Abstract
Background: Internal controls in the supply chain management (SCM) are very important as they are the checks and balances that ensure compliance with rules and regulations. Internal controls further promote compliance, increase transparency and accountability and reduce the risk of fraudulent transactions.
Objectives: The study examined the factors influencing internal controls within the SCM function in the Department of Social Development (DSD), South Africa.
Method: Using a qualitative research approach and a case study design, data were collected through semi-structured interviews. Thematic analyses were used to interpret the findings.
Results: The study’s findings established that there are challenges affecting the effectiveness of internal controls in the SCM function, namely, poor policy implementation, outdated SCM policy, a lack of training on policies and procedures, inadequate monitoring and evaluation of SCM, non-compliance with SCM rules and regulations, capacity constraints in the SCM directorate and a lack of consequence management.
Conclusion: Effective internal controls are crucial for organisations to compete successfully in the supply chain environment. In this regard, there must be adherence to financial management processes and procedures that guide and serve as internal controls.
Contribution: The study contributes towards the strengthening of internal controls in the DSD by paying particular attention to the five essential components of the Committee of Sponsoring Organizations (COSO) framework.
Keywords: Department of Social Development; internal controls; public sector; supply chain management; South Africa.
Introduction
All organisations, including those in the public sector, rely on internal controls as a standard for ensuring efficiency, reliability and compliance in their operations. Internal controls play a vital role in managing risks, safeguarding assets, enhancing transparency and improving overall performance, particularly in supply chain management (SCM) (Fourie 2007; Sibanda, Zindi & Maramura 2020). Over the past two decades, research has shown that these controls are essential for ensuring the sustainability and effectiveness of supply chain processes. They not only help organisations prevent fraud and manage risks but also allow them to remain competitive in a dynamic environment (Saro, Keitany & Rop 2021). Public sector institutions, like all others, benefit significantly from implementing robust internal controls to ensure accuracy and reliability within their SCM systems (Saro et al. 2021).
The Framework for SCM governing internal controls in the South African public sector was officially published on 05 December 2003 in the Government Gazette, namely in the Public Finance Management Act (PFMA). Section 3 (2) of the Act mandates that the framework adhere to Section 217 of the Constitution, which imposes the duty on all government departments to procure goods and services in a manner that is fair, equitable, transparent, competitive and cost-effective.
In 2020, the Auditor-General South Africa (AGSA) released preventative control guides to assist the public institutions in improving such controls. These are aimed at assisting Accounting Officers (AOs) in building a strong control environment and key controls that should be in place to prevent accountability failures (AGSA 2020).
Internal controls are important in SCM in South Africa because they ensure the effectiveness and efficiency of financial reporting, compliance with SCM laws and regulations, and early identification and curbing of irregular, fruitless and wasteful expenditure (Sibanda et al. 2020; Zindi & Sibanda 2022). The absence of effective internal control mechanisms in the public sector has been a persistent problem in South Africa, hindering the provision of essential services to the public (Soopal 2023).
For this reason, studying internal controls in SCM in South Africa is crucial for improving SCM practices, enhancing procurement performance and achieving key objectives in various departments (Ntibane 2018). Sibanda et al. (2020) indicate that well-monitored internal control systems are essential for detecting and mitigating SCM risks and safeguarding finances from misappropriation.
Various studies have investigated the function of internal controls in SCM. Wu (2017) highlights the importance of implementing a robust internal control system to improve competitiveness. Wu also proposes the use of factor clustering analysis to create a supplier quality evaluation management system. Salcedo et al. (2013) present a two-degrees-of-freedom internal model control framework to reduce the bullwhip effect in supply chain inventory management. Liu (2018) examines the financial internal control of supply chain finance, emphasising its significance in facilitating the seamless progress of financial enterprises. These studies emphasise the crucial need for internal controls in maximising SCM. In order to enhance our comprehension of this occurrence, our research investigates the variables that impact the internal controls within the SCM function at the Department of Social Development (DSD).
We adopt the definition of internal controls adopted by Wu (2017) and the Committee of Sponsoring Organizations (COSO) (2008), that created the COSO Framework, a system used to integrate internal controls, that define internal controls in SCM as encompassing the mechanisms established to ensure efficient, effective and compliant operations within the supply chain. These controls are crucial for managing risks, preventing fraud, ensuring process accuracy and safeguarding assets and information (Wu 2017). COSO (2008) notes that internal control provides reasonable assurance for the achievement of objectives such as operating results, authenticity of financial reports and compliance with applicable laws.
This study makes several contributions to the literature. Firstly, it complements previous studies that emphasise the important role of internal controls in optimising SCM (Liu 2018). Secondly, it provides valuable insights for specialists and practitioners in the public sector’s SCM field. Thirdly, the study will contribute to the proactive detection and mitigation of weaknesses in public sector internal control systems, reducing the likelihood of fraud, errors and other issues. Additionally, the study will aid public institutions in improving efficiency, cost savings and overall performance, and identifying opportunities for streamlining processes, reducing waste and enhancing the effectiveness of their supply chain operations.
This article is structured as follows: the theoretical framework is followed by the literature review, methodology, and finally the findings and discussion of the study.
Literature review
Multiple definitions of internal control exist. In 1949, the American Institute of Accountants provided the initial definition of internal control as the organisational plan and various methods and measures implemented within a company to protect its assets, verify the accuracy and dependability of its accounting information, enhance operational efficiency and promote compliance with managerial policies. The internal control system is an essential component of organisations because it encompasses continuous activities and responsibilities carried out by individuals, providing a reasonable level of confidence that the organisation’s objectives will be achieved. An efficient internal control system aids an organisation in attaining its goals of delivering dependable financial information and protecting its assets and other important resources (Hoai, Hung & Nguyen 2022). The COSO provides a comprehensive definition of internal control. According to COSO (2013), internal control refers to the procedures implemented by an organisation’s directors, management and employees to provide reasonable assurance in achieving objectives related to operations, reporting and compliance. Additionally, internal controls can be categorised into three main areas: the accuracy and trustworthiness of financial reporting, the efficacy and efficiency of operations and adherence to relevant laws and regulations.
