1 / 76

Defining the Role of Internal Audit – A Government Perspective

Defining the Role of Internal Audit – A Government Perspective. Ray Harris. Ray Harris. Background. Myself Internal Audit In Central Government in UK

blue
Download Presentation

Defining the Role of Internal Audit – A Government Perspective

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Defining the Role of Internal Audit – A Government Perspective Ray Harris Ray Harris

  2. Background • Myself • Internal Audit In Central Government in UK • Late 1970’s criticism from the National Audit Office (NAO) Parliament’s external financial auditors in a report to the Public Accounts Committee (PAC) • Wass Bancroft Report recommending reform and leading to a basic level of training standard (BATS) and a common approach across Departments – from financial based ‘Internal Check’ and ‘Tick & Turn’ to a ‘Systems based approach’ AND adopting the IIA as the preferred professional body • Where are we now?

  3. UK Accountability Framework IA

  4. Accounting Officer’s Memorandum • Accounting Officers are separately appointed by HM Treasury and the responsibilities of the Accounting Officer in relation to Government Accounting regulations are set out in ‘The Accounting Officer’s Memorandum’ • A key component of the Memorandum is that ‘Internal Audit is established in accordance with the objectives, standards and practices set out in the ‘Government Internal Standards’ (GIAS) published by HM Treasury • Accounting Officers have a particular responsibility for ensuring compliance with parliamentary requirements in the control of expenditure and in particular ‘Regularity and Propriety’

  5. Regularity = requirement for all expenditure and receipts to be dealt with in accordance with the legislation authorising them and the rules of Government Accounting i.e. ‘The Ambit of the Vote’ • Propriety = the further requirement that expenditure and receipts should be dealt with in accordance with Parliament’s intentions and the principles of parliamentary control including the conventions agreed with Parliament (and in particular the Public Accounts Committee (PAC)

  6. Government Internal Audit Standards • 10 Standards 5 relating to Organisational status 5 relating to Operational approach:

  7. Organisational Standards • Standard 1: Scope of Internal Audit – defined by the Accounting Officer in Terms of Reference which amongst others: • Standard 2: Establish organisational independence and embrace the risk management control and governance processes of the organisation including all its operations, resources, services and responsibilities for other bodies

  8. Establish internal audit’s right of access to all records, assets personnel and premises and its authority to obtain such information as it considers necessary to fulfil its responsibilities • An Accounting Officer is charged with organising internal audit in accordance with the objectives, standards and practices set out in GIAS . • The HIA should be of appropriate grade or status, have wide experience of internal audit and management, and must meet the Government Internal Audit Standard and the Senior Staff standard as set down in GIAS .

  9. 8.  The HIA is responsible to the Accounting Officer, but normally reports to the Principal Finance Officer and the audit committee. In all cases, the Head of Internal Audit has the right of direct access to the Accounting Officer.

  10. Standard 3: Audit Committees • Accounting Officer is required to establish an Audit Committee to: • Advise him on the skills, competence, TORs effectiveness and resourcing of Internal Audit including planning, reporting, quality, relationships with management and external audit and the adequacy of management’s responses to audit reports

  11. Head of Audit’s Relationship • The Head of Internal Audit should attend Audit Committee meetings • The Head of Internal Audit should have a right of access to the Chair of the Audit Committee to discuss ant issues they wish to raise

  12. Standard 4: Relationships with Management, other Auditors and other Review Bodies • Relations with Management – emphasis on service to management – mutual trust – added value – without compromising responsibilities to the Accounting Officer • Relations with other Internal Auditors – inter departmental co-operation – reliance on other’s work – Accounting Officer endorsement

  13. Relationships with External Auditors - regular meetings – techniques` and methodologies – reliance by external audit on the work of internal audit • Relationships with other review bodies – management inspection, compliance teams, liasion and quality assurance in order to place reliance

  14. The Head of Internal Audit should establish a means to gain an overview of other assurance providers’ work and if appropriate report to the Accounting Officer

