By Keely Lund | 1 February 2013
On April 1, new internal audit standards come into effect for the whole of the public sector. Creation of this level playing field will bring some changes
After more than a year of development, the Public Sector Internal Audit Standards were launched in December. They will come into effect on April 1, providing a consistent framework for internal audit services across the UK public sector.
The PSIAS were issued by the ‘Relevant Internal Audit Standard Setters’ in the sector – CIPFA, the Treasury, the Department of Health and the Scottish, Welsh and Northern Ireland governments.
A consistent framework has obvious benefits for partnership working, and for internal auditors who work across the different parts of the public sector. The standards are also designed to drive improvement, leading to better public financial management.
This ground-breaking development is based on the Institute of Internal Auditors’ International Standards, Definition of Internal Auditing and Code of Ethics, which form the core of the PSIAS. The new standards will replace the existing ones in local government, central government and the NHS, including the CIPFA Code of Practice for Internal Audit in Local Government.
The first difference local authority heads of internal audit will notice is the distinctive look and feel of the PSIAS: individual standards are numbered with subsections and the additional public sector requirements and interpretations are displayed in separate, additional boxes (this approach will already be familiar to internal auditors in central government and the NHS). This allows for amendments without disturbing the flow of the standards.
Another difference, especially for local government, is the terminology. For example, the PSIAS use the term ‘chief audit executive’, the description used internationally, rather than ‘head of internal audit’ or ‘chief internal auditor’, which are more common in the UK.
Another change is the requirement for an internal audit ‘charter’, which must formally define the purpose, authority and responsibility of the internal audit activity, as well as the nature of consulting services and the terms ‘board’ and ‘senior management’. It will also cover arrangements for avoiding conflicts of interest if internal audit carries out any non-audit activities.
There is no longer a requirement to produce an audit strategy. Instead, a risk-based plan must incorporate or be linked to a strategic or high-level statement. This should set out how the internal audit service will be provided and developed in accordance with the charter and how it will link to the organisation’s objectives and priorities.
The quality of the service will also need to be rigorously checked under the Quality Assurance and Improvement Programme. The QA&IP requires ongoing internal assessments of all aspects of internal audit activity, as well as an external assessment at least once every five years. The QA&IP is designed to assess the efficiency and effectiveness of internal audit as well as identify opportunities for improvement.
The chief audit executive will have to include a statement on the results of the QA&IP in an annual report.
The internal assessments can be divided into two parts. The first will be monitoring the department’s activity, in much the same way as under current quality review procedures. The other will comprise ‘periodic’ self-assessments or assessments carried out by other officers in the organisation, who will have to have sufficient knowledge of internal audit practices.
External assessments will need to be carried out by qualified and independent assessors or assessment teams from outside the organisation. They can be undertaken as a full external evaluation or a self-assessment with independent external validation and cannot be carried out on a rolling basis.
CIPFA’s Local Government Application Note for the PSIAS, due out in March, will include a full PSIAS checklist to assist local authorities with both internal and external assessments.
Heads of internal audit, chief financial officers and chief executives should have received an email from their standard-setter with a link to the standards, which are also available on the CIPFA website.
Keeley Lund is CIPFA’s technical manager for professional standards and guidance. The institute is grateful for the help of the Chartered Institute of Internal Auditors and the Internal Audit Standards Advisory Board in developing the standards See www.cipfa.org/Policy-and-Guidance/Standards/Public-Sector-Internal-Audit-Standards
