FREE ELECTRONIC LIBRARY - Dissertations, online materials

Pages:   || 2 |

«Ref. 2014-3 Quality assurance for Internal Audit The IIA Standards stress the importance of quality assurance and improving Internal Audit, but which ...»

-- [ Page 1 ] --

Public Internal Control Systems

in the European Union

Quality Assurance

for Internal Audit

Discussion Paper No. 3

Public Internal Control

An EU approach

Ref. 2014-3

Quality assurance for Internal Audit

The IIA Standards stress the importance of quality assurance and improving Internal

Audit, but which of the various approaches is actually taken depends on the level of

maturity of the Internal Audit function. This paper is intended to provoke a discussion

and encourage EU Member States to share their views and experiences when it comes to assuring the quality of Internal Audit.

Table of contents




3.1. Aims of the Quality Assurance and Improvement Programme

3.2. Content of the Quality Assurance and Improvement Programme

3.3. Communication of the Quality Assurance and Improvement Programme results



Quality assurance for Internal Audit

1. INTRODUCTION This paper is intended to provoke a discussion and encourage EU Member States to share their views and experiences when it comes to assuring the quality of the Internal Audit (IA) function in the public sector. The paper takes Institute of Internal Auditors (IIA) Standards as a starting point, but this is without prejudice to other assurance providing structures in the EU.

The public sector IA function is established in most Member States and plays an important role in the process of improving governance, control and risk management in the public sector by providing assurance, recommendations and advice on the functioning of management and control systems. In some Member States, it has reached a high level of maturity, enjoys the trust of management and is effective in adding value. In others, it is less developed and/or still moulded by cultural and administrative traditions involving a more centralised approach, with ex ante centralised control and/or ex post financial inspections focusing on legal compliance.

However, implementing the IIA’s Quality Assurance and Improvement Programme (QAIP) should be a natural objective for seeking to maintain ‘fit-for-purpose’ IA activity.

The IA function can be said to be of good quality when it provides objective and relevant assurance and adds value by contributing to the efficiency and effectiveness of governance, risk management and control.

Compliance with the standards applying to the IA profession is very important. In most Member States, public sector IA bases itself on the Standards for the Professional Practice of Internal Auditing1 (part of the IIA’s International Professional Practices Framework – IPPF). In some, these internationally recognised standards are directly applicable in national legislation, while others have incorporated them into their national standards. Consequently, the basic IA standards referred to in this paper are these IPPF Standards.

The Standards stress the importance of quality assurance and improving IA, but which of the various approaches is actually taken depends on the level of maturity of the IA function. Some countries have a Central Harmonisation Unit (CHU) that provides methodological support for the development and implementation of the QAIP.


The IPPF contains specific Attribute Standards (1300 series) that focus on the quality and improvement of IA. This makes complete sense, since only operations that comply with the IIA Definition, Standards and Code of Ethics can fully serve the purpose of the IA function and any deviation from the framework could hamper achievement of its aims and its usefulness.

Hereinafter referred to as ‘the IIA Standards’, ‘the IPPF Standards’ or simply ‘the Standards’.

Only if the Standards are followed in their entirety can internal auditors claim in their audit report that their work has been ‘conducted in conformance with the Standards’ (see Standard 2430).

In order to ensure and maintain the quality of IA through implementation of the QAIP, the Chief Audit Executive (CAE) is responsible for making sure that internal and external quality assessments are carried out to confirm inter alia the efficiency and effectiveness of IA.


The 1300 series of the Standards requires the CAE to develop and maintain a QAIP that covers all aspects of IA activity. The QAIP is the key tool for maintaining quality and developing and implementing it is part of the IA maturity process.

3.1. Aims of the Quality Assurance and Improvement Programme

The main aims of the QAIP are:

• to evaluate conformity with the Definition of Internal Audit, the Standards and the Code of Ethics;

• to assess the efficiency and effectiveness of IA; and

• to identify opportunities for improvement.

3.2. Content of the Quality Assurance and Improvement Programme The QAIP must include both internal and external assessments. The approach to developing the programme may be outlined in guidance documents (e.g. the UK’s Internal Audit Quality Assessment Framework), ordinances (e.g. ordinance of Bulgaria’s Finance Minister) or manuals (as in most countries). The programme methodology should be based on the IIA Standards and corresponding Practice Advisories.

