THE RELATIONSHIP BETWEEN COMPLIANCE 
OFINTERNALCONTROLSANDCORPORATE 
GOVERNANCESYSTEMINTHESOUTH 
AFRICAN PUBLIC SECTOR 
BY 
MOTHEPANE LEDICIA MAKHELE 
STUDENT NUMBER: 21458170 
MASTER OF BUSINESS ADMINISTRATION 
NORTH WEST UNIVERSITY MAFIKENG 
CAMPUS 
SUPERVISOR: PROF. COLLINS MIRUKA 
1 
TABLE OF CONTENTS: 
CONTENTS PAGE 
Abstract 3 
1. INTRODUCTION 
4 
1.1 Background to the research problem 5 
1.1.1 Internal control and corporate management 
5 
1.1.2 Internal controls and internal audit 6 
1.2 Statement of the research problem 7 
1.3 Research problems/ questions 7 
1.4 Approaches of the Study 7 
1.5 Objective/ purpose of the study 8 
1.6 Definition of key concepts and Abbreviations 8 
I. 7 Structure of the study 8 
1.8 Summary 9 
2 LITERATURE REVIEW 
2.1 Introduction 10 
2.2 Previous studies made on corporate governance 10-13 
2.2.1 Corporate governance and internal controls 
13 
2.2.2 Corporate governance- an Anti Corruption 
Tool 13-14 
2.3 Study of the Literature to justify the approach in terms of the problem and 
concepts 14 
2.3.1 Audit Committee 14 
2.3.1.1 Audit Committees in the public sector 15-16 
2.3.1.2 Benefits of the audit committees 16-17 
2.3.1.3 Good Practice Principles of an aud it committee 17 
2.3.2 Internal audit 17-18 
2.3 .2.1 Audit planning process 18-19 
2.3.2.2 Roles and responsibilities of internal auditors 19-20 
2.3.3 Internal financial controls 20-21 
2.3.3.1 Components of internal controls 21 
a) Control environment 22 
b) Risk assessment 22 
c) Control activities 22 
d) Information and communication 22 
e) Monitoring 23 
2.3.3.2 Elements of internal controls 23 
a) Plan of organization 23 
b) Coordinated Methods and Measures 23 
2.3.3.3 Limitations on internal control effectiveness 24 
a) Human factor 24 
b) Resource constraints 24 
c) Organisational changes and management attitude 24 
2.3.4 Risk Management 25 
2.3.4.1 Principles of risk management 25 
a) Create and protect value 25 
b) Be part of decision making 25 
c) Be an integral part of organizational processes 26 
d) Explicitly address uncertainty 26 
e) Be systematic, structured and timely 26 
f) Based on the best information available 26 
g) Be tailored 26 
h) Take into account human and cultural factors 27 
i) Be transparent and inclusive 27 
j) Be dynamic, iterative and responsive to change 27 
2.3.4.2 Risk management processes 27 
a) Establish the context 27 
b) Identify risks 27-28 
c) Risk analysis 28 
d) Evaluate risks 28 
e) Treat risks 29 
f) Monitor and Review 29 
g) Communication and consultation 29 
2.3.5 IT governance 30-31 
2.3.5. I Information Technology Governance Frameworks 32-33 
a) COBIT 33-32 
2.4 Summary 36 
3. RESEARCH DESIGN AND METHODOLOGY 37 
3. I Introduction 37 
3.2 Definition of Qualitative research 37 
3.2.1 Characteristics of Qualitative Research 37-38 
3.2.2 Limitations of Qualitative Research 38 
3.3 Research Design for this study 39 
3.3.1 Case Study 39 
3.3.2 Focus group 40 
3.3.3 Documentary Analysis 40-41 
3.3.4 In depth interviews 41 
3.4 The Context of the Study 42 
3.5 Data Collection Methods in Qualitative Research 42 
3.5.1 Stratified random sampling 43 
3.5.2 Interviews 43-44 
3.6 Design of the Instrument 44 
3.7 Sampling 44-45 
3.8 Data Collection Procedure 45 
3.9 Method of data analysis 46 
3.10 Ethical Considerations 46-47 
3.11 Summary 47 
4. FINDINGS 
4.1 Introduction 48 
4.2 Summary of the respondents ' characteristics 48 
4.3 Analysis and interpretation of data 48-49 
4.3.1 Data from interview 49-59 
4.3.2 Narrative analysis 59-60 
4.4 Summary 60 
5. DISCUSSIONS, RECOMMENDATIONS AND CONCLUSIONS 
5.1 Introduction 61 
5.2 Summary of the findings 61 
5.3 Discussions of the findings 62 
5.3.1 Irregular expenditure 62 
5.3.2 Unreliability of information 62 
5.3.3 Lack of capacity 62 
5.3.4 Non Compliance 62-63 
5.3.5 Implementation of Internal Controls 63 
5.3.6 Risk management 64 
5.3.7 Absence ofIT governance 64 
5.4 Relations to the literature 64-67 
5.4.1 Conclusions 68 
5.5 Recommendations 68 
5.5 .1 There should be a balance amongst public finance management 
system and skills development of public servants. 68 
5.5.2 Financial management and governance 69 
a) Auditing and Accounting 69 
b) Risk Management and Internal Controls 69-70 
c) Public Expenditure Management 70 
d) Decision making and compliance 70 
e) Monitoring &Evaluations 70 
5.5.3 Recommendation for further research 70 
5.6 Limitations 71 
5.7 Conclusions 71 
List of References 72-78 
Annexure 79-83 
List of Figures Page 
Figure 1 Enterprise Governance 32 
Figure 2 IT Governance 32 
Figure 3 below shows the interaction of IT processes within the four domains 35 
List of the table Page 
Table 1: is there a clear management structure in place? 49 
Table 2: How often is the structure reviewed? 49 
Table 3: Are responsibilities and roles of each and every employee clear? 50 
Table 4: When decisions are taken by management how are they communicated to staff 
membe~? 50 
Table 5: Is there any performance appraisal in place, if so how often it is done, and if not 
what are the reasons for not having it in place? 51 
Table 6: Is there staff training plan in the department? 51 
Table 7: does new staff receive appropriate induction? 52 
Table 8: are there controls in place to ensure that all services are delivered within the 
framework of the pfma? 52 
Table 9: has the departmental strategy and annual service plan been agreed by the 
management of the department? 52-53 
Table 10: how often is the departmental strategy reviewed? 53 
Table 11: are budgets regularly monitored and reallocated in line with resource needs? 
53 
Table 12: is there embedded risk management process m each directorate of the 
department? 54 
Table 13: is there an action plan that ensures that high level risks are managed and 
monitored? 54 
Table 14: is the system of internal control established, if so does it include specific 
controls to mitigate risks? 55 
Table 15: how often does the department do risk assessment? 55 
Table 16: are policies and procedures for both financial and non financial systems clearly 
defined or understood? 56 
Table 17: are policies communicated to departmental staff? 56 
Table 18: how are the departmental policies amended? 56-57 
Table 19: are there controls to ensure all expenditure is properly authorised? 57 
Table 20: are there controls to ensure that all assets are properly recorded and 
safeguarded? 57 
Table 21: are there controls to ensure the accuracy of financial information held within 
the department? 58 
Table 22: are there controls to ensure all transactions are processed accurately, 
completely and on a timely basis? 58 
Table 23: are there controls to ensure all income is collected/ received? 59 
Declaration 
I hereby declare that the mini-dissertation submitted for the Master' s degree in Business 
Administration at North West University Mafikeng campus is my own work and has not been 
submitted at any other institution of higher education. I further declare that all sources cited or 
quoted are indicated and acknowledged in a list of comprehensive list ofreferences. 
Mothepane Ledicia Makhele 
2 
Abstract 
The purpose of this study is to investigate the overall performance of the corporate governance 
system in the South African Public Sector. The study will be conducted on provinc ial and 
national government departments across South Africa. Effective management leads to effective 
corporate governance in any institution. Good corporate governance is essential in making sure 
that the service delivery is sufficient to the public, supports the development processes and also 
increases the effectiveness and efficiency of the government ' s investments . 
The researcher attempts to answer the question on what are the main causes of dysfunction in 
corporate systems and internal controls in the public sector. The researcher investigated on the 
effectiveness of internal controls and corporate governance. 
Corporate governance is considered as the burning issue globally. The study also looks at the 
core components that contribute to effective governance this components are ; the internal 
controls, risk management, internal audit, aud it committee and the IT governance. During the 
study, research reveals that the corporate governance is complicated in the public sector. It 
shows loopholes regarding policy implementations and compliance, especially with regard to 
PFMA and Treasury Regulations. The main aim of this study is to examine the relationship 
between compliance of internal controls and corporate governance system in the South African 
Public Sector. 
Key words: corporate governance, internal controls, risk management, internal audit, audit 
committee and IT governance 
3 
CHAPTER ONE: INTRODUCTION 
According to King Report 1 (1994: I) there has been great concern over significant corporate 
failures arising from fraud such as the Maxwell and B.C.C.I scandals and question have been 
asked such as "Do we have effective board accountability in our corporate governance system?". 
The function of the board of directors is to ensure that the company has adequate systems of 
internal controls both operational and financial. 
Corporate governance is the system by which business corporations are directed and controlled. 
The corporate governance structure specifies the distribution of rights and responsibilities among 
different participants in the corporation, such as the board, managers, shareholders and other 
stakeholders. It also spell s out the rules and procedures for making decisions on corporate 
affairs. By doing this, it also provides the structure through which the company objectives are set 
and the means of attaining those objectives and monitoring performance (Economist Intelligence 
Unit, 2002:5). 
The concepts of corporate governance also rely heavily on the necessity of internal controls. 
Internal controls help ensure that processes operate as designed and that risk responses (risk 
treatments) in risk management are carried out. Risk management is very important in th is study 
because it identifies risks faced by organisations, and the implementation of systems to mitigate 
these risks. Risk management is a process that uses internal control as one of the measures to 
mitigate and control risks. 
According to Puttick and van Esch ( 2003: 211-212), internal control is a process designed to 
provide reasonable assurance regarding the achievement of organizational objectives with 
respect to: the effectiveness and efficiency of operations, the safeguarding of the company's 
4 
assets(including information), compliance with applicable laws, regulations and supervisory 
requirements, supporting business sustainabi lity under normal as well as adverse operating 
conditions, the re liabi lity of reporting, and behaving responsibly to stakeholders. 
1.1 Background to the research problem 
1.1.1 Internal control and corporate management 
According to Section 27 .1.1 of the Treasury Regulations (RSA: 2005) the accounting authority 
of a public entity must establish an audit committee as a subcommittee of the accounting 
authority. Section 27 .1.3 of the Treasury Regulations says the chairperson of the audit 
committee must be independent, be knowledgeable of the status of the position, have the 
requisite business, financial and leadership skill s and may not be the chairperson of the 
accounting authority or a person who fulfils an executi ve function in the public entity. 
The audit committee must review the effectiveness of the internal control systems; the 
effectiveness of internal audit; the risk areas of the entity' s operations to be covered in the scope 
of internal and external audits; the adequacy, reliabil ity and accuracy of fi nancial information 
provided to management and other users of such information; any accounting and auditing 
concerns identified as a result of internal and external aud its; the entity' s compliance with legal 
and regulatory provisions; and the activities of the internal audit function , including its annual 
work programme, coordination with the external auditors, the reports of significant 
investigations and the responses of management to specific recommendations; and where 
relevant, the independence and objectivity of the external auditors ( RSA Treasury Regulations, 
2005:Section 27.1 .4). 
5 
The audit committee must report and make recommendations to the accounting authority; report 
on the effectiveness of internal controls in the annual report of the institution; and comment on 
its evaluation of the financial statements in the annual report (RSA Treasury Regulations, 2005: 
Section 27 .1.10). 
According to section 38 (I) (h) (ii)) of the PFMA an Accounting Officer must take effective and 
appropriate disciplinary steps against any official in the service of the department, trading entity 
or constitutional institutions who commits an act which undermines the financial management 
and internal control system of the organisation. 
1.1.2 Internal controls and internal audit 
The internal audit function must assist the accounting authority in maintaining effective controls 
by evaluating those controls to determine their effectiveness and efficiency, and by developing 
recommendations for enhancement or improvement. The controls subject to evaluation should 
encompass the information systems environment; the reliability and integrity of financial and 
operational information; the effectiveness of operations; safeguarding of assets; and compliance 
with laws, regulations and controls (RSA Treasury Regulations, 2005 :Section 27 .2.10) 
The internal audit function must assist the accounting authority in achieving the objectives of the 
institution by evaluating and developing recommendations for the enhancement or improvement 
of the processes through which objectives and values are established and communicated; the 
accomplishment of objectives is monitored and accountability is ensured(RSA Treasury 
Regulations, 2005:Section 27.2.11). 