Furthermore, according to INTOSAI (2019), internal control is defined as the act of safeguarding resources from loss, misuse and damage, with the stated objective of preservation. Abiodun (2020:6407) agrees that internal controls are established to protect assets, prevent theft and misuse of assets and detect and deter fraudulent actions.
Cheng, Goh and Kim (2015:28) define an internal control system as a method that guarantees both operational and financial efficiency. Therefore, in order to prevent vulnerabilities in the execution of internal controls, such as limitations in resources within business units, inadequate human resource procedures and discrepancies in reconciling contingent liabilities, it is necessary to establish a system of internal control to protect both financial and non-financial assets.
Internal control is a system that guarantees an organisation establishes and enforces policies and procedures to effectively manage and maintain good governance within the SCM process. Sibanda et al. (2020) state that internal control guarantees the accuracy, timeliness and compliance of financial reporting with SCM norms and regulations. Management is responsible for ensuring that internal control systems are strengthened to eliminate vulnerabilities in the system. Mwangi and Muturi (2018) argue that internal controls have the capacity to provide management with assistance in fulfilling their duties, a fact widely acknowledged.
The comprehensive nature of controls implies that internal controls are applicable to all aspects of an organisation, and the implementation of a control framework, a systematic approach to consolidating control concepts into a unified entity, is undeniably essential. It is necessary to implement controls when there are hazards that could hinder the achievement of objectives, indicating a high probability of failure.
Owusu-Ansah (2019) asserts that the internal control system is the main element of any organisation. Hence, the establishment and application of public internal controls in the management processes are critical for ensuring good financial management, transparency, efficiency and effectiveness in public sector firms (Ujkani & Vokshi 2019). Internal controls are necessary for all aspects of ongoing management activities, including the provision of important public services and the distribution, allocation and redistribution of financial resources. Furthermore, internal control is essential for assessing the performance of public organisations in relation to their distinct aims, objectives and anticipated outcomes (Lartey et al. 2022). Effective internal control is crucial for the public sector to operate in accordance with legal frameworks, maintain high ethical standards and promote adherence to internal norms controlling the public service (Christl et al. 2020).
All public officials are required under Section 57 of the PFMA of 1999 to use financial and other resources entrusted to public institutions efficiently, effectively, economically and transparently in the South African public sector. The government is committed to modernising public sector administration to make it more approachable and attentive to the demands of the communities it serves (National Treasury 2004). Soon after the multiracial elections in 1994, the government started several financial and fiscal changes. The government aims to transform public procurement to achieve its socio-economic reform policy objectives. The procurement reform began in 1995 and focusses on two principles. These principles are the promotion of good governance and the introduction of the preference point system to address certain socio-economic objectives.
It was of critical importance to introduce and implement the reforms within the SCM environment. Thus, the decision of the government to undertake the Country Procurement Assessment Review (CPAR) together with assistance from the World Bank. This aim was to assess the public procurement system and recommend suitable actions to improve and enhance the procurement process’ economy, efficiency and transparency. This task was carried out in December 2001 by a task team comprising National Treasury (NT) officials, the Department of Trade and Industry, Public Enterprises and Public Works, the AGSA, the South African Revenue Services (SARS), the provincial government and the World Bank. The aforementioned activities led to the introduction of SCM in the South African public sector.
In order to tackle the implementation of internal controls, there are regulatory frameworks that provide guidance for the application of internal controls in the public sector. The Constitution mandates the efficient, effective and economical management of public resources. In order to accomplish this, a strong and effective system of internal control is necessary. Efficient control procedures provide confidence that government activities are carried out in a systematic manner, with coherence, standardisation, benevolence and a strong commitment to public service, as mandated by the Constitution (National Treasury 2014). Section 195 of the Constitution outlines principles for good governance in the public sector, including the requirement for the efficient, economical and effective utilisation of resources (Whittle & Nel-Sanders 2022).
The NT has released a regulatory framework under the PFMA to establish the minimum norms and requirements for SCM activities in the government (National Treasury 2004). The framework mandated the Administrative Officer (AO) to establish and execute a proficient and streamlined SCM system for procuring goods and services, as well as for disposing and leasing public assets. This measure was implemented to set a mandatory reporting standard for AOs to follow in their individual departments. Furthermore, it is mandatory for every government agency to implement an SCM policy as an integral component of their financial management.
In addition, there are crucial entities entrusted with the duty of establishing efficient internal controls in government departments. The internal control drivers are responsible for the governance of internal controls. Efficient administration of internal controls ensures the prompt and precise compilation of accounting records, and guarantees the correctness and reliability of reported financial information. Effective management of internal controls can improve service delivery and prevent unfavourable outcomes.
Internal audit is a mandated activity as outlined in Section 38(1)(a) of the PFMA of 1999 and Chapter 3, paragraph 3.2 of the Treasury Regulations of May 2000 (South Africa 1999). The Internal Audit Committee assists public organisations in performing tasks and maintaining controls and procedures (Public Sector Audit Forum 2019). Audit committees are mandated by the PFMA to evaluate the efficacy of internal control systems. The principal internal control functions of the internal audit at a public institution encompass monitoring, evaluating and reporting on the institution’s internal control mechanisms. The internal audit is tasked with monitoring, analysing and reporting on the diverse risks encountered by the institution, encompassing the complete internal control system.
