Abstract
M.Comm. (Computer Auditing)
The internal auditors play an important role in any organisation, irrespective of the type of
audit they perform. Metropolitan municipalities (Category A municipalities) in South Africa
are established in terms of Section 155.1(a) of the South African Constitution as
municipalities that execute all the functions of local government for a city and that have
sufficient resources to perform municipal functions, as opposed to areas that are primarily
rural, where the local government is divided into district municipalities and local
municipalities.
Recently, many weaknesses have been reported regarding these municipalities. This is
evident when looking at the recent billing problems experienced within the City of
Johannesburg metropolitan municipality, during which the city blamed its Project
Phakama, an IT system intended to integrate municipal services accounts into one
database for effective accounts management, for any deficiencies.
The above considerations triggered the need to conduct this study. The study focuses on
the types of internal IT audits that are conducted within these municipalities, the
independence of the internal audit departments, the audit standards/guidelines/legislation
followed, the roles and responsibilities of IT auditors, the knowledge expected from IT
auditors, the IT audit skills (both core skills and soft skills) required to perform the audits
and the IT audit tools and techniques that are applied while performing the internal audits.
The study was therefore conducted to establish the functioning of the information
technology internal audit departments at metropolitan municipalities in South Africa, given
the above background.
A quantitative research methodology was followed in the study, in which a detailed
questionnaire was designed and sent to all heads of IT audits/Chief Audit Executives
(CAE) in all eight metropolitan municipalities in order to find answers that would achieve
the above-mentioned objectives. Seven out of the eight metropolitan municipalities in
South Africa participated in the study.
This study revealed the following key results, general controls reviews were the most
performed type of audit, and municipalities were found to forward their internal audit
reports to both municipal managers and audit committees. Computer knowledge is
considered to be the main expected knowledge from the IT auditors, audit and technical
skills are considered to be the most important core skills required from any IT auditor. The
Municipal Finance Management Act (MFMA) is found to be used by all municipalities while
conducting their internal audits. The detection role is singled out as the main role played
by IT auditors in municipalities, followed by the oversight role. Ensuring that IT policies,
procedures, laws and regulations are managed in accordance with standards, as well as
identifying and evaluating IT risks are considered by internal auditors in municipalities as
the most important responsibilities they perform on daily basis.