  15. Standard 5: Staffing Training and Development • Internal audit should be appropriately staffed in terms of numbers, grades and experience, having regard to its objectives and standards. Internal auditors must be properly trained to fulfil their responsibilities. • Government Internal Audit Certificate (GIAC)- mandatory • Continuing professional development

  16. Standard 6: Audit Strategy • HIA to develop and maintain an efficient and effective strategy for providing the Accounting Officer an objective opinion on the effectiveness of the organisation’s risk management , control and governance arrangements • The Head of Internal Audit’s opinions are a key element of the framework of assurance the Accounting Officer needs to inform their completion of the annual Statement of Internal Control (SIC)

  17. Planning: internal audit work should be planned at all levels of operation in order to establish priorities, achieve objectives and ensure the efficient and effective use of audit resources

  18. Standard 7: Management of Audit Assignments • Assignment planning – scope, objectives and timing – reporting lines • Sponsors for each assignment • Approach – objectives, risks and controls – appropriateness – over/under control • Conclusions, report recommendations and opinion • Follow – up – managements implementation of responses to audit recommendations

  19. Standard 8: Due Professional Care • Skill that a reasonably prudent and competent internal auditor will apply in performing their duties • Due care = working with competence and` diligence • Due professional care = the use of audit skills and judgement based on appropriate experience training (including CPD) ability, integrity and objectivity

  20. Conduct of individual auditors – compliance with standard – appropriate programme of quality assurance review by HIA and senior staff

  21. Standard 9: Reporting • Standards style and methodology set by HIA • HIA produces written report to the Accounting Officer timed to support the Statement of Internal Control (SIC) • HIA produces an annual report covering the overall opinion on the control framework • In addition to the annual report HIA makes arrangements for interim reporting to the Accounting Officer in the course of the year

  22. Standard 10 : Quality Assurance • A continuously effective level of performance compliant with the standards is maintained • HIA to develop a quality assurance programme designed to gain assurance both by internal and external review • HIA to publish an Audit Manual for managing Internal Audit and ensure that there is appropriate supervision throughout all audit assignments

  23. Treasury Definition of IA INTERNAL AUDIT IS AN INDEPENDENT AND OBJECTIVE APPRAISAL SERVICE WITHIN AN ORGANISATION: • Internal audit primarily provides an independent and objective opinion to the Accounting Officer on risk management, control and governance, by measuring and evaluating their effectiveness in achieving the organisation’s agreed objectives.

  24. In addition, internal audit’s findings and recommendations are beneficial to line management in the audited areas. • Risk management, control and governance comprise the policies, procedures and operations established to ensure the achievement of objectives, the appropriate assessment of risk, the reliability of internal and external reporting and accountability processes, compliance with applicable laws and regulations, and compliance with the behavioural and ethical standards set for the organisation.

  25. Internal audit also provides an independent and objective consultancy service specifically to help line management improve the organisation’s risk management, control and governance. The service applies the professional skills of internal audit through a systematic and disciplined evaluation of the policies, procedures and operations that management put in place to ensure • the achievement of the organisation’s objectives, and through recommendations for improvement. Such consultancy work contributes to the opinion which internal audit provides on risk management, control and governance.

  26. WHAT IA DOES • ACCOMPLISHMENT OF ESTABLISHED GOALS AND OBJECTIVES • COMPLIANCE WITH RELEVANT LAWS AND REGULATIONS • RELIABILITY AND INTEGRITY OF INFORMATION • ECONOMIC, EFFECTIVE AND EFFICIENT USE OF RESOURCES • SAFEGUARDING OF ASSETS

  27. INTERNAL AUDIT DOES NOT • ACT AS A POLICEMAN • ACT AS A SUBSTITUTE FOR MANAGEMENT • AUDIT END OF YEAR FINANCIAL ACCOUNTS • HAVE RESPONSIBILITY FOR EXECUTIVE FUNCTIONS • INVESTIGATE FRAUD

