CIPFA is calling on the public sector to provide recognition, support and encouragement for heads of internal audit and their teams in a new statement published on Tuesday 9 April 2019.
‘The role of the head of internal audit’ sets out five principles, aligned with the UK Public Sector Internal Audit Standards (PSIAS), which outline the key expectations of heads of internal audit and the conditions that will allow them to thrive.
The principles set out individual and organisational responsibilities, and represent best practice guidance that can form the basis of conversations between internal auditors, leadership teams and audit committees to support internal audit effectiveness.
Rob Whiteman, CIPFA CEO, said:
“The time is right for a refreshed CIPFA statement setting out best practice for the head of internal audit role. Heads of Internal Audit across the whole public sector are working in increasingly high pressure environments, contending with restricted resources and growing levels of financial risk.
“While many organisations are already doing a great job in this space, it’s crucial that Heads of Internal Audit and their teams are given the tools they need to provide quality assurance to their organisations.”
A collection of case studies was also launched today to accompany the refreshed statement. ‘Leading internal audit in the public sector: putting principles into practice’ gives a series of examples of organisations across the public sector that are leading the way with innovative solutions to provide better support and assurance to their organisations and clients.
ENDS
Notes to editors:
‘The role of the head of internal audit’ can be viewed in full
here.
‘Leading internal audit in the public sector: putting principles into practice’ can be viewed in full
here.
Examples from ‘Leading internal audit in the public sector: putting principles into practice’
Mersey Internal Audit Agency (MIAA): Providing Assurance over Cyber Security
Cyber security is one of the biggest risks facing any organisation and with recent examples of ransomware and data thefts in the public services it is an important areas for internal audit to provide assurance on. It is a challenging area for internal audit to provide assurance on as new threats emerge.
The agency ensures that IT risks are addressed within its audit plans. In particular, its cyber security services are focused on building and assuring a ‘defence in depth’ model which supports an organisation to develop policies, educate its workforce, build in security by design, test and assure controls, infrastructure and practices and provide a robust incident response and forensic capability.
North East Lincolnshire Council: Supporting the development of governance arrangements and an ethical culture
At North East Lincolnshire Council the head of internal audit is recognised as a key source of advice and support on governance and control issues. It is also recognised that the Head of Internal Audit’s role goes beyond assurance work but also includes promoting effective internal control and helping to develop ethical cultures across the organisation.
Some of the key initiatives include:
- The head of internal audit carrying out an annual audit for the chief executive testing out the council’s culture and ethical governance arrangements. This has involved designing testing schedules based on the latest research on organisational culture and carrying out facilitated workshops. The outcome of this audit is reported annually to the leadership team by the head of audit and has played a key role in promoting and strengthening the council’s values.
- The setting up of assurance board, chaired by the chief executive, of which the head of internal audit is a member. The board meets monthly and is a forum to review emerging issues which may impact on the council’s control environment and to allow mitigating action to be taken.
- The development of the Manager’s Guide to the Control Environment by the Head of Audit which summarise the key aspect of internal control, managers’ specific responsibilities for maintaining an effective control environment and signposting them to where they can get support. This document is regularly promoted at the leadership team.
About CIPFA:
CIPFA, the Chartered Institute of Public Finance and Accountancy, is the professional body for people in public finance. CIPFA shows the way in public finance globally, standing up for sound public financial management and good governance around the world as the leading commentator on managing and accounting for public money.
For further information please contact the CIPFA press office on 020 7543 5703 or email
liam.macandrew@cipfa.org