Mnguni and Subban (2022) assert that the audit committee must formulate a plan to supervise the execution of controls and identify any occurrences of management circumventing internal controls. Mnguni and Subban (2022) argue that the audit committee must develop a strategy to oversee the implementation of controls and detect any instances when management may bypass internal controls.
Ngcobo and Malefane (2017) assert that internal auditors play a crucial role in driving internal controls. Efficient management of internal controls enhances accountability, minimises asset loss, guarantees the timely and accurate preparation of accounting records and ensures reliable reporting of financial information. The National Treasury (2005) outlines the audit committee’s duties in relation to internal controls. These include auditing the institution’s control systems, overseeing management’s actions in response to reported control deficiencies and system issues, and verifying the accuracy of produced information. Efficiently overseeing internal controls can also enhance service delivery and discourage unfavourable results.
The external auditor assesses the implementation of internal controls in the areas of financial statements, reported performance information and compliance with key legislation as part of the annual audit. The results of this evaluation are included in the auditee’s management report, as stated by the Independent Regulatory Board for Auditors in 2019. The auditor’s report includes the disclosure of internal controls that led to a modified opinion on financial accounts, as well as the discoveries made in the annual performance report and the assessment of conformity with significant legislation. According to the Institute of Internal Auditors (2006), auditors oversee the efficiency of management’s internal control system in order to detect and minimise the factors that give rise to corruption, such as fraud, inappropriate or abusive behaviour, and other forms of misuse of power and resources by government officials. The Office of the AGSA is established under the Auditor-General Act 12 of 1995. The main duties of the Auditor-General consist of carrying out audits to assess both the compliance and effectiveness of operations. In addition, the Auditor-General assesses the extent to which the financial statements adhere to the framework for financial reporting (Ncgobo & Malefane 2017).
The Treasury Department is responsible for establishing and maintaining an internal control system that ensures recorded transactions are legally authorised and accurately reflect the use of all public financial resources by the government reporting body. According to Sections 6(2)(e) and 18(2)(f) of the PFMA of 1999, the NT is authorised to assess the internal control systems of any public enterprise, department or constitutional institution. Moreover, they have the authority to intervene as needed to guarantee the proper operation of these systems.
Furthermore, management is tasked with implementing an internal control system to monitor and protect the resources of a public organisation. This managerial role is part of the broader managerial process, which includes planning, organising, leading and controlling activities. Although these administrative activities can be distinguished, they are deeply interrelated. The importance of management’s responsibility and engagement in internal control is paramount, as the entire management process revolves around it.
Turedi and Celayir (2018) state that the business management is accountable for creating and executing the internal control structure. Additionally, Section 57 of the PFMA outlines that managers play a crucial role in internal control as they are accountable for overseeing internal control activities based on their level of authority and functional duties. The individuals have a shared responsibility to guarantee that operations are carried out efficiently and effectively, financial reporting is accurate, internal control procedures are followed and good governance practices are upheld (Ncgobo & Malefane 2017).
Furthermore, it is imperative that every official who abides by certain processes, instructions or directives also actively contributes to their effective implementation by complying with the established controls. The officials to whom specific responsibilities were assigned by the AO, as outlined in Section 44 of the PFMA, must ensure that the financial management and internal control system is implemented within their designated responsibilities, as stated in Section 45(a) (South Africa 1999).
There has been a continuous increase in internal control deficiencies in South African public sector organisations, which adversely affect the delivery of services. The failure to put preventive measures into action, along with a lack of responsibility, has led to substantial difficulties in the South African public sector. These obstacles include the mishandling of finances and the inadequate provision of critical services to citizens in a manner that is both effective and efficient. Furthermore, this has rendered numerous public entities susceptible to exploitation, leading to certain entities being a financial liability to the government because they necessitate ongoing financial assistance.
As an illustration, between 2018 and 2021, the National Student Financial Aid Scheme (NSFAS) disbursed an amount of R5 billion to more than 40 000 students who according to the funding criteria did not qualify because their household income exceeded R350 000 (Child 2023). This indicates a lack of effective internal control mechanisms to ensure that only students who fulfilled the criteria received the funds.
An additional illustration would be the South African Post Office (SAPO). In the 2021/22 financial year, SAPO was issued a disclaimer of audit opinion acknowledging uncertainty about its ability to continue operations. According to Soopal (2023), the audit report highlighted several internal control issues, which include:
The management heavily relied on clearing accounts that were rarely reconciled. They did not always reconcile and clear long-standing issues even when supporting documentation was provided. Many restrictions and errors were also encountered because of human errors in reconciliation and a lack of timely completion of assurance mechanisms to verify information accuracy and completeness.
The public institution also lacked a record management system to support its yearly performance report. This affected performance data collection, verification, storage and reporting. It also impacted SCM, where inefficient handover practices during employee resignations prevented effective record-keeping. There is a lack of accountability in record-keeping in these divisions.
The 2021–22 AGSA reports indicate that the Department of Cooperative Governance disbursed payments to government employees who did not meet the qualifications for the Community Work Programme. This was done because of inadequate internal controls for approving and processing payments. Similarly, the North West Department of Human Settlements overpaid a selected supplier for project management services by R2.98 million because of a lack of suitable internal controls.
The lack of implementation of internal controls, together with insufficient accountability, has resulted in notable problems within the public sector, including financial mismanagement and inadequate service delivery to citizens.
Conceptual framework
According to the COSO framework, internal controls have five essential components: control environment, risk assessment, control activities, information and communication, and monitoring. Each component has 17 principles relevant to it. All five components of internal controls are interrelated and impact one another’s outcomes (Länsiluoto, Jokipii & Eklund 2016). The COSO Framework was developed and published in 1992 and updated in 2013. The 2013 Framework is anticipated to assist organisations with internal control design and implementation in light of the numerous business and operating environment changes that have occurred because of the release of the original Framework. It further expands the use of internal control in addressing operations and reporting goals and clarifies the criteria for identifying what constitutes effective internal control (COSO 2022).