  28. Who Are We Here To Serve? • The Accounting Officer • The Management Board • The Audit Committee

  29. Role of the Audit Committee • Appointed by the Board • Helps set the “Tone at the Top” • Reviews the assessment and management of risk • Provides independent reporting line with protection for Internal Audit terms of reference and resources • Evaluates Internal Audit Coverage and performance

  30. Sets priorities for Internal Audit • Agrees both long term and annual plans • Review of year end Corporate Governance statements made by management • Review of Corporate Risk Assessments • Review of other sources of assurance • On going assessments of business critical projects (BCPs)

  31. Internal Audit Outputs(Tangible) • Audit Reports • The Annual Report • Strategic and Annual Plans • Consultancy and advice • Protection against outside criticism

  32. Supported By • Individual Audit Reports which must: • Focus on the wants and needs of the Committee and which they can relate to without going into fine details. • Demonstrate that the audit effort is being directed at the critical areas of the business • Show added value to the organisation • Encompass awareness of current thinking utilising the latest techniques and promoting best practice

  33. Who are Your Reports Aimed At? • Line Management? - at what level? • Accounting Officer? • Audit Committee? • External Audit

  34. Internal Audit Outputs(Intangible) • Deterrent effect • Wood for the trees • Force for the good Ray Harris

  35. CORPORATE GOVERNANCE

  36. BACKGROUND • Public disquiet about BCCI, Polly Peck, Maxwell Pensions and Barings Bank • 1992 Cadbury Committee code of practice relating to the management and control arrrangements of companies • “Rutteman Report” produced in 1994 instigated the requirement for statements on internal financial control, this was developed by the Hampel Committee, successor to the Cadbury Committee • Treasury introduced the requirement to departments with effect from 1 January 1998. Post Turnbull the requirement for a statement covering all control has been introduced wef. 2001

  37. WHAT IS CORPORATEGOVERNANCE? Cadbury defined Corporate Governance as: The way in which an organisation is managed, and which includes the following elements:-

  38. MAIN ELEMENTS OF CORPORATE GOVERNANCE • Senior management structure (board of directors and audit committee) • Organisational structure • Control environment • Integrity and ethical values • Commitment to competence • Leadership • Management’s philosophy and operating style • Assignment of authority and responsibility

  39. Human resource policies and practices • Risk assessment • Strategic planning • Change management • Control activities • Financial control • Information and communication • Monitoring

  40. WHAT’S NEW ? • STATEMENT OF INTERNAL CONTROL • The Requirement - Treasury Requirement post Turnbull - Widening the Scope • What is Internal Control? • The achievement of objectives in four categories: • The effectiveness and of operations; • The reliability of internal control (including • the safeguarding of assets); • Compliance with applicable laws and regulations. • The economical and efficient use of resources

  41. Role of Audit in SIC • Statements contain the wording ‘As Accounting Officer I also have responsibility for reviewing the effectiveness of the system of internal control. My review of the effectiveness of the system of internal control is informed by the work of the internal auditors….’

  42. Currently managed via five interrelated components : • Control environment • Risk assessment • Control activities • Information and communication • Monitoring • Moving to Enterprise Risk Management which has 8 components

  43. Enterprise Risk Management

  44. 1. THE CONTROL ENVIRONMENT • To ensure commitment to competence and quality • To ensure the establishment and maintenance of ethical • standards and control consciousness • To ensure an appropriate organisational structure • To ensure appropriate assignment of authority, responsibility and accountability

  45. 2. BUSINESS RISK IDENTIFICATION AND ASSESSMENT • To ensure appropriate corporate aims, objectives and measures are in place • To ensure risks to achieving corporate objectives are identified and managed

  46. WHAT IS RISK? The threat of bad things happening and/or Good things not

  47. RISK Risk of What? • People - Competence,Integrity • Planning - Should be integrated • Processes - information and communications - operational and financial policies and activities - monitoring arrangements - supporting systems

More Related