TIAPS Module 1 Audit and Assurance workbook
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• Close scrutiny. The activities of public entities are rightly subject to close scrutiny by<br />
line ministries, financial inspectors, external auditors, the business community, <strong>and</strong><br />
the public. This includes the work of the internal audit function <strong>and</strong> the behavior <strong>and</strong><br />
actions of its members. Unlike external audit reports, those of the internal audit<br />
function are not typically made available to the public, but the expectations placed on<br />
internal auditors to serve the public interest as inspectors <strong>and</strong> watchdogs are<br />
generally considerable. The public may not underst<strong>and</strong> what an internal auditor<br />
does, but when things go wrong, they are often caught in the firing line.<br />
• Political environment. The public sector environment is, above all, a political one.<br />
There is a cyclical change of leadership, policy, <strong>and</strong> organizational direction, <strong>and</strong><br />
internal audit is expected to keep up. The head of internal audit must anticipate<br />
these frequent shifts when planning the timing <strong>and</strong> focus of engagements. They<br />
must continuously rebuild relationships <strong>and</strong> carefully navigate politics to ensure<br />
activities are appropriately focused on organizational purpose <strong>and</strong> the public good<br />
rather than election cycles <strong>and</strong> the personal ambitions of public officials.<br />
• Constraints on independence. Establishing <strong>and</strong> maintaining organizational<br />
independence can be more challenging for internal audit functions in public entities<br />
than it is in privately owned businesses. Often the distinction between executive <strong>and</strong><br />
non-executive leadership is less apparent. The head of internal audit may report to<br />
an individual or a board comprising senior managers <strong>and</strong> political appointees. In<br />
some cases, internal audit oversight may be fairly remote. <strong>Audit</strong> committees, where<br />
such exist, may span multiple entities, especially where there is a centralized or<br />
shared service provider for central or local government. In addition, the use of<br />
outsourced or shared services may increase internal audit’s operational<br />
independence at the expense of greater remoteness from <strong>and</strong> reduced familiarity<br />
with the activities being audited.<br />
• Legitimate restrictions in scope. The m<strong>and</strong>ate of internal audit should allow the<br />
function access to the people, data, <strong>and</strong> resources needed to complete its<br />
engagements. Often in the private sector, this is interpreted as an “access all areas”<br />
m<strong>and</strong>ate. Restrictions on scope amount to a limitation on independence, keeping<br />
internal audit away from areas the governing body does not wish to be scrutinized. In<br />
the public sector, there can be legitimate reasons for reducing scope, especially in<br />
the interests of national security.<br />
These <strong>and</strong> other dimensions require careful h<strong>and</strong>ling by internal auditors <strong>and</strong> heads of audit<br />
functions.<br />
7