COMPLIANCE MANAGEMENT FRAMEWORK Presenter Sandiso Thutshini Director PFMA

COMPLIANCE MANAGEMENT FRAMEWORK Presenter: Sandiso Thutshini | Director: PFMA Compliance | 08 September 2016

PURPOSE To assist the Accounting Officers/ Authorities of PFMA Compliant institutions to improve the levels of compliance by their respective Institutions with all applicable compliance obligations. 2

LEGISLATIVE REQUIREMENTS q Sec 38(1)(n) of the PFMA - AO must comply and ensure compliance by their institutions with the provisions of the Act; q TR 3. 1. 10(f) - the audit committee must, amongst others, review the institution’s compliance with legal and regulatory provisions; and q TR 3. 2. 11(e) - The internal audit function must assist the accounting officer in maintaining efficient and effective controls by evaluating those controls to determine their effectiveness and efficiency, and by developing recommendations for enhancement or improvement. The controls subject to evaluation include compliance with laws, regulations and controls. 3

LEGISLATIVE REQUIREMENTS Cont. . q Regulation 14 of the revised Treasury Regulations – • Requires AO to ensure that sufficient capacity exists within their institutions to prevent, detect and mitigate any non-compliance with the applicable financial management regulatory framework; q How - by establishing a compliance function with such roles and responsibilities as prescribed by National Treasury Instruction. • King III – Compliance structure and appointment of Compliance Officer to manage and monitor compliance; • King IV – To assist organisations to move beyond a mere compliance (compliance with the letter of the law) to compliance with the spirit of the law. 4

APPLICABILITY OF THE FRAMEWORK q National and provincial departments; q National and provincial trading entities; q Constitutional institutions; and q Schedule 3 (a) and 3 (c) public entities. 5

CONSEQUENCE MANAGEMENT q Sections 81 of the PFMA - An AO commits an act of financial misconduct if that AA wilfully or negligently— • fails to comply and ensure compliance with any provisions of the PFMA; and • makes or permits an unauthorised expenditure, an irregular expenditure or a fruitless and wasteful expenditure; and q Sections 81(2) of the PFMA - An official to whom a power or duty is assigned in terms of section 44 commits an act of financial misconduct if that official wilfully or negligently fails to exercise that power or perform that duty. 6

CONSEQUENCE MANAGEMENT Cont. . Section 38(1)(h) of the PFMA – AA must take effective and appropriate disciplinary steps against any official who— (i) contravenes or fails to comply with a provision of the PFMA; (ii) commits an act which undermines the financial management and internal control systems of the institution; and (iii) makes or permits an unauthorised expenditure, irregular expenditure or fruitless and wasteful expenditure (UIF). 7

COST vs. BENEFIT COMPLIANCE FUNCTION q In the past 4 years the Department of Health has incurred R 1. 2 billion in legal costs relating to medical malpractice; q Ekurhuleni has won an R 11. 6 m lawsuit against the Gauteng health department; and q A major airline in South Africa was fined R 900 000 for failing to comply with the Employment Equity Act (EEA). q Big four banks fined 125 mil for non compliance with FIC, 8

COMMON NON-COMPLIANCE FINDINGS q Supply Chain Management: • Transgression of SCM prescripts; q Asset Management: • No proper control systems to safeguard and maintain assets; q Material misstatements identified in: • Non-current assets, liabilities, expenditure and disclosure items; q AFS not prepared in accordance with the prescribed financial reporting framework; q Expenditure Management • AA did not take effective steps to prevent irregular and fruitless and wasteful expenditure. 9

NON-COMPLIANCE AREAS Cont. . q Irregular Expenditure: • Supply chain management (SCM); and • Human resource management practices. q The of non-compliance relate to irregular expenditure as a result of transgressions of the SCM prescripts as follows: • Procurement without following competitive bidding processes; • Procurement without obtaining quotations; • Non-compliance with procurement processes; and • Non-compliance with legislation on contract management. 10

