The South African education sector is known for its unequal distribution of academic resources, decaying infrastructure, overcrowded classrooms, poor educational outcomes and perpetuating inequality which is failing many of its children, despite the industry receiving about 20 per cent of the national budget.

Due to the challenges in basic education, many South African children at primary and secondary levels fail to reach the Higher Education level. As a result of these challenges, access to universities and TVET colleges has increased significantly during the past decade.

Based on United Nations Educational, Scientific and Cultural Organization (UNESCO) standards, South Africa continues to dedicate a significant amount of its budget and wealth towards education (both formal and non-formal).

Our Service offerings

How can we help you?

We know that every organisation is different. We offer your organisation advice and tailored solutions to meet its goals based on our sector expertise in the Education Industry:

Cyber Security Services

In recent years there has been news of ransom attacks causing financial damage where an institution allegedly handed over $20 000 to cybercriminals, and malware attacks caused a shut down for a day while IT professionals rebuilt the system.


Even more significant than financial losses, cyberattacks pose a threat to a university's reputation and the safety of its students. Understanding widespread vulnerabilities, common types of cyberattacks, and preventing breaches can help university leaders prioritise the security strategies to safeguard student and institutional data and resources.


There is no one-size-fits-all security solution to preventing all attacks, but university management can minimise these by prioritising the following cybersecurity strategies:

Information Security Policies and Security Standards

Cyber Security framework and strategy that provides a framework for an assured cyber security environment, utilising a risk-based approach should be formally developed. Furthermore, security standards should be documented specifying expected security configurations and parameters in systems. These serve as security templates and ensure secure, consistent and standardised configurations across systems.

IT Capacity management and planning

This will assist the university management in establishing current, and future processing needs to optimise the IT infrastructure that makes up the framework of the business.

Software Upgrades

There should be an exercise to evaluate all unsupported software (i.e. Windows operating systems, end-user applications, databases, etc.) within the IT environment. The outcome of this exercise should be a software upgrade roadmap that will assist the university IT management with rolling out the necessary upgrades.

Periodic monitoring of patch Management

Several external and internal network hosts suffer from patch management issues, where Microsoft and non-Microsoft patches had not been timeously applied. There should be a process of ensuring that required vendor patches are installed when necessary.

Monitoring and early detection

Implementation of a Security Incident and Event Management ("SIEM") solution which includes activity monitoring to facilitate the detection of patterns that may indicate successful compromise or misuse. This should be configured to perform log aggregation, correlation, alerting, dashboard and reporting for all IT assets, including servers, databases, applications, firewalls, routers, switches etc.


Training and Awareness Campaigns

Universities should require end users to go through training that covers phishing and how to recognise it. We provide this service, and institutions of higher learning must be willing to invest the time and necessary resources to educate their faculties and staff appropriately.

Compliance with Data Privacy laws

Data Privacy laws and regulations exist to ensure the protection of personal information. Universities process much personal information for students and employees and must comply with such laws (e.g. POPIA, GDPR). Universities appoint an Information Officer, perform privacy impact assessments and implement a privacy compliance framework.

Virtual CISO

The justification of a full-time CISO for many businesses can be a costly decision, and the need will be dependent on the size and level of infrastructure. However, a Virtual CISO allows an organisation to leverage the experience and expertise when needed.

Our virtual CISO can be assigned to provide advice to support the tactical and strategic direction of the Institution's information security posture, keeping with your Institution's culture and context. Our Virtual CISO will reduce the practical long term cost and provide consistent security oversight of a security programme or management communication.

Digital and Analytics

The digitalisation of processes within the higher education sector leads to increased data generation. This data can be an essential asset when leveraged correctly.

Internal Audit also has a role to play in extracting value in these data assets by implementing audit processes underpinned by data analysis and the generation of actionable insights. Several areas within the higher education sector provide opportunities for Internal Audit departments to generate and leverage these insights in addressing risks


A key process within institutions of higher learning is the revenue process. Several risks are related to this process, which includes:


  • Incorrect billing of students for subjects taken.
  • Incorrect application of fee structures for subjects. 
  • Incorrect billing for accommodation used.
  • Incorrect accounting and allocation of student revenue.
  • Credit losses due to poor monitoring of student debt.

