Our organisational values campaign championing our culture and revised values was launched in March 2021.
Our focus for 2021-22 was to help employees grasp, embrace and live our values. We provided a collection of tools to begin guided values conversations. Our employee wellness pulse surveys indicated that over 90% of employees who responded were well aware of the new values and agree that there is alignment between the values and their personal values.
Strengthen leaders driving ethical behaviour
Every year, we celebrate Global Ethics Day. In 2021-22, we declare d October Ethics Month, with the theme Live It… we do the right thing. Our leadership is a core driver of ethical conduct, and their messages demonstrated their personal ethics and contributed to strengthening the AGSA ethics environment. We are deliberate in prioritising our leadership’s role when crafting the initiatives for the ethics strategic programme, in line with the recommendations of the ethical maturity assessment we conducted in 2020-21.
Ethical and independence requirements
Annually, all employees are required to declare that they conform to the ethics policy, procedure and principles. The annual declaration status details the compliance rates for the 2021-22 performance year, which stand at 99,8%. Employees that could not complete the declaration (0,2%), provided valid reasons and committed to completing their declarations as soon as they were able.
This ethics control mechanism has matured and is demonstrating qualitative growth. Considering how important it is for us to remain, and be seen to remain independent, this area remains a priority for us.
Our annual ethics awareness drive, held from February to April 2022, was customised to focus on applying ethical principles in practice; the importance of seeking support when faced with ethical dilemmas and the platforms to report suspected ethical breaches. The integrated approach to complaints and ethics has proven valuable for strengthening both functions, and for highlighting leadership’s responsibility in driving an ethical culture and responding to ethical breaches or threats.
Addressing concerns about unethical conduct and integrity matters
In 2021-22, we confirmed four ethical breaches related to travel and subsistence, conduct during an audit process and the conduct of certain staff. Our investigations recommended corrective and disciplinary action, which the business support and operations, and the relevant business units’ leadership are implementing.
We emphasised the audit escalation process for disagreements before lodging a complaint both internally and on our website. This has resulted in a significant drop in audit-related complaints, with three matters reported in 2021-22, two being audit-related matters on the conduct of the audit team. Two of these cases have since been finalised.
During their audits, our audit teams considered any audit tip-offs that we received. We shared this information and the outcome of the assessment with the complainant.
Our complaints awareness drive helped to reassure employees about the anonymity of the whistleblowing facility. We believe this initiative will increase employees’ confidence in the mechanism and encourage an appropriate use of our organisational channels.
The whistleblowing platform was introduced in June 2019 and remains effective because it allows for two-way communication with whistleblowers who choose to remain anonymous. The platform has only been launched internally to ensure that its use and responses are efficient and institutionalised. The type of allegations reported on the whistleblowing platform therefore tend to be internal and range from unethical behaviour to misconduct by AGSA personnel and issues with our administration. External platforms for lodging complaints against the AGSA include the AGSA’s website and by direct email to members of the Risk and Ethics business unit.
Develop a fraud prevention framework
Our exco approved the fraud prevention framework in April 2021. To help contributing process owners understand the principles and implement the framework, we have run a roll-out campaign and are developing a fraud prevention plan, which we expect to finalise in 2022-23. The plan will contain specific actions to prevent occupational fraud and demonstrate the impact of integrating the various contributors to this key control mechanism.
Continuously enhance business process ownership and accountability
With the ISQM 1 effective from 15 December 2022, we undertook a firm-level risk assessment to identify and mitigate risks to the overall system of quality management in line with the standard’s requirements. We developed an ISQM compliance risk register to strengthen the control environment in which the system of quality management operates to improve and sustain the quality of our audits.
The risk assessment touched on each component of the standard.
Our summary displays the outcomes of the assessment, looking at emerging themes across the different elements of the standard and the number of risks identified within each of the elements (51 risks in total).
These risks affect almost all processes across the organisation and require integration from multiple process owners. Owing to the all-encompassing nature of the standards, we created a project team to assist process owners to implement mitigations and monitor them through the ISQM project management plan.
We set up an ISQM project steering committee to oversee the functions of the project team and assess the potential risks to the project’s successful implementation. Some project risks mitigations included ensuring that the project helps achieve the desired changes and that there is adequate capacity (people, technology and processes) to successfully manage interventions aimed at adhering to the standard by 15 December 2022.
Independent assurance is the third layer of defence in our combined assurance model. Our independent assurers had recorded 47 audit findings, an increase from 46 in the previous year. Many of these findings were in the ICT environment. Of the 47 audit findings, 40 have been resolved. This closure rate of 85% is a regression from 88% in the previous year.
In addressing these findings, we have created leadership stability and ICT capacity, which will contribute to a sustainable system of internal control.
After management closed the reported audit findings, our risk and ethics function validated their closure and assessed the sustainability of the controls.
Progress on our technology optimisation journey
Develop an organisational technology strategy
Our technology strategy is currently being reviewed to ensure that matters of digital transformation and support for our strategic goals are included. While working on our technology strategy we have optimised the ICT operating model for greater efficiency, refined job profiles and confirmed the roles required to fulfil the strategy. Our technology portfolio now includes a digital transformation unit. We expect our technology strategy to be completed by 30 September 2022.
Audit software platform
The audit scope of work has increased significantly over the years. We have taken over a number of SOE audits and the amended PAA expanded our mandate, which makes manual audit processes intensive. This can lead to delays in concluding audits and makes it very difficult to consolidate insight for reporting at an organisational level.
Our current audit software application does not allow us to leverage the industry’s technological advancements. We need to acquire and implement a suitable and successful audit software solution that meets our complex business needs.
The phase 1 market analysis has been completed. The “What good looks like” subcommittee undertook the analysis at the four major audit firms and the Council for Scientific and Industrial Research to benchmark their audit software. This helped us in our search for an audit software that would work for us both now and in the future. We also benchmarked against supreme audit institutions.
Enterprise resource planning solution
We appointed a service provider to review our current PeopleSoft capability. Further research will determine the cost of the new ERP solution recommended and identify suitable ERP vendors in the market.
Develop a case management solution
We appointed a service provider to develop the case management solution to automate the MI process. Active work on the system began in January 2022 and is expected to be completed by the end of January 2023.
Disaster recovery plan testing
Our disaster recovery plan simulated test in March 2022 was successful and will form part of our testing going forward.
Digital transformation road map
We completed our digital transformation roadmap, which maps the steps needed to become a digitally transformed organisation. The roadmap outlines the following three steps:
- Laying the foundation
- Organisational recalibration
- Value creation
Laying the foundation is complete and included:
- a digital transformation maturity survey
- documenting the audit value chain