the role of the head of internal audit and guidance... · 2012-12-20 · The Head of Internal Audit...
Transcript of the role of the head of internal audit and guidance... · 2012-12-20 · The Head of Internal Audit...
in public service organisations
2010
the role of the head of internal audit
Contents
Foreword 1
Definitionsusedthroughoutthedocument 2
IntroducingtheCIPFAstatement 4
UsingtheCIPFAStatement 5
Principle1 7
Principle2 10
Principle3 15
Principle4 18
Principle5 21
Appendix 23
CIPFA Statement on the role of the Head of Internal Audit in public service organisations
The Head of Internal Audit in a public service organisation plays a critical role in delivering the organisation’s strategic objectives by:
1 championingbestpracticeingovernance,objectivelyassessingtheadequacyofgovernanceandmanagementofexistingrisks,commentingonresponsestoemergingrisksandproposeddevelopments;and
2 givinganobjectiveandevidencebasedopiniononallaspectsofgovernance,riskmanagementandinternalcontrol.
To perform this role the Head of Internal Audit:
3 mustbeaseniormanagerwithregularandopenengagementacrosstheorganisation,particularlywiththeLeadershipTeamandwiththeAuditCommittee;
4 mustleadanddirectaninternalauditservicethatisresourcedtobefitforpurpose; and
5 mustbeprofessionallyqualifiedandsuitablyexperienced.
CIPFA | The role of the head of internal audit 1
TheHeadofInternalAudit(HIA)occupiesacriticalpositioninanyorganisation,helpingittoachieveitsobjectivesbygivingassuranceonitsinternalcontrolarrangementsandplayingakeyroleinpromotinggoodcorporategovernance.TheaimofthisStatementistoclarifytheroleoftheHIAinpublicserviceorganisationsandtoraiseitsprofile.
foreword
Organisationsneedtoknowthattheyhavestrongarrangementsforcontrollingtheirresourcesandfordeliveringtheirobjectives.CIPFAbelievesthatHIAshaveauniqueroletoplayhere.Theyareseniormanagerswhosebusinessisobjectivelyassessingthesearrangementsandtherisksthatorganisationsfaceandgivingappropriateassurances.HIAsmustalsoprovideleadership,promotingandhelpingorganisationsachievegoodgovernanceandaddressfuturechallenges.
HIAsneedtoreviewthewholesystemofcontrol,bothfinancialandnon-financial,andfocusontheareaswhereassuranceismostneeded.InmostpublicserviceorganisationstheHIAhastogiveanannualopinionontheorganisation’sgovernancearrangements,whichisusedbyChiefExecutivesasaprimarysourceofevidencefortheirannualgovernancereport.
HIAsmustalsobeabletoshowthattheycanmeettheneedsofstakeholderssuchasChiefExecutivesandAuditCommitteesaddingvaluebyhelpingto
improveserviceswhilstretainingtheirobjectivity.Theyalsoneedtoworkwellwithpartnersandotherauditors.
TheStatementisprinciplesbasedandshouldberelevantforallpublicserviceorganisationsandtheirHIAs.ItisintendedtobehelpfultoawideaudienceincludingLeadershipTeams,includingChiefExecutives,AuditCommittees,otherstakeholdersaswellasHIAsthemselves.
WebelieveorganisationsshouldseetheStatementasbestpracticeanduseittoassesstheirHIAarrangementstodriveupauditqualityandgovernancearrangements.
WealsocommendtheStatementtoindividualinternalauditprofessionals.ItarticulatesthecoreresponsibilitiesoftheHIA,aswellasthepersonalandprofessionalskillsthattheyneed.
Mike MoreChairCIPFASteeringGroupontheroleoftheHeadofInternalAuditinpublicserviceorganisations
Steve FreerChiefExecutiveCIPFA
CIPFA | The role of the head of internal audit2
HeadofInternalAudit(HIA)Theexecutiveresponsiblefortheorganisation’sinternalauditservice,includingdrawinguptheinternalauditstrategyandannualplanandgivingtheannualauditopinion.Thiscouldbesomeonefromanotherorganisationwhereinternalauditiscontractedoutorsharedwithothers.
LeadershipTeamComprisestheBoardandManagementTeam.
BoardThegroupofpeoplechargedwithsettingthestrategicdirectionfortheorganisationandresponsibleforitsachievement.
ManagementTeamThegroupofexecutivestaffcomprisingtheseniormanagementchargedwiththeexecutionof strategy.
ChiefExecutiveThemostseniorexecutiveroleintheorganisation.
ChiefFinancialOfficerTheorganisation’smostseniorexecutiverolechargedwithleadinganddirectingfinancialstrategyandoperations.
ManagersThestaffresponsiblefortheachievementoftheorganisation’spurposethroughservices/businessesanddeliverytoitsclients/customers.
Governance1
Thearrangementsinplacetoensurethatanorganisationfulfilsitsoverallpurpose,achievesitsintendedoutcomesforcitizensandserviceusersandoperatesinaneconomical,effective,efficientandethicalmanner.
Controlenvironment*Comprisesthesystemsofgovernance,riskmanagementandinternalcontrol.Thekeyelementsinclude:
� establishingandmonitoringtheachievement oftheorganisation’sobjectives
� thefacilitationofpolicyanddecision-making ensuringcompliancewithestablished policies,procedures,lawsandregulations– includinghowriskmanagementisembedded
� ensuringtheeconomical,effectiveand efficientuseofresourcesandforsecuring continuousimprovement
� thefinancialmanagementofthe organisationandthereportingof financial management
� theperformancemanagementofthe organisationandthereportingof performancemanagement.
SystemofinternalcontrolThetotalityofthewayanorganisationdesigns,implements,testsandmodifiescontrolsinspecificsystems,toprovideassuranceatthecorporatelevelthattheorganisationisoperatingefficientlyandeffectively.
definitionsused throughoutthedocument
Thepublicserviceshaveawidevarietyoforganisationalstructuresandgovernancearrangements.ThedefinitionsusedinthisdocumentareprimarilybasedonthoseusedinCIPFA’sRoleoftheChiefFinancialOfficerStatementandinCIPFA’sCodeofPracticeforInternalAuditinLocalGovernment.ThesedefinitionsarebroadlyconsistentwiththoseusedbytheInstituteofInternalAuditors(IIA)andreflectedinthestandardsusedincentralgovernmentandtheNHS.Wheretherearesomedifferences(markedas*)thenthealternativeIIAdefinitionshouldbeconsideredwhenapplyingtheStatementinthesesectors.
1TheGoodGovernanceStandardforPublicServices(IndependentCommissionchairedbySirAlanLanglands,2004)
CIPFA | The role of the head of internal audit 3
Riskmanagement*Alogicalandsystematicmethodofestablishingthecontext,identifying,analysing,evaluating,treating,monitoringandcommunicatingtherisksassociatedwithanyactivity,functionorprocessinawaythatwillenabletheorganisationtominimiselossesandmaximiseopportunities.