Continuous auditing provides a practical approach to identifying, quantifying, and managing these risks. Using automated data analytics, Internal Audit departments can get early warnings, enabling them to play an advisory role in the line function. Some examples of these analytics include:

  • Exception reports - Performing periodic comparisons of fees charged against subjects taken and accommodation used and producing exception reports for revenue leakage. Furthermore, automated reconciliations can be performed between student billing systems and the accounting system to determine discrepancies.
  • Data visualisation – Using data visualisations to unearth discrepancies in the application of fee structures. 
  • Predictive modelling – Using artificial intelligence techniques to predict debtor accounts that may go bad, enabling the Institution to take timeous corrective measures


Grant Fund

In addition to revenue collected from students, grant funding makes up a significant portion of institutions' income. A few risks are related to this, including:


  • The use of earmarked funds on projects that the funds were not intended for.
  • Potential embezzlement of the funds.

In response, Internal Audit departments can leverage data analytics to perform continuous matching of uses and sources of funds to determine if funds are used in an intended manner. In addition, data analytics can be used to constantly monitor who the recipients of the funds are and highlight any suspicious transactions for further analysis.

Supply Chain management

The supply chain management process plays a critical role in ensuring that an organisation derives value in the goods and services it purchases. However, far too often, the deficiency in this process not only leads to loss of value but can also be exploited for fraudulent purposes. Automated and continuous data analytics can be used in this process, including:


  • Automated process analytics – These analytics can be performed on supply chain data that include requisitions, purchase orders, goods receipts, invoices, and payments. Exceptions can be produced to show where the process is not working as intended or is being circumvented. On top of the analytics, data visualisations and statistical analyses can discover patterns that help unpack the root causes of the process deficiencies.
  • Expenditure analytics – Data analytics can be continuously performed on contract and payment data, highlighting instances where spending is starting to exceed contract limits, and empowering line functions to avoid excessive spending above what is permitted.
Human Resources and Payroll

One of the areas that can easily benefit from Internal Audit performing continuous monitoring is human resources and payroll.


Given the nature of the employee base at most institutions of higher learning, where there is a large component of contracted or non-fulltime employees, there are additional people-related risks that should be monitored. Automated data analytics can be used to:


  • Assess the completeness and validity of employee information.
  • Identify potential ghost employees.
  • Identify potential conflicts of interest between employees and vendors.
  • Identify excessive changes in pay that warrant further scrutiny.
Student examinations

With the advent of learning from home, education has leapt into the world of technology. Hand in hand with this comes the digital administration, curation, marking and moderation of examinations, and collation of student marks.


These bring along new risks that did not exist in a world of paper-based examinations. In this respect, data analytics can be used to identify anomalies in the examination process that can include:


  • Accuracy in marking (for certain types of examinations).
  • The consistency in marked results and moderated results.
  • The recording of results.
  • The use of artificial intelligence models to detect anomalies in examinations results that are difficult to identify using traditional analytics methods.
SRC elections

Student Representative Council ("SRC") elections can be a major operation for an institution of higher learning. These elections can also be highly contested, requiring the process to be robust and not open to manipulation.


Internal Audit can play an important oversight role in these elections. Data analytics can also be used to give Internal Audit comfort on the validity of the process and the results. Some of the data analytics that can be performed in this respect include:


  • The verification of student registrations against the voters' roll to ensure all and only registered students can vote.
  • Comparison of votes submitted and votes received to identify any discrepancies.
  • Comparison of votes received against the voters' roll to determine any discrepancies in the voting process.
Forensic Services

Fraud detection review and forensic investigation for higher education institutes:


Phase 1: Fraud Detection Review


    • Subsidy grants,
    • School fees,
    • Lease rentals;
    • Donations,
    • Fundraising, and
    • Any other income.



    • Services;
    • Maintenance;
    • Leases;
    • Salaries (for both Department and SGB employees); and
    • Any other expense.