6 
1.2 Statement of the research problem 
Part of a sound corporate governance policy framework within an institution will involve the 
establishment of an internal control system. Internal control systems are designed to help the 
organisation attain effective and efficient operations, reliable financial reporting and following 
applicable laws and regulations. These contribute towards the goal of meeting the overall 
organisational objectives. Thus internal controls are a part of the overall corporate governance 
structure. Internal controls and corporate governance also play a vital role towards transparency 
and efficiency towards service delivery in the public sector. As a result of this the relationship 
between compliance of internal control and corporate governance is of fundamental importance 
in order to address any ineffectiveness. 
1.3 Research problems/ questions 
Through the application of primary and secondary source research methods, the following 
research questions, which could lead to the possible solution to the problem statement, were 
pursued. 
• What are the main causes of dysfunction in corporate governance systems and internal 
controls? 
• Is the application of internal controls related to effective governance? 
• What changes can still be made to improve the compliance of internal controls and 
corporate governance system? 
1.4 Approaches of the Study 
The study will be undertaken by reviewing related literature as well as constitutional and 
statutory provisions in order to describe and analyse the relationship between compliance of 
corporate governance and internal control system in the public sector. 
7 
A cross sectional method will be used in this study it will include; individual interviews, group 
interviews and documentary interviews. Interviews will be undertaken in order to extract the 
relevant information from public institutions at the National and Provincial levels of government. 
During this study public officials will be consulted in order to find out the current state of affairs 
and perception as well as problems and suggestions with respect to the compliance of corporate 
governance system and internal controls in the public sector. 
1.5 Objective/ purpose of the study 
The aim of this research is to see if the transactions that are being done are valid and authorized 
as required by the PFMA and Treasury Regulations. 
To determine occurrence in terms of whether transactions occurred during the correct period or 
were processed timely to avoid wasteful and fruitless expenditure. 
To determine valuation in terms of whether transactions are calculated usmg an appropriate 
methodology or are computationally accurate. 
1.6 Definition of key concepts and Abbreviations 
Corporate governance is the system by which business corporations are directed and controlled. 
"PFMA" means the Public Finance Management Act No. I of 1999, as amended; 
"Accounting Authority" means a body or person mentioned in section 49 of the PFMA; 
"Public Sector/entity" means a national or provincial public entity. 
1.7 Structure of the study 
In this study there will be five chapters: Chapter One is the Introduction, Chapter Two is the 
Literature Review, Chapter Three is the Research design and Methodology, Chapter Four is the 
Results and lastly Chapter Five is Discussion, Recommendations and Conclusions. 
8 
1.8 Summary 
The concept of corporate governance in the public sector is now becoming international practice. 
The public sector has rapidly adapted the principles of corporate governance for the purposes of 
controlling the activities of institutions such as State Owned Enterprises or public institutions 
that operate as business units within the parameters of the government sector. From this chapter 
the following were looked at: the background to the research problem which entails (i) the 
internal controls & Corporate management; (ii) internal controls & internal audit, statement of 
the research problem, research problems/questions, approaches of the study, objectives/ purposes 
of the study, definitions of key concepts and abbreviations and the structure of the study. 
9 
CHAPTER TWO: LITERATURE REVIEW 
2.1 Introduction 
Corporate governance 1s not only a South African issue but also an international issue. 
Corporate governance 1s associated with acceptable compliance standards. Transparency, 
accountability and openness in reporting and disclosure of information are considered to be 
crucial to the practice of good corporate governance. In this chapter the literature is going to be 
reviewed on ; previous studies made on corporate governance, corporate governance and internal 
controls, corporate governance-an anti corruption tool. The literature to justify the approach the 
research problem and that is ; audit committee, audit committees in the public sector, benefits of 
the audit committees, internal audit, audit planning process, roles and responsibilities of internal 
audit, internal controls, components of internal controls, elements of internal controls, limitations 
on internal controls effectiveness, risk management, principles of risk management, processes of 
risk management, IT governance and frameworks of IT Governance. 
2.2 Previous studies made on corporate governance 
Bekker M.P (2009 :7-8) says that for corporate governance to be considered effective in the 
public sector, officials shou ld have knowledge, skills and the ability to carry out their duties as 
expected . The officials should know and understand the strategies and objectives of their 
organisation. Bekker further emphasises that good corporate governance must encourage 
"efficient, effective and sustainable entities that contribute to the welfare of the society" 
Bekker M.P (2009: 19) is of the view that South Africa needs people with relevant qualifications 
and ski ll s to enable them to carry out the mandate of corporate governance and accountability in 
the public sector. 
10 
Koma (2009:453) says there is a need to enforce governance in the public sector, the reason 
being that it will improve day- to - day activities which will result in improved and effective 
services in the public sector. Corporate governance provides direction as to how the corporation 
should operate. The governance structure identifies how the responsibilities are divided among 
the participants in the institution; it will also state the rules. By so doing, it will assist in meeting 
the objectives set by the organisation. 
Koma (2009:454) says that corporate governance is considered as a model of rules governing 
methods, the decision methods used in the decision making process, and the method of control 
and liability. 
According to Koma (2009:456) elements of corporate governance in the public sector are as 
follows: lu~~nvJ 
• Public governance. Public entities must be managed to benefit the communities. The 
executive management of public entities must make sure that the mandate of the 
institution is properly carried out. 
• Management Structure. The executive must institute management structures that will 
ensure that the policies and objectives are being implemented. 
• Strategic Planning. The executive must determine the strategic direction for the 
institution under its guidance. The executive should also make sure that the strategies are 
properly implemented. 
• Risk management. Risk management is one of the most significant functions of the 
institutional executive. This includes identification of the risk, response, and monitoring 
of the risk. 
11 
• Compliance and control. The executive management must have appropriate methods in 
place to ensure compliance with policies, rules and procedures, as well as appropriate 
structures of contro l to monitor progress on the implementation of the institution ' s core 
functions. 
• Audit. The executive should ensure that aud it structures, both internal and external, are in 
place to oversee institutional control. 
According to Cattrysse (2005: 17) corporate governance falls within the responsibility of 
management, as it deals with all aspects of corporate governance on a daily basis. He also says 
internal auditor involvement in corporate governance is based on internal controls. 
Mohamad (2004:4) says that with effective corporate systems in place the cost of capital will be 
lower. This will lead to the improvement of confidence by both foreign and domestic investors. 
Effective corporate governance provides management with oversight. It also holds managers 
and the board accountable in their management of the company' s assets. Effective corporate 
governance assists in reducing corruption in business operations by making the development of 
corrupt dealings difficult. 
Four cardinal values of corporate governance are; 
• Fairness; ensuring that the shareholder's rights in particular the rights of minority and 
foreign shareholders, are protected (Mohamad, 2004:6). 
• Transparency; the ease with which the public can obtain a reliable view of the 
organisation's dec isions and actions. It includes disclosure of the performance risk and 
performance on environmental and social issues (Gamble, Hough, Strickland III and 
Thompson, 2008: 178). 
12 
• Accountability; the clarification of the management roles and responsibilities in an 
organisation. It also means the ability to explain and justify actions taken by the 
management (Gamble et.al, 2008: 178). 
• Responsibility; ensuring compliance with laws and regulations of the organisation 
(Gamble et.al, 2004:6). 
2.2.1 Corporate governance and internal controls 
According to Cattrysse (2005:25) a review of the effectiveness of internal controls should be 
done annually. It should include financial , operational and comp liance controls and risk 
management. Internal control is of fundamental importance to corporate governance. 
The Madrid Working Group (2003:13) say there is a link between internal controls and the way 
the organisation is managed. Therefore internal controls are a crucial part of corporate 
governance. The committee further says the management of the institution is responsible for 
establishing and maintaining the internal controls system. 
2.2.2 Corporate governance- an Anti Corruption Tool 
According to Shkolnikov and Wilson (2009:31-32) there is a linkage between corruption and 
governance; high corruption leads to bad governance. Corruption leads to lower investment and 
higher costs of running the business. There are anti-corruption measures that can be 
implemented in the public sector to li mit the ability to engage in corruption; one of those 
measures is corporate governance. When corporate governance is effective the organisation has 
transparency in place, decision makers are held responsible for the decisions they take and 
managers do not act in their personal interest but in the interest of the institution. Effective 
governance makes it difficu lt for organisations to accept bribes in exchange for services. 
13 
When internal controls and financial reporting are tightened, the managers and directors of the 
institution can ensure that transactions with suppliers and dealings with government employees 
are free of corruption (Shkolnikov & Wilson, 2009:32). 
2.3 Study of the Literature to justify the approach in terms of the problem and 
concepts 
Arising from the problem statement, the literature studied will cover five aspects of corporate 
governance. These aspects are audit committee, internal audit, internal financial controls, risk 
management and IT governance. Below is the discussion on these aspects; 
2.3.1 Audit Committee 
According to Ali , Evens, Hamid, Saad and Sori (2007: 13) the existence or operation of an audit 
committee improves the monitoring of internal controls and financial reporting. The committee 
serves as a bridge between internal and external auditors . The responsibility of the audit 
committee is to ensure that both the accounting policies and the internal control systems are of a 
high standard. The committee also ensures that the external auditors are able to detect fraud and 
anticipation of the financial risk in the institution. 
The fundamental responsibilities of the audit committee are; reviewing of audit programmes, 
monitoring and reviewing of the effectiveness of the entity ' s risk assessment procedures, and the 
review and analysis of the adequacy and effectiveness of both internal accounting and financial 
controls of the entity ( Ali et.al, 2007:51-53). Members of the audit committee must be skilled 
and experienced. These members must be knowledgeable and independent. 
14 
2.3.1.1 Audit Committees in the public sector 
The audit committee 1s a crucial element of public governance and accountability. The 
committee plays a crucial role concerning the integrity of the financial information of the public 
entity. Audit committee members in the public sector encounter special challenges because of 
the unique nature of public sector entities. The effectiveness of the audit committee is shown by 
the increase in the integrity and efficiency of the internal control systems, financial reporting and 
audit processes (Van der Nest, 2006: 178-179). 
Van der Nest (2006:183-184) says the audit committee is the key player in the corporate 
governance of an entity. The committee reviews internal controls and risk management in the 
institution. It provides oversight over internal and external audits and acts as a link with 
management. The committee must ensure that continuous review is made on their oversight 
function. 
Agarwal (2006:739-740) says the main function of the audit committee is to review and assess 
the financial reporting system to ensure that financial statements are correct, sufficient and 
credible. The committee oversees the operation and quality control of both internal and external 
audits. 
According to Kurre (2009:2) audit committees are being challenged to focus on ensuring the 
following; 
Investment committees and management have established and implemented additional internal 
controls and procedures relating to their investment portfolios. The audit committee should 
assess whether the organisation has an ongoing process that monitors the investment 
15 
performance. He further says the appropriate financial controls are fundamental for the 
accountability of the investments (Kurre, 2009:2). 
Appropriate cash management procedures and policies are in place. The audit committee is 
required to review the cash management controls and procedures in the public sector 
organisation. Moreover, entities must develop extensive procedures for both cash inflow and 
outflow projections on a weekly and monthly basis. The committee pays special attention to 
what is included in the financial position statement as cash equivalents (Kurre, 2009:2). 
Conflicts of interest are carefully considered. Kurre (2009:2) emphasises that the audit 
committee must be sure that potential conflicts are identified and disclosed. The committee must 
evaluate these conflicts and if there is a need to take action, the committee should determine the 
action to be taken. 
2.3.1.2 Benefits of the audit committees 
The Auditor-General of New Zealand (2008:8-9) says the presence of the audit committee 
increases scrutiny in the public sector governance, assurance, risk management and financial 
management practices. Moreover, this scrutiny gives assurance to the executive of the institution 
that these areas have been independently reviewed. The committees assist public organisations 
to utilize resources efficiently. When an audit has independent members with financial skills, 
then it provides assurance to the entity that financial compliance matters are taken care of. 
According to the Auditor-General of New Zealand (2008:9-10) an audit committee that is 
effective strengthens the internal audit function . It enforces the risk based strategic audit plans 
and regularly reports on audit results and audit progress against the audit plans. The audit 
16 
committee improves the accountability mechanisms across the institution . The committee 
expects the management and internal auditors to report on areas of the entities operations. 
2.3.1.3 Good Practice Principles of an audit committee 
Independence; m order for the advice to be objective and impartial , the audit committee 
members are expected to be independent of the management of the institution. The 
independence of members of the audit committee adds value to the governance of an 
organisation (Auditor-General of New Zealand, 2008: 13). 
Competence; appointed audit committee members must have skills and enough experience for 
the audit committee role. Members of the committee must have financial expertise, knowledge 
of governance, assurance and best practices of risk management, and a good knowledge of the 
sector in which the organisation operates (Auditor-General of New Zealand, 2008: 15). 
