Transcript Document

Public Sector Internal Audit Standards for
External Assessments
Sarah Blackburn
EQA Reviewer
Chartered Institute of Internal Auditors
PSIAS
PSIAS
•
•
•
•
Adopted by Relevant Internal Audit Standard Setters (RIASS)
Effective 1st April 2013
Mandatory elements of IIA IPPF
Other sector specific guidance from RIASS
• mandatory
• “Strongly recommended” guidance from IIA
• Applies to all public sector IA
• In-house, out-sourced, shared services
Purpose of PSIAS
• To define the nature of internal auditing in the UK public sector
• To set basic principles for carrying out IA in the UK public sector
• To establish a framework for providing internal auditing services
providing both assurance and consultancy
• To establish the bases for the evaluation of internal audit
performance and to drive improvement planning
Standard 1300:
Quality Assurance and
Improvement Programme
•The chief audit executive
must develop and maintain a
quality assurance and
improvement programme that
covers all aspects of the
internal audit activity.
•A quality assurance and improvement
programme is designed to enable an
evaluation of the internal audit
activity’s conformance with the
Definition of Internal Auditing and the
Standards and an evaluation of
whether internal auditors apply the
Code of Ethics. It also assesses the
efficiency and effectiveness of the
internal audit activity and identifies
opportunities for improvement.
1310 Requirements of the
Quality Assurance
and Improvement Programme
• The quality assurance and improvement programme must
include both internal and external assessments.
1311 Internal Assessments
Internal assessments must
include:
• On-going monitoring of
the performance of the
internal audit activity;
and
• Periodic selfassessments or
assessments by other
persons within the
organisation with
sufficient knowledge of
internal audit practices.
On-going monitoring is an integral part of
the day-to-day supervision, review and
measurement of the internal audit activity.
It is incorporated into the routine policies
and practices used to manage the internal
audit activity and uses processes, tools
and information considered necessary to
evaluate conformance with the Definition
of Internal Auditing, the Code of Ethics and
the Standards.
Periodic assessments are conducted to
evaluate conformance
with the Definition of Internal Auditing, the
Code of Ethics and the Standards.
Sufficient knowledge of internal audit
practices requires at least an
understanding of all elements of the IPPF.
.
1312 External Assessments
External assessments must be conducted at least once every five
years by a qualified, independent assessor or assessment team from
outside the organisation.
The chief audit executive must discuss with the board:
• The form and frequency of external assessments; and
• The qualifications and independence of the external assessor
or assessment team, including any potential conflict of interest.
1312 External Assessments
External assessments can be in the form of a full external assessment, or a
self-assessment with independent external validation.
A qualified assessor or assessment team demonstrates competence in two
areas: the professional practice of internal auditing and the external assessment
process. Competence can be demonstrated through a mixture of experience
and theoretical learning. Experience gained in organisations of similar size,
complexity, sector or industry and technical issues is more valuable than less
relevant experience. In the case of an assessment team, not all members of the
team need to have all the competencies; it is the team as a whole that is
qualified.
The chief audit executive uses professional judgment when assessing whether
an assessor or assessment team demonstrates sufficient competence to be
qualified. An independent assessor or assessment team means not having
either a real or an apparent conflict of interest and not being a part of, or under
the control of, the organisation to which the internal audit activity belongs.
1312:
Public sector requirement
The chief audit executive must agree the scope of external
assessments with an appropriate sponsor, e.g. the
Accounting/Accountable Officer or chair of the audit committee as
well as with the external assessor or assessment team.
1320 Reporting on the Quality
Assurance and Improvement
Programme
•The chief audit executive
must communicate the
results of the quality
assurance and
improvement programme
to senior management
and the board.
The form, content and frequency of
communicating the results of the quality
assurance and improvement programme is
established through discussions with senior
management and the board and considers the
responsibilities of the internal audit activity and
chief audit executive as contained in the internal
audit charter. To demonstrate conformance with
the Definition of Internal Auditing, the Code of
Ethics and the Standards, the results of external
and periodic internal assessments are
communicated upon completion of such
assessments and the results of on-going
monitoring are communicated at least annually.
The results include the assessor’s or
assessment team’s evaluation with respect to
the degree of conformance.
1320:
Public sector requirement
The results of the quality and assurance programme and progress
against any improvement plans must be reported in the annual
report.
1321 Use of Conforms with the
International Standards for the
Professional Practice of Internal Auditing
The chief audit executive
may state that the internal
audit activity conforms with
the International Standards
for the Professional
Practice of Internal Auditing
only if the results of the
quality assurance and
improvement programme
support this statement.
The internal audit activity conforms
with the International Standards
when it achieves the outcomes
described in the Definition of Internal
Auditing, Code of Ethics and
International Standards.
The results of the quality assurance
and improvement programme
include the results of both internal
and external assessments.
All internal audit activities will have
the results of internal assessments.
Internal audit activities in existence
for at least five years will also have
the results of external assessments.
1322 Disclosure of Non-conformance
When non-conformance with the Definition of Internal
Auditing, the Code of Ethics, or the Standards impacts the
overall scope or operation of the internal audit activity, the
chief audit executive must disclose the non-conformance
and the impact to senior management and the board.
1322:
Public sector requirement
Instances of non-conformance must be reported to the board.
More significant deviations must be considered for inclusion in the
governance statement.
Benefits of Standard 1300
• Deliver greater value to your
stakeholders & customers.
• Establish a culture of continuous
improvement.
– Improve efficiency and
effectiveness
– Develop your people and
create opportunities for
them.
– Motivate and achieve job
satisfaction.
• Create new opportunities.
Challenges and issues with
Standard 1300
•Resources
• Internal assessments
• External assessments
•Small Audit Teams
•Shared Services
•Co-sourced Services
•Out-sourced Services
External Assessments
Full external assessment
Providers
Firms
Individuals
Chartered IIA
Peer Group
Preparation
Sponsorship
Documents
Interviews
Workspace
Self-assessment with
independent external
validation
Providers
as left
Preparation
as left
Evidenced check list
What does the Ch IIA offer?
• An effective and affordable alternative
– At a fair price.
– With added selling.
• Offer a range of tailored options
– Validated self-assessment
– Facilitated self-assessment
– Full EQA
• Reviewers with many years
experience across a range of sectors
• Technical expertise and consistency
across reviews
We tailor our approach to
fit your needs
Shameless advert
What’s in it for me? WIFM
A report that:
• Understands how difficult it is
to do your job.
• Raises the profile of internal
audit in your organisation and
promotes what you do.
• Provides an opinion on how
you conform to the standards.
• Offers ideas and suggestions
to enhance performance – its
not an audit of auditors.
• Highlights good practice from
other reviews and case studies.
What’s involved
• Discussions with
stakeholders
• Review of:
• IA Charter
• independence and
objectivity
• Risk based planning
• Resources
• Quality
• Approach and
methodology
• Reporting
• Follow-up
• Draft report
• Final report
What can I expect?
• Understanding of your
organisation and role IA plays.
• Challenge.
• Practical ideas and suggestions.
• Closeout meeting, no surprises.
• Discussion and development of
the draft report.
• A draft and final report in style
that suits you.
• Final report within your
timescale
9.30 – 10.05
Break Out Sessions
A. The Key Challenges and Opportunities in the Internal
Assessment process
B. Pros & Cons of full external assessment versus self-assessment
with external validation
C. What would we need to do to set up a peer review process for
self-assessment with external validation
D. How do we get the AO and Audit Committee chair fully on board?
Who should be interviewed in the public sector context?
E. “Conforms with PSIAS – International Standards etc.”: what are
the most likely forms of non-compliance? What might constitute a
significant deviation to be reported in the governance statement?
Feedback from Breakout Groups
To Note:
Committee on Internal Audit Guidance for Financial Services, 2013
• “Audit Committee must assess the effectiveness of Internal Audit”
• How does Conformance with the Standards relate to the
effectiveness of Internal Audit?
11.15 – 11.35 Breakouts Re-visited
A.
B.
C.
D.
E.
The Key Challenges and Opportunities in the Internal Assessment
process
Pros & Cons of full external assessment versus self-assessment with
external validation
What would we need to do to set up a peer review process for selfassessment with external validation?
How do we get the AO and Audit Committee chair fully on board? Who
should be interviewed in the public sector context?
“Conforms with PSIAS – International Standards etc.”: what are the
most likely forms of non-compliance? What might constitute a significant
deviation to be reported in the governance statement?
In the light of each other’s feedback and Robert’s experience:
• What would you add?
• What would you do differently?
Actions to Take Away
Big picture
First steps
Webinar:
EQA – what to expect and how to prepare
Speaker, Chris Baker, Chartered IIA's technical manager
13 June 2013
From 12:30 - 13:15 PM
Topics:
•EQA options
•The unique characteristics & key benefits of an EQA from the IIA
•How our EQA process works
•What clients get from the process
•How to prepare to make the EQA run smoothly
No special technology is required, just a computer, an internet connection and
speakers or headphones.