Other matters

    • Review of all contracts/service level agreements;
    • Review of all projects;
    • Review of school assets; and
    • Review of appointments of educators. 
Phase 2: Detailed Investigation

We then conduct a detailed investigation depending on the irregularities identified from the fraud detection review. Our approach will follow the step-by-step approach, which includes the following:


Groundwork and Planning

The groundwork procedures will assist us to prepare a detailed project plan which will be presented for discussion and approval. 

Evidence Collection and Interviews

This phase will include the collection and review of relevant documentation and consultative interviews with relevant officials. We will also conduct interviews with other witnesses to be identified during the investigation.




During this phase, we will consolidate our findings and issue our report. We will provide regular progress updates in a format to be agreed on. Our written formal report will outline procedures performed to date and our findings and recommendations.


Proposed procedures to be performed

The fraud detection will entail reviewing policies, processes, and procedures about the school's revenue, expenditure, and assets. We will then review relevant documentation to ascertain the following: 


Completeness of revenue received

Whether expenditure incurred was approved correctly, supported and in line with the budget; and assets are correctly accounted for and recorded in the asset register.


Sections Considered:

  • Income
  • Expenditure
  • Contracts/Service Level Agreements/Projects
  • School Assets
  • Appointment of Educators

Probity Review for High Education Institutes

  • Workstream planned activities procedures
  • Review relevant legislation, policies and procedures;
  • Interview SCM officials, as applicable; and
  • Review relevant requests for proposal.
  • Appointment of the Bid Specifications Committee (BSC) members
  • Review the appointment of the Bid Specifications Committee members
  • Review formation of the Tender Specifications Committee and Bid Specifications Committee ("BSC")
  • Review the appointment of members
  • Verify compliance with relevant policies/procedures and legislation;
  • Interview relevant parties;
  • Review signed confidentiality agreements; and
  • Inform the bid committees of errors/weaknesses/non-compliance
  • Review the terms of reference (specifications) before advertisement and provide advice on areas of improvement
  • Review of the terms of reference
  • Review tender specifications from the user department and ascertain if they have been appropriately approved
  • Review request for proposal
  • Establish whether a need assessment was done, and the budget approved by the authorised officials;
  • Review any other relevant documentation; and
  • Interview relevant parties.


SNG Grant Thornton will perform an audit on the competitive bidding process using Audit Managers that are adequately skilled in the specific commodities and have experience in auditing public sector Supply Chain Management.


The probity audit process will provide quality assurance of the process implemented on specifications ensuring the following compliance areas are adequately addressed in each step of the process:


  • Regulatory Compliance;
  • Administrative compliance;
  • Compliance with Public Sector Supply Chain Management;
  • Internal control; and
  • Governance arrangements.
Programme Assurance & Advisory

In a world where change is vital for survival and being an early mover gives you the edge in competitive markets, the need for sound project management and effective solution delivery is increasingly important.

Establishing governance practices and a controlled environment that aligns with the agility of change is pivotal for success. Our highly skilled and experienced team is waiting to partner with you to provide professional Assurance and Advisory support as you navigate change. We ensure a sound understanding of your business operations, strategic objectives, strategic initiatives, and project portfolio to provide real-time Assurance and Advisory feedback to executive management and those charged with oversight responsibilities.

We aim to protect shareholder value by providing Assurance and Advisory services on change portfolios and large-scale programmes before implementation, assisting organisations in maturing their control environment and ensuring projects stay on track and achieve their intended impact.

Tax Advisory Services - Customs and Excise

The Customs and Excise Act 91 of 1964 (the Act) provides for the levying of customs duties and the control of goods imported into or exported from South Africa.

Customs duties are based on a rate of duty indicated next to the tariff headings listed in Schedule 1 of the Act (the Tariff Book). The tariff book also provides a certain rebate and refund items that allow for a drawback or relief of duty, subject to compliance with specific conditions.

Such conditions may include, among other things, a requirement to register as an importer, exporter, rebate/drawback user with the South African Revenue Service (SARS) and obtain a permit issued by the International Trade Administration Commission (ITAC) of South Africa. 