Clarity of purpose; members of the audit committee must "be clear about its mandate, purpose 
and the role in the entity and within the governance structure as a whole" (Auditor-General of 
New Zealand, 2008: 16). 
Open and effective relationships; the audit committee ' s chairperson must ensure that the audit 
committee has an effective and open relationship with other committees in the institution 
(Auditor-General of New Zealand, 2008: 17). 
NWU· '-· ·1 
2.3.2 Internal audit \usRARY_ 
Singh (2008:2-3) says a crucial component of corporate governance is an effective internal audit. 
The performance of the public sector entity is improved through an audit function. The audit 
function gives assurance to the management that received public funds received are spent in 
17 
compliance with relevant laws, and that the use of money is a fair and accurate reflection of the 
financial position of the institution. 
Turlea and Stefanescu (2009:212) say an internal audit of an entity is an independent function of 
control, with the intent to examine and evaluate its operations, with the consideration to add 
value to services rendered by the organisation. The essential role of the internal audit is to 
ensure the quality of the internal controls existing in an organisation, the way they are operated, 
the accuracy, efficiency and effectiveness of the strategy implemented . Internal audit in the 
public sector helps the institution achieve its objectives by a "systemic approach and methods 
approach, evaluating and improving the efficiency and effectiveness of the management based 
on the risk, control and process management". 
2.3.2.1 Audit planning process 
According to Diamond (2002:31) planning of audit process includes; 
Identifying the audit population. The population of the audit must cover the full range of 
activities, processes, systems, policies, financial and other records, procedures and information 
reports (Diamond, 2002:31 ). 
Evaluating the risk factor. Planning internal audit operations, assessment of relevant ri sk 
factors and their significance is crucial. The internal auditor must test these risks and put a value 
on each risk; the value should be based on the assessment of the risk, then decisions can be made 
on where to task scarce audit resources and the definition of time, frequency and approach to the 
audit. 
18 
Establish audit work schedule. Schedules must include operations to be audited, timing 
of the audit and time estimations taking into consideration the risk factor and the scope of 
planned audit work. The schedule must be flexible enough to cover unanticipated demands of 
the internal audit section. 
Review planned audit coverage with top management. The accounting officer and the 
audit committee must review the audit work plan to make sure that all aspects considered to be 
crucial or requiring special attention are included in the planned audit. 
Performance reports. Submission must be made to the internal audit's head office or the 
accounting authority. A comparison between performance and audit work must be done. Should 
there be variations, reasons must be provided. 
2.3.2.2 Roles and responsibilities of internal auditors 
According to Shamki (2009:25-26) both internal and external auditors and the audit committee 
must have skills, experience and responsibilities in detecting fraud in financial reporting. 
Internal auditors assists the institution accomplish its objectives. The objectives can be achieved 
through a "disciplined approach to evaluate and improve the effectiveness of risk management, 
control and governance process". 
The internal auditor makes recommendations to the audit committee on the implementation of 
missing fundamental internal controls. The auditor makes recommendations on the improvement 
of the effectiveness of weak internal controls. The internal auditor should frequentl y review how 
the institutional management and accountants utilise the materiality principle in "recording 
questionable transactions" (Shamki , 2009:29). 
19 
The internal auditor ensures compliance with financial, personnel, borrowings and other 
administrative policies. The auditor ensures that resources are used are efficiently and 
effectively. Internal audit is considered the major management control tool. It also gives an 
assurance to the management that the financial information given to management to help in 
decision making is accurate, reliable and based on reliable records. Internal audit alerts 
management to pay attention to deficiencies in the internal controls (Kida & Unegbu, 2011 :305-
306). 
According to Kida and Unegbu (2011:307) the internal auditor reviews, evaluates and reports on 
the efficiencies of financial controls operating in the institution. The auditor carries out a 
"complete and continuous auditing of accounts and records of revenue, expenditures" and other 
assets. The auditor also evaluates if the actual performance is within the institutional financial 
control framework. 
2.3.3 Internal financial controls 
According to the Guidelines for Internal Control Standards for the Public Sector (2004:6) 
"internal control is a process which is effected by the staff and management of the organisation; 
it is designed to address risks and to give reasonable assurance in pursuit of the organisation ' s 
mission". Klingenstierna (2009:3) says the objectives of internal controls are to ensure the 
integrity and reliability of information, compliance with applicable laws, the safeguarding of 
assets and the effective and efficient use of resources. For public administration to be efficient 
there must be a sound public finance system in place. De Visscher, Sarens and Van Gils 
(2010:65) are of the view that internal control is associated with keeping the organisation under 
control; activities includes policies, procedures, segregation of duties and performance measures. 
20 
According to Sass (2008:2) the two most crucial pieces of legislation which apply to government 
institutions are the Public Finance Management Act (PFMA) and the Municipal Finance 
Management Act (MFMA). This legislation identifies the responsibilities of the accounting 
officers; one of the most important responsibilities is to ensure the effectiveness, efficiency and 
transparency of financial policies, risk management and internal control systems in the 
organisation. 
Sass (2008:2) says that even though controls are in place, appropriate application is not always 
possible. For instance, "segregation of duties becomes impossible when positions are constantly 
vacant", while the implementation of affirmative action strains the situation further. When staff 
members are not properly trained, human error increases. As a result of these factors, there are 
deficiencies in internal controls in government institutions. 
De Visscher et.al (2010:65) say risk management and internal controls are not appropriately 
developed. Improvement in internal controls involves more than improvements on risk 
management. Concepts on risk management such as risk identification and evaluation are part of 
internal control , instead evaluation of internal control being part of risk management. 
2.3.3.1 Components of internal controls 
According to the United Nations Office for Project Services (2008:2) there are five components 
of internal controls. These components are namely control environments, risk assessment, 
control activities, information and communication, monitoring. Below is the full discussion of 
each component. 
21 
a) Control environment 
It gives structure and discipline for the achievement of fundamental objectives of the internal 
control system. It includes integrity and ethical values, management's business philosophy and 
operating style, organisational structure, assignment of authority and responsibility, human 
resource practice and policies, and competence of personnel (UN OPS, 2008:2). 
b) Risk assessment 
According to UNO PS (2008:2-3) risk assessment is the analysis and identification of appropriate 
risks related to achieving the objectives of the institution. Organisational managers must assess 
risks based on the types of activities performed, organisational structure, stating levels and 
attitudes within their departments. 
c) Control activities 
Control activities are policies and procedures estab li shed in order to make sure that 
management's directives are implemented. Control activities happen across the institution at all 
levels in all functions. It includes tasks such as "approvals, authorisations, verifications, 
reconciliations, reviews of operating performance, security of assets and segregation of duties" 
(UNOPS, 2008:3). 
d) Information and communication 
Information should be identified, captured and communicated within a certain period and in the 
way that makes people carry out their responsibilities. Organisational managers must have 
strong lines of communication across the sub-units and centralised functions within their 
department (UNOPS, 2008:3). 
22 
e) Monitoring 
Monitoring "is the process that assesses the quality of the internal control system's performance" 
over a certain period. Monitoring is achieved by "routine activities, separate evaluations or a 
combination of both". Monitoring must ensure that audit findings and recommendations are 
appropriately and promptly resolved. The management of the institution is responsible for 
monitoring the tasks carried out across their department (UN OPS, 2008:3). 
2.3.3.2 Elements of internal controls 
According to Philippine National Guidelines on Internal control system (2009:9) there are two 
elements of internal controls, namely the plan of the organisation, and coordinated methods and 
measures. 
NWU· I 
a) Plan of organisation lL IBRARY 
Plan of organisation entails the entity 's structure and the staff component that makes the entity 
perform its tasks. The plan defines and distributes powers, tasks and responsibilities to different 
departments, as well as the organisational personnel to make them achieve the objectives of the 
organisation (Philippine National Guidelines on Internal control system, 2009: I 0) . 
b) Coordinated Methods and Measures 
According to Philippine National Guidelines on Internal control system (2009: I 0) coordinated 
methods and measures are "systems of authorisation, policies, standards, accounting systems and 
procedures" and reports utilised by the entity to control activities and resources . The procedures 
are implemented so that the entity achieves the control objectives of safeguarding assets, 
ensuring the accuracy of information and compliance with laws, policies, rules and regulations. 
23 
2.3.3.3 Limitations on internal control effectiveness 
According to Guidelines for Internal Control Standards for the Public Sector (2004: 12) an 
effective internal control, no matter how properly performed and operated, can only give 
reasonable assurance to the management concerning the achievement of the institution 's 
objectives. 
a) Human factor 
The internal control depends on human beings, it is subject to "flaws, judgement or interpretation 
errors, misunderstandings, carelessness, fatigue, distraction, collusion, abuse or override" 
(Guidelines for Internal Control Standards for the Public Sector, 2004: 12). 
b) Resource constraints 
The benefits of internal control systems should be linked to their costs. Maintaining the control 
system that can totally remove the risk is not realistic, it might even cost more than is "warranted 
through the benefits derived" (Guidelines for Internal Control Standards for the Public Sector, 
2004:12). 
c) Organisational changes and management attitude 
The management attitude and organizational changes might have "an impact on the effectiveness 
of the internal controls and the personnel operating the system". Therefore, management is 
required to continually review and update controls; changes should be communicated to 
employees. The management should lead by example by adhering to the control systems 
(Guidelines for Internal Control Standards for the Public Sector, 2004: 12). 
24 
2.3.4 Risk Management 
Risk management is "a structured approach to manage uncertainty related to a threat, a sequence 
of human activities including; risk assessment, strategies development to manage it, and 
mitigation of risk using managerial resources" (Iha Strategic Plan Working Group, 2008:1). 
Victorian-Auditor General (2007:13) says risk management is a crucial element of corporate 
governance. Public sector entities and regulators utilises risk management policies and processes 
to identify, assess, manage and report risks. Public sector utilises risk management to deliver 
better policies, services, laws and regulations. 
2.3.4.1 Principles of risk management 
According to the Department of Finance and Deregulation in Australia (2010: 1-2) principles of 
risk management are as follows: 
a) "Create and protect value" 
Good risk management makes a contribution to the achievement of the entity' s objectives by 
continuously reviewing its processes and systems 
b) "Be part of decision making" 
The risk management processes aids decision makers to make choices that are well informed, 
priorities are identified and the most suitable action can be selected. 
25 
c) "Be an integral part of organizational processes" 
Department of Finance and Deregulation in Austra lia (2010:1) says risk management needs to be 
linked with the entity's governance framework and become part of the strategic planning, both 
operational and strategic level. 
d) "Explicitly address uncertainty" 
Through identification of potential risks, entities might be able to implement controls and 
"treatments to maximise" the opportunity to gain while minimising the opportunity to lose 
(Department of Finance and Deregulation in Austral ia, 20 I 0:2). 
e) "Be systematic, structured and timely" 
According to Department of Finance and Deregulation in Australia (20 l 0:2) the risk 
management process must be consistent throughout the entity in order to ensure efficiency, 
consistency and reliability of the outcomes. 
f) "Based on the best information available" 
In order to manage the risk effectively it is crucial to understand and consider all relevant 
information available for the task and awareness of the limitations that the information might 
have. ft is therefore crucial to have an understanding of how the information informs the 
processes of risk management. 
g) "Be tailored" 
An entity' s risk management framework should include its risk profile and should take into 
account both internal and external environment. 
26 
h) "Take into account human and cultural factors" 
Recognition should be made by risk management of the contribution made by both people and 
culture towards the achievements of the entity ' s objectives. 
i) "Be transparent and inclusive" 
Engagements of internal and external stakeholders and the process of risk management should 
give recognition to communication; it plays a crucial role in identifying, analyzing and 
monitoring risk. 
j) "Be dynamic, iterative and responsive to change" 
The risk management should be flexible. 
2.3.4.2 Risk management processes 
Queensland Treasury (20 I I: I 7) identifies what is mentioned as Seven Steps m the risk 
management process as follows: 
a) Establish the context 
When establishing the context, the organisation should take into account the risk profile, risk 
appetite and risk tolerance, internal and external environment, the risk matrix and the 
responsibilities, and the business continuity plan (Queensland Treasury, 2011: 18). 
b) Identify risks 
According to Queensland Treasury (2011: 22) once the context has been established, the step to 
follow is to identify the individual risks. If the risk is not identified then it means it cannot be 
27 
managed. The common method used by organisations to identify the risk is environmental 
scanning. Environmental scanning is said to be a very powerful tool in risk management and 
strategic planning of the organisation. Fundamental considerations for organisations when 
performing environmental scanning are: the type of the risk, the source of the risk, the impact of 
the risk and the control levels. 
c) Risk analysis 
According to Queens Treasury (2011 :24)Risk analysis includes analysis of possible challenges 
or opportunities, beginning with the assessments of the aftermath of a risk occurring. There is a 
common approach in risk analysis; the approach is utilisation of the risk matrix that the 
organisation has developed. The process of risk analysis differs from organisation to 
organisation. Therefore, an organisation must ensure that all risks in the organisation are 
assessed using the same method . There are two approaches to risk assessment, namely: inherent 
risk and residual risk. 
