TIAPS Module 1 Audit and Assurance workbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
C.2 <strong>Audit</strong>ing Governance<br />
The IIA Supplement Guidance: The Role of <strong>Audit</strong>ing in Public Sector Governance<br />
emphasizing the essential characteristics of the internal audit function for providing valuable<br />
assurance insight:<br />
• Organizational independence.<br />
• A formal m<strong>and</strong>ate (in “the public sector’s constitution, charter, or other basic legal<br />
document.”)<br />
• Unrestricted access “to employees, property, <strong>and</strong> records.”<br />
• Sufficient funding.<br />
• Competent leadership.<br />
• Objective staff.<br />
• Competent staff.<br />
• Stakeholder support.<br />
• Professional audit st<strong>and</strong>ards. 50<br />
In respect of governance, internal audit may contribute in various ways:<br />
• Oversight: Internal audit can extend the reach of senior management <strong>and</strong> the<br />
governing body to observe organizational activities <strong>and</strong> circumstances <strong>and</strong> determine<br />
whether policy is being implemented as intended with appropriate assessment of<br />
risks <strong>and</strong> implementation of controls. <strong>Audit</strong>ing provides transparency through<br />
verification of performance, position, <strong>and</strong> prospects, <strong>and</strong> by sharing it with<br />
stakeholders.<br />
• Detection: <strong>Audit</strong>s reveal “inappropriate, inefficient, illegal, fraudulent, or abusive acts<br />
that have already transpired.” Such information can be used to strengthen controls,<br />
initiate training, <strong>and</strong> pursue disciplinary or legal proceedings. Detection can occur as<br />
part of an investigation of potential conflicts of interest or suspected wasteful,<br />
abusive, or fraudulent activities. Alternatively, detection also occurs when red flags<br />
are identified during a routine engagement involving the identification of risks <strong>and</strong><br />
testing of controls.<br />
• Deterrence: Anticipated audit work as well as the exposure of detected weaknesses<br />
can deter other lapses in proper oversight <strong>and</strong> management.<br />
• Insight: <strong>Audit</strong>ors can share their expertise <strong>and</strong> underst<strong>and</strong>ing <strong>and</strong> make<br />
recommendations in terms of potential improvements with reference to best<br />
practices.<br />
• Foresight: <strong>Audit</strong>ors can also anticipate future risks by considering trends as well as<br />
changes in legislation <strong>and</strong> regulation. 51<br />
Organizational governance may be audited in an individual engagement. Alternatively, an<br />
opinion on governance may be derived from multiple engagements (see C.1.5). <strong>Assurance</strong><br />
<strong>and</strong> advisory engagements may be used. Any engagement that considers risk management<br />
<strong>and</strong> internal control contributes to an auditor’s underst<strong>and</strong>ing of governance.<br />
50<br />
Supplemental Guidance: The Role of <strong>Audit</strong>ing in Public Sector Governance, The IIA, 2012.<br />
51<br />
Supplemental Guidance: The Role of <strong>Audit</strong>ing in Public Sector Governance, The IIA, 2012.<br />
55