Riskbasedaudit*Anauditthat:
� identifiesandrecordstheobjectives,risks andcontrols
� establishestheextenttowhichtheobjectives ofthesystemareconsistentwithhigher-level corporateobjectives
� evaluatesthecontrolsinprincipletodecide whetherornottheyareappropriateandcan bereasonablyreliedupontoachievetheir purpose,addressingtheorganisation’srisks
� identifiesanyinstancesofoverandunder controlandprovidesmanagementwitha cleararticulationofresidualriskswhere existingcontrolsareinadequate
� determinesanappropriatestrategytotest theeffectivenessofcontrolsiethrough complianceand/orsubstantivetesting
� arrivesatconclusionsandproducesareport, leadingtomanagementactionsasnecessary andprovidinganopinionontheeffectiveness ofthecontrolenvironment.
AuditCommitteeThegovernancegroupchargedwithindependent assuranceoftheadequacyoftheinternalcontrolenvironmentandtheintegrityoffinancial reporting.
Internalaudit*Anassurancefunctionthatprovidesanindependentandobjectiveopiniontotheorganisationonthecontrolenvironment,byevaluatingitseffectivenessinachievingtheorganisation’sobjectives.Itobjectivelyexamines,evaluatesandreportsontheadequacyofthe
controlenvironmentasacontributiontotheproper,economic,efficientandeffectiveuseof resources.
ConsultancyAdvisoryandrelatedclientserviceactivities,thenatureandscopeofwhichareagreedbytheclient,areintendedtoaddvalueandimproveanorganisation’sgovernance,riskmanagementandcontrolprocesseswithouttheinternalauditorassumingmanagementresponsibility.
AnnualgovernancereportThemechanismbywhichanorganisationpubliclyreportsonitsgovernancearrangementseachyear.
PublicserviceorganisationOneormorelegalbodiesmanagedasacoherentoperationalentitywiththeprimaryobjectiveofprovidinggoodsorservicesthatdeliversocialbenefitsforcivicsociety,arenotprivatelyownedandreceivepublicand/orcharitablefunding.
AssuranceAconfidentassertion,basedonsufficient,relevantandreliableevidence,thatsomethingissatisfactory,withtheaimofgivingcomforttotherecipient.Thebasisoftheassurancewillbesetoutanditmaybequalifiediffullcomfortcannotbegiven.TheHIAmaybeunabletogiveanassuranceifarrangementsareunsatisfactory.
Assurancecancomefromavarietyofsourcesandinternalauditcanbeseenasthe‘thirdlineofdefence’withthefirstlinebeingtheorganisation’spolicies,processesandcontrolsandthesecondbeingmanagers’ownchecksofthisfirstline.
HeadofInternalAuditOpinionTheopinionissuedeachyearbytheHIAontheadequacyandeffectivenessoftheorganisation’scontrolenvironmentandwhichisusedbytheChiefExecutiveinsomepublicserviceorganisationsasakeysourceindraftingtheannualgovernancereport.
CIPFA | The role of the head of internal audit4
introducingthe CIPFAstatement
Thepublicservicecontext
Citizen,serviceuserandtaxpayer:allofusoccupyoneorotheroftheserolesatdifferenttimes.Weallhavedifferentprioritiesandneeds,butourcommongroundisthatweexpecthighstandardsofservicewithinaffordabletaxlevels.Andwedemandexemplarystandardsofbehaviourwherepublicmoneyisspent.
Thepublicservicesalsofacefrequentstructuralchangesandchangingmodelsofservicedeliveryandpartnerships.Expectationsofcontestabilityandcompetitionasdriversofvalueformoneyarealsoblurringtheboundariesbetweenthepublicandprivatesectors.Thishasincreasedthevarietyofgovernancearrangements,evenamongsimilartypesofbodies.
Goodgovernance
Thechangingpoliticalenvironmentwithinwhichdecisionsaretakenandservicesdeliveredcreatesarangeofstakeholderswhoseinterestsandinfluencesmustbeacknowledged,understood,managedandbalanced.
Thedemandforbetterpublicserviceswithinacomplexenvironmenthasstrengthenedtheneedforeffectivegovernance.Goodgovernanceinapublicserviceorganisationrequiresafocusontheorganisation’spurposeanditsintendedoutcomes.Italsocarriesaspecificobligationinrelationtocitizens,taxpayersandserviceuserstomakebestuseofresourcesandensurevalueformoney.
ThekeyroleplayedbytheHIA
Internalauditisoneofthecornerstonesofeffectivegovernance.TheHIAisresponsibleforreviewingandreportingontheadequacyoftheirorganisation’scontrolenvironment,including
thearrangementsforachievingvalueformoney.ThroughtheannualinternalauditopinionandotherreportstheHIAgivesassurancetotheLeadershipTeamandothers,andmakesrecommendationsfor improvement.
TheHIA’sroleisauniqueone,providingobjectivechallengeandsupportandactingasacatalystforpositivechangeandcontinualimprovementingovernanceinallitsaspects.Theroleisparticularlyimportantwhenorganisationsarefacinguncertainorchallengingtimes.Fulfillingtherolerequiresarangeofpersonalqualities.TheHIAhastowinthesupportandtrustofothers,sothathe/sheislistenedto,andtheHIA’sroleasacriticalfriendmeansthatsometimesdifficultmessagesmustbegivenandactedon.
Itistheseexpectations,combinedwiththeprofessional,personalandleadershipskillsrequired,thathaveshapedtheCIPFAStatementontheroleoftheHIAinpublicserviceorganisations.
Primaryaudience
TheprimaryaudienceforthisStatementisthosewhorelyontheHIA’sassurances–theLeadershipTeamandtheAuditCommittee.CIPFArecommendsthattheyshouldexaminetheirownorganisationagainstthisStatementtosatisfythemselvesthattheyhaveeffectiveHIAarrangementsinplace.
CIPFA | The role of the head of internal audit 5
Statementapproachandstructure
TheStatementsetsoutthefiveprinciplesthatdefinethecoreactivitiesandbehavioursthatbelongtotheroleoftheHIAinpublicserviceorganisationsandtheorganisationalarrangementsneededtosupportthem.Successfulimplementationofeachoftheprinciplesrequirestherightingredientsinterms of:
■ theorganisation;
■ therole;and
■ theindividual.
ForeachprincipletheStatementsetsoutthegovernancearrangementsrequiredwithinanorganisationtoensurethatHIAsareabletooperateeffectivelyandperformtheircoreduties.TheStatementalsosetsoutthecoreresponsibilitiesoftheHIA.