NWU- I 
d) Evaluate risks lueRARY 
After an organisation has identified and analysed its risks, the risks must be evaluated in order to 
determine the risks to be treated and the treatment implementation priority. The organisation 
should consider the following when evaluating risks: "internal and external environment that the 
organisation is operating in, the risk appetite of the organisation, the risk appetite of other 
participants excluding the organisation, the regulatory requirements that exists and the cost and 
benefits of treating risks" (Queens Treasury, 2011 :26), 
28 
e) Treat risks 
Queens Treasury (2011 :27) says after the risks have been analysed and evaluated, the 
organisation must determine the relevant risk treatments. Any decision taken to address a risk it 
becomes part of the internal controls of the organisation. Types of risk treatment include: 
preventative controls which limits the possibility of unwanted outcomes, corrective controls are 
used to correct undesirable outcomes that have been identified, directive controls are utilised to 
make sure that certain outcomes are achieved while detective controls identifies "unfavourable" 
occasions after it has happened. 
f) Monitor and Review 
Important elements of an effective risk management are continuous review and monitoring of the 
risk. The fundamental reason for monitoring and review is to determine the existence of the risk. 
The review process must make sure that all areas of the process of risk management are reviewed 
at least once in a year; provision should be made for alerting the relevant management level 
concerning new risks identified so that appropriate improvements could be made (Queens 
Treasury, 2011 :29). 
g) Communication and consultation 
Communication, consultation and regular follow ups should take place throughout the whole ri sk 
management process. All personnel in the organisation must take part in the risk management 
process including: "identifying, analyzing, managing and reporting on risks". It is crucial to 
make sure that all personnel in the organisation understand what the risk strategy is, what the 
priorities of the risk are and how their different roles in the organisation fit into the ri sk 
management framework (Queens Treasury, 2011 :30). 
29 
2.3.5 IT governance 
According to Boyd, Brisebois and Shadid (2007:31) IT governance "is an integral part of an 
organisation and is made up of the leadership and organisational structures and processes that 
ensure that the organisation 's IT sustains and extends the organisation 's strategies and 
objectives". 
Gurpreet and Sushma (2008: 1) are of the view that internal control makes a key contribution 
towards the effectiveness of information system security. Controls are crucial in an entity. 
Internal controls of information system security are seen as practices, procedures, policies and 
responsibility structures in an entity that aids in risk management and protection of information 
assets. 
According to the Guidelines for Internal Control Standards for the Public Sector (2004:32) there 
are two types of IT control , namely general controls and application controls. Further discussions 
on these types of controls are as follows : 
General controls are structures, policies and procedures that apply to most areas of an 
organisation 's information system and assists in making sure operations run smoothly. The 
categories of general controls are " (i) organisation overall security program planning and 
management, (ii) access controls, (iii) controls on the development, maintenance and change of 
the application software, (iv) system software controls, (v) segregation of duties and (vi) service 
continuity". 
Application controls are the structures, policies and procedures to separate, individual 
application systems and are directly associated to individual computerised application. These 
controls are designed to prevent, detect, and correct errors and irregularities as information flows 
30 
through information systems (Guidelines for Internal Control Standards for the Public Sector, 
2004:32). 
Boyd et.al (2007:31) say IT governance gives special attention to information systems value and 
alignment, risk management and the performance of the IT system and accountability. The 
fundamental goals of IT governance are to provide assurance that the IT investment brings value 
to the organisation, and to ensure that risks related to IT are mitigated. This can be achieved 
through implementing institutional structures with well- described roles for the responsibility of 
information, organisation processes, applications and infrastructures. 
Symons (2005: 1-3) says "good IT governance ensures that IT investments are optimised, aligned 
with business strategies and delivering value within acceptable risk boundaries, taking into 
consideration culture, organisational structure, maturity and strategy". He further says that 
implementing good IT governance needs a framework based on structure, processes and 
communication. 
Treatise (2005:46-47) says the purpose of IT governance is to: (i) make sure that IT is linked 
with the entity it supports; (ii) make sure that IT makes the organisation exploit opportunities and 
maximise benefits; (iii) make sure that lT resources are responsibly utilised ; (iv) make sure that 
IT risks are managed accordingly. He further emphases that it is crucial to link the technology 
with organisation processes, recognising the importance of IT strategies. 
According to Treatise (2005: 55) IT is now considered as an integral part of the organisation 
strategy. Figure I is a reproduction of the enterprise/ organizational governance model. 
31 
Figure 1 Enterprise Governance (Treatise, 2005:56) 
Enterprise Governance 
r DIRECT 
Objectives ♦_ , ~.;::~:.-: I Resoun::es JI 
USING 
REPORT 
Figure 2. IT Governance (Treatise, 2005:57) 
IT Governance 
DIRECT 
Objectives IT Activities 
• IT Is allgnod with Planning and O rganis.ation 
the busi n;ss. ' PDLAON  ----
Qnablgs thg CHE CK -_-_-_--_--_-_-_-+__--_-_-_-- 4 Acquisition and lmp1e mentali on ___. busi!'onand ----+------4.I D eliv ery and Supp ort M onitoring mrnxl mises CORRECT 
b,m;fits 
Manage rloks R•ali<e Ben &fits 
• IT rQsourc,;,s :ir; • security 
usecf res1>onslbly Inc rea.e I Deer'l.'a5e • r~lia billty Au1om ation - Costr. • b& 
• complia nce be effective t&fficien l 
• IT ref ate d risks 
are managed 
appropriately _I 
RE.PORT 
According to Treatise (2005:57) the IT governance model and related description are remarkably 
similar; this can be seen from figure 2. 
2.3.5.1 Information Technology Governance Frameworks 
According to Goeken, Johannsen and Looso (2011 :91) the mam aim of IT frameworks is 
improving; "IT alignment, service management, process quality and security management". 
32 
Common examples of IT governance frameworks are COBIT (Control Objectives for IT and 
related technology, ITIL (IT Infrastructure Library), CMMI ( Capability Maturity Model 
Integration) and the ISO/IEC 27000 standards for security management. This section will 
concentrate on COB IT as it highly recommended by the public sector. 
a) COBIT 
According to the IT Governance Institute (2000:5) Control Objectives for Information and 
Related Technology (COBIT) assists in meeting many needs of management by aligning the 
gaps amongst business risks, control needs and technical issues. Management should make sure 
that internal control system is in place which supports the enterprise processes; clarity should be 
made on how each control task satisfies the information requirements and the impact of IT 
resources. 
According to Treatise (2005:79) there are four domains in COBIT which are: 
Planning and organisation: this includes categories, tactics and the ways in which IT 
could contribute to the entity's objectives. It also covers planning for appropriate organisation 
and technological infrastructure. However, the strategic vision should be planned, communicated 
and managed from various perspectives. Lastly, an appropriate organisation and technology 
must be in place. 
Acquisition and implementation: it identifies and implements IT solutions. It also deals 
with maintenance. Moreover, "changes in and maintenance of existing systems are addressed by 
this domain to ensure the best lifecycle for these systems". 
33 
Delivery and support: this addresses service delivery and data processing by app lication 
systems. 
Monitoring processes: this covers internal and external aud iting, quality assurance and 
issues about compliance. It also covers management' s oversight of the entity ' s control processes. 
According to IT Governance Institute (2000 : 17) these processes can be utilised at different levels 
throughout the institution. In addition, the effectiveness criterion of processes that plan or 
deliver solutions for business requirements wi ll sometimes cover the criteria for avai lability, 
integrity and confidential ity. 
According to IT Governance Institute (2007:5) the focus areas is shown through a process model 
that divides IT into four domains and 34 processes in relation to responsibility areas of plan, 
build, operate and monitor, providing the view of Information Technology. The entity's 
architecture concepts assist in identifying the important resources for in process, that 1s, 
application, information, infrastructure and people. 
NWU-
(i) Benefits of CO BIT JBRAR 
According to ISA CA (20 I 0:3) benefits of implementing COB IT include: 
There is a better understanding of how the business and IT can work together for 
successful delivery of IT initiatives, 
A better alignment based on a business focus, 
An improved efficiency and optimisation of cost and 
The reduction of operational risks. 
34 
Figure 3 below shows the interaction of IT processes within the four domains: 
M1 monitor lhe processes define a suateglc IT plan 
M 2 assess inlemal control adequacy define Iha infcrmal ian architecture 
M 3 oblll in i ndepend&nt as'Sura nee dotarmino the technolog icnl d irection 
M 4 provide fer indepmdenl a udi t define the Jr 01ga ni.salion i1 mi relaLion'!iih ips 
manage lho If ir1vcstment 
comrnun icule managenenl aims and dirEX11an 
mmmge humnn f'(';t'!.Ottrtes 
011,su1-u complianco wilh e1<t:e1na l r0:1u1ranm1ts 
PO 9 ri.ssess risks 
P010 nmnago proj octs 
PO 11 m<:111agi:! quulity 
0S1 define and manage savtce levels 
OS7. m.1naga third-pmty srrvices 
DS3 m.;.rnage pa-fcrmanoo and capacily 
D'S 4 ensure c.onti 11tous ssrvi ce 
0S5 ensure sysre1u security 
OS6 1denl1 fy and allocate costs 
DS7 educate and train users 
058 as.si.sl and advise cw,10111.!rs Al1 identify -aut.om~1tad 9'.llulinns: 
osg monage: tha c:a,fig uralion Al2 acquir a and m..ii nluin iipplic.alion !ii()ftVJaru 
OS 10 manage probl oms trnd incidenl5 Al3 acquire and milint.n,n technotc:qy infrns-b'ur.tura 
OS 11 ma nage dat,i Al4 d~e.lop and moimoin p, ocodures 
0S1 2 manage faci lir.i e!i Al 5 insta ll and ac.cred1t s)'3.erns 
OS1 3 rnanag& operations Al6 manago c:hnnges 
Figure 3, COBIT IT Processes defined within four domains (Treatise, 2005:80) 
35 
2.4 Summary 
From the above literature some analysis were made and this analysis are as follows; (i) for the 
corporate governance to be effective in the public sector the officials/employees should have the 
knowledge and the ability to carry out their duties as expected, (ii) with the effective corporate 
system in place the cost of capital will be lower, (iii) effective corporate governance assists in 
reducing corruption in business operations by making the development of corrupt dealings 
difficult, (iv) there is a linkage between corruption and governance, high corruption leads to bad 
governance and (v) when internal controls and financial reporting are tightened, the managers 
and directors of the institution can ensure that transactions with suppliers and dealings with 
government employees are free of corruption. 
In conclusion, the internal control system is an integral part of corporate systems. It is crucial 
that the management of an organisation has effective and efficient internal control systems in 
place, so that they address all aspects of the risk. The management should also ensure that 
internal control systems contribute towards the achievement of the organisational objectives. It 
is important to note that internal control is intertwined with and directly affected by the dynamics 
of corporate governance. 
36 
CHAPTER THREE: RESEARCH DESIGN AND METHODOLOGY 
3.1 Introduction 
The study will be undertaken by reviewing related literature as well as constitutional and 
statutory provisions in order to describe and analyse the relationship between compliance of 
corporate governance and internal control system in a public sector organisation. According to 
Van der Nest (2006:7) the research design must "be a deliberate planned arrangement of the 
conditions for the collection and analysis of data in a manner that aims to combine relevance to 
the research purpose". This will be a qualitative field study based on interviews with four senior 
managers, four middle management staff and four junior staff members in the public sector. A 
cross sectional study will be used in this study. It will include: individual interviews, group 
interviews and documentary interviews. 
3.2 Definition of Qualitative research 
According to Molema (2006:54) qualitative research is a term for investigation methodologies 
such as "ethnographic, field , naturalistic, anthropological or participant observer research". 
Leedy and Ormrod (2005:94) state that qualitative research answers questions related to the 
nature of phenomena, with the purpose of describing and understanding the phenomena from the 
participant' s point of view. It is also referred to as the "interpretative, constructivist or post 
positivist approach". 
3.2.1 Characteristics of Qualitative Research 
According to Leedy and Ormrod (2005:95), qualitative researchers want a better understanding 
of complicated situations. Their duty is usually exploratory in nature, and they can utilise their 
observation to build theory from the ground . The process of qualitative research is considered to 
be "more holistic", design, instruments, and interpretations develop and there is the possibility of 
37 
change as time goes by. Researchers come with open minds, prepared to immerse themselves in 
the complication of the situation and communicate with their participants. Variables come from 
the data, which leads to "context bound" information, patterns, or theories that assist m 
explaining the phenomenon under study. Leedy and Ormrod (2005:96) further say that m 
qualitative research, researchers are normally described as the research instrument, because their 
data collection largely depends on their personal involvement in the research. Qualitative 
researchers have a tendency to select only a few pa11icipants, those who can best have light on 
the phenomenon under investigation. 