According to McNally (2013:4), the COSO framework is still adjustable to a given company’s organisational structure, enabling you to think about internal controls at the entity, divisional, operating unit and/or functional level, for example, for a shared services centre. Figure 1 is a visual presentation of the internal control components as per the updated COSO cube.
|
FIGURE 1: A visual representation of the Committee of Sponsoring Organizations Internal Control Integrated Framework. |
|
The first component, the control environment, is all about management’s beliefs, ethical values and commitment to leading and motivating. Kim, Kim and Kim (2017) studied corporate social responsibility (CSR) and internal control effectiveness. They mentioned that CSR’s main objective in their control environment is to ensure compliance, effectiveness, efficiency, accuracy and transparency in their financial information. Management must establish relevant oversight committees and structures to hold individuals accountable for their internal control responsibilities.
The second component is risk assessment, where managers must assess the risk and emerging risks. Management should develop a risk plan where risks are analysed to determine how they should be managed. Risk assessment should be conducted as and when the need arises, as it is critical to the effectiveness of internal controls. Management has the responsibility of managing an organisation’s risks throughout. Management must go above and beyond by furthering the discussion with the relevant stakeholders about using enterprise risk management to establish a competitive edge (COSO 2017).
The third component, control activities, consists of control systems in place regarding the segregation of duties. Control operations are carried out across all organisational levels and at different points in business processes. Policies and procedures must be developed to control activities and ensure effective performance. During this step, the primary goal is to ensure that established activities can address threats to the achievement of an organisation’s goals and objectives.
The fourth component, information and communication, stipulates using relevant, quality information to ensure the effective functioning of internal controls. The organisation needs information to execute its internal control standards and support fulfilling its goals. To support the operation of internal control, management gathers, creates and uses pertinent information from internal and external sources. Information needs to be provided, shared and acquired continuously through communication. Communication is how information is communicated from top to bottom and throughout the organisation on the importance of internal controls. This assists staff in acknowledging and understanding the importance that control functions must be taken seriously.
In the fifth component, monitoring activities, management must monitor control mechanisms and report should the controls not be adequate. By doing so, control deficiencies can be highlighted, and corrective action can be implemented early. Evaluation plays a very important role, as it establishes whether each of the five components of internal control is effective and functioning. Mwangi and Muturi (2018:285) assert that internal control mechanisms have a favourable correlation with financial performance. Internal and external audit teams are crucial in the process, as they will evaluate the effectiveness of systems and raise findings should they discover inadequacies and deficiencies. These must be reported to management as early as possible to ensure measures are implemented to prevent and detect possible inefficiencies.
Management is responsible for putting measures in place to ensure that they achieve the goals and objectives of the organisation. This, in simple terms, is part of governance by adhering to policies and procedures. According to Ncgobo and Malefane (2017:74), internal controls are crucial in instructing managers and staff on carrying out duties, following procedures and strategies, and upholding established regulatory requirements. It calls for capable leaders and managers with expertise in various management duties, including financial and performance management and efficient governance by the audit and risk committees.
Limitations of internal control
The COSO framework recognises that limitations in internal control do exist even if an organisation provides reasonable assurance of achieving its objectives (COSO 2013). Furthermore, internal control cannot prevent bad judgement or decisions and any unforeseen event that can cause the organisation to fail in achieving its operational objectives. For this reason, effective internal control can experience failure. Following is a list of possible limitations that exist:
- Suitability of objectives established as a precondition to internal control.
- Human judgement in decision-making can be faulty and subject to bias.
- Breakdowns can occur because of simple human errors.
- Ability of management to override internal control.
- Ability of management, other personnel and third parties to circumvent controls through collusion.
- Unforeseen external events beyond the organisation’s control (Adegbile, Sarpong & Kolade 2021; COSO 2013).
According to Babalola (2020:12), controls have unique characteristics. For instance, they can be automated, manual, reconciliations being conducted, separation of duties, review, approval authorisations, safeguarding and accountability of assets. These can protect an organisation, detect errors and fraud, and ensure accounting data reliability (Babalola 2020). Adegbile et al. (2021:291) believe that in the end, control activities can only reasonably ensure that an organisation’s objectives are being attained, regardless of how well they are conceived and performed. They added that financial mismanagement results from control system faults ingrained in the system.
Adegbile et al. (2021:291) further added that the limitations could include errors made during the execution of controls brought on by a misinterpretation of a directive. In addition, judgements during the period are based on the information available to conduct business under pressure, irresponsibility, distraction or exhaustion. For this reason, the support of high-ranking officials in an organisation is critical in ensuring effective performance and controls in their environment.
Research methods and design
This study used the qualitative research approach to examine the effectiveness of internal controls within the SCM function of the DSD. According to Silverman (2022), qualitative research is a study that learns about people’s experiences. It aids in comprehending what is essential to people. In this context, the qualitative research approach enabled respondents to share their experiences and thoughts.
The DSD was used as the case study organisation. According to Bryman (2012), a case study provides a detailed and intensive analysis of the case. Purposive sampling was used to select study participants. The study is based on a representative sample of 21 participants. In particular, the participants were selected because of their relevance and expertise in internal control systems of the SCM function.
Data were collected using semi-structured interviews. According to Bryman (2012), these are the most common type of interviews used in qualitative research. They allow the researcher to compare information obtained from different interviews.
In addition, secondary sources were used. Official documents such as policy frameworks, legislation relevant to internal control and SCM, policies, annual reports and audit reports were used.
Thematic analysis was used to analyse the data. Dawson (2002) defines thematic analyses as data analysed by theme. This starts with data collection and continues through transcribing, reading, rereading, analysing and interpreting the information (Evans & Lewis 2018). Thematic analyses were appropriate for the study, as the concern is with the assessment of the internal controls related to the SCM function that arises from the data that were collected from the semi-structured interviews.
