The internal audit functions were not directed by an approved risk strategy, thus the accounting officer did not ensure that a risk assessment was performed. The governance structure was not sufficient to address repeated findings relating to pre-determined objective and compliance with laws and regulations. The Municipal Public Accounts Committee (MPAC) was appointed and dealt with the annual report for 2011.