Qualitative researchers make specific observations and then make infrences concerning larger 
and more general phenomena; moreover data analysis is usually subjective in nature. Qualitative 
researchers make interpretive narratives from their data and try to take control of the 
complications of the phenomenon under study. When reporting they utilise a more personal , 
literary style and usually include the participant's language and perspectives. Even though all 
researchers should be able to write clearly, effective researchers should have special skills in 
their functional areas (Leedy and Ormrod, 2005:96). 
3.2.2 Limitations of Qualitative Research 
Molema (2006:56) states that the subjectivity of the inquiry might lead to complications in 
establishing "the reliability and validity of the approaches and information". He further says it is 
very complex to detect or prevent the researcher's bias; the scope is also limited as a result of the 
in-depth nature of the research. 
38 
3.3 Research Design for this study 
This will be a qualitative field study based on interviews with four senior managers, four middle 
management staff and four junior staff members in the public sector. A cross sectional study will 
be used in this study. It will include: individual interviews, group interviews and documentary 
interviews. 
According to Leedy and Ormrod (2005 : 135) there are five research designs and they are as 
follows; 
3.3.1 Case Study 
In a case study a certain individual , program or occasion is studied in detail for a specific period . 
The researcher collects enough data from the individual(s), program(s), or occasion(s) on which 
the investigation is focused. The data is normally obtained from observations, interviews, 
documents and past records. In many cases the researcher might spend a long time in the 
research area, interacting with people who are being studied. The details concerning the context 
of the case are recorded and these include information about the physical environment, and any 
economic, historical and social factors that have bearing on the situation. When identifying the 
context of the case, the researcher involves other people who might assist the case study to come 
up with conclusions concerning the findin gs (Leedy and Ormrod, 2005: 135). In this instance 
there are two cases being studied and they are the Department of Justice and Constitutional 
Development, and the Department of Health in the North West Province. 
39 
3.3.2 Focus group 
According to de Vos, Delport, Fouche and Strydom (2007:300) a focus group is a planned 
discussion made to find perceptions on a certain area of interest in a "permissive, non threatening 
environment". 
The main reasons for utilising a focus group in this study are; (i) focus groups are utilized as 
"self-contained studies" in that they serve as a fundamental source of data; (ii) focus groups are 
utilized as a "supplementary source of data in studies that rely on primary methods such as 
surveys"; and (iii) focus groups are utilized in "multi-method" studies that add two or more 
ways of data collection where the primary method determines the utilization of others (de Vos 
et.al , 2007 :300). 
The phenomenological approach was utilized in order to enable the researcher to understand the 
daily experiences of the respondent. 
According to de Vos et al. (2007:312), focus groups are of great importance because a focu s 
group has the ability to produce relevant data that is related to the study, there is reliabi lity of 
interaction amongst group members to give data and lastly the focus group "creates a fuller, 
deeper understanding of the phenomenon being studied" 
. NWU· '. ·1 
3.3.3 Documentary Analysis lueRARY_ 
Documents are used in carrying out the study, being analyzed with the purpose of scientific 
research. Documentary analysis is utilized as a method of data collection. The sources of data 
utilised in this study were the annual reports of the Departments together with the Auditor 
General ' s report. The advantages of documentary analysis are as follows; 
40 
a) Relatively low cost. Even though the cost of documentary analysis is "influenced by 
dispersion and availability of documents", documentary analysis is more affordable than 
a survey (de Vos et.al , 2007:318). 
b) Confession. A person is more likely to confess in a document than in interviews or 
questionnaires (d e Vos et.al , 2007 :318). 
c) Non-activity. Producers of documents do not anticipate that their documents will be 
analysed at a later stage, unlike surveys where participants are aware that they are being 
studied (de Vos et.al , 2007:318). 
d) Inaccessible subject. One fundamental importance of documentary analysis is that it is 
the only method in which the researcher does not need to make personal contact with the 
participant (de Vos et.al , 2007:318). 
3.3.4 In depth interviews 
In-depth interviews are normally used in "explorative research" to identify crucial factors in a 
certain area, the objective being to develop questions about the area of concern . In-depth 
interviews were used in this study. The interview schedule was used as an instrument in 
collecting data . The in depth interviews allows the researcher and the participant to explore 
issues across the framework of scheduled conversation, it also gathers crucial information that is 
needed by the interviewer. 
The roles of in-depth interview are as follows ; 
(i) the in-depth interview explores the limitations of a research problem, 
(ii) it also obtains content from the phenomenon of the study, 
(iii) it evaluates possible resolutions, 
(iv) and it manages the process of research through the support of interpretation of results. 
41 
3.4 The Context of the Study 
This study focuses on the relationship between compliance of internal controls and the corporate 
governance system in the public sector in both Provincial and National Departments in the North 
West Province. This study covers a period of one year, the 2011 financial year. 
3.5 Data Collection Methods in Qualitative Research 
The interview as a data collecting method may differ from methods that are completely 
unstructured. The researcher will be using structured interviews. In a structured interview the 
researcher puts a collection of questions from a compiled questionnaire, to a respondent face-to-
face and records the responses. The researcher or the interviewer collects the data by means of 
personal interviews, where they visit the respondents at their work place. Any method of data 
collection, however, from observation to content analysis, can be and has been used in survey 
research. 
The data was collected by means of personal interviews. The interviewer / researcher visited the 
participants at their work place. Personal flexibility and adaptability is of fundamental 
importance. When conducting these interviews the researcher was in complete control of the 
interviews, and the response obtained from participants was of a high quality. Personal 
interviews have a higher response rate as compared to telephonic interviews. Telephonic 
interviews were also utilised to collect data. The advantage of telephonic interviews is the speed 
with which they may be completed. The cost of telephonic interviews is less than that of the 
personal interviews. The responses from the participants was of high quality as compared to 
personal interviews 
42 
3.5.1 Stratified random sampling 
Stratified random sampling includes categorising members of the population. rt provides precise 
estimations if the population surveyed is more different from the categorised groups. It also 
enables the researcher to determine desired levels of sampling accuracy for each group, and it 
provides administrative efficiency (Fairfox country department of systems for human services, 
2003:5) 
Sampling ts considered a very powerful tool for accurately measuring characteristics and 
opinions of a population. There is a possibility for misuse of this tool by researchers who do not 
have understanding of the limitations of different sampling procedures. Probability samples that 
are well constructed give the researcher the ability to gather information from a small number of 
members of the population taken from a large population. A probability sample enables the 
researcher to calculate statistics that indicate the accuracy of the data (Fairfox country 
department of systems for human services, 2003 :5) 
! NWU· I 3.5.2 Interviews LJBRARY_ 
Leedy and Ormrod (2005: 146) emphasise that during interviews in qualitative research, it is very 
rare for the interviews to be structured. Interviews are either open-ended or semi-structured. 
Unstructured interviews are flexible and it is likely that the researcher wi ll obtain information 
that she or he did not plan for. 
In this study the researcher interviewed participants both individually and collectively, as a focus 
group. During the focus group session, there were twelve participants who discussed the focus 
areas in the research problem. Focus groups are of great importance especially when time is 
limited; some people fee l more comfortable speaking in a group rather than individually and 
43 
interaction amongst respondents might be more informative than individually conducted 
interviews. Telephonic interviews were also utilised to collect data. 
3.6 Design of the Instrument 
The researcher conducts interviews on a sample of a population to learn about the distribution of 
characteristics, attitudes, or beliefs. In deciding to survey a group of people, the researcher makes 
one critical assumption, that a characteristic or belief can be described or measured accurately 
through self reporting. In using interviews, the researcher relies totally on the honesty and 
accuracy of participants' responses. Structured interviews typically entail several questions that 
have structured response categories; some closed questions were utilised in the study. The 
questions were examined (sometimes quite vigorously) for bias, sequence, clarity, and face-
validity. The interview schedule was used as the instrument of conducting this study. 
3.7 Sampling 
Interviews were used to collect the opinions of the public sector employees. These interviews 
were conducted with twelve people selected from senior management staff, middle management 
staff and junior staff members within the public sector. Group and documentary interviews were 
also conducted. 
In personal interviews flexibility and adaptability are of great advantage. The interviewers are in 
complete control of the interview situation. Should the interviewees be evasive, the researcher 
can attempt to gain their confidence. In personal interviews responses are of a high quality. 
Since the researcher physically conducts the interview, there is less chance of the respondent 
evading the interview. Personal interviews have a higher response rate than telephonic 
interviews. 
44 
A group interview has many advantages, some of which are; 
Group interviews provide sources of information that can be obtained rapidly at a low 
cost. They can be conducted within a wide range of settings and a vast number of respondents 
can be selected (Kruger, Mitchell and Welmet, 2005:203). 
Since the researcher directly communicates with the respondents, he or she can easily 
clarify some questions put to the respondents. The researcher can also ask the respondents to 
clarify the answers (Kruger et.al, 2005:203). 
According to Kruger et.al (2005:203) "Focus groups enable the participants in the group 
to discuss their views and experiences in a way that a consensus of opinions regarding the 
research problems can be reached". 
Interviews can be conducted with respondents who are unable to complete the 
questionnaires (Kruger et.al, 2005:203). 
Respondents from different places can be drawn together for an interview without being 
physically present at a specific place (Kruger et.al, 2005:203). 
3.8 Data Collection Procedure 
The method used to collect the opinions of the public sector employees was by interview. 
Structured interviews were conducted with twelve people; i.e. four from senior management 
staff, four middle management staff and four junior staff members within the public sector. 
Group and documentary interviews were also conducted. 
45 
3.9 Method of data analysis 
Descriptive statistics will be used in this study as it is concerned with the description or summary 
of the data obtained from a group of individual units of analysis. Content analysis was used as a 
method of data analysis. Guest, Johnson, Namey and Thairu (2007: 138) say that in content 
analysis "the researcher evaluates the frequency and saliency of particular words or phrases in 
the body of the original text in order to identify keywords or repeated ideas". Content analysis is 
considered to be efficient and reliable. Frequencies are based on the number of occasions where 
respondents say a certain topic/title. Coding of frequencies was utilized in data analysis of this 
study. 
When coding the frequencies the researcher kept in mind that the codes represent an 
interpretative summary of data, unlike primary data. Code frequency assists in data management 
(Guest et.al , 2007: 144). 
3.10 Ethical Considerations 
The researcher will take the following ethics into consideration when carrying out the research, 
as suggested by Kruger et.al (2005:201): 
Informed consent. Researchers must obtain the necessary permission from the 
respondents after they have thoroughly, honestly and truthfully informed them about the purpose 
of the interview. 
Right to their privacy. The interviewees should be assured of their privacy; they should 
be assured that their identity will remain unknown . 
Justice. The researcher will ensure that any risks and benefits of data collection are 
distributed equally among the participants. 
46 
Minimal risk. Health, psychological or social risks to participants should be minimized 
by using procedures that are consistent with sound research design and do not unnecessarily 
expose participants to risk. Risk to the study group as a whole should also be considered. 
Involvement of the researcher. Researchers should guard against manipulating 
respondents or treating them as objects rather than human beings. Unethical tactics should not 
be used during the interviews. 
3.11 Summary 
Kruger et.al (2005 :207) says "qualitative data are based on meanings expressed through words 
and other symbols. Qualitative studies can be successfully used in the description of groups and 
organisations by studying cases that do not fit into particular theories". 
47 
4. CHAPTER FOUR: FINDINGS 
4.1 Introduction 
Qualitative research design was utilised in this study to address the objectives of the study. 
Chapter 3 discussed the advantages of utilizing qualitative research; methods of data collection 
were discussed together with ethical considerations of the study. This chapter outlines the 
description of the participants, and the analysis of data collected from the participants. 
4.2 Summary of the respondents' characteristics 
The participants from the two cases, the Department of Justice and Constitutional Development 
and the Department of Health, in the North West Province, were selected in accordance with 
stratified sampling. During this process it was crucial that the selected individuals should be 
ready to take part and add value to the conduct of the study. In stratified random sampling 
members of each of the organisations were categorized according to their speciality. For 
instance, in this study, the participants were made up of Junior Management staff, Middle 
Management Staff and Senior Management Staff; these staff members were interviewed 
individually and collectively. The entire population sample was twelve with each department 
having six participants. The researcher managed to get cooperation from all participants of each 
department within their organisations. 
4.3 Analysis and interpretation of data 
This section presents the results of this study aimed at gathering the views of staff members in 
the Department of Health and Department of Justice and Constitutional Development in the 
48 
North West Province with regards to the relationship between corporate governance systems and 
internal controls system in the public sector. 
4.3.1 Data from interview 
TABLE 1: IS THERE A CLEAR MANAGEMENT STRUCTURE IN PLACE? 
