30-Point Internal Audit Checklist

Letterhead

{{company_name}}

{{company_address}}

Phone: {{phone}}

Email: {{email}}

Introduction

This 30-Point Internal Audit Checklist is designed to assist {{company_name}} in conducting regular internal audits to identify potential risks, ensure compliance with relevant regulations, and improve operational efficiency. This checklist is aligned with best practices for Small and Medium Enterprises (SMEs) within the Southern African Development Community (SADC), with specific consideration for South African regulatory frameworks such as SARS, CIPC, POPIA, BCEA, OHSA, and RHA.

Section 1: Financial Management & Compliance (SARS, CIPC)

1. Are all financial records accurately maintained and up-to-date? (SARS compliance)

2. Are all tax submissions (VAT, PAYE, Income Tax) made on time and accurately? (SARS compliance)

3. Is there a clear segregation of duties within the financial department to prevent fraud?

4. Are bank reconciliations performed regularly and reviewed independently?

5. Are all company registrations and annual returns with CIPC up-to-date? (CIPC compliance)

6. Is there a robust system for invoicing, receipts, and payments?

Section 2: Human Resources & Labour Compliance (BCEA, OHSA, RHA)

7. Are all employment contracts compliant with the Basic Conditions of Employment Act (BCEA)?

8. Are employee records (attendance, leave, remuneration) accurately maintained and protected? (POPIA consideration)

9. Is there a clear disciplinary and grievance procedure in place, and is it followed consistently?

10. Are all health and safety regulations, as per the Occupational Health and Safety Act (OHSA), adhered to?

11. Is there a system for reporting and investigating workplace accidents?

12. For companies in the road transport sector, are all regulations under the Road Traffic Act (RHA) adhered to regarding driver hours, vehicle maintenance, and licensing?

Section 3: Data Protection & Privacy (POPIA)

13. Is there a designated Information Officer as per POPIA requirements?

14. Are measures in place to protect personal information collected, processed, and stored by the company? (POPIA compliance)

15. Is there a clear policy for data breaches and incident response? (POPIA compliance)

16. Are employees trained on data protection and privacy best practices?

Section 4: Operational Efficiency & Risk Management

17. Are operational procedures documented and regularly reviewed?

18. Is there an inventory management system in place, and are stock counts performed regularly?

19. Are key performance indicators (KPIs) tracked, and are corrective actions taken when necessary?

20. Is there a business continuity plan in place to address potential disruptions?

21. Are IT systems and data backed up regularly, and are recovery procedures tested?

Section 5: Asset Management & Security

22. Is there an up-to-date asset register for all company assets?

23. Are physical assets regularly inspected and maintained?

24. Are security measures (e.g., access control, CCTV) in place to protect company assets?

25. Is there appropriate insurance coverage for all significant assets?

Section 6: Ethics & Governance

26. Is there a code of conduct in place, and are employees aware of it?

27. Is there a mechanism for reporting ethical concerns or fraud?

28. Are conflicts of interest properly managed and disclosed?

29. Are board meetings (if applicable) regularly held, and are minutes recorded?

Signatures

Audit Performed By: _________________________ Date: _______________

Auditor Name: {{auditor_name}}

Auditor Signature: _________________________

Reviewed By (Management): ___________________ Date: _______________

Reviewer Name: {{reviewer_name}}

Reviewer Signature: _________________________

Next Audit Date: {{next_audit_date}}