Any educational organisations intending to import or export goods in South Africa must register as an importer or exporter with SARS. Educational institutions that imports goods (excluding foodstuffs and clothing) forwarded free, as a donation, in such quantities and under such conditions as ITAC may allow by specific permit may qualify for a total rebate of customs duty when entered under rebate item 405.04/00.00/06.00. However, the goods intended for import should be:

  1. For use by the organisation or for free distribution
  2. Not be sold, leased, hired, or otherwise disposed of for gain without the duty which has been rebated being paid to SARS
  3. The organisation may accept no donation or other counter-performance in respect of such goods

Moreover, the application for the permit must be obtained before the goods are imported into South Africa and, once issued, will be valid for 12 months.

SNG Grant Thornton Customs and Excise Team can assist Educational Organisations with:

  • Registering as importer or exporter with SARS; and
  • Applying for rebate item 405.04/00.00/06.00 permits with ITAC.
Business Consulting

Just like any other organisation, business acumen is vital for the growth and development of educational institutions. We provide fit-for-purpose solutions to address major challenges the Education sector faces by supporting our clients in terms of the following:

Productivity Improvement

Education institutions must remain flexible, agile, and profitable to maintain growth, requiring systematic improvement across people, processes, and technology. The key is to understand which activities are no longer needed and which ones should remain.

We help our clients optimise processes across the institution, leverage appropriate technologies, and consider people's impact to help achieve strategic growth goals and reduce risk. Utilising our global framework and set of tools, we can encourage broader and more meaningful conversations focused solely on areas for growth.

Strategy Development

We support the development, assessment, planning and delivery of an institution's strategic goals and plans to encourage sustainability, growth and development.

Public Sector Consulting

Our team strives for excellence, ensuring that the public sector complies with national policies and procedures. Our qualified professionals provide a wide range of services in this area, including but not limited to:

  • Preparation and review of Annual Financial Statements and supporting audit files.
  • Compilation of Audit of Performance Information and assistance with preparation of POE Files and aligning of KPIs to Annual Performance Report.
  • Assistance with rectifying non-compliance matters.
  • Audit query support includes the compilation and monitoring of audit query corrective action plans.
  • Tracking of irregular expenditure, unauthorised, fruitless and wasteful expenditure (UIF&W).
  • Compilation of UIF&W registers.
  • UIF&W write-off processes assistance in terms of relevant regulations.
  • Reviewing and designing Standard Operating Procedures (SOP), including finance and supply chain.
  • Reviewing and designing financial policies.
  • Capturing and reconciliations of financial transactions from the first principle.
  • Revenue enhancement.
  • Compilation and review of Asset Registers, including Fixed Asset Registers and Investment Registers.
B-BBEE Consulting

We specialise in Family Business Consulting, and we also provide B-BBEE Verification services.

Governance and Compliance

We assist educational institutions with various best practice governance services to ensure compliance with current legislation.

Human Resources Management

People are the driving force behind any enterprise, and a shortage of the right people is a top concern. Our deep experience in tailored optimisation tools and focus on business outcomes help our clients meet this challenge and turn talent into a competitive advantage.

Our team supports education institutions with the HR challenges they face by aligning the HR process to the HR operating model, strategy, technology architecture and the overall corporate strategy. 

Financial Management

Financial management in the education sector revolves around providing educational services to the public. Financial management of educational institutions such as schools, colleges or universities should be considered business units with income and expenditure that offer the educational services to students. Successful BUs are well managed with debtors (students) collections, and staff and all creditors are paid on time.

We strengthen finance operations by reviewing and improving financial processes, systems, and functions to help drive profitable growth, business understanding and reduce costs. 

Skills Transfer

We understand the education sector's challenges and are committed to investing in capacity building and development through our skills transfer programme.

Our programme takes a step-by-step approach to developing customised training for our clients in finance (and other-related) disciplines.

Thabo Mogano
Industry Leader - Education
Thabo Mogano
Learn more about Thabo Mogano
Thabo Mogano
Industry Leader - Education
Thabo Mogano

Book a call with Thabo

When should we call you?
Thabo Mogano

Trending insights

View more