SummariesofpersonalskillsandprofessionalstandardsthendetailtheleadershipskillsandtechnicalexpertiseorganisationscanexpectfromtheirHIA.TheseincludetherequirementsofCIPFAandtheotherprofessionalbodies’codesofethicsandprofessionalstandardstowhichtheHIAasaqualifiedprofessionalisbound.Thepersonalskillsdescribedhavebeenalignedwiththemostappropriateprinciple,butinmanycasessupportotherprinciplesaswell.
Demonstratingcompliance
TheStatementsupportsCIPFA’sworktostrengthengovernance,riskmanagementandinternalauditacrosspublicservices.ItisintendedtoallowtheLeadershipTeamofapublicserviceorganisation,whetherexecutive,non-executiveorelected,tobenchmarkitsexistingarrangementsagainstadefinedframework.
Publicserviceorganisationsoperatewithinavarietyoflegalandregulatorystructures,andthereisahugerangeinsizeandscopeofservicesdelivered.TheStatementthereforefocusesontheprinciplesthatcapturetheessentialcharacteristicsoftheHIAroleinanypublicservice organisation.
CIPFArecommendsthatorganisationsshouldusetheStatementastheframeworktoassesstheirexistingarrangements(linkedtoanysectorspecificguidanceorstandards),andthattheyshouldreportpublicallyoncompliancetodemonstratetheircommitmenttogoodpractice.CIPFAalsoproposesthatorganisationsshouldreportpubliclywheretheirarrangementsdonotconformtothecomplianceframeworkinthisStatement,explainingthereasonsforthis,andhowtheyachievethesameimpact.
StatusoftheStatement
TheStatementsetsoutwhatCIPFAconsiderstobebestpracticeforHIAs.ItdoesnothavethestatusofaCIPFAcode,nordoesitreplacethesector-specificguidanceorthecodesandprofessionalstandardsthatunderpinaccountancyandinternalauditbodies’competencyanddisciplinaryframeworks.TheaimisthatstandardsettersandregulatorsacrosspublicservicesshoulddrawontheStatementwhenreviewingtheirownguidance.
TheStatementshouldalsohelpguidebothcurrentandaspiringHIAs,byprovidingasummaryofthecoreresponsibilitiesentailedintheroleaswellasthepersonalskillsandprofessionalstandardsnecessarytosucceed.Itshouldthereforeprovideafocusforauditprofessionals’ownpersonaldevelopmentatallstagesoftheircareers.
usingthe CIPFAstatement
CIPFA | The role of the head of internal audit6
CIPFAStatementontheroleoftheHeadofInternalAudit(HIA)inpublicserviceorganisations
The Head of Internal Audit in a public service organisation plays a critical role in delivering the organisation’s strategic objectives by:
1 championingbestpracticeingovernance, objectivelyassessingtheadequacyofgovernanceandmanagementofexistingrisks,commentingonresponsestoemergingrisksandproposeddevelopments;and
2 givinganobjectiveandevidencebasedopiniononallaspectsofgovernance,riskmanagementandinternalcontrol.
To perform this role the Head of Internal Audit:
3 mustbeaseniormanagerwithregularandopenengagementacrosstheorganisation,particularlywiththeLeadershipTeamandwiththeAuditCommittee;
4 mustleadanddirectaninternalauditservicethatisresourcedtobefitforpurpose;and
5 mustbeprofessionallyqualifiedandsuitablyexperienced.
TheOrganisation:Governance Requirements
TheRole:Core HIA Responsibilities
TheIndividual:Personal Skills and
Professional Standards
1
2
3
4
5
CIPFA | The role of the head of internal audit 7
TheHIAinapublicserviceorganisationplaysacriticalroleindeliveringtheorganisation’sstrategicobjectivesbychampioningbestpracticeingovernance,objectivelyassessingtheadequacyofgovernanceandmanagementofexistingrisks,commentingonresponsestoemergingrisksandproposeddevelopments.
Promotinggoodgovernance
Goodgovernanceisfundamentaltoestablishingconfidenceinpublicservices.AllmanagershavearesponsibilityforgoodgovernancebuttheHIAhasaroleinpromotingthisandspreadinggoodpractice.TheinternalauditstrategymustsetouthowtheHIAwillfulfilthisrole.
TheLeadershipTeamcollectivelyneedstosetthetonethatgoodgovernanceiscoretoachievingstrategicaimsandindemonstratingthatpublicmoneyisusedwell.TheHIAisnotresponsibleforgoodgovernancebuttheydohavearoleinhelpingtoraisestandards.Thiscanbedonebypromotingthebenefitsofgoodgovernanceaswellasreportingonsystemfailures.TherearealsobenefitsfortheHIAintakingsuchanapproachasthishelpsstaffandothersseethewiderpurposeofinternalaudit’sworkandthesupportthattheycanprovide.
Therearemanywaystochampiongoodgovernanceacrosstheorganisation.InmanyorganisationsotherssuchastheChiefFinancialOfficerwillleadonpromotinggoodgovernance.TheHIAneedstoassessthestateoftheorganisation’sgovernanceandwhatotherswithaninterestaredoing.Theythenneedtoclarifytheirroleinpromotinggoodgovernanceandhowtheycanmakemostimpact.Benchmarkingwithotherorganisationscanbehelpfulandcasestudiesfromsimilarorganisationscanbeuseful.Theaimshouldbetoshowthebenefitsofgoodgovernanceforstaffandothersandusingtrainingandguidancetodothis.Theroleofchampionalsoextendstothesignificantpartnershipsthattheorganisationispartof.
Assessinggovernanceandmanagementofexistingrisks
HIAsmustreviewandmakeajudgementonthewholerangeofcontrolsincludingthoserelatingtoachievingvalueformoneyandthepreventionanddetectionoffraudandcorruption.InreachingthejudgementtheHIAmightwanttolookatcorporatearrangements,forexamplethoseregardingdataqualityandperformancemanagementarrangements.Theymayalsowanttotesthowthesearrangementsworkbyexaminingspecifictopics,forexamplemajorprojects,decisionmakingandimplementationofprogrammes.Overall,internalaudit’sobjectivesmustbealignedtotheorganisation’sandshouldhelpimprovetheeffectivenessofpublicservice delivery.
Therecanoftenbemanyagenciesreviewingcontrolswithinorganisations.Internallytheremaybemanagementconsultantsreviewingoperationalmanagement.Externallythereisarangeofinspectorsandotherreviewagenciesandservicedeliverypartners.TheHIAmustunderstandthegovernancearrangementsandassessthestrengthsofeachoftheparts.Theythenneedtosetoutwhatreliancehasbeenplacedonthedifferentelementsandwhytheybelievethereliancetobewellplaced.Settingoutthisframeworkshouldalsohelpinexplainingtoothershowinternalauditfitsintothewidergovernancepicture.