Ethical considerations
Ethical approval to conduct the study was received from Faculty of Economic and Management Sciences Research Ethics Committee, University of Pretoria on 30/11/2022, with ethical clearance number EMS230/22.
Results
This study aimed to examine the factors influencing internal controls within the SCM function in the DSD. The DSD strives to achieve and attain the values of equity, integrity, economy and efficiency in its SCM function by adhering to policies and procedures regulating this area. The SCM environment in any government institution is the most regulated unit, and therefore, the importance of internal controls within this environment. The SCM Directorate exists within the Financial Management Services Branch.
The Directorate reports to the Chief Director of Financial Management and Administration under the office of the Chief Financial Officer. The Financial Management Services Branch is responsible for planning and monitoring national and provincial budgets and expenditures and managing the department’s accounting and procurement system (DSD 2023). Within the DSD, the SCM Directorate is responsible for demand and acquisition, logistics and asset management. These include ensuring that the needs identified are delivered at the right time, right place, and are correct quantity and right quality. Procurement of goods and services of reputable quality and service levels at a reasonable cost (DSD 2020).
The DSD has an SCM policy approved in 2020, which sets out the procurement process to clarify the governing principles with respect to procurement practices within the department. It enables the department to manage the supply of goods and services fairly, transparently and equitably. It considers the Broad-Based Economic Empowerment Act 53 of 2003 and the Preferential Procurement Regulations 2022 gazetted under the Preferential Procurement Policy Framework 2000 (PPPFA). It also specifies the primary objective of the SCM unit, which is to procure goods and services from capable suppliers of reputable quality and service levels at a reasonable cost.
Factors influencing internal controls within the supply chain management function in the Department of Social Development
Outdated supply chain management policies
When asked about the factors affecting the internal controls in the SCM, the majority of respondents (12 out of 21) indicated that the policies in the DSD’s SCM environment are outdated and not updated according to the latest NT instruction notes and legislative changes. For example, from 01 July 2021, the NT amended the procurement thresholds. However, the DSD neglected to update the SCM policy to consider the new thresholds and procedures, which state that quotations must be obtained for purchases above R200 100 and up to R1 000 000, and that purchases exceeding R1 000 000 must go through a competitive bidding process (National Treasury 2022). Some of the respondents alluding to the above finding revealed that:
‘[I]nternal controls are not satisfactory to the books; the current internal controls are very weak, specifically in the SCM environment. There is an intention that internal controls exist, but they are not satisfactory.’ (Respondent 18, Male, Deputy Director-General)
‘There are many changes, but we are still referring to the old policy. So, there are many changes. Or you see many changes from the PPPFA that changes. However, we are still stuck with the old policy that does not align with those changes.’ (Respondent 12, Female, Assistant Director)
Lack of training on policies and procedures
The study revealed a significant gap in staff training on policies and procedures. Upon inquiry, the majority of respondents (16 out of 21) indicated a clear need for additional training in this area. This finding suggests that current training efforts are insufficient to ensure that staff are adequately informed and equipped to implement internal control policies effectively. This shortfall was illustrated by stating, for example:
‘The control environment does not encompass all the supply chain processes, and they are not well understood. While we are providing training on one side, continuous workshops for the individuals responsible in the various branches are crucial for me. Regular engagement is very important.’ (Respondent 4, Female, Director)
Similarly, one respondent highlighted the lack of training as a key challenge:
‘Communication and training for departmental officials at a macro level are paramount for me. I strongly believe that procurement is not solely a supply chain issue; it’s a challenge that requires everyone’s involvement. This is crucial because people need to comprehend the significance of planning their procurements on time and submitting their requests promptly for supply chain management to process them efficiently. Thus, training is fundamental at a macro level.’ (Respondent 5, Male, Deputy Director)
Further reinforcing this point, another respondent stated:
‘The challenge to internal controls in the supply chain is the lack of training on policies and procedures, such as your procedure manual of standard operating procedures.’ (Respondent 8, Male, Director)
Inadequate monitoring of internal controls
The study revealed a lack of monitoring and evaluation of the internal controls in the DSD SCM. Among the 21 respondents, 11 revealed that although monitoring of internal controls is critical in the SCM environment, it is currently inadequate. In support of the above finding, the respondents mentioned:
‘The internal controls for improving compliance are in place, but the issue lies in the lack of monitoring. While we have policies, the challenge lies in implementing and monitoring those policies effectively.’ (Respondent 3, Female, Deputy Director)
‘I may not say that with confidence, but I can say that controls are there. What is lacking is proper monitoring to ensure that they are implemented correctly. For example, when you request procurement, you must prove that you have funds available. However, some are getting issued orders without ensuring they have the funds, which has resulted in overspending.’ (Respondent 19, Male, Director)
Non-compliance with the internal control rules and regulations
The study identified a significant gap in the monitoring and evaluation of internal controls within the DSD’s SCM. Out of the 21 respondents, 11 emphasised that while monitoring is essential to ensuring effective internal controls in the SCM environment, current practices are inadequate. This lack of sufficient oversight has contributed to the erosion of internal control mechanisms. Underscoring the extent of the problem, the respondents stated:
‘[A] control can be adequate, but the problem is that if people intentionally want to contravene certain controls, you will find that it comes from the intention and the willingness, before anything else, of the people implementing those controls.’ (Respondent 14, Female, Deputy Director)
‘I would say that there are current internal controls in place; however, whether those controls are properly executed is sometimes challenging for me.’ (Respondent 19, Male, Director)
‘So, for me, overall, I think this is an issue of the culture of noncompliance among the employees. Many are unwilling to comply but rather stick to old ways of doing things.’ (Respondent 20, Male, Director)
Lack of consequence management
The study revealed that not much is done in the DSD regarding consequence management. This is one of the biggest contributors to repeated non-compliance of policies and procedures, as officials are not brought to book. The majority of respondents (15 out of 21), acknowledged that consequence management is not being implemented in the DSD. Respondents 3 and 4 confirmed this statement. This was affirmed by echoing the following sentiment:
‘For example, while some controls, such as the requirement for three quotations in the supply chain, are well-defined, there are significant gaps in their implementation. Individuals are often able to bypass these controls without facing any consequences.’ (Respondent 3, Female, Deputy Director)
‘Consequence management is one area that is almost non-existent, especially in the environment where we find ourselves at present. It almost seems people have accepted how things are done, and even if one contravenes the legislation, nothing happens. People often tend to cut corners to ensure things get done on time. And in certain instances, there are issues with delayed requests, so to speak, people request things late and certain corners that need to be cut. I would say we need to go back to the basics, where we need to implement more controls in order to ensure that the control is implemented effectively, we need to do that.’ (Respondent 4, Female, Director)
This is also confirmed by AGSA reports that refer to a lack of accountability as seen from people’s few or non-existent steps to handle consequences for their underperformance despite support and guidance (National Treasury 2015). As the AGSA’s 2021/2022 Consolidated General Report on National and Provincial Audit Outcomes indicates, those who take actions or make decisions must be accountable, and those who transgress and perform poorly should face the consequences (AGSA 2022). The AGSA reported that the assurance provided by senior management in DSD must be improved to ensure that all officials implement the approved internal controls and that appropriate actions and consequences are swiftly taken for transgressions (DSD 2022).
