DID ANNUAL REPORT 2022 23

Annual Report 2022-2023

The effectiveness of internal control

The overall assessment of the internal control environment is adequate but ineffective, based on the results of the Internal Audit’s audits and follow-up reviews. The management of the Department continues to be committed to implementing the necessary corrective actions to achieve the desired improvement in the internal control environment. The Audit Committee will continue to monitor the Department’s efforts to improve the effectiveness of controls in the following areas: • Property Management - Lease Administration, Revenue and Asset Disposal. • Occupational Health and Safety (OHS) • Supply Chain Management

• Infrastructure Projects Delivery: Construction- Education • Management of the Expanded Public Works Program • Leave Management • Information Technology Controls

Information and Communication Technology (ICT) Governance

Based on the findings of audits conducted by both the Gauteng Audit Services and the Auditor General, the Department should strengthen the adequacy and effectiveness of internal controls pertaining to ICT governance, business continuity, and ICT general controls in the next financial year. Internal Audit The Accounting Officer is obliged, in terms of the PFMA, to ensure that the Department has a system of internal audit under the control and direction of the Audit Committee. In the case of the Gauteng Provincial Government (GPG), the Internal Audit Function is shared amongst Entities and departments in the province and is accountable to the Audit Committee. The Internal Audit team executed and substantially completed the risk-based audit plan. The Audit Committee is confident that the Internal Audit plan has a clear alignment with the key risks, sufficient coverage of information systems, and a good balance among the various audit categories, i.e., risk-based, mandatory, performance, computer, and follow-up audits. The coordination between internal audit and the Auditor-General to provide assurance services has been strengthened over the past year. The Committee views this as a key step towards a fully functioning integrated assurance system. A Quality Assurance Review (external assessment) was performed by an external independent reviewer during the year and Internal Audit was assessed to be Generally Conformant with the International Standards for Professional Practice of Internal Auditing.

The Audit Committee will continue to review the Internal Audit function’s assigned capacity and resources.

Risk Management

The Audit Committee is accountable for monitoring the department’s risk management operations. Our oversight extends to the review of reports presented by the Risk Management Committee, which directly reports to us on how risks are managed within the department. After a thorough examination of the risk register and subsequent reports, we acknowledge and commend the progress in maturing of the risk management processes. To effectively manage the significant risk exposures faced by the Department, however, it is obvious that some processes and regulations must be modified. The management team must ensure that the department’s strategic register is completed on time. This ensures

122

DEPARTMENT OF INFRASTRUCTURE DEVELOPMENT