Answer Frequency Percenta2e % 
Yes 10 83.33% 
No 1 8.33% 
Don' t know 1 8.33% 
Total 12 100% 
From the Table 1 83.33% say there is a clear management structure in their organisations whi le 
8.33% say there is no management structure, and 8.33% say they don 't know if there is a clear 
management structure in place. 
TABLE 2: HOW OFTEN IS THE STRUCTURE REVIEWED? 
Answer Frequency Percenta2e 
Annually 4 33 .33% 
Semi-annual ly l 8.33% 
Quarterly l 8.33% 
When the need arises 2 16.67% 
Not sure 2 16.67% 
Don' t know 1 8.33% 
Never reviewed 1 8.33% 
Total 12 100% 
From the above table, 33.33% of the respondents say the departmental structure is reviewed 
annually, 8.33% say semi-annually, 8.33% say quarterl y, 16.67% say when the need arises, 
16.67% say they are not sure, 8.33% say they don ' t know how often the structure is reviewed 
while 8.33% say the structure is never reviewed. 
49 
TABLE 3: ARE RESPONSIBILITIES AND ROLES OF EACH AND EVERY 
EMPLOYEE CLEAR? 
Answer Frequency Percentage 
Yes 7 58.33% 
Partially 4 33.33% 
No 1 8.33% 
Total 12 100% 
From Table3 58.33% of the participants say roles and responsibilities of each and every 
employee are clear, 33.33% say they are partially clear while 8.33% say no to the statement that 
the roles and responsibilities of each and every employee are clear. 
TABLE 4: WHEN DECISIONS ARE TAKEN BY MANAGEMENT HOW ARE THEY 
COMMUNICATED TO STAFF MEMBERS? 
Answer Frequency Percentage 
Memos 7 58.33% 
Staff meetings 2 16.67% 
Via e-mails 2 16.67% 
Never communicated l 8.33% 
Total 12 100% 
58.33% of the respondents agree that when decisions are taken by the management they are 
communicated to them via memos, 16.67% says they are communicated through staff meetings; 
on the other hand 16.67% say they are communicated through emails while 8.33% say the 
management never communicates with them when decisions are taken. 
so 
TABLE 5: IS THERE ANY PERFORMANCE APPRAISAL IN PLACE, IF SO HOW 
OFTEN IT IS DONE, AND IF NOT WHAT ARE THE REASONS FOR NOT HAVING IT 
IN PLACE? 
Answer Frequency Percentage 
Yes, Annually 3 25% 
Yes, Semi-annually 3 25% 
Yes, Quarterly 6 50% 
Total 12 100% 
From 25% of the participants say there is performance appraisal in place and it is done annually, 
25% say the performance appraisal is there but it is done twice in a year, which is semi-annually, 
while 50% of the participants say the performance appraisal is there and it is done quarterly. 
TABLE 6: IS THERE STAFF TRAINING PLAN IN THE DEPARTMENT? 
Answer Frequency Percentage 
Yes 9.00 75% 
Partially 1.00 8.33% 
Not sure 1.00 8.33% 
No 1.00 8.33% 
Total 12.00 100% 
From 75% of the respondents say there is a staff training in plan, 8.33% say partially, 8.33% are 
not sure if there is a training plan in their department whi le 8.33% of the respondents say there is 
no such a thing as a training plan in their department. 
51 
TABLE 7: DOES NEW STAFF RECEIVE APPROPRIATE INDUCTION? 
Answer Frequency Percenta2e 
Yes 9.00 75% 
Partially 1.00 8.33% 
Not sure 1.00 8.33% 
No 1.00 8.33% 
Total 12.00 100% 
From the 75% of the respondents say new staff members receive appropriate induction, 8.33% 
say partially, 8.33% say they are not sure whi le 8.33% say the new staff members don ' t receive 
appropriate induction . 
TABLE 8: ARE THERE CONTROLS IN PLACE TO ENSURE THAT ALL SERVICES 
ARE DELIVERED WITHIN THE FRAMEWORK OF THE PFMA? 
Answer Freouencv Percentaf!e 
Yes 10 83 .33% 
Partially I 8.33% 
No I 8.33% 
Total 12 100% 
From 83.33 % of the respondents say there are controls to ensure that a ll services are deli vered 
within the framework of the PFMA, 8.33% say partia lly while 8.33% say there are no control s to 
ensure that services are delivered w ithin the framework of the PFMA. 
TABLE 9: HAS THE DEPARTMENTAL STRATEGY AND ANNUAL SERVICE PLAN 
BEEN AGREED BY THE MANAGEMENT OF THE DEPARTMENT? 
Answer Frequency Percenta2e 
Yes 9 75% 
Not sure 2 16.67% 
Don ' t know I 8.33% 
Total 12 100% 
52 
From 75% of the respondents say their Departmental Strategy and Annual Plan have been agreed 
by the management, 16.67% say they are not sure while 8.33% say they don't know. 
TABLE 10: HOW OFTEN IS THE DEPARTMENTAL STRATEGY REVIEWED? 
Answer Frequency Percenta2e 
Annually 5 41.67% 
Semi-annually 1 8.33% 
Quarterly 3 25% 
Don 't know 1 8.33% 
Not sure 2 16.67% 
Total 12 100% 
From the 41.67% say their Departmental Strategy is reviewed annually, 8.33% say semi-
annually, followed by 25% who say it is reviewed quarterly, and 8.33% say they don't know. 
Lastly, 16.67% say they are not sure. 
TABLE 11: ARE BUDGETS REGULARLY MONITORED AND REALLOCATED IN 
LINE WITH RESOURCE NEEDS? 
Answer Frequency Percenta2e 
Yes 8 66.67% 
Sometimes 1 8.33% 
No I 8.33% 
Not sure 2 16.67% 
Total 12 100% 
From the 66.67% of the respondents say the budget is allocated in line with the resource needs, 
8.33% say sometimes, 8.33% say the budget is not allocated in line with the resource needs 
while 16.67% were not sure. 
53 
TABLE 12: IS THERE EMBEDDED RISK MANAGEMENT PROCESS IN EACH 
DIRECTORATE OF THE DEPARTMENT? 
Answer Frequency Percentaee 
Yes 9 75% 
Some 2 16.67% 
No 1 8.33% 
Total 12 100% 
From the 75% of the respondents say there is embedded risk management process in each and 
every directorate of their Department, 16.67% say some directorates have, while 8.33% say there 
is no embedded risk management process in each and every directorate of their Department. 
TABLE 13: IS THERE AN ACTION PLAN THAT ENSURES THAT HIGH LEVEL 
RISKS ARE MANAGED AND MONITORED? 
Answer Frequency Percentaee 
Yes 9 75% 
Partially 1 8.33% 
No 1 8.33% 
Not sure 1 8.33% 
Total 12 100% 
From the 75% of the respondents say there is an action plan that ensures that high level risks are 
properly managed and monitored, 8.33% say partially, 8.33% say there is no action plan that 
ensures that high level risks are properly managed and monitored , lastly 8.33% say they are not 
sure of that. 
54 
TABLE 14: IS THE SYSTEM OF INTERNAL CONTROL ESTABLISHED, IF SO DOES 
IT INCLUDE SPECIFIC CONTROLS TO MITIGATE RISKS? 
Answer Frequency Percentage 
Yes, Yes 8.00 66.67% 
Yes, No 1.00 8.33% 
Yes, Partially 1.00 8.33% 
No 1.00 8.33% 
Not sure 1.00 8.33% 
Total 12.00 100% 
From the 66.67% of the respondents say the internal controls system is established in their 
departments and they include specific controls to mitigate risks. 8.33% say the system of internal 
controls is established but it doesn ' t include specific controls to mitigate risks while 8.33% say 
the system of internal controls is established but it only partially includes the specific controls to 
mitigate the risk. Lastly, 8.33% are not sure if the internal controls system is established and if it 
includes the specific controls to mitigate risks. 
TABLE 15: HOW OFTEN DOES THE DEPARTMENT DO RISK ASSESSMENT? 
Answer Frequency Percentage 
Annually 4 33.33% 
Semi-Annually 1 8.33% 
Quarterly 1 8.33% 
Monthly 2 16.67% 
Don't Know 2 16.67% 
Not sure 2 16.67% 
Total 12 100% 
From 33.33% of the respondents say risk assessment is done annually in their depat1ment, 8.33% 
say it is done semi-annually, 8.33% say quarterly and 16.67% say monthly, while 16.67% say 
they don ' t know and the other 16.67% are not sure. 
55 
TABLE 16: ARE POLICIES AND PROCEDURES FOR BOTH FINANCIAL AND NON 
FINANCIAL SYSTEMS CLEARLY DEFINED OR UNDERSTOOD? 
Answer Frequency Percenta~e 
Yes 12 100% 
Total 12 100% 
From 100% of the respondents say financial and non -financial systems are clearl y defined and 
understood. 
TABLE 17: ARE POLICIES COMMUNICATED TO DEPARTMENTAL STAFF? 
Answer Frequency Percenta2e 
Yes 9 75% 
Partially 2 16.67% 
No 1 8.33% 
Total 12 100% 
From 75% of the respondents say policies are communicated to staff members, 16.67% say 
partially, while 8.33% say the policies are never communicated to staff members. 
TABLE 18: HOW ARE THE DEPARTMENTAL POLICIES AMENDED? 
Answer Frequency Percenta2e 
Through strategic planning 3 25% 
When there are changes in the Legislation 3 25% 
When the need arises 3 25% 
Not sure 1 8.33% 
Don ' t know 2 16.67% 
Total 12 100% 
56 
From 25% of the respondents say the policies are amended through strategic planning, another 
25% say when there are changes in the legislation and 25% say when the need arises . 8.33% say 
they are not sure and 16.67% say they don ' t know how the Departmental policies are amended. 
TABLE 19: ARE THERE CONTROLS TO ENSURE ALL EXPENDITURE IS 
PROPERLY AUTHORISED? 
Answer Frequency Percentage 
Yes I I 91.67% 
Partially I 8.33% NWlJ I 
Total 12 100% IL IBRARVJ 
From the 9 I .67% of the respondents say there are controls to ensure that all expenditure is 
properly authorized while 8.33% say only partially. 
TABLE 20: ARE THERE CONTROLS TO ENSURE THAT ALL ASSETS ARE 
PROPERLY RECORDED AND SAFEGUARDED? 
Answer Frequency Percentage 
Yes 10 83.33% 
Partially I 8.33% 
No I 8.33% 
Total 12 100% 
From the 83.33% of the respondents are of the view that there are controls in place to ensure that 
all assets are properly recorded and safeguarded and 8.33% are of the view that the controls are 
only partially in place to ensure that all assets are properly recorded and safeguarded while the 
other 8.33% say they are no controls in place to ensure that all assets are properly recorded and 
safeguarded. 
57 
TABLE 21: ARE THERE CONTROLS TO ENSURE THE ACCURACY OF FINANCIAL 
INFORMATION HELD WITHIN THE DEPARTMENT? 
Answer Frequency Percentage 
Yes 7 58.33% 
Partially 2 16.67% 
No 1 8.33% 
Not sure 2 16.67% 
Total 12 100% 
From the 58.33% of the respondents say there are controls to ensure the accuracy of financial 
information held within the department and 16.67% say partially, while 8.33% say there are no 
controls to ensure the accuracy of financial information held within the department and 16.67% 
say they are not sure. 
TABLE 22: ARE THERE CONTROLS TO ENSURE ALL TRANSACTIONS ARE 
PROCESSED ACCURATELY, COMPLETELY AND ON A TIMELY BASIS? 
Answer Frequency Percentage 
Yes 9 75% 
Partially yes 2 16.67% 
Not sure I 8.33% 
Total 12 100% 
From the above information 75% of the respondents are of the view that there are controls to 
ensure that all transactions are processed accurately, completely and on a timely basis and 
16.67% say partially while 8.33% say they are not sure. 
58 
TABLE 23: ARE THERE CONTROLS TO ENSURE ALL INCOME IS COLLECTED/ 
RECEIVED? 
Answer Frequency Percentage 
Yes 7 58.33% 
Partially 2 16.67% 
No I 8.33% 
Not sure I 8.33% 
Don't know I 8.33% 
Total 12 100% 
From the above information 58.33% of the respondents say there are contro ls to ensure that 
income is collected or received in their departments and 16.67% say partially. While 8.33% say 
there are no controls. Lastly 8.33% is not sure, also 8.33% say they do not know. 
4.3.2 Narrative analysis 
It is noted that the public sector sti ll occurs irregular expenditure; moreover this seems to be 
condoned. There are no adequate systems for identi fying and recognizing irregular expenditure. 
On the issue of the reliability of information, the reported information on performance was 
deficient in relation to the following: (i) validity: the performance didn ' t occur and didn ' t pertain 
to the organisations; (ii) accuracy: the amounts, numbers and data relating to reported actual 
performance had not been recorded and reported accordingly and (ii i) completeness: the actual 
results and events of the most importance were not included in the performance information. 