Discussion
This study investigated the factors influencing internal controls within the SCM function in the DSD. The findings identified six major factors that hamper the effectiveness of internal control in the SCM function of the department. These factors are outdated SCM policies, a lack of training on policies and procedures, inadequate monitoring of internal controls, a culture of non-compliance with internal control rules and regulations, and a lack of consequence management.
With regards to the outdated SCM policies, the findings indicated that the policies in the DSD’s SCM environment are outdated and not updated according to the latest NT instruction notes and legislative changes (EAPA-SA 2022). A finding confirmed by the Auditor General report of 2022, which indicated that the department did not have a system to regularly review policies to ensure that they are updated with changes in legislation and other best practices performed in the department (DSD 2022). The EAPA-SA (2022) contends that outdated policies may fail to comply with new laws and regulations or they may not address new systems or technology; hence, it is important to establish a policy and procedure management plan that ensures regular policy reviews and modifications. This finding also points to the failure in risk assessment, which is a crucial part of the COSO framework. In this case, reliance on outdated policies reflects an inadequate assessment of risks, as evolving operational and regulatory requirements are not being accounted for, leaving the department vulnerable to inefficiencies and compliance issues.
The study further revealed a lack of monitoring and evaluation of the internal controls in the DSD SCM, a direct violation of COSO’s monitoring activities component. Without regular monitoring, the department cannot effectively identify and address weaknesses in its internal controls, allowing inefficiencies and non-compliance to persist. This is also affirmed by Sibanda et al. (2020), whose research revealed that monitoring and evaluation strengthens internal controls. The authors further affirm that effective SCM and accountability rely on sound control systems.
In addition, the study established that there is a lack of training on policies and procedures in the DSD. This observation points to a critical gap in both understanding and application of organisational policies. The lack of training on policies and procedures directly affects control activities. Without sufficient training, employees are unable to effectively execute or adhere to control activities, which compromises the integrity of the SCM function. This finding aligns with research conducted by Sibanda (2017) who reiterated that the lack of requisite skills and competencies, and the absence of a stricter governing culture contribute to non-compliance with SCM policies and regulations. Zindi and Sibanda (2022) also argue that a lack of experienced and well-skilled staff has a negative effect on the operations of the organisation.
Furthermore, the study revealed that there is a culture of non-compliance with internal control rules and regulations, which affects the effective implementation of internal controls in SCM. A culture of non-compliance with internal control rules and regulations can affect organisational operations. Non-compliance may also result in the organisation failing to prevent fraud from occurring as the internal control structure is weakened by failure to consistently, correctly and uniformly apply practices, controls, guidelines and processes throughout the agency (Office of Management and Budgeting 2017).
Lastly, the study also found that there was a lack of consequence management in SCM of the DSD, revealing a critical weakness in the enforcement of accountability. This absence of effective consequence management suggests that non-compliance with internal controls and procedures is not adequately addressed, allowing for a cycle of repeated violations without corrective actions. The COSO emphasises the importance of a strong control environment (Kim et al. 2017). The lack of consequence management for breaches in SCM rules undermines the control environment, leading to an organisational culture where non-compliance is tolerated. Additionally, Graham (2019) alerts us to the effect that consequence management policies are vital components of organisational cultures as they entrench accountability and advance explicit statements of people’s responsibilities.
Conclusion
The study examined factors influencing the effectiveness of internal controls within the SCM function in the DSD. The findings revealed a number of challenges that affect the effective implementation of internal controls. These challenges include outdated SCM policies, insufficient staff training on policies and procedures, inadequate monitoring and evaluation of internal controls, a prevailing culture of non-compliance with internal control regulations and a lack of consequence management for breaches of SCM policies and regulations. In summary, these challenges weaken the department’s ability to uphold the integrity of its SCM processes and fully implement and sustain an effective internal system as per the COSO framework. Thus, addressing these factors is essential for strengthening internal controls.
The study recommends that the DSD strengthens internal controls as espoused in the COSO framework, namely the control environment, risk assessment, control activities, information and communication, and monitoring activities. These can be improved through continuous training and communication, timeous updating of SCM policies and procedures, strengthening the monitoring and evaluation of internal controls as well as entrenching consequence management.
