Interfront Annual Report 2022

PART C: GOVERNANCE 52 • Control Activities are policies and procedures created to ensure that directives are known, understood and diligently adhered to. This includes, inter alia, approval authorisation, verification, reconciliation, performance appraisals, security of assets, and segregation of duties. Approval authorisation and the segregation of duties are managed through the Interfront Delegation of Authority and policies and procedures adopted and implemented in Interfront. Performance appraisals of staff are conducted bi-annually. The performance of Interfront is reviewed every quarter against its annual targets, as set out in its Annual Performance Plan. The Financial Statements, Cash Flow Projection, and Budget vs. Actual reports are submitted for review at every Board meeting. Policies and procedures have been developed and adopted to secure Interfront’s assets and regulate the movement and control thereof. • Information and Communication strengthen internal controls and are important for day-to-day functioning. Management and employees must have access to relevant, complete, reliable, correct and timely information to make informed decisions. It is important that communication flows top-down and bottom-up. EXCO meets with Line Managers on a monthly basis to discuss matters and concerns within their teams, company- wide risks, as well as matters that require management attention. A strategic workshop attended by Interfront EXCO and Line Managers was held over a period of two days before the commencement of the 2022/2023 financial year. A new five-year Strategic Plan and the Annual Performance Plan for the 2022/2023 financial year were developed at the workshop. The session also involved the review and update of Interfront’s Risk Register. • Monitoring Activities entail ensuring that internal controls are understood and adhered to. The Delegation of Authority is continuously reviewed and updated to ensure and maintain the segregation of duties. Policies are reviewed and aligned with changes in circumstance, Internal Audit reviews, and the AGSA conduct annual audits. 8.1 Internal Audit Interfront contracts the services of the SARS Internal Audit unit. The assurance services provided by Internal Audit entail an objective examination of evidence for the purpose of providing an independent assessment of governance, risk management, and the control environment at Interfront. Internal audit encompasses the examination and evaluation of the adequacy and effectiveness of Interfront’s system of internal control and the quality of performance in carrying out assigned responsibilities. The Internal Audit unit of SARS reviewed and provided an opinion on the adequacy and/or effectiveness of Interfront’s controls. A follow-up audit was conducted, based on the audit of the Predetermined Objectives. A reported finding related to the actual reported SLA achievement that was incorrectly calculated for the performance indicator: ‘Provide effective software support services to SARS’. Management actions on the finding included, inter alia, the automisation of the SLA calculation. Although the implementation date of the automated system was overdue, Internal Audit found that adequate process was followed by Interfront in implementing the agreed management actions. Interfront’s COVID-19 response measures were audited and the control environment around COVID-19 response measures were assessed as adequate. In addition, Interfront’s Stakeholder Relations Management was audited and based on Internal Audit’s preliminary assessment, the stakeholder relations management process in place is sufficient for the size of Interfront. 8.2 Audit and Risk Committee The Interfront Audit and Risk Committee has been combined with the SARS Audit and Risk Committee, as provided for in the Treasury Regulations and the Companies Act. This allows for independent oversight. 8. INTERNAL CONTROL UNIT (CONT.)