BarnOwl Software for the Public Sector

The challenge

The public sector is required to meet higher governance standards by complying with national legislation such as the PFMA (Public Financial Management Act) and the MFMA (Municipal Financial Management Act). The Executive Authority is accountable to the legislature / parliament in terms of the achievement of the goals and objectives of the Institution.  The Executive Authority should take an interest in risk management to the extent necessary to obtain comfort that properly established and functioning systems of risk management are in place to protect the Institution against significant risks. As risk management is an important tool to support the achievement of this goal, it is important that the Executive Authority should provide leadership to governance and risk management.

Typical business challenges facing public sector institutions include:

The Legislation

The following is a brief extract of the sections in the PFMA which refer to risk management and internal control / audit assurance:

38. General responsibilities of accounting officers.—(1) The accounting officer for a department, trading

entity or constitutional institution—

(a) must ensure that, that department, trading entity or constitutional institution has and maintains—

(i) effective, efficient and transparent systems of financial and risk management and internal control;

(ii) a system of internal audit under the control and direction of an audit committee complying with and operating in accordance with regulations and instructions prescribed in terms of sections 76 and 77;

51. General responsibilities of accounting authorities.—(1) An accounting authority for a public entity—

(a) must ensure that, that public entity has and maintains—

(i) effective, efficient and transparent systems of financial and risk management and internal control;

(ii) a system of internal audit under the control and direction of an audit committee complying with and operating in accordance with regulations and instructions prescribed in terms of sections 76 and 77;

3. Internal control

3.1 Audit committees

3.1.10 The audit committee must, amongst others review the following—

(a) the effectiveness of the internal control systems;

(b) the effectiveness of the internal audit function;

(c) the risk areas of the institution’s operations to be covered in the scope of internal and external audits;

(d) the adequacy, reliability and accuracy of the financial information provided to management and other users of such information;

(e) any accounting and auditing concerns identified as a result of internal and external audits;

( f ) the institution’s compliance with legal and regulatory provisions; and

(g) the activities of the internal audit function, including its annual work programme, coordination with

the external auditors, the reports of significant investigations and the responses of management to

specific recommendations.

3.1.13 In addition to the above, an audit committee must, in the annual report of the institution, comment on—

(a) the effectiveness of internal control;

(b) the quality of in year management and monthly/quarterly reports submitted in terms of the Act and

the Division of Revenue Act; and

(c) its evaluation of the annual financial statements.

3.2 Internal controls and internal audit

3.2.1 The accounting officer must ensure that a risk assessment is conducted regularly to identify emerging risks of the institution. A risk management strategy, which must include a fraud prevention plan, must be used to direct   internal audit effort and priority, and to determine the skills required of managers and staff to improve controls     and to manage these risks. The strategy must be clearly communicated to all officials to ensure that the risk management strategy is incorporated into the language and culture of the institution.

3.2.7 An internal audit function must prepare, in consultation with and for approval by the audit committee –

(a) a rolling three year strategic internal audit plan based on its assessment of key areas of risk for the institution, having regard to its current operations, those proposed in its strategic plan and its risk management strategy;

9. Unauthorised, irregular, fruitless and wasteful expenditure

9.1 General

9.1.1 The accounting officer of an institution must exercise all reasonable care to prevent and detect unauthorised, irregular, fruitless and wasteful expenditure, and must for this purpose implement effective, efficient and transparent processes of financial and risk management.

King IV code (copyrighted to The Institute of Directors Southern Africa) and municipal and public sector entities:

Principle 4: The council / accounting authority should appreciate that the municipality’s / entity core purpose, its risks and opportunities, strategy, business model, performance and sustainable development are all inseparable elements of the value creation process.

Principle 11: The council / accounting authority should govern risk in a way that supports the municipality / entity in setting and achieving its strategic objectives.

Principle 13: The council / accounting authority should govern compliance with applicable laws and adopted, non- binding rules, codes and standards in a way that support the municipality / entity being ethical and a good corporate citizen.

Principle 15: The council / accounting authority should ensure that assurance services and functions enable an effective control environment, and that these support the integrity of information for internal decision-making and of the municipality’s / entity’s external reports.

The solution

The Public Sector Risk Management Framework (Framework) has been developed (by National Treasury) in response to the requirements of the Public Finance Management Act and Municipal Finance Management Act for Institutions to implement and maintain effective, efficient and transparent systems of risk management and control.

Public sector institutions need an effective way of prioritising and managing risk across the institution in order to comply with the legislation. Proactive risk management involves the documenting and managing of risks, controls, incidents / near misses and the ongoing monitoring of risk mitigation plans.

How BarnOwl facilitates the solution

BarnOwl GRC software streamlines your GRC processes, integrates risk, compliance and assurance information on a centralised platform, standardises risk and control taxonomies and offers the flexibility and scalability required for your changing business environment. BarnOwl:

The Benefits of using BarnOwl

The benefits of using BarnOwl include:

Links to References, Case Studies and Resources

BarnOwl is the preferred Risk Management software solution for the Public Sector endorsed by the OAG (Office of the Accountant General). Some of our public sector clients include National Treasury, SARS, Office of the Premier Western Cape, Department of Transport, Department of Labour, Compensation Fund, City of Cape Town and various municipalities such as Mogale City, Mbombela, Amathole, Drakenstein, Stellenbosch, Breede Valley and Auditor General South Africa (AGSA).


“We started using Barnowl four years ago…a journey worth taking”, Betty Spencer , Risk Management Director

Find a solution to suit your needs

View Knowledge Centre

See BarnOwl in Action!

For every industry, no matter the size of the business, BarnOwl is the ultimate GRC and the audit software solution to assist you in the achievement of your strategic goals with a high degree of confidence.

Interested in learning more?

© 2022 IDI Technology (Pty) Ltd | PAIA | BBEE Certificate | Tax Clearance Certificate | Privacy Policy | Data Processing Agreement