TIAPS Module 1 Audit and Assurance workbook

More documents

Recommendations

Info

A. Internal Auditing’s Contribution to Good Governance On completion of this section, students will be better able to: • Identify factors impacting governance in the public sector. • Define governance with reference to various models. • Identify requirements for good governance in public sector environments. • Describe how internal audit contributes to organizational governance. A.1 Public Sector Environment Internal auditors operating in a public sector environment face a range of conditions not generally experienced by their private sector counterparts. The following features represent a generalization not found in every public entity but are characteristic of many. • High importance. Governments hold significant power. They impact the lives of all citizens in many ways. They have access to a vast array of information and resources. Consequently, the risks of errors, wastage, fraud, and corruption can be hugely consequential, including the potential for abuses of privacy and misuse of data, despoilation of environments, depletion of natural resources, economic and social deprivation, military conflict, inadequate supply of energy and other utilities, and weaknesses in the rule of law. The work of internal auditors in helping administrations improve governance, risk management, and control could not be more important. • Limited resources. Resources tend to be limited because of continuous pressures on public spending. Everyone is expected to do more with less. This is often particularly true of unseen “back office” functions like internal audit whose overheads may be regarded by many budget holders and uninformed members of the public as inconsequential or unnecessary. Specialist skills for areas such as IT, cybersecurity, and data analytics are often in short supply, especially when the private sector can lure individuals away from the public sector with offers of higher rewards. • Immature risk management processes. Risk management may be relatively immature with fewer resources applied to risk and compliance functions. Awareness and understanding of risk and control may also be relatively limited. In such circumstances, internal audit may be expected to play a greater role in supporting management to develop effective internal control or even to act as a quasi-second line function (see section A.3.2 for consideration of the Three Lines Model.) In its advisory capacity, supporting the development of public internal financial control is an important internal audit service but care must be taken to safeguard independence and objectivity (see section B). 6
• Close scrutiny. The activities of public entities are rightly subject to close scrutiny by line ministries, financial inspectors, external auditors, the business community, and the public. This includes the work of the internal audit function and the behavior and actions of its members. Unlike external audit reports, those of the internal audit function are not typically made available to the public, but the expectations placed on internal auditors to serve the public interest as inspectors and watchdogs are generally considerable. The public may not understand what an internal auditor does, but when things go wrong, they are often caught in the firing line. • Political environment. The public sector environment is, above all, a political one. There is a cyclical change of leadership, policy, and organizational direction, and internal audit is expected to keep up. The head of internal audit must anticipate these frequent shifts when planning the timing and focus of engagements. They must continuously rebuild relationships and carefully navigate politics to ensure activities are appropriately focused on organizational purpose and the public good rather than election cycles and the personal ambitions of public officials. • Constraints on independence. Establishing and maintaining organizational independence can be more challenging for internal audit functions in public entities than it is in privately owned businesses. Often the distinction between executive and non-executive leadership is less apparent. The head of internal audit may report to an individual or a board comprising senior managers and political appointees. In some cases, internal audit oversight may be fairly remote. Audit committees, where such exist, may span multiple entities, especially where there is a centralized or shared service provider for central or local government. In addition, the use of outsourced or shared services may increase internal audit’s operational independence at the expense of greater remoteness from and reduced familiarity with the activities being audited. • Legitimate restrictions in scope. The mandate of internal audit should allow the function access to the people, data, and resources needed to complete its engagements. Often in the private sector, this is interpreted as an “access all areas” mandate. Restrictions on scope amount to a limitation on independence, keeping internal audit away from areas the governing body does not wish to be scrutinized. In the public sector, there can be legitimate reasons for reducing scope, especially in the interests of national security. These and other dimensions require careful handling by internal auditors and heads of audit functions. 7
Page 1 and 2: Module 1: Audit and Assurance TIAPS
Page 3 and 4: Table of Contents Module 1: Audit a
Page 5: Relevant Standards Reference is mad
Page 9 and 10: A.2 Public Sector Governance IIA In
Page 11 and 12: The need for governance arises for
Page 13 and 14: Although developed for government a
Page 15 and 16: A.3 Governance Models When evaluati
Page 17 and 18: defensive aspects to minimize negat
Page 19 and 20: A.3.3 CIPFA International Framework
Page 21 and 22: 8. Ensure that its arrangements for
Page 23 and 24: • Consideration of overlapping in
Page 25 and 26: A.3: Reflection Which model or mod
Page 27 and 28: Although they are related, the prin
Page 29 and 30: B.1.1 Independence, Objectivity, an
Page 31 and 32: B.1: Reflection Is it possible to
Page 33 and 34: According to The IIA Position Paper
Page 35 and 36: B.2: Reflection When was the last t
Page 37 and 38: When independence or objectivity ar
Page 39 and 40: B.4 Safeguards for Independence and
Page 41 and 42: In other cases, there is no audit c
Page 43 and 44: C. Assurance and Advisory Engagemen
Page 45 and 46: It is common to build an allowance
Page 47 and 48: The following list is taken from Sa
Page 49 and 50: helping managers developing control
Page 51 and 52: C.1.5 Internal Audit Opinions Audit
Page 53 and 54: Leadership and Communication Intern
Page 55 and 56: C.2 Auditing Governance The IIA Sup
Page 57 and 58:
C.2: Reflection How does your inter
Page 59 and 60:
Fraud may be perpetrated via measur
Page 61 and 62:
circumstances (unethical and often
Page 63 and 64:
Management Issues • Lack of area
Page 65 and 66:
Risk management techniques can be a
Page 67 and 68:
IT controls may be manual, automate
Page 69 and 70:
The IIA’s Cybersecurity Toolkit d
Page 71 and 72:
C.3: Reflection Fraud: How are susp
Page 73 and 74:
Global Perspectives and Insights -
Page 75:
CIPFA: 77 Mansell Street, London E1
show all

TIAPS Module 1 Audit and Assurance workbook

Create successful ePaper yourself

Delete template?

Save as template?