Simplified audit process brings new challenges to risk management

Do people know who looks after their retirement fund? The question arises, in part, from the changes in the requirements of the Pension Funds Act coupled with the perceived poor level of financial literacy among some members of the boards of trustees looking after the country’s 13 600-plus retirement funds registered with the Financial Services Board (FSB), according to an article supplied by the South African Institute of Chartered Accountants.

Trustees are tasked with looking after members’ contributions invested in South Africa’s numerous retirement funds. Such pension and provident funds come in different sizes, ranging from those with an asset base of less than R6 million – which are categorised by the FSB as small funds – to funds with assets in the billions of rands.

It is in the “small funds” category where the level of financial literacy is concerning.

The requirements have changed, in that the smaller and mid-sized funds are exempt from the annual audit in order to ease the backlog of submissions of annual financial statements.

Funds with less than R6m in assets are exempt from any external review, while those with R6m to R50m under management are subject to an agreed-upon procedures report being issued by an external auditor.

In isolation, there is nothing wrong with this categorisation. The concern, however, is that trustees’ exposure increases as they no longer have external assurance to rely on, says the South African Institute of Chartered Accountants (SAICA).

Lax administration

Consolidated | Employee Benefits managing director Mike Hogan cites the generally low level of service delivery and the lax administration of some retirement funds as an unintended contributor to the negative impact on efficiency requirements. The lax administration is “unfortunately accepted as the norm in South Africa,” he observes.

“The irony of such late submissions is the application of penalties levied against the funds by the FSB, which serves only to increase costs to the prejudice of fund members.” This leaves the members bearing the brunt of the administrators’ incompetence in some instances.

In a bid to turn the tide against the backlog, while limiting the cost of auditing for small funds, the FSB temporarily relaxed the requirements in 2009, explains Yusuf Dukander, SAICA’s project director for financial services.

This was an interim measure until such time when all funds will be revisited by the FSB, which wants all funds to be audited in the long run.

The poor compliance problem, explains Hogan, dates back to the days when the administration of retirement funds was generally relaxed. It was not unusual for funds to sit with unaudited financial statements for years.

The mere fact that this happened in the first place suggests that fund trustees have not always applied best practice, he says.

Concern with audit exemptions

SAICA’s concern with audit exemptions and the agreed-upon procedures requirement is that not all trustees – the people charged with looking after members’ savings – have the required business acumen to be able to make the right decisions.

That said, Hogan and Dukander explain, it is quite possible for trustees to make wrong business decisions.

“The results could be dire because this involves members’ contributions, their savings,” Dukander warns.

“Of course, according to the rules, trustees aren’t compelled to opt for audits – depending on the size of the fund. However, it’s worth asking whether they have a sufficient understanding of what the rules might give rise to.”

Hogan says the question arises as to whether the abridged process – which at face value is probably a cost saving – has had the unintended consequence of increasing the risk management burden of trustees.

Dukander warns that trustees of mid-sized funds, for instance, may engage in an agreed-upon procedures requirement without really appreciating the difference between this exercise and a full scope audit.

An agreed-upon procedure results in a factual findings report and is best described as a tool designed for the purpose of assisting the Registrar of Pension Funds and the board of trustees to determine whether any instances of non-compliance with the Pension Funds Act have been identified by the auditor.

Increased risk

The downside, Dukander says, is that agreed-upon procedures, which seem less expensive on the surface, pose a risk to fund members’ investments simply because they only address one aspect of the risks surrounding a retirement fund.

“The lack of a professional audit opinion causes consternation, followed by the realisation that in having to formulate their own opinion, from an interpretation of the factual findings report, brings with it a potential increase in risk and exposure to the fund and for the trustees, which in turn hinders decision-making,” asserts Hogan.

Says Dukander: “There’s no level of comfort in agreed-upon procedures. This is an agreement that trustees enter into with their auditors, and the exercise produces a factual findings report.

“But, significantly, there’s no professional opinion expressed in this instance; there’s no materiality and no level of assurance or comfort for members.”

Hogan observes that smaller funds’ trustees often do not appreciate the full extent of the responsibilities linked to fiduciary trust and that they are accountable for ensuring proper internal controls and administration processes. “In short, they often have little idea of the practical application of these checks and balances. They tend to rely on the auditor and the administrator to pick up anything untoward in the process,” he says.

Even with the temporary measure in place, however, trustees should be able to assess what the impact will be with no audit, Dukander points out.

To safeguard members’ interests, all funds should always have a risk management policy, he adds. Such policy should cover annual reviews, assessment of the impact of each risk to the fund as well as member communication.

The risk management policy should further address risk identification and its impact on the fund as well as processes and controls to address these risks and the monitoring thereof.