Advisingonproposeddevelopments
HIAsmustbeaskedtoconsidertheimpactofproposedpolicyinitiatives,programmes
principle1
CIPFA | The role of the head of internal audit8
andprojectsaswellasresponsestoemergingrisks.HIAsshouldbemadeawareofmajornewsystemsandproposedinitiativestohelpensurerisksareproperlyidentifiedandevaluatedandappropriatecontrolsbuiltin.TheHIAshouldconsiderwhatifanyauditworkneedstobedoneandalsohowtheproposalsfitwiththeorganisation’sstrategicobjectives.TheHIAshouldbeinvolvedattheoutsettoensureanyadvicetheygivecanbeactioned.Givingadviceoverproposeddevelopmentsisinevitablyalessprecisebusinessthangivingassurancesonexistingsystems.ManagersandtheHIAmustthereforebeclearonthescopeofanyinternalauditworkhereandofthekindofadvicethatis given.
Internalauditsometimesprovideadviceoncurrentorproposedarrangements.Thisisanimportantrole–itmakesgooduseofinternalaudit’sanalyticalskillsandbringsvaluetotheorganisation.ButforthistoworkwelltheHIAmustensurethatstaffcarryingouttheworkhavesuitableskillsandthatinternalaudit’sobjectivityisnotcompromised.TheHIAmustalsoensurethattherearesufficientresourcestodotheworkandthatotherworkandtheHIAannualopinionisnotcompromised.
CIPFA | The role of the head of internal audit 9
Governancerequirements Principle1
� SetouttheHIA’sroleingoodgovernanceandhowthisfitswiththeroleofothers.
� Ensurethattheimportanceofgoodgovernanceisstressedtoallintheorganisation,throughpolicies,proceduresandtraining.
� EnsurethattheHIAisconsultedonallproposedmajorprojects,programmesandpolicyinitiatives.
CoreHIAresponsibilities Principle1
� Helpingtopromotethebenefitsofgoodgovernancethroughouttheorganisation.
� Workingwithothersintheorganisationwhohavearesponsibilityforpromotinggoodgovernance.
� GivingadvicetotheLeadershipTeamandothersonthecontrolarrangementsandrisksrelatingto proposedpolicies,programmesandprojects.
� Promotingthehigheststandardsofethicsandstandardsacrosstheorganisationbasedonthe principlesofintegrity,objectivity,competenceandconfidentiality.
� DemonstratingthebenefitsofgoodgovernanceforeffectivepublicservicedeliveryandhowtheHIA canhelp.
� OfferingconsultancyadvicewheretheHIAconsidersthatitisappropriate,drawingupcleartermsof referenceforsuchassignments.
Personalskillsandprofessionalstandards Principle1
� Provideleadershipbygivingpracticalexamplesofgoodgovernancethatwillinspireothers.
� Deployeffectivefacilitatingandnegotiatingskills.
� Buildanddemonstratecommitmenttocontinuousimprovement.
� Demonstrateconsultancyskillsasappropriate–analytical,problemsolving,influencingand communicating.
CIPFA | The role of the head of internal audit10
Objectivity
TheLeadershipTeamisresponsiblefortheorganisationachievingitsobjectivesandforunderlyinggoodgovernance,riskmanagementandinternalcontrol.Managersareresponsibleforthisintheareasforwhichtheyhaveresponsibility.TheHIA’suniqueroleistoprovideassuranceandguidanceonthesearrangementsandsoitisimportantthattheHIAisindependentofoperationalmanagementandisseentoprovideobjectiveviewsandopinions.
WhilsttheHIAneedstobeobjectiveitisimportantthattheyunderstandtheorganisationandarepragmaticintheirworkingrelationships.TheHIAshouldbeconcernedwitheffectiveactiontoimprovethecontrolenvironment.Theymustworktodevelopstrongandconstructiveworkingrelationshipswithmanagersandnon-executivedirectors/electedrepresentatives,creatingmutualrespectandeffectivecommunication.Providingobjectiveinformationandadvicetonon-executivedirectors,electedrepresentativesandothersrequiresanunderstandingofethicsandthewiderpublicinterestaswellasdiplomacy.
ToenabletheHIAtobeobjective,he/sheshouldhavenooperationalresponsibilities.IncaseswheretheHIAdoeshaveoperationalresponsibilitiesthenalternativeassurancearrangementsmustbemade.Inparticular,theimpactofthisworkandtheauditplanningandreportingarrangementsfortheseareasmustbereportedtoandagreedbytheHIA’slinemanagerandtheimpactreportedtotheAuditCommittee.
Wholerangeofcontrols
TheLeadershipTeamneedregularassurancethattheorganisationhasgoodgovernancearrangements.Theframeworkthatprovidesthiswillhaveanumberofsourcesincludinglinemanagement,externalinspectorsandagenciesandexternalauditors,butthemainobjectivesourceistheHIA.
TheHIAneedstogivetheorganisationarangeofassurances,includingreportsonspecificsystemsorworkareas,newordevelopingsystems(andtherisksinareasbeingconsidered),partnershipsandtheoverallannualopinion.
TheannualHIAopinionisthemostimportantoutputfromtheHIA.ThisisoneofthemainsourcesofobjectiveassurancethatChiefExecutiveshavefortheirannualgovernancereport.ThisopinionmustreflecttheworkdoneduringtheyearanditmustsummarisethemainfindingsandconclusionstogetherwithanyspecificconcernstheHIAhas.Auditplanningmustbecomprehensiveandconsiderthewholecontrolenvironment,sothattheopinionisbasedonapictureofthewholeorganisation.Theauditworkshouldaddresskeyriskareasanddrawattentiontosignificantconcernsandwhatneedstobedone.TheHIAmustexpressconcernswheretheyexist.
Evidencebasedassurance
TheHIA’sassurancemustbewellfoundedifitistogivepropercomforttothosewhoaskforit,andtoimprovegovernancearrangements.Thismeansthatinternalauditplanningmustbewell
TheHIAinapublicserviceorganisationplaysacriticalroleindeliveringtheorganisation’sstrategicobjectivesbygivinganobjectiveandevidencebasedopiniononallaspectsofgovernance,riskmanagementandinternalcontrol.
principle2
CIPFA | The role of the head of internal audit 11
focused.Individualauditsmustbecarriedoutinalogicalandsystematicway,basedonsufficient,relevantandreliableevidenceandwiththeworkbeingsubjecttopropersupervisionandreview.HIAsmustalsoensurethattheirreportsarebalanced,focusingonkeyrisksandissuesandmakingpracticalrecommendations.
TheHIAmaylooktopartnersandotheragenciesforassurance.HeretheHIAmustunderstandthebasisfortheassuranceanditsadequacy,andthereforewhethertheHIAneedstocarryoutanyadditionalreviewwork.