In general, internal and external IA assessments tend to focus on the following:

• the purpose and positioning of the IA unit (appropriate status, independence in carrying out its activities);

• the unit’s structure and resources for delivering the service expected of it;

• the efficiency and effectiveness of the output-oriented auditing process; and

• positive demonstrable impact on governance, risk management and control.

Each area may be divided into sub-sections, accompanied by a list of good practices.

Internal assessment Internal assessment is a key and cost-effective way of helping to ensure the quality of IA

and must include:

• ongoing monitoring of IA activity; and

• periodic self-assessments or assessments by other persons within the organisation with sufficient knowledge of IA practices.

Public sector IA units should develop (by themselves or with the assistance of the CHU) internal rules and/or manuals for internal quality assessment procedures. Since ongoing monitoring is an integral part of day-to-day work under routine policies and practices, the procedures should be clear, applicable and not over-complex.

As the Standards do not describe or interpret periodic assessment, CAEs should develop appropriate forms and procedures for their particular units. (The IIA’s Quality assurance and improvement programme Practice Guide is very useful in this respect).

Internal assessments may also be used as preparation for external assessments, especially where they involve self-assessment with independent external validation.

Surveys have shown that ongoing supervision and feedback from audit clients are two other valuable components of internal assessments and it might be useful to further elaborate on assessment criteria on that basis.

External assessment External assessment is an appropriate way of assuring IA quality, comparing with good practice and ensuring reliability. It also represents an opportunity to promote the IA function within an organisation. As regards methodology, external assessment follows an established approach which is set out in an IIA manual. It involves full external assessment by an independent competent assessor or assessment team.

A recently-introduced2 form of external assessment (actually combining internal and external assessment) is self-assessment with independent external validation. This offers value for money and the self-assessment is a useful exercise in itself, but it may be demanding for the CAE and, more importantly, it may be somewhat subjective.

External assessment must be conducted at least every five years. It is very important that the external assessors are qualified and independent of the organisation. There are qualitative and quantitative benchmarks to facilitate the assessment.

External assessment, including external validation of internal self-assessment, can also be carried out by teams of public sector experts who are qualified internal auditors and provide assessments/validation at the CAE’s request in line with the applicable rules.

This is a good cost-effective means of providing assurance that the Standards are applied appropriately and that the IA function adds value. To ensure independence, the assessment team should not include a representative of the unit being assessed and ‘cross-assignments’ should be avoided.

As from 1 January 2013 Assessment criteria

Attention should be paid to the measurement criteria used in internal and external assessments. As no single criterion can give the whole picture as regards the efficiency and effectiveness of the IA function, a combination of quantitative and qualitative measurements is necessary to provide a more complete picture.

Quantitative indicators are the easiest to develop – examples include:

• number of audits performed;

• number of findings;

• number of recommendations issued;

• number of recommendations implemented;

• time spent carrying out the audit.

Qualitative indicators are harder to identify and/or develop – examples include:

• quality of the findings in terms of materiality;

• quality of recommendations in terms of impact;

• degree of risks covered by the audit plan;

• amendments to the management and control set-up resulting from an audit engagement;

• opinion of internal and external stakeholders.

3.3. Communication of the Quality Assurance and Improvement Programme results The IIA Standards require the CAE to communicate the results of the QAIP to senior management and the Board (which in the public sector could include the Minister).

Communication is an important pre-condition for future improvement (one of the main

objectives of the programme). The CAE should ensure that:

• the results of periodic internal assessments are summarised and discussed, and an action plan for improvement developed and implemented; the results are reported to and reviewed with senior management and the audit committee;

• benchmarks from external assessments are reported to management and the audit committee to facilitate continuous improvement;

• client feedback forms are received from the auditee and documented so that they can be fed into continuous improvement of IA processes;

• the results of ongoing monitoring are communicated at least annually.

The development of IA quality assurance and improvement programme is important for:

• management and other IA clients; because quality assurance focuses on the outcomes that help organisations achieve their aims;

• IA units, because it enables them to fulfil their purpose;

• CHUs (or similar central contact points); because the tools may help the CHU to develop and deliver a common methodology.