Acknowledgements
Competing interests
The authors declare that they have no financial or personal relationships that may have inappropriately influenced them in writing this article.
Authors’ contributions
Y.K. conceptualised the study, analysed the data and wrote the original draft. T.M. supervised Y.K. as a student and provided guidance through the original draft. S.L. strengthened the article, reviewed and edited the article.
Funding information
This research received no specific grant from any funding agency in the public, commercial or not-for-profit sectors.
Data availability
Data sharing is not applicable to this article as no new data were created or analysed during this study.
Disclaimer
The views and opinions expressed in this article are those of the authors and are the product of professional research. The article does not necessarily reflect the official policy or position of any affiliated institution, funder, agency or that of the publisher. The authors are responsible for this article’s results, findings and content.
References
Abiodun, E.A., 2020, ‘Internal control procedures and firm’s performance’, International Journal of Scientific and Technology Research 9(2), 6407–6415.
Adegbile, A.S., Sarpong, D. & Kolade, O., 2021, ‘Environments for Joint University-Industry Laboratories (JUIL): Micro-level dimensions and research implications’, Technological Forecasting and Social Change 170, 120888. https://doi.org/10.1016/j.techfore.2021.120888
AGSA, 2020, Integrated Annual Report – 2019/2021, AGSA, Pretoria.
AGSA, 2022, Integrated Annual Report – 2019/2021, AGSA, Pretoria.
Babalola, J.B., 2020, ‘Governance and internal control in public institutions’, A lecture delivered at a two-day national workshop on anti-corruption organised by American Anti-Corruption Institute (AACI) and Department of Adult Education, University of Ibadan, Nigeria on Thursday, 27th February.
Bryman, A., 2012, Social research methods, 4th edn., Oxford University Press, London.
Cheng, Q., Goh, B.W. & Kim, J.B., 2015, Internal control and operational efficiency, European Accounting Association Annual Congress, viewed 20 September 2023, from https://ink.library.smu.edu.sg/soa_research/1392.
Child, K., 2023, ‘NSFAS paid R5bn to 40,000 ineligible students, MPs told’, BusinessDay, 18 April, viewed 20 September 2023, from https://www.businesslive.co.za/bd/national/2023-04-18-nsfas-paid-r5bn-to-40000-ineligible-students-mps-told/#:~:text=The%20National%20Student%20Financial%20Aid,limit%20of%20R350%2C000%20annually.
Christl, M., Köppl-Turyna, M., Lorenz, H. & Kucsera, D., 2020, Redistribution within the tax-benefit system in Austria, JRC Working Papers on Taxation and Structural Reforms No 02/2020, European Commission, Joint Research Centre, Seville, viewed 01 March 2024, from https://joint-research-centre.ec.europa.eu/system/files/2020-04/jrc120616.pdf.
Committee of Sponsoring Organizations of the Treadway Commission, 2008, Internal control-integrated framework, viewed 20 September 2023, from https://www.sciencedirect.com/topics/computer-science/internal-control-integrated-framework.
COSO, 2008, Guidance on monitoring internal control systems, The Committee of Sponsoring Organizations of the Treadway Commission, Durham.
COSO, 2013, Guidance on monitoring internal control systems, The Committee of Sponsoring Organizations of the Treadway Commission, Durham.
COSO, 2017, Guidance on monitoring internal control systems, The Committee of Sponsoring Organizations of the Treadway Commission, Durham.
COSO, 2022, Guidance on monitoring internal control systems, The Committee of Sponsoring Organizations of the Treadway Commission, Durham.
Dawson, C., 2002, Practical research methods, 1st edn., How To Books Ltd, London.
DSD, 2020, Department of social development final management report for the year ended in 2020, Department of Social Development, Pretoria.
DSD, 2022, The department of social development final management report for the year ended 2022, Department of Social Development, Pretoria.
DSD, 2023, Department of social development annual performance plan 2023–2024, Department of Social Development, Pretoria.
EAPA-SA, 2022, The downside of implementing outdated and improper company policies, viewed 01 March 2024, from https://www.eapasa.co.za/the-downside-of-implementing-outdated-and-improper-company-policies/.
Evans, C., & Lewis, J., 2018,. ‘Analysing semi-structured interviews using thematic analysis: exploring voluntary civic participation among adults’, viewed 20 September 2023, from https://methods.sagepub.com/dataset/interviews-thematic-civic-participation.
Fourie, D., 2007, ‘Financial control measures enhancing good governance’, Journal of Public Administration 42(7), 733–742.
Graham, S., 2019, Management and consequence management, viewed 10 June 2024, from http://www.assuredsupport.com.au.
Hoai, T.T., Hung, B.Q. & Nguyen, N.P., 2022, ‘The impact of internal control systems on the intensity of innovation and organizational performance of public sector organizations in Vietnam: The moderating role of transformational leadership’, Heliyon 8(2), e08954. https://doi.org/10.1016/j.heliyon.2022.e08954
Independent Regulatory Board for Auditors, 2019, Auditing in the public sector, viewed 08 May 2024, from https://www.irba.co.za/upload/Guide%20for%20RA%20-%20Auditing%20in%20the%20Public%20Sector%20(Revised%20August%202019).pdf.
INTOSAI, 2019, Guidelines for internal control standards for the public sector, viewed 12 March 2024, from https://www.issai.org/wp-content/uploads/2019/08/intosai_gov_9100_e.pdf.