SometimestheHIAwillbeaskedtogiveassurancestopartnersorotherorganisationssuchasgovernmentdepartmentsontheorganisation’sownarrangements.TheHIAshouldcarefullyconsider,takingadviceasnecessary,thescopeandextenttowhichrelianceshouldbeplacedonitandanypotentialreputationalrisks.
InbothcircumstancesthescopeandpurposeofassurancesgivenandreceivedshouldbeagreedbytheAuditCommittee.AsummaryofassurancesgivenandrelieduponshouldalsobeincludedintheHIA’sannualreport.
OneoftheHIA’skeyrelationshipsmustbewiththeexternalauditor.Therolesofinternalandexternalauditaredifferentandtheymustbeindependentofeachother.Butbothareconcernedwiththeorganisation’scontrolenvironmentandbothuseanobjective,riskbasedapproachincomingtotheirconclusions.TheHIAmustliaisecloselywithexternalauditindrawingupstrategiesandplansandunderstandwhereandhowtheexternalauditorwillberelyingontheHIA.Thisshouldhelpensurethatauditresourcesareusedmosteffectively.
Developandimplementariskbasedauditstrategy
Riskmanagementiskeytotheeffectivedeliveryofpublicservices.Organisationsaretakingamorepositiveviewofriskandarebecomingmorematureinhowtheyidentify,measure,andmanagerisks.
TheHIAmustensurethattheinternalauditstrategyreflectsriskmanagementbestpractice.Thestartingpointistoreviewtheorganisation’sstrategicobjectivesandhowitplanstoachievethese.TheriskstoachievingthesemustbeconsideredandtheHIAneedstoreviewhowtherisksarecapturedinriskregistersandtheactionplansthatareinplace.TheHIAwilldrawontheorganisation’sriskregisterwhendrawinguptheinternalauditstrategyandplans.Theextenttowhichheorshedoesthiswilldependonhowmaturetheorganisationisatidentifyingkeyrisksandtakingappropriateactiontoaddress them.
Theauditstrategymustidentifytheprioritiesforinternalauditbasedonanassessmentofthekeyriskstotheorganisationandtheextentofalternativesourcesofassurance,aswellastheresourcesandskillsneededtodeliverit.Theresponsibilityforeffectivegovernancearrangements(includingriskmanagement)remainswithmanagers;theHIAcannotbeexpectedtopreventordetectallweaknessesorfailuresininternalcontrolnorcantheinternalauditstrategycoverallareasofriskacrossthe organisation.
CIPFA | The role of the head of internal audit12
Governancerequirements Principle2
� SetouttheresponsibilitiesoftheHIA,whichshouldnotincludethemanagementofoperational areas.
� Ensurethatinternalauditisindependentofexternalaudit.
� WheretheHIAdoeshaveoperationalresponsibilitiestheHIA’slinemanagerandtheAuditCommitteeshouldspecificallyapprovetheIAstrategyfortheseandassociatedplansandreportsandensuretheworkisindependentlymanaged.
� Establishclearlinesofresponsibilityforthosewithaninterestingovernance(egChiefExecutive,ChiefLegalOfficer,ChiefFinancialOfficer,AuditCommittee,non-executivedirectors/electedrepresentatives).Thiscoversresponsibilitiesfordrawingupandreviewingkeycorporatestrategies,statementsandpolicies.
� EstablishclearlinesofreportingtotheLeadershipTeamandtotheAuditCommitteewheretheHIAhassignificantconcerns.
� AgreethetermsofreferenceforinternalauditwiththeHIAandtheAuditCommitteeaswellaswiththeLeadershipTeam.
� SetoutthebasisonwhichtheHIAcangiveassurancestootherorganisationsandthebasisonwhichtheHIAcanplacerelianceonassurancesfromothers.
� Ensurethatcomprehensivegovernancearrangementsareinplace,withsupportingdocumentscoveringegriskmanagement,corporateplanning,antifraudandcorruptionandwhistleblowing.
� EnsurethattheannualinternalauditopinionandreportareissuedinthenameoftheHIA.
� IncludeawarenessofgovernanceinthecompetenciesrequiredbymembersoftheLeadership Team.
� Setouttheframeworkofassurancethatsupportstheannualgovernancereportandidentifyinternalaudit’srolewithinit.TheHIAshouldnotberesponsibleforpreparingthereport.
� EnsurethattheinternalauditstrategyisapprovedbytheAuditCommitteeandendorsedbytheLeadershipTeam.
CIPFA | The role of the head of internal audit 13
CoreHIAresponsibilities Principle2
� Givingassuranceonthecontrolenvironment.Thisincludesriskandinformationmanagementandinternal controlsacrossallsystems.
� Reviewingtheadequacyofkeycorporatearrangementsincludingegriskstrategy,riskregister,antifraud andcorruptionstrategy,corporateplan.
� Producinganevidencebasedannualinternalauditopinionontheorganisation’scontrolenvironment.
� Workingcloselywithotherstoensurethatsufficientandrelevantevidenceisused.Whererelyingon others,clarifyingthedegreeandbasisforthereliance.
� Reviewingsignificantpartnershiparrangementsandmajorservicesprovidedbythirdpartiesandthe controlsinplacetopromoteandprotecttheorganisation’sinterests.Assessingwhetherlinesof responsibilityandassuranceareclear.
� Liaisingcloselywiththeexternalauditortoshareknowledgeandtouseauditresourcesmosteffectively.
� Producinganinternalauditstrategythatfitswithandsupportstheorganisation’sobjectives.
� Reviewingtheorganisation’sriskmaturity(includingtheorganisation’sownassessment)andreflecting thisinthestrategy.
� Consultingstakeholders,includingseniormanagersandnon-executivedirectors/electedrepresentatives ontheinternalauditstrategy.
� SettingouthowtheHIAplanstorelyonothersforassuranceontheorganisation’scontrolsandrisksand takingaccountofanylimitationsinassurancegivenbyothers.
� Liaisingwithexternalinspectorsandreviewagencieswhereappropriatewhendrawinguptheinternal audit strategy.
� Liaisingwiththeexternalauditorontheinternalauditstrategy,butnotbeingdrivenbyexternalaudit’s ownpriorities.
CIPFA | The role of the head of internal audit14
Personalskillsandprofessionalstandards Principle2
� Giveclear,professionalandobjectiveadvice.
� Reportonwhatisfound,withoutfearorfavour.
� Demonstrateintegritytostaffandothersintheorganisation.
� Exercisesoundjudgementinidentifyingweaknessesintheorganisation’scontrolenvironmentandabalancedviewonhowsignificanttheseare.
� Workwellwithotherswithspecificresponsibilitiesforinternalcontrol,riskmanagementandgovernanceincluding(asappropriatetothesector)ChiefExecutive,ChiefLegalOfficer,ChiefFinancialOfficer,AuditCommittee,non-executivedirectors/electedrepresentatives.