There was non compliance with assets management and supply chain management policies and 
procedures. On the issues of Human Resource Management and compensation issues some of 
the senior managers did not enter into performance agreements, as required in the Public Service 
Regulation. 
59 
The leadership of the public sector does not exercise its oversight responsibility regarding 
financial and performance reporting, compliance and internal controls appropriately. 
Furthermore, the organisations do not have appropriate monitoring controls to ensure compliance 
with all applicable regulations and laws. 
I Nwu _J 
4.4 Summary LIBRAR)'J 
This chapter provides the summary of the respondents' characteristics from the two different 
departments, who were interviewed to obtain their views on the corporate governance system 
and internal controls in their respective departments. From the data collected most of the 
respondents were of the view that internal control systems are in place but the challenge is that 
they are not implemented. Lack of communication between senior management and other staff 
members causes dysfunctional policies and procedures of the internal controls in their respective 
departments. The other issue that was raised is the unskilled staff members who are appointed to 
take responsibility of the internal control system; this results in ineffectiveness of corporate 
governance and internal controls in their organisations. Lastly the respondents indicated that 
most of the key functional positions are not filled , which leads to lack of leadership in their 
respective departments. 
60 
CHAPTER FIVE: DISCUSSIONS, RECOMMENDATIONS AND 
CONCLUSIONS 
5.1 Introduction 
From the previous chapter, the data from interviews and documentary analysis were analysed 
and certain findings were made. Jn this chapter the researcher provides the summary of the 
findings related to the research problems. The researcher further provides the recommendations 
and conclusions that are based on the findings of the study. 
5.2 Summary of the findings 
The following main findings linked to the objectives of the study are summarized as follows 
from the different questions used during data collection. The main findings are: 
5.2.1 The respondents say there are controls to ensure that transactions occur during correct 
period but the problem is with the implementation. 
5.2.2 The respondents say their departments allow fruitless expenditure, the reason being is the 
interest charged by suppliers due to late payments on the invoices 
5.2.3 The respondents say that there is less than full compliance with regulations in terms of 
transactions adhering to the PFMA, Treasury Regulations and King III Report. 
5.2.4 The reported information on performance was deficient and not always reliable. 
5.2.5 There was a lack of capacity 
5.2.6 JT governance was not established 
5.2.7 The respondents pointed out that there were risk management processes m their 
respective organisations. 
61 
5.3 Discussions of the findings 
5.3.1 Irregular expenditure 
It is noted that the public sector still occurs irregular expenditure, moreover this seems to be 
condoned. There are no adequate systems for identifying and recognizing irregular expenditure. 
ln the area of Expenditure Management, the Accounting Officers did not take effective and 
relevant steps to prevent irregular expenditure as required by the PFMA. Not all payments due 
to creditors are paid within 30 days from the receipt of invoice as required by PFMA and 
Treasury Regulations. 
5.3.2 Unreliability of information 
On the issue of the reliability of information, the reported information on performance was 
deficient in relation to the following: (i) validity: the performance did not occur and did not 
pertain to the organisation; (ii) accuracy: the amounts, numbers and data relating to reported 
actual performance had not been recorded and reported accordingly and (iii) completeness: the 
actual results and events of the most importance were not included in the performance 
information. There were challenges with reconstruction of existing recordings. The 
management does not prepare regular, accurate and complete financial and performance reports 
that were supported and evidenced by reliable information. 
5.3.3 Lack of capacity 
There was a capacity constraint in the Office of the Chief Financial Officer. Most of the work 
was done by contractors and most of these contracts were terminated in July 20 I 0. 
5.3.4 Non Compliance 
Concerning Procurement and Contract Management; not all goods and services with the value of 
between R 10 000.00 and R500 000.00 were procured with the Treasury Regulations. Not all 
62 
tenders were advertised within 21 days as required by the Treasury Regulations. The bidding 
processes were being circumvented in contradiction of a fair supply chain management as 
required by the Treasury Regulations. There was non-compliance with assets management and 
supply chain management policies and procedures. On the issue of Human Resource records 
management there was non-compliance by staff members and the unavailability of the PERSAL 
System. 
5.3.5 Implementation of Internal Controls 
Concerning the revenue management the accounting officers did not take effective and relevant 
measures to collect all money that is owed to their respective organisations as required by the 
PFMA. In asset management the accounting officers did not make sure that appropriate control 
systems were in place to eliminate theft, losses, wastage and misuse as required by the Treasury 
Regulations. The leadership of the public sector does not exercise its oversight responsibility 
regarding financial and performance reporting, compliance and internal controls appropriately. 
Furthermore, the organisations do not have appropriate monitoring controls to ensure compliance 
with all applicable regulations and laws. Even though training was conducted to mitigate risks, 
there was an increase in corruption and fraud. On the issues of strategic planning and 
performance management the accounting officers did not ensure that the entities had an effective, 
efficient and transparent system of internal controls linked to performance management, which 
defines and represents how the entities ' processes of performance planning, monitoring, 
measurement, review and reporting were conducted, organized and managed as required by the 
PFMA. The accounting officers did not establish procedures for reporting quarterly to the 
Executive Authority, to enable effective monitoring, evaluation and corrective actions as 
required by the Treasury Regulations 
63 
5.3.6 Risk management 
Despite the availability of risk management in respective departments, if the internal controls are 
not properly implemented then it will not be easy for the institution to mitigate the risk. The 
other issue that relates to risk management is IT governance; if IT governance is not established 
then the risk will not be managed effectively and efficiently. 
5.3. 7 Absence of IT governance 
The management has not established an IT governance framework that supports and enables the 
organisations to report efficiently. Management did not implement appropriate risk management 
activities to ensure that the entity' s continuity plan for IT environment is in place and monitored . 
5.4 Relations to the literature 
Most of the participants ' responses relate to chapter 2 and chapter 3; the main findings from 5.2 
above are compared with the literature. 
Main finding 1 (paragraph 5.2.1 , 5.2.2, 5.2.3 and 5.2.5) 
The findings indicate that the public sector still caters for unauthorized expenditure, non 
compliance with the applicable laws and regulations and that the internal controls are not 
properly implemented. The findings also indicate that there was lack of capacity. According to 
Sass (2008:2) the most crucial legislation in government institutions are the Public Finance 
Management Act (PFMA) and the Municipal Finance Management Act (MFMA). These Acts 
identify the responsibilities of the accounting officers. One of the most important responsibilities 
is to ensure the effectiveness, efficiency and transparency of financial , risk management and 
internal control systems in the organisation. 
Sass (2008:2) says even though controls are in place, appropriate implementation is not always 
possible. For instance, "segregation of duties becomes impossible when positions are constantly 
64 
vacant", while the implementation of affirmative action strains the situation further. When staff 
members are not properly trained, human error increases. As a result of these factors , there are 
deficiencies in internal controls in government institutions. 
Internal control depends on human being; it is subject to "flaws, judgement or interpretation 
errors, misunderstandings, carelessness, fatigue, distraction, collusion, abuse or override". The 
management attitude and organizational changes might have "an impact on the effectiveness of 
the internal controls and the personnel operating the system". The management should lead by 
example by adhering to the control systems (Guidelines for Internal Control Standards for the 
Public Sector, 2004: 12). 
Van der Nest (2007: 178-179) states that the audit committee is a crucial element of public 
governance and accountability. The committee plays a crucial role concerning the integrity of 
the financial information of the public entity. Audit committee members in the public sector 
encounter special challenges because of the uniqueness of the public sector entities. While 
McGregor (2008:8) says the public sector "has a seriously inadequate number of educated, 
trained and competent directors. The challenge is to ensure accelerated learning for those 
currently in positions beyond their levels of competence". 
Bekker (2009:7-8& 19) says that for corporate governance to be considered effective in the 
public sector the officials should have knowledge, skills and the ability to carry out their duties 
as expected. South Africa needs people with relevant qualifications and skills in order for them 
to carry out the mandate of corporate governance and accountability in the public sector. 
According to Shamki (2009:25-26) both internal and external auditors and the audit committee 
must have skills, experience and responsibilities in detecting fraud in financial reporting. 
65 
According to Sori , Hamid, Saad and Evens (2007: 13) the existence or operation of an audit 
committee improves the monitoring of internal controls and financial reporting. The committee 
serves as a bridge between internal and external auditors. The responsibility of the audit 
committee is to ensure that the accounting policies as well as internal control systems are of a 
high standard. The committee also ensures that the external auditors detect fraud and 
anticipation of the financial risk in the institution. 
Nwu · 1 
Main finding 2 (5.2.4) IL JBRARy_ 
The findings indicate that the reported information on performance was deficient in relation to 
the following: 
Validity: the performance didn't occur and didn ' t pertain to the organisations; 
Accuracy: the amounts, numbers and data relating to reported actual performance had not 
been recorded and reported accordingly and 
Completeness: the actual results and events of the most importance were not included in 
the performance information. There were challenges with reconstruction of existing recordings. 
The management did not prepare regular, accurate and complete financial and performance 
reports that were supported and evidenced by reliable information. Diamond (2002:31) is of the 
view that the Performance reports should be submitted to the internal audit's head office or the 
accounting authority. The comparison between performance and audit work must be done. 
Should there be variations, reasons must be provided. 
66 
Main finding 3 (paragraph 5.2.6 & 5.2.7) 
The findings indicate that the IT governance framework was not established even though the risk 
management was in place. De Visscher et.al (2010:65) say risk management and internal 
controls are not appropriately developed. Improvements on internal controls are more than just 
improvements on risk management. Concepts about risk management such as risk identification 
and evaluation are part of internal control , instead of evaluation of internal control being part of 
risk management. 
Victorian-Auditor General (2007: 13) says risk management is a crucial element of corporate 
governance. Public sector entities and regulators utilise risk management policies and processes 
to identify, assess, manage and report risks. Public sector entities utilise risk management to 
deliver better policies, services, laws and regulations. 
According to Boyd, Brisebois and Shadid (2007:31), IT governance " is an integral part of an 
organisation and is made up of the leadership and organisational structures and processes that 
ensures that the organisation 's IT sustains and extends the organisation 's strategies and 
objectives". IT governance gives special attention to information systems value and alignment, 
risk management, and the performance of the IT system and accountability, while Treatise 
(2005:47) says that it is crucial to link the technology with organisational processes, recognising 
the importance of IT strategies. According to the IT Governance Institute (2000:5) Control 
Objectives for Information and related Technology (COBIT) assist in meeting many needs of 
management by aligning the gaps amongst business risks, control needs and technical issues. 
67 
5.4 .1 Conclusions 
From the findings above it can be concluded that a lack of skills contributes much to the non-
compliance with laws. It is also noted that the non- implementation of internal controls leads to 
irregular expenditures, and fraud as well. The integration of risk management and IT governance 
plays a crucial part in the effectiveness of corporate governance. 
5.5 Recommendations 
The following recommendations are made to improve governance m South African Public 
Sector: 
5.5.1 There should be a balance amongst public finance management system 
and skills development of public servants. 
According to Siswana (2007:280) there should be an establishment of balance in developing the 
system of public finance and the development of skills of public servants, especially servants 
within the senior management cluster. Normally these senior managers are given the 
responsibility of managing different tasks and huge budgets. These managers analyse the 
environment in which they operate, therefore this requires skilled individuals. It is also expected 
of them to have a clear understanding of, and also implement the organisation 's "performance 
budgeting system, PFMA prescripts, GRAP and the accrual accounting system and the 
implications of asset management, financial reporting and financial management as a whole. A 
balance between transformation and skills base is crucial to support effective governance". 
68 
5.5.2 Financial management and governance 
It is very important to make sure that the "culture" of financial management is imposed in the 
public sector. The financial management elements should be tacit. For instance, there should be 
interrelations amongst "asset management, debt management, risk management and revenue 
management" in order to improve the financial management system in the enterprise. At the 
same time governance effectiveness is "undermined" by the ineffectiveness of governance 
institutions such as Parliament, especially SCOPA. [n order to improve corporate governance in 
the Public Sector, analyses of both micro- and -macro environments should be made (Siswana, 
2007: 282-283). 
a) Auditing and Accounting 
Siswana (2007:284) is of the view that both external auditors and institutional officials should 
share information taking into account "value for money auditing" with the view to minimize 
non-compliant standards from the Departments and for the Departments to understand what is 
expected of them. The Office of the Auditor General must "develop a very close relationship 
with government" entities, while not compromising its independence, in order to improve 
corporate governance through explaining procedures and processes that could encourage 
compliance and accountability in the Public Sector. 
b) Risk Management and Internal Controls 
Siswana (2007:289-290) says a risk management culture should be encouraged within the Public 
Sector; the management should encourage the formation of risk management committees in the 
entire government entities, so that committees could identify the risks in their own directorates 
"for the idea of an integrated approach to risk management". This can only take place if the 
69 
public servants are well equipped in the implementation and theory "of an integrated approach to 
risk management" in the Public Sector. For the risk to be properly managed the internal controls 
should be in place. The internal controls cannot be effective if they are not monitored constantly, 
evaluated and improved in accordance with the strategic needs of the organisation. Should the 
internal controls be strong then the risk will be managed effectively. It is the responsibility of 
the managers to make sure that controls are in place and effective in the institution . 
c) Public Expenditure Management 
According to Siswana (2007:288) priority should be given to public expenditure management as 
an area that is important for skills development of public servants, especially managers. When 
the public expenditure management is prioritized corporate governance could improve in the 
Public Sector. 
d) Decision making and compliance 
Decisions should be made urgently, the reason being that they might affect financial 
accountability, transparency, ethics and financial management (Siswana, 2007:290). 
e) Monitoring &Evaluations 
Siswana (2007:290) is of the opinion that the Public Sector should not only assess, monitor and 
evaluate what is delivered but also go beyond results to effect an output. 
5.5.3 Recommendation for further research 
There is a need for further research on the effectiveness of internal controls and corporate 
governance system because there is already the introduction and amendments of the regulators 
and laws relating to corporate governance and internal controls. 
70 
5.6 Limitations 
This study encountered some limitations and they are; (i) access and cooperation m one 
department was a challenge; (ii) the nature of the topic studied was a bit challenging to the 
participants; as a result it was a challenge to receive cooperation from other directorates of the 
institution, and the unavailability of documents was also a challenge. 
5.7 Conclusion I NWU- •. , LIBRARY_ 
From this study it can be stated that issues of non-compliance, irregular expenditure, risk 
management, IT governance, lack of capacity and internal controls affects to the effectiveness of 
the corporate governance system in the Public Sector. 
71 
REFERENCES 
Agarwal S. 2006. Corporate governance through Audit Committees. The Chartered Accountant. 
Available from http:l/220.227.161.86/9894733-742.pdf (accessed on I October 2011) . 
Ali M., Evens G.H, Hamid A., Saad S. and Sori Z.M. 2007. Audit Committee authority and 
effectiveness: the perceptions of Malaysian Senior Managers. International Research Journal of 
Finance and Economics, ISSN 1450-2887. Available from 
http://www.eurojournals.com/finance.htm (accessed on 19 October 2011). 
Boyd G. ,Brisebois R, & Shadid Z. 2007. What is IT Governance? And why is it important for 
the IS auditor. Auditor General of Canada. P30-35 . Available from 
http://www.intosaiiaudit.org/ intoit articles/25 p30top35 .pdf (accessed on the 8 November 
2011). 
Cattrysse J. 2005. Reflections on corporate governance and the role of the internal auditor. 
Available from http://papers.ssrn .com/sol3/papers.cfm (accessed on 14 September 2011). 
COB IT: the comprehensive IT governance framework that addresses every aspect of rT and 
integrates all of the main global lT standards. 2011. Available from http://www.isaca.org./cobit 
(accessed on 8 November 2011 ). 
72 
De Visscher C, Sarens G and Van Gils D. 2010. Risk Management and Internal Control in the 
Public Sector: An In-Depth Analysis of Belgian Social Security Public Institutions. Available 
from 
http://docufin.fgov.be/intersalgfr/thema/publicaties/documenta/2010/BdocB 20 IO O3e devisher 
Sarens vanGils.pdf (accessed on the 4 November 201 I). 
Delport CLS, Fouche' CB, Strydom H & de Vos AS. 2007. Research at Grassroots for the 
social science and human service professions. Pretoria: Van Schaik Publishers. P471 
Department of Budget and Management. 2008. National Guidelines on Internal Control Systems. 
Available from http://www.dbm.gov.ph/NGICS/body.pdf (accessed on 8 December 2011). 
Department of Finance and Deregulation in Australia. 2010. Risk Management - Principles and 
Guidelines. Available at 
http://www.finance.gov.au/comcover/docs/COV 216905 Risk Management Fact Sheet FA3 
2308201 0.pdf (accessed on 8 November 2011 ). 
Diamond J. 2002. Internal Audit and Corporate governance. Available on 
http://www.scribd.com/2194671-Internal-Audit-Corporate-Governance (accessed on 7 July 
2011). 
Economist Intelligence Unit. 2002. Corporate governance : the new strategic imperative. 
Available at http://www.us.kpmg.com/microsite/ Attachments/corp govern newstrat.pdf 
(accessed on I July 2011). 
73 
Fairfax county department of systems management for human services. 2003. Overview of 
sampling procedures. Available from http://www.fairfaxcounty.gov/aboutfairfax (accessed on 14 
November 2011). 
Gamble J.E , Hough J, Strickland III A.J & Thompson A.A. 2008. Crafting and Executing 
Strategy. United Kingdom: McGraw-Hill Education. P300 
Goeken M. , Johannsen W. & Looso S. 2011. Comparison and Integration of IT Governance 
Frameworks to support IT Management. Available from http://www.irma-
international.org/viewtitle/46862/ (accessed on 5 December 2011 ). NWU- · 1 
I LIBRARY 
Guest G. , Johnson L. , Namey E. & Lucy Thairu. 2007. Data Reduction Technologies for Large 
Qualitative Data sets. Available from 
http://chapters.scarecrowpress.com/07/425/0742508765ch I .pdf (accessed on 5 December 2011). 
Gurpreet D. & Sushma M. 2008. Defining internal control objectives for information system 
security: A value focused assessment. Available from http://www.informatik.uni-
trier.de/~ley/db/indices/a-tree/d/Dhillon:Gurpreet.html (accessed on 8 November 2011). 
Hennie J Bekker M.P. 2009. Public Sector governance-Accountability in the State. Paper for CIS 
Corporate Governance conference. Available from http://documentssearch.org/pdf/publ ic-
sector-accountability-and-corporate-governance.html (accessed on 2 June 2011) 
Iho Strategic Plan Working Group. 2008. Available from 
http://www.iho.int/mtg docs/com wg/ISPWG l /lSPWG I Docs.htm (accessed on 4 December 
2011). 
74 
IT Governance Institute. 2000. COB IT Framework. Available 
http://www.itsm .hr/baza%20znanja/Mapping%20ITILV3%20COBIT41.pdf (accessed on 8 
November 2011). 
Kida M.I & Unegbu A.O .2011. Effectiveness oflnternal Audit as Instrument of improving 
Public Sector Management. Journal ofE merging Trends in Economics and Management 
Sciences. P304-309. Available from 
http:// jetems.scholarlinkresearch.org/abstractview.phd?id=267 (accessed on 5 November 2011). 
Klingenstierna U. 2009. Controlling public money: internal financial control and external audit. 
Conference on Public Administration Reform and European Integration. Available from 
http://www.oecd.org/dataoecd/48/55/42754453.pdf (accessed on 29 January 2012). 
Koma S.B. 2009. Conceptualisation and Contextualisation of Corporate Governance in the South 
African Public Sector: Issues, Trends and Prospects. Journal ofP ublic Administration. 
44(3):451-459. 
Kruger, Mitchell &Welman. 2005. Research methodology. Cape Town:Oxford University Press 
Southern Africa. 
Kurre F.L .2009. Challenges affecting audit committees of not for - profit organisations. 
Forward Thinking. Issue no.13. p2. Available from http://www.GrantThorn.com (accessed on 2 
November 2011). 
Leedy P. D. & Ormrod J.E. 2005. Practical Research, and design. Pearson Education 
International. 
75 
Mohamad S. 2004. The Importance of effective corporate governance. Available from 
http://papers.ssrn .com/so l3/papers.cfn (accessed on 31 October201 l). 
Molema A.M. 2006. The influence of informal groups on management in selected organisations. 
Unpublished Masters Degree dissertation. North West University. Pl 12 
New Zealand Auditor General. 2008. Good practice guide: Audit Committee in the Public 
Sector. Available from http://www.oag.govt.nz (accessed on 29 October 2011). 
Queensland Treasury. 2011. A guide to Risk Management. Available from 
http://www.treasury.qld.gov.au/offtce/knowledge/docs/risk-management-guide/index.shtml 
(accessed on 8 November 2011). 
Sass M. 2008. Are there effective controls in the public sector? Available from 
http ://www.gt.co.za/files/publications/inthepubliceye march08.pdf (accessed on 5 December 
2011 ). 
Shamki D .2009. Internal Audit Responsibilities in auditing financial system fraud. Business e-
Bulletin. 1( 1 ):25-32. Available from 
http://www.uum.edu.my/cobjournals/images/stories/uploadfile/beb/paper 4internal audi t respo 
nsibility/.pdf (accessed on the 4 November 2011 ). 
Shkolnikov A. & Wilson A. 2009. Corporate Governance-The intersection of Public and 
Private Reform. From Sustainable Companies to sustainable Economies-Corporate governance 
as a Transformational Development Tool. Centre for International Private Enterprise. Av ai lab le 
from http://www.cipe.org (accessed on 14 September 2011). 
76 
Singh S. 2008. Internal Audit-Best Practices. Available from http://cga.nic.in/pdf/InternalAudit-
article.pdf (a ccessed on I October 2011 ). 
Siswana B. 2007. Leadership and governance in the South African public service: an overview of 
the public finance management system. Unpublished Doctoral Thesis. University of Pretoria. 
South Africa (Republic). Public Finance Management Act No. I of 1999. Available from 
Government Printing. 
South Africa (Republic). Treasury Regulations 15 March 2005. Available from Government 
Printing. 
Stefanescu A & Turlea E .2009. Internal Audit and Risk Management in Public Sector Entities, 
Between Tradition and Actuality. Available from 
http://oeconomica.uab.ro/upload/lucrari/l 12009 1/20.pdf (accessed on 4 November 2011). 
Symons C. 2005. Best Practise: IT Governance Frameworks. Available from 
http ://i.bnet.com/whitepapers/051 I 03656300.pdf (accessed on 8 November 2011). 
The King I Report. 1994. The Institute of Directors in Southern Africa. Johannesburg 
The Madrid Working Group .2003. Internal controls for insurance undertakings. Available from 
http://eiopa.europa.eu/ .. /0312 madrid.pdf (accessed on 14 September 2011 ). 
Treatise V.S. 2005. Applying a framework for IT Governance in South African Higher Education 
Institutions. Unpublished Masters Dissertation. Nelson Mandela Metropolitan University. 
77 
United Nations Office for Project Service. 2008. Internal Control and risk management 
framework. Available from 
http://www.unops.org/SiteCollectionDocuments/Accountability%20documents/OD-27-Jnternal-
Control-and-Risk-Management-Framework-EN.pdf. (accessed on the 1 December 2011). 
Van der Nest D.P .2006. Audit committees in the South African public service. Unpublished 
Doctoral Theses. Tshwane University of Technology. 31 Op 
Van Esch & Puttick. 2003. The Principles and Practice ofA uditing. 8th South African edition. 
Victorian Auditor General. 2007. Managing Risk Access in the Public Sector: Toward Good 
Practice. Available from http://download.audit.vic.au/files/20070621-Public-Sector-Managing-
Risk.pdf (accessed from 8 November 2011 ). 
78 
Annexure 1 
Interview schedule 
Part A 
Please answer the following questions on management structures and reporting lines; 
a) Is there a clear management structure in place? 
b) How often is the structure reviewed? 
c) Are responsibilities and roles of each and every employee clear? 
d) When decisions are taken by management how are they communicated to staff members? 
e) Is there any performance appraisal in place, if so how often it is done, and if not what are 
the reasons for not having it in place? 
t) Is there staff training plan in the department? 
79 
PartB 
Please answer the following questions on Strategy and Planning 
a) Are there controls in place to ensure that all services are delivered within the framework 
ofthe PFMA? 
b) Does the departmental strategy and annual service plan has been agreed by the 
Management of the department? 
c) How often is the departmental strategy reviewed? 
d) Are budgets regularly monitored and reallocated in line with resource needs? 
Part C 
Please answer the following questions on risk management 
a) Is there embedded risk management process in each directorate of the department? 
80 
b) Is there an action plan that ensures that high level risks are managed and monitored? 
c) Is the system of internal control established, if so does it include specific controls to 
mitigate risks? 
d) How often does the department do risk assessment? 
PartD 
Please answer the following questions on policies and procedure 
a) Are policies and procedures for both financial and non financial systems clearly defined 
or understood? 
b) Are policies communicated to departmental staff? 
81 
c) How are the departmental policies amended? 
PartE 
Please answer the following questions on Financial Controls 
a) Are there controls to ensure all expenditure is properly authorised? 
b) Are there controls to ensure all assets are properly recorded and safeguarded? 
c) Are there controls to ensure the accuracy of financial information held w ithin the 
department? 
d) Are there controls to ensure all transactions are processed accurately, completely and on a 
timely basis? 
82 
e) Are there controls to ensure all income is collected/ received? 
83