Download the brochure: Auditing MSCOA
The mSCOA is a significant project, and as such poses various risks to local government, with the more important risks including the following:
- Inability of some of the current system vendors to accommodate the technical specifications of the mSCOA, which will result in significant changes to current systems and/or the implementation of new systems.
- Capacity and skill constraints on the part of the municipalities to manage the change to the mSCOA classification framework.
- Funding constraints related to implementation of the mSCOA.
- Technical complexity of the mSCOA classification framework.
- Insufficient support and action from provincial treasuries in the roll-out and implementation of the mSCOA.
- Budget constraints from a project assurance perspective (internal or external audit)
- Possible errors in the migration of the current financial information to the new the mSCOA classification framework, which may also include migration to a new system; e.g. incorrect take-on balances, user errors, system failures/ errors, etc.
Internal audit can add value by evaluating the adequacy and effectiveness of the processes in place to ensure the reliability and integrity of the data used in the new financial classification framework. The training includes linking the critical GRAP standards with the effective application of the mSCOA framework.
What is mSCOA?
mSCOA is not just a budget/finance reform – it is a business reform affecting the entire municipality (including public entities) and all municipalities and municipal entities must comply from 1 July 2017.
It includes the following:
- mSCOA is a structure of municipal accounts (comprising of 7 segments)
- mSCOA is a standardisation of a financial classification framework introduced by National Treasury
- ThWe primary objective of mSCOA is to achieve an acceptable level of uniformity and quality from the collection of data
- The data is then used to compile both budgets and financial statements
- Budgets and financial transactions are captured in the system by using 7 segment codes
- All 7 mSCOA segments must be used to record a single transaction
Internal auditors will be able to:
- Understand mScoa, its objectives and its intended outcomes;
- Understand all the circulars and versions of the different mScoa rollout;
- Identify all the key risks attached to the process;
- Apply their own role in providing assurance on the process;
- Project process – Internal Audit will be able to provide assurance by:
- Verifying that standard operating procedures are in place.
- Validating completion of testing and data conversion processes.
- Advising and help identify relevant key process-level risks and control gaps.
- Supporting the design of business process controls to mitigate process-level risks and provide certification analysis.
- Ensuring interdependent risks are being managed.
- Technology – Internal Audit will be able to provide assurance by:
- Ensuring that functional needs, including forms and reports, are in place.
- Auditing hardware and software environment (operating system, network, user workstations, printers).
- Evaluating interface projects.
- Measuring application, operating system and network security.
- Evaluating IT system integration and data migration in terms of both quality and security.
- Validating and tracking benefits and cost savings.
- Risk management – Internal Audit will be able to provide assurance by:
- Evaluating the risks inherent in the conversion process.
- Monitoring changes to the overall organisation risk profile.
- Re-prioritising audit focus, as appropriate, given the demands of conversion.
- Monitoring the conversion impact on the controls.
- Data conversion – Internal auditors will be able to assess the accuracy and completeness of the systems and data requirements for the IT solution, including:
- Data cleaning is one of the most problematic areas and it is critical that clean data gets moved to the “new systems” for mSCOA implementation. Therefore, it is imperative that the data cleaning prior to the “move” should be tested properly.
- Assessing the completeness and appropriateness of management’s systems and database design, including the security aspects.
- Reviewing the production systems and associated client data to ensure data integrity is maintained and back-out plans in the event of a problem are effective.
Who should attend?
Internal auditors and risk managers auditing in the information technology environment.
- Lectures 15
- Quizzes 0
- Skill level All levels
- Language English
- Students 74
- Certificate Yes
- Assessments Yes