� Beconcernedforaction-influencingtheLeadershipTeam,AuditCommitteeandotherstoensurethattheHIA’srecommendationsareimplemented.
� Bearolemodel,dynamic,determined,positive,robustandwithresilientleadership,abletoinspireconfidenceandrespectandexemplifyhighstandardsofconduct.
CIPFA | The role of the head of internal audit 15
TheHIAinapublicserviceorganisationmustbeaseniormanagerwithregularandopenengagementacrosstheorganisation,particularlywiththeLeadershipTeamandwiththeAuditCommittee.
Seniormanager
HIAsfaceincreasingchallengesandhigherexpectationsfromstakeholders,especiallyinhelpingorganisationslookforward.TheHIAmustbeattheheartoftheorganisation,challengingandsupportingtheLeadershipTeamwithauthorityandcredibility.Heorsheshouldalsobeseenasaleader,promotingimprovementandgoodgovernance.Todothiseffectively,makinganimpactandaddingvalue,theHIApositionmustbeaseniormanager.
ThereisarangeofguidanceconcerninglinemanagementresponsibilityfortheHIA2.WhatisparamountisthatthereportinglinemustleavetheHIAfreefrominterferenceinsettingthescopeofinternalaudit’swork,incomingtoconclusionsandinreportingtheresults.Theymustalsohaveunfetteredaccessacrosstheorganisation,especiallytotheChiefExecutive,BoardandAuditCommitteeChair.InpracticethisismostlikelytobeachievedbytheHIAreportingtotheChiefExecutiveortotheChiefFinancial Officer.
TheHIArolemustbefilledbyanominatedindividualsothatallareclearaboutlinesofresponsibility.Wheretheserviceisprovidedin-housethisshouldbestraightforward.WheretheserviceiscontractedoutorsharedwithothersthentheorganisationmustdecidewhethertheHIAshouldcomefromwithintheorganisationorfromthesupplieroftheauditservice.InthelattercasetherelationshipbetweentheHIAandtheorganisation,includingtheAuditCommittee,mustbeclearlysetoutaspartoftheorganisation’sgovernanceframework.InpracticeitislikelythattheHIAshouldbethepersonwhoisresponsiblefordrawinguptheinternalauditstrategyandplanandforissuingtheHIAannualinternalauditopinion.
EngagementwiththeLeadershipTeam
TheLeadershipTeaminpublicserviceorganisationstakesmanyforms,withdifferentmixesofexecutiveandnon–executivemembers,aswellaselectedrepresentatives.CollectivelytheLeadershipTeamisresponsibleforsettingthestrategicdirectionfortheorganisation,itsimplementationandthedeliveryofpublicservices.TheHIAmustalsohavearightofaccesstoindividualmembersoftheLeadershipTeam.WhilstitisnotappropriatefortheHIAtobeamemberoftheLeadershipTeamitisvitalthattheHIAattendskeymeetingswheretheyconsideritnecessary.TheHIAshouldbewellplacedtosupporttheLeadershipTeaminunderstandingthegovernance,riskmanagementandcontrolarrangements.Examplesofthismightincludepresentingtheinternalauditstrategyortheannualinternalauditopinionortakingpartindiscussionsabouttheannualgovernancereportorplannedmajorpolicies,projectsorsystem changes.
EngagementwiththeAuditCommittee
TheHIA’srelationshipwiththeAuditCommitteeandespeciallytheChairiscrucial.Theyshouldbemutuallysupportiveintheiraimtobeobjectiveandtoprovidechallengeandsupportacrosstheorganisationandimprovegovernance,riskmanagementandinternalcontrol.TheHIAmustworkcloselywiththeAuditCommitteeChairsothattheyareclearabouttheirrespectiverolesandmakebestuseoftheavailableresources.ForsomeareasofthepublicservicesitmaybeappropriatefortheAuditCommitteeChairtohavearoleintheappointmentoftheHIA.
principle3
2Forexample,incentralgovernmentandtheNHS,internalauditstandardsstatethattheHIAshouldreporttotheChiefExecutive.InlocalgovernmentCIPFA’sCodeofPracticeforinternalauditstatesthattheHIAshouldreporttoamemberoftheManagementTeam.
CIPFA | The role of the head of internal audit16
Governancerequirements Principle3
� DesignateanamedindividualasHIAinlinewiththeprinciplesinthisStatement.Theindividualcouldbesomeonefromanotherorganisationwhereinternalauditiscontractedoutorshared.WherethisisthecasethentherolesoftheHIAandtheclientmanagermustbeclearlysetoutinthecontractor agreement.
� EnsurethatwheretheHIAisanemployeethattheyaresufficientlyseniorandindependentwithintheorganisation’sstructuretoallowthemtocarryouttheirroleeffectivelyandbeabletoprovidecrediblyconstructivechallengetotheManagementTeam.
� EnsurethatwheretheHIAisanemployeetheHIAislinemanagedbyamemberoftheManagementTeam.WheretheHIAisnotanemployeethenthereportinglinemustbeclearlysetoutinthecontractoragreementwiththeinternalauditsupplier.
� EstablishanAuditCommitteeinlinewithguidanceandgoodpractice.
� SetouttheHIA’srelationshipwiththeAuditCommitteeanditsChair,includingtheCommittee’srole(ifany)inappointingtheHIA.
� Ensurethattheorganisation’sgovernancearrangementsallowtheHIA:
– tobringinfluencetobearonmaterialdecisionsreflectinggovernance;
– directaccesstotheChiefExecutive,otherLeadershipTeammembers,theAuditCommitteeand externalaudit;and
– toattendmeetingsoftheLeadershipTeamandManagementTeamwheretheHIAconsidersthisto beappropriate.
� Setoutunfetteredrightsofaccessforinternalaudittoallpapersandallpeopleintheorganisation,aswellasappropriateaccessin(significant)partnerorganisations.
� SetouttheHIA’sresponsibilitiesrelatingtopartnersincludingjointventuresandoutsourcedandsharedservices.
CoreHIAresponsibilities Principle3
� Escalatinganyconcernsthroughthelinemanager,ChiefExecutive,AuditCommitteeandLeadership Team,legalofficers,externalauditorasappropriate.
� SupportingtheAuditCommitteeinreviewingitsowneffectivenessandadvisingtheChairandline managerofanysuggestedimprovements.
� Consultingstakeholders,includingseniormanagersandnon-executivedirectors/elected representativesontheinternalauditstrategy.
CIPFA | The role of the head of internal audit 17
Personalskillsandprofessionalstandards Principle3
� Networkeffectivelytoraisetheprofileandstatusofinternalaudit.
� Adoptaflexiblestyle,beingabletocollaborateandadvisebutalsoabletochallengeasappropriate.
� Buildproductiverelationshipsbothinternallyandexternally.