–  –  –

The role of the CHU in ensuring IA quality is to encourage and support the IA function in applying the internal assessment mechanisms. The CHU has many tools which can be

used to support internal auditors in ensuring a high level of service, including:

• guidelines for the QAIP, including self-assessment;

• benchmark reporting;

• examples of good practice;

• monitoring, including on-the-spot visits;

–  –  –

The key objective of peer reviews is to monitor/assess IA functioning in the public sector. Their scope should vary according to the level of IA system development.

Initially, a review would focus on organisational and formal aspects of the IA function (organisation and management – including QAIP, planning, reporting, assurance engagements, consulting activities, etc.), whereas later it may relate more to the effectiveness, efficiency and usefulness of IA in public entities.

In Member States in which CHUs are formally established, their tasks may include overseeing, monitoring and advising on public sector IA activity, and reporting annually on these activities to government and/or parliament. However, in some Member States, the tasks of the CHU go beyond this and include (external) assessment of the IA activities of the operational units, including self-assessment with external validation. It is questionable whether such assessments are in line with the Standards, in particular as regards the independence and ‘externality’ of the CHU vis-à-vis the IA unit concerned.

In 2012,3 the Commission’s Directorate-General for Budget considered that an external assessment by the CHU cannot be regarded as satisfying the requirements of the Standards. In line with Practice Advisory 1312-1, DG Budget is of the opinion that, though organisationally separate from the IA unit under review, the CHU cannot be regarded as ‘external’ and ‘independent’ in line with Standard 1312, since it provides the Opinion of 13 November 2012 addressed to the CHUs of (potential) candidate countries, qualifying European Neighbourhood Policy countries and delegates in the Public Expenditure Management Peer Assisted Learning (PEMPAL) organisation, and copied to the SAIs of these countries.

IA activity with assistance and professional guidance. If assessment by the CHU is the only ‘external’ assessment, the IA unit concerned may not indicate in its audit reports that the engagement was ‘conducted in conformance with the International Standards for the Professional Practice of Internal Auditing’ (see Standard 2430).

Pages:   || 2 |

Similar works:

«THESIS ABYSMAL LUCK IN THE ABSAROKAS: GOLD REEF – A LATE 19TH EARLY 20TH CENTURY MINING LOCALITY IN NORTHWESTERN WYOMING Submitted by Andrew C. Mueller Department of Anthropology In partial fulfillment of the requirements For the Degree of Master of Art Colorado State University Fort Collins, Colorado Spring 2007 Abstract of Thesis ABYSMAL LUCK IN THE ABSAROKAS: GOLD REEF – A LATE 19TH EARLY 20TH CENTURY MINING LOCALITY IN NORTHWESTERN WYOMING This thesis examines Gold Reef, a small mining...»

«‘The Controller is Mightier Than the Pen!’ Narrative Space in Video Games Eric Forcier Abstract There is an uncomfortable tension in the discourse of video games these days, localized around the concept of ‗narrative.‘ The popularity of story-based and cinematically inspired games such as Elder Scrolls V: Skyrim1 and Mass Effect 32 suggests that narratives play an important role in the development and consumption of video games, and yet the use of narrative principles to study and...»

«Tennessee Comprehensive Assessment Program TCAP/CRA Anchor Set Grade 7 – High and Low Elevations Task SECURE MATERIAL Reader Name: Tennessee Comprehensive Assessment Program Copyright © 2013 by the University of Pittsburgh and published under contract with Tennessee State Department of Education by Measurement Incorporated, 423 Morris Street, Durham, North Carolina, 27701. Testing items licensed to the Tennessee State Department of Education. All rights reserved. No part of this publication...»

«1 mighty ducks jersey cheap.1 broncos jersey cheap.2 cheap youth hockey jerseys.3 cheap custom seattle seahawks jerseys.4 youth nfl jerseys cheap.5 cheapest jerseys from china.6 throwback baseball jerseys cheap.7 real madrid cheap jersey.8 jacksonville jaguars jersey cheap.9 cheap custom jerseys basketball.10 san jose sharks jerseys cheap.11 wholesale jerseys usa.12 cheap custom flyers jerseys.13 real jerseys for cheap.14 cheap minnesota wild jerseys.15 pat mcafee jersey cheap india.16...»