COMPLIANCE IMPLEMENTATION PLAN No Key Activities Year 1 Year 2 1 Approved compliance structure/ organogram X 2 Approved compliance job descriptions/ specifications X 3 Capacitate compliance management function X 4 Approved compliance risk management policy X 5 Compliance policy statement X 6 Approved compliance risk management framework/ manual X 7 Approved compliance charter X 8 Approved compliance risk management plan X 9 Include compliance matters in the performance agreements of the top management X 10 Appoint risk champions/ Risk Committee X 11 Inclusion of the compliance responsibilities into the auditor other committee charter X 12 The formats, structure and content of compliance report X 13 Training and Awareness X 11

IMPLEMENTATION OF COMPLIANCE FUNCTION q Compliance Management function - New concept in the public sector; q Budget constraints; q Phased approach to compliance implementation; q Compliance function matures over time; q Information sessions – National Treasury; and q Formal compliance qualification – UJ, UCT & Compliance Institute of SA 12

THREE LINES OF DEFENCE 13

DIFFERENT ASSURANCE PROVIDERS q Internal Control Function; q Risk Management Function; q Compliance Management Function – Norms & Std. is not Compliance; q Security and quality assurance; q Internal Audit Function; q External audit function; and q Regulators. 14

COMBINED ASSURANCE q King III – Audit committee should ensure that a combined assurance model is applied to provide a co-ordinated approach to all assurance providers. Management Internal Assurance Providers External Assurance Providers Combined Assurance 15

ASSURANCE PROVIDERS Compliance Management - Maintain & update CU. - Educate management & Board - Facilitate legislative risk prioritization - Maintain CRMP - Assist business with implementations of operational compliance - Monitor & Report Risk Management - Conduct legislative risk prioritization - Facilitate completion of compliance risk registers with ratings and mitigating actions - Ensure awareness on the part of management & board on risk consequences of non compliance Internal Audit - Assess adequacy & Effectiveness of compliance processes; - Systems & Structure, highlight key weaknesses and associated risks noted and make recommendations 16

COMPLIANCE FUNCTION q Compliance function assesses the conformity of the institution with compliance obligations - Compliance requirements and commitments; q The compliance function should be independent – Report “ideally” functionally to the AC and administratively to the AA; and q The concept of independence involves four related elements- 17

COMPLIANCE FUNCTION Cont. . q Firstly - should have a formal status within the institution; q Secondly - there should be Head of compliance with overall responsibility for co-ordinating the management of the compliance risk; q Thirdly - Staff and Head should not be placed in a compromised position where there is perceived or actual conflict of interest; and q Fourthly - Staff with appropriate number of competency with sufficient independence to fulfil their role objectively. 18

COMPLIANCE FUNCTION Cont. . q External & internal audit – focus mainly on financial management; q Identify all applicable laws and regulations, and prioritise them – Compliance Universe: H&S Act, POCA, Refugee Amendment Act, etc. q Training and awareness - to management and staff; q Research and update the institution on upcoming legislative changes; q Develop CRMP’s and monitor implementation; and q Assess the institutions compliance with applicable laws and regulation. 19

ANNUAL COMPLIANCE PLAN 20

HEALTH INDUSTRY REGULATORY UNIVERSE LEGISLATION 21

HEALTH INDUSTRY REGULATORY UNIVERSE CODES AND GUIDELINES 22

COMPLIANCE RISK ASSESSMENT TEMPLATE Legislation/Industry Code/Bill Public Finance Management Act Inherent Affected Overall Penalty for Risk Rating Category non. Likelih Department Rating Impact compliance ood Finance, Financial Budget, IA, Core 5 5 5 misconduct Risk management plan in place Yes Treasury Regulations Public Service Act Public Service Regulations Protected disclosure Act Employment Equity Act Protection of personal Information Act Broad Based Economic Empowerment Act Prevention of combating corrupt activities Act Prevention of organized crime 23

COMPLIANCE RISK ASSESSMENT TEMPLATE 24

COMPLIANCE MONITORING PLAN 25

CONCLUSION q Effectiveness – Consequence Management; Tone at the top; Independence; q Compliance culture – Can it be taught; instill the culture of compliance at development stages of our scholars? q Institutions – Start preparing for compliance functions; i. e. address governance issues; q National Treasury – Provide information sessions; and avail compliance framework and Guidelines; q Outsourcing – Internal capacity still required to oversee outsourced function. 26

THE END 27