� WorkeffectivelywiththeLeadershipTeamandAuditCommitteewithpoliticalawarenessand sensitivity.
� Beseentobeobjectiveandindependentbutalsopragmaticwhereappropriate.
CIPFA | The role of the head of internal audit18
Meetingtheneedsofthebusiness
Effectivegovernanceiscriticalinpublicserviceorganisationsandinternalauditneedstoplayitspart.TheHIAmusthaveaclearbutwiderangingbrief.Thisincludesreviewingthekeyunderlyingsystemsandcontrols,reviewingarrangementsforpreventingfraudandcorruptionandalsothearrangementsforachievingvalueformoney.
TheHIAmusthaveafirmgraspandunderstandingoftheorganisation’sbusinessaswellasitscontrolenvironment.ThiswillallowHIAstogiveanopiniontotheLeadershipTeamonhowwellthesearrangementsareworking.TheHIAmustensurethatthereissufficientdepthofinternalauditexpertiseandexperiencetodothiswell,sothathe/sheisabletoengageeffectivelywithmanagersandothersandchallengewhere appropriate.
Theinternalauditresourcesavailablemustbeproportionatetothesize,complexityandriskprofileoftheorganisationandmustbeenoughfortheHIAtogiveareliableopinionontheorganisation’scontrolenvironment.Responsibilityforensuringthataneffectiveandappropriatelyresourcedinternalauditserviceisinplacerestswiththeorganisation.Theorganisationneedsindependentassuranceoverthequalityofinternalaudit’sworkandshouldensurethataregularexternalassessmentiscarriedout.
TheHIAmustensurethattheAuditCommitteehasaclearunderstandingoftherequirementforinternalaudittoreviewthewholesystemofinternalcontrol.TheHIAmustsetouttheauditcoverageandauditresourcesneededtogiveasound,evidencebasedannualauditopinion.TheHIAmustadvisetheAuditCommitteeandtheLeadershipTeamwheretheavailableresourcesareinadequateandtheconsequencesforthelevelofassurancethattheHIAisabletogive.
Appropriatelydevelopedinternalaudit skills
AgreatdealofrelianceisplacedontheworkofinternalauditandtheHIAmustensurethatallthework,includingplanningandindividualassignments,isconsistentlyofahighqualityandinlinewithprofessionalstandards.TheHIAmustalsoensurethatallstaffdemonstratethehighestethicalstandards.TheHIAthereforehasaresponsibilitytoensurethatinternalauditstaffhaveappropriatequalifications,knowledge,skillsandcompetenciesandarecontinuouslydeveloped.TheHIAmustassessthestaffingneededtomakesoundjudgementsonthewholerangeoftheorganisation’sgovernance arrangements.
TheHIAneedswelldeveloped,motivatedstafftomakeanimpactatseniorlevelsintheorganisation.Theremayalsobeaneedtobuyinspecialistskillswhicharenotfrequentlyused.ThechallengefortheHIAistohavetherightmixandfortheservicetooperateasateam,withstaffbeingeffectiveambassadorsforinternalaudit.TheHIAhasaparticularresponsibilitytopromoteinternalauditasagoodcareerdevelopment opportunity.
TheHIAmustprovideclearguidanceforinternalauditstaffwithappropriatequalityassuranceforinternalauditasawholeandforeachauditassignment.TheHIAhasadutytoseethattheirstaffcomplywiththerelevantinternalauditstandardsandmusthavesystemstoverifythis.MorewidelytheHIAshouldworkwithcolleagueHIAsandotherstoensurethattheyandtheteamareuptodateoncurrentissuesaffectingtheirorganisationandoninternalaudittechniquesand developments.
TheHIAinapublicserviceorganisationmustleadanddirectaninternalauditservicethatisresourcedtobefitforpurpose.
principle4
CIPFA | The role of the head of internal audit 19
Governancerequirements Principle4
� ProvidetheHIAwiththeresources,expertiseandsystemsnecessarytoperformtheirrole effectively.
� EnsurethattheAuditCommitteesetsoutaperformanceframeworkfortheHIAandtheirteamandassessesperformanceandtakesactionasappropriate.
� Ensurethatthereisaregularexternalreviewofinternalauditquality.
� EnsurethatwheretheHIAisfromanotherorganisationthattheydonotalsoprovidetheexternalaudit service.
CoreHIAresponsibilities Principle4
� Leadinganddirectingtheinternalauditservicesothatitmakesafullcontributiontoandmeetsthe needsoftheorganisationandexternalstakeholders.
� Determiningtheresources,expertise,qualificationsandsystemsfortheinternalauditservice thatarerequiredtomeetinternalaudit’sobjectives;usingafullrangeofresourcingoptionsincluding consultancy,workingwithothersandbuyinginwhereappropriate.
� InformingtheLeadershipTeamandAuditCommitteeifthereareinsufficientresourcestocarryouta satisfactorylevelofinternalaudit,andtheconsequenceforthelevelofassurancethatmaybegiven.
� Implementingrobustprocessesforrecruitmentofinternalauditstaffand/ortheprocurementof internalauditservicesfromexternalsuppliers.
� Ensuringthattheprofessionalandpersonaltrainingneedsforstaffareassessedandseeingthat theseneedsaremet.
� Developingsuccessionplansandhelpingstaffwiththeircareerprogression.
� Establishingaqualityassuranceandimprovementprogrammethatincludes:
– Ensuringthatprofessionalinternalauditstandardsarecompliedwith.
– Reviewingtheperformanceofinternalauditandensuringthattheserviceprovidedisinlinewiththe expectationsandneedsofitsstakeholders.
– Providinganefficientandeffectiveinternalauditservice–demonstratingthisbyagreeingkey performanceindicatorsandtargetswiththelinemanagerandAuditCommittee;annuallyreporting achievementsagainsttargets.
– Puttinginplaceadequateongoingmonitoringandperiodicreviewofinternalauditworkand supervisionandreviewoffiles,toensurethatauditplans,workandreportsareevidencebasedandof goodquality.
– Ensuringthatanyinternalauditorsdeclareanyintereststhattheyhave.
– Seekingcontinuousimprovementintheinternalauditservice.
� Keepinguptodatewithdevelopmentsingovernance,riskmanagement,controlandinternal auditing,includingnetworkingwithotherHIAsandlearningfromthem,implementingimprovements whereappropriate.
� Demonstratinghowinternalauditaddsvaluetotheorganisation.
CIPFA | The role of the head of internal audit20
Personalskillsandprofessionalstandards Principle4
� Demonstrateleadershipandbeanambassadorforinternalaudit.
� Create,communicateandimplementavisionfortheinternalauditservice.
� Createacustomerfocusedinternalauditservice.
� Establishanopenculture,builtoneffectivecoachingandaconstructiveapproach.
� Promoteeffectivecommunicationwithininternalaudit,acrossthebroaderorganisationandwithexternalstakeholders.
� Setandmonitormeaningfulperformanceobjectivesforstaff.
� Manageandcoachstaffeffectively.
� Complywithprofessionalstandardsandethics.
� Requirethehigheststandardsofethicsandstandardswithininternalauditbasedontheprinciplesofintegrity,objectivity,competenceandconfidentiality.Inparticular,ensuringthatinternalauditorsidentifyandreportanyconflictsofinterestandactappropriately.
� Ensure,whennecessary,thatoutsideexpertiseiscalleduponforspecialistadvicenotavailablewithintheinternalauditservice.
� Promotediscussiononcurrentgovernanceandprofessionalissuesandtheirimplications.
CIPFA | The role of the head of internal audit 21
TheHIAinapublicserviceorganisationmustbeprofessionallyqualifiedandsuitablyexperienced
Demonstratingprofessionalandinterpersonalskills
TheHIAmustbeabletodemonstratehis/herownprofessionalcredibilitytoexerciseinfluencethroughouttheorganisation.TheHIAmustbeprofessionallyqualified.IntheUK,forexample,thismeansholdingafullConsultativeCommitteeofAccountancyBodies(CCAB)qualificationorbeingacharteredmemberoftheCharteredInstituteofInternalAuditors(CMIIA).Asamemberofaprofessionalbody,theHIA’sskills,knowledgeandexpertisewillhavebeentestedbyexaminationandmustbecontinuouslydevelopedinastructuredandmonitoredcontext.TheHIAmustadheretotheprofessionalvaluesofaccuracy,honesty,integrity,objectivity,impartiality,transparency,confidentiality,competenceandreliabilityandpromotethesethroughouttheinternalauditservice.
TheHIAmustcommunicatecomplexinformationinaclearandcredibleway.He/shemustbeabletooperateeffectivelyindifferentmodesincludingdirecting,influencing,evaluatingandinforming.TheHIAmustbeabletogiveobjectiveopinionsandadviceevenifthismaybeunwelcome,andbesufficientlyforcefultointervenewithauthorityifgovernanceorethicalprinciplesneedtobeassertedordefended.TheHIAmustworkinpartnershipwithawiderangeofpeopleandorganisationsandwinningtheirconfidenceiskey.He/shemustbeabletochallengethestatusquoandbeacatalystforchange,achievingresultsthroughinfluence,withoutdirectauthority.
TheHIAmustbesensitivetothecomplexitiesandpressuresfacingorganisations.He/shemustbuildeffectiveworkingrelationshipswiththeAuditCommitteewithoutdamagingrelationshipswiththeLeadershipTeam.Thisrequirestactanddiplomacy.
Applyingbusinessandprofessional experience
TheHIAmusthaveanunderstandingandcommitmenttotheorganisation’swiderbusinessanditsdeliveryobjectives,toinspirerespect,confidenceandtrustamongstcolleagues,withtheLeadershipTeam,theAuditCommitteeandother stakeholders.
TheHIAmusthaveagoodunderstandingofbusinessprocessesandgovernanceincludingstrategicplanningandperformance,andfinancialandriskmanagement.He/shemustalsobeawareofcurrentissuesfacingorganisationsandinternalauditors.TheHIAshouldbeseenasacatalystinimprovinggovernanceandinternalcontrolandalsosupportingtheorganisationinitswiderbusinessobjectives.TodothistheHIAneedstolookforwardaswellasattheorganisationasitcurrentlyoperates.TheHIAmustdemonstrateleadershipbypersonallysettingatonefortheorganisationthatgoodgovernance,riskmanagementandinternalcontrolmattertoeveryoneintheorganisation.
principle5
CIPFA | The role of the head of internal audit22
Governancerequirements Principle5
� AppointaprofessionallyqualifiedHIAwhosecoreresponsibilitiesincludethosesetoutundertheotherprinciplesinthisStatementandensurethattheseareproperlyunderstoodthroughouttheorganisation.
� EnsurethattheHIAhastheskills,knowledge,experienceandresourcestoperformeffectivelyinhisorherrole.
Personalskillsandprofessionalstandards Principle5
� Beafullmemberofanappropriateprofessionalbodyandhaveanactiveprogrammeforpersonalprofessionaldevelopment.
� Adheretoprofessionalinternalauditing(andwhereappropriateaccountingandauditing)standards.
� Demonstratearangeofskillsincludingcommunicating,managingandinfluencing,aswellasanunderstandingofITandconsultancy.
� Havepriorexperienceofworkingininternalaudit.
� Understandandhaveexperienceofstrategicobjectivesettingandmanagement.
� Understandtheinternalauditandregulatoryenvironmentapplicabletopublicservice organisations.
� Demonstrateacomprehensiveunderstandingofgovernance,riskmanagementandinternal control.
� Undertakeappropriatedevelopmentorobtainrelevantexperienceasappropriateinordertodemonstrateanunderstandingofthefullrangeoftheorganisation’sactivitiesandprocesses.
CIPFA | The role of the head of internal audit 23
MembershipoftheCIPFASteeringGroupontheRoleoftheHeadofInternalAuditinpublicserviceorganisations
Mike More (Chair) WestminsterCityCouncil
Anthony Barrett WalesAuditOffice
Chris Bowring NHSFife
Jackie Cain InstituteofInternalAuditors
Ian Carruthers CIPFA
Mike Clarkson Deloitte
Tim Crowley MerseyInternalAuditAgency
Colin Langford CIPFA
Paul Manning DepartmentforInternationalDevelopment
Justin Martin PricewaterhouseCoopersLLP
Stephanie Mason BakerTilly
Jon Pittam HampshireCountyCouncil
Tim Pouncey LeedsCityCouncil
Duncan Savage EastSussexCountyCouncil
Philip Winter TenantServicesAuthority
Chris Wobschall HMTreasury
Clive Darracott (Secretary) CIPFA
Diana Melville (Technical support) CIPFA
CIPFAisgratefultoallthemembersoftheSteeringGroupfortheirinvaluablecontributionsandalsotoCIPFA’sAuditPanelfortheirinputandendorsement.TheStatementwaswidelycirculatedforcommentduringitsdraftingandCIPFAisalsogratefultothemanyindividualsandorganisationswhoresponded,givingusadditionalinsightsintohowtheHIAoperatesinpracticeacrossthepublicservices.
appendix
CIPFA | The role of the head of internal audit24
CIPFA | The role of the head of internal audit 25
Registeredoffice:3RobertStreet,LondonWC2N6RL
T:02075435600F:02075435700www.cipfa.org.uk
TheCharteredInstituteofPublicFinanceandAccountancy.RegisteredwiththeCharityCommissionersofEnglandandWalesNo231060
RegisteredwiththeOfficeoftheScottishCharityRegulatorNoSCO37963