Eden District George Hessequa Knysna Laingsburg Langeberg Matzikama Mossel Bay Overstrand Prince Albert Saldanha Bay Stellenbosch Swartland Theewaterskloof West Coast District City of Cape Town None None 3.4.5.1 Metropolitan municipalities The user access management controls designed for the City of Cape Town Metro were not consistently implemented or operating effectively across all platforms and applications. As a result, the accounts of users no longer in the service of the metro were found to be active. In addition, the management of users’ access to the SAP financial application was deemed inadequate due to the high number of users to whom access had been granted to sensitive SAP basis transactions. 92
Page 1 and 2:
2011-12 General report on the audit
Page 3 and 4:
General report on the audit outcome
Page 5 and 6:
KEY ROLE PLAYERS NOT PROVIDING ASSU
Page 7 and 8:
In working towards sustainable clea
Page 9 and 10:
Aspect Indicator Key outcomes and t
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Table 2: Summary of audit outcomes
Page 17 and 18:
It is clear from the audit outcomes
Page 19 and 20:
Indicator Key outcomes and trends c
Page 21 and 22:
Indicator Key outcomes and trends L
Page 23 and 24:
Indicator Key outcomes and trends A
Page 25 and 26:
In 2011-12, one district municipali
Page 27 and 28:
2.1.4 Status and outcomes of audits
Page 29 and 30:
Swellendam experienced a breakdown
Page 31 and 32:
The purpose of the annual audit of
Page 33 and 34:
The three most common qualification
Page 35 and 36:
The Public Audit Act, 2004 (Act No.
Page 37 and 38:
Findings on reliability relate to w
Page 39 and 40:
The PAA requires the AGSA to audit
Page 41 and 42: Table 10: Summarised findings in ot
Page 43 and 44: The AGSA audits included an assessm
Page 45 and 46: Table 12: Prohibited awards to empl
Page 47 and 48: Table 13: Awards to close family me
Page 49 and 50: Suppliers were required to submit a
Page 51 and 52: eap the required benefits. More emp
Page 53 and 54: The MFMA requires accounting office
Page 55 and 56: The previous figure reflects the th
Page 57 and 58: The previous figure reflects the th
Page 59 and 60: Figure 11: Nature of and overall tr
Page 61 and 62: Indicator Auditors identify a large
Page 63 and 64: Root cause number 1: Slow response
Page 65 and 66: Root cause number 3: Key positions
Page 67 and 68: 3.2 Significant deficiencies in aud
Page 69 and 70: Good Concerned Poor The status of t
Page 71 and 72: Driver no. 1: Leadership Movement A
Page 73 and 74: the requirement of the MFMA. Driver
Page 75 and 76: 3.3 Human resource management Effec
Page 77 and 78: Indicator Vacant CFO positions Vaca
Page 79 and 80: Indicator minimum competencies CFO
Page 81 and 82: Unqualified with no findings (5) Un
Page 83 and 84: A lack of discipline, an absence of
Page 85 and 86: Indicator Key findings Allegations
Page 87 and 88: 3.4.2 Summary of the overall audit
Page 89 and 90: 3.4.3.1 Metropolitan municipalities
Page 91: Figure 15: Security management audi
Page 95 and 96: 3.4.6 Information technology servic
Page 97 and 98: 3.4.7 Quick wins and recommendation
Page 99 and 100: 3.5 Audit committees and internal a
Page 101 and 102: Governance structure aspect Audit c
Page 103 and 104: Figure 21: Level of assurance provi
Page 105 and 106: Table 32: Comments on the level of
Page 107 and 108: Provincial role players do have a n
Page 109 and 110: Auditee Coordinating/ monitoring in
Page 111 and 112: • The role players within the mun
Page 113 and 114: 4.3 Interactions with mayors In res
Page 115 and 116: 4.4 Initiatives and commitments of
Page 117 and 118: Key role players Outline of initiat
Page 119 and 120: Key role players Outline of initiat
Page 121 and 122: ecome standard practice to brief th
Page 123 and 124: Management is responsible for the s
Page 125 and 126: 69% (18) 100% (1) 60% (3) 70% (14)
Page 127 and 128: 35% write-off of debts. Only three
Page 129 and 130: The following figure elaborates on
Page 131 and 132: 5.2.4 Financial performance and pos
Page 133 and 134: 2011-12 audit outcome 2010-11 audit
Page 135: ANNEXURE 3: Auditee’ audit opinio
show all

2011-12

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?