Audit Committee - 24 January 2025
Implementation of the Global Internal Audit Standards
|
Purpose |
For information |
|
Classification |
Public |
|
Executive Summary |
This paper is submitted to Audit Committee to provide an overview of the new Global Internal Audit Standards, to which public sector internal audit functions will have to comply from 1 April 2025. |
|
Recommendation(s) |
The Audit Committee are requested to note the overview of the new Global Internal Audit Standards |
|
Reasons for recommendation(s) |
The Accounts and Audit Regulations [England] 2015 state a relevant body must: ‘undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes taking into account public sector internal auditing standards or guidance.’ From April 2025 the public sector internal auditing standards will be replaced by the Global Internal Audit Standards against which all internal audit providers must conform. |
|
Ward(s) |
All |
|
Portfolio Holder(s) |
Councillor Jeremy Heron – Finance and Corporate |
|
Strategic Director(s) |
Alan Bethune, Strategic Director of Corporate Resources and Transformation. S151 Officer |
|
Officer Contact |
Antony Harvey Deputy Head of Southern Internal Audit Partnership 07784 265289 |
1. Since their implementation in 2013 the Council’s internal audit function have been required in accordance with the Accounts & Audit Regulations, to comply with the Public Sector Internal Audit Standards which were based on the mandatory elements of the Institute of Internal Auditors (IIA) International Professional Practice Framework (IPPF).
2. In January 2024 the IIA published a significant revision of their IPPF in the form of the Global Internal Audit Standards (GIAS). The revised framework is to take effect within the public sector from April 2025 (effective from January 2025 in the private sector).
3. The GIAS are a replacement to the Public Sector Internal Audit Standards and provide a single source to guide the worldwide professional practice of internal auditing and serve as a basis for evaluating and elevating the quality of the internal audit function.
4. The GIAS is arranged under five domains which incorporates 15 Principles and 52 Standards (Appendix 1).
5. Some of the key differences between the existing Public Sector Internal Audit Standards and the new Global Internal Audit Standards include:
· Domain II – Ethics & Professionalism
o Professional courage (1.1)
o Professional scepticism (4.3)
· Domain III – Governing the internal audit function
o Internal audit