Kim, Y.S., Kim, Y. & Kim, H.D., 2017, ‘Corporate social responsibility and internal control effectiveness’, Asia-Pacific Journal of Financial Studies 46(2), 341–372. https://doi.org/10.1111/ajfs.12172
Länsiluoto, A., Jokipii, A. & Eklund, T., 2016, ‘Internal control effectiveness – A clustering approach’, Managerial Auditing Journal 31(1), 5–34. https://doi.org/10.1108/MAJ-08-2013-0910
Lartey, P.Y., Jaladi, S.P., Afriyie, O. & Akolgo, I.G., 2022, ‘Principles of public internal controls: A mediation role of information and communication’, Fron tiers in Management and Business 3(1), 149–166. https://doi.org/10.25082/FMB.2022.01.002
Liu, N., 2018, ‘Research on financial internal control of supply chain financial service’, in Proceedings of the 2017 5th international education, economics, social science, arts, sports and management engineering conference, Atlantis Press, Qingdao, December 28–29, 2017.
McNally, J.S., 2013, The 2013 COSO framework and SOX compliance: One approach to an effective transition, Strategic Finance, pp. 1–8, viewed 13 March 20204, from https://www.coso.org/documents/COSO%20McNallyTransition%20Article-Final%20COSO%20Version%20Proof_5-31-13.pdf.
Mnguni, S. & Subban, M., 2022, ‘Critical considerations to achieve and maintain clean audit outcomes in South African Metropolitan Municipalities’, Administratio Publica 30(3), 148–170.
Mwangi, J.K. & Muturi, W., 2018, ‘Influence of internal control mechanism on financial performance of supermarkets in Kenya’, International Journal of Social Sciences and Information Technology 4(5), 272–288.
National Treasury, 2004, National treasury strategic plan, Government Printers, Pretoria.
National Treasury, 2005, Treasury Regulations for departments, trading entities, constitutional institutions and public entities, Government Printers, Pretoria.
National Treasury, 2014, Budget review, Government Printer, Pretoria.
National Treasury, 2022, Preferential procurement policy framework act No. 5 of 2000, Preferential Procurement regulations, 2022, Government Printer, Pretoria.
Ngcobo, P. & Malefane, S.R., 2017, ‘Internal controls, governance and audit outcomes: Case study of a South African municipality’, African Journal of Public Affairs 9(5), 74–89.
Ntibane, B.J., 2018, ‘Supply chain management in the Department of Public Works-Pietermaritzburg: Challenges and prospects’, Master in Public Administration Dissertation, University of KwaZulu-Natal.
Office of Management and Budgeting, 2017, Internal controls, viewed 20 September 2023, from https://ofm.wa.gov/sites/default/files/public/legacy/policy/ch20.pdf.
Owusu-Ansah, E., 2019, ‘Study on the effectiveness of internal control systems in Ghana public sector: A look into the district assemblies’, RUDN Journal of Public Administration 6, 312–331. https://doi.org/10.22363/2312-8313-2019-6-4-312-331
Public Sector Audit Forum, 2019, The relationship between audit committees and governing bodies, PSACF Secretariat, Johannesburg.
Salcedo, C., Ibeas, A., Vilanova, R. & Herrera, C.J., 2013, ‘Inventory control of supply chains: Mitigating the bullwhip effect by centralized and decentralized Internal Model Control approaches’, European Journal of Operational Research 224, 261–272. https://doi.org/10.1016/j.ejor.2012.07.029
Saro, B., Keitany, P. & Rop, W., 2021, Inventory audit and supply management: An evidence of inventory control practices’, East African Journal of Business and Economics 4(1), 85–92. https://doi.org/10.37284/eajbe.4.1.503
Sibanda, M.M., 2017, ‘Control, ethics, and accountability in the financial management performance of Eastern Cape municipalities’, Journal of Public Administration 52(2), 313–339.
Sibanda, M.M., Zindi, B. & Maramura, T.C., 2020, ‘Control and accountability in supply chain management: Evidence from a South African metropolitan municipality’, Cogent Business & Management 7(1), 1–14. https://doi.org/10.1080/23311975.2020.1785105
Silverman, D., 2022, Qualivative research, 5th edn., Sage, New York, NY.
Soopal, N., 2023, Focus: The lack of internal controls negatively impacts service, viewed 21 May 2024, from https://www.accountancysa.org.za/focus-the-lack-of-internal-controls-negatively-impacts-service/.
South Africa, 1999, Public Finance Management Act, 1999 (Act 1 of 1999 as amended by Act 29 of 1999), Government Printers, Pretoria.
South Africa. National Treasury, 2015, SCM review, Government Printers, Pretoria.
The Institute of Internal Auditors, 2006, The role of auditing in public sector governance, viewed 13 May 2024, from https://www.ca-ilg.org/sites/main/files/file-attachments/auditing_in_public_sector.pdf?1441835528.
Turedi, H. & Celayir, D., 2018, ‘Role of effective internal control structure in achievement of targeted success in businesses’, European Scientific Journal 14(1), 1–18. https://doi.org/10.19044/esj.2018.v14n1p1
Ujkani, S. & Vokshi, N.B., 2019, ‘An overview on the development of internal control in public sector entities: Evidence from Kosovo’, International Journal of Economics and Business Administration VII(4), 320–335. https://doi.org/10.35808/ijeba/346
Whittle, C. & Nel-Sanders, D., 2022, ‘The regulatory framework for enterprise risk management in South African local government’, Africa’s Public Service Delivery & Performance Review 10(1), 8 pages. https://doi.org/10.4102/apsdpr.v10i1.610
Wu, Y., 2017, ‘The design and implementation of regional economic application system based on supply chain management model’, in The 1st EAI international conference on multimedia technology and enhanced learning, Inner Mongolia, August 13–15, 2016.
Zindi, B. & Sibanda, M.M., 2022, ‘Barriers to effective supply chain management: The case of a metropolitan municipality in the Eastern Cape’, Journal of Local Government Research and Innovation 3(a54), 1–11. https://doi.org/10.4102/jolgri.v3i0.54
|