TIAPS Module 1 Audit and Assurance workbook
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
A. Internal <strong>Audit</strong>ing’s Contribution to Good Governance<br />
On completion of this section, students will be better able to:<br />
• Identify factors impacting governance in the public sector.<br />
• Define governance with reference to various models.<br />
• Identify requirements for good governance in public sector environments.<br />
• Describe how internal audit contributes to organizational governance.<br />
A.1 Public Sector Environment<br />
Internal auditors operating in a public sector environment face a range of conditions not<br />
generally experienced by their private sector counterparts. The following features represent<br />
a generalization not found in every public entity but are characteristic of many.<br />
• High importance. Governments hold significant power. They impact the lives of all<br />
citizens in many ways. They have access to a vast array of information <strong>and</strong><br />
resources. Consequently, the risks of errors, wastage, fraud, <strong>and</strong> corruption can be<br />
hugely consequential, including the potential for abuses of privacy <strong>and</strong> misuse of<br />
data, despoilation of environments, depletion of natural resources, economic <strong>and</strong><br />
social deprivation, military conflict, inadequate supply of energy <strong>and</strong> other utilities,<br />
<strong>and</strong> weaknesses in the rule of law. The work of internal auditors in helping<br />
administrations improve governance, risk management, <strong>and</strong> control could not be<br />
more important.<br />
• Limited resources. Resources tend to be limited because of continuous pressures on<br />
public spending. Everyone is expected to do more with less. This is often particularly<br />
true of unseen “back office” functions like internal audit whose overheads may be<br />
regarded by many budget holders <strong>and</strong> uninformed members of the public as<br />
inconsequential or unnecessary. Specialist skills for areas such as IT, cybersecurity,<br />
<strong>and</strong> data analytics are often in short supply, especially when the private sector can<br />
lure individuals away from the public sector with offers of higher rewards.<br />
• Immature risk management processes. Risk management may be relatively<br />
immature with fewer resources applied to risk <strong>and</strong> compliance functions. Awareness<br />
<strong>and</strong> underst<strong>and</strong>ing of risk <strong>and</strong> control may also be relatively limited. In such<br />
circumstances, internal audit may be expected to play a greater role in supporting<br />
management to develop effective internal control or even to act as a quasi-second<br />
line function (see section A.3.2 for consideration of the Three Lines Model.) In its<br />
advisory capacity, supporting the development of public internal financial control is<br />
an important internal audit service but care must be taken to safeguard<br />
independence <strong>and</strong> objectivity (see section B).<br />
6