«Sermon #709 Metropolitan Tabernacle Pulpit 1 KICKING AGAINST THE PRICKS NO. 709 A SERMON DELIVERED ON SUNDAY MORNING, SEPTEMBER 9, 1866, BY C. H. SPURGEON, AT THE METROPOLITAN TABERNACLE, NEWINGTON. “It is hard for you to kick against the pricks.” Acts 9:5. THIS expression is highly characteristic of the Savior from its figurative form. While He was on earth, He spoke to the people in parables; and speaking out of heaven, in this instance, He still adopts the parabolic style, as He did in...»

«www.skyandlandscape.com Survey Report Stone Age Surveys from the 1980s Megalithic Stone Rings of Mid Wales Original Research and survey plans from 1984 by John R Hoyle [Editor’s note : On page 21 of Thom’s final published book, Megalithic Remains in Britain and Brittany, one can find John Hoyle’s survey plan of Hirnant cairn circle, described by Thom as a ‘Type III’ ring. A redrawn plan (shown later) was reproduced in Cracking the Stone Age Code, page 157, which led to John contacting...»

«PRACTICAL THEOSOPHY A PLAIN STATEMENT OF ITS TENETS BY HASH NU HARA 0 AUTHOR OF T lie Road to Success, Concentration and the A cquirement of Personal Magnetism, Mental Alchemy, Practical Hypnotism, T he Complexion B eautiful,' Practical Yoga, etc., etc. LONDON N. FOWLER & CO. L. 7 IMPERIAL ARCADE, LUDGATE CIRCUS, E.C. J9II L. N. FOWLER & Co. COPYRIGHT, 1911, BY Entered at Stationers' Hatt. All Rzghts Reserved. INTRODUCTION -:0:A PRACTICAL handbook upon the subject of Theosophy may seem...»

«Nokia Threat Intelligence Report – H1 2016 Nokia Threat Intelligence Report – H1 2016 1 Nokia Security Center Berlin powered by Nokia Threat Intelligence Laboratories Table of contents Introduction 3 Malware in mobile networks 4 Mobile malware becoming more sophisticated 9 Malware in fixed residential networks 14 Other trends 17 Conclusion 20 About the Nokia Threat Intelligence Lab 20 Introduction This report examines general trends and statistics for malware infections in devices connected...»

«Defenders of the Realm FAQ The Game Board What do those triangles stand for in the middle of some of the black routes? These are the routes the Generals follow on their path to Monarch City. It's clear just by looking at the cards in the deck. Or look at Example 2 at the bottom of page 12: the series of spaces Varkolak passes through on his route to Monarch City corresponds exactly to the black arrows on the board. Having them on the map just makes it to know where each General will advance...»

«ABRASION Removal of tooth structure due to rubbing and scraping (e.g. incorrect brushing method) ABSCESS A collection of pus. Severe decay, periodontal disease, or trauma are causative factors. It is characterized by swelling and pain. If an abscess ruptures, it will be accompanied by sudden relief from pain due to a reduction in pressure. A foul taste may also be noticed. Treated with antibiotics and possibly a root canal. ABUTMENT A tooth or tooth structure which is responsible for the...»

«ZIXUE TAI, PhD Associate Professor, School of Journalism & Telecommunications College of Communication and Information, University of Kentucky 214 Grehan Building, Lexington, KY 40506 Phone: (859) 257-1676 (O); E-mail: ztai2@uky.edu EDUCATION Ph.D. 2004, School of Journalism & Mass Communication, University of MinnesotaTwin Cities Major Mass Communication Advisor Tsan-Kuo Chang Dissertation “Civil Society and Internet Revolutions in China” MSS (Master of Software Systems) 2001, Graduate...»

«Załącznik 3 do wniosku o wszczęcie postepowania habilitacyjnego Piotr J. Flatau Attachement 3 for “habilitacja” application – Piotr J. Flatau Self-evaluation by Piotr J. Flatau November 2011 1. Table of contents 1. Table of contents 2. Curriculum Vitae 3. Scientific Publications in Science Citation index 4. Scientific contributions overview Major thesis topic – exact single and multiple scattering methods 5. 5.1. Single scattering by non-spherical particles in discrete dipole...»

<<  HOME   |    CONTACTS
2016 www.dissertation.xlibx.info - Dissertations, online materials

Materials of this site are available for review, all rights belong to their respective owners.
If you do not agree with the fact that your material is placed on this site, please, email us, we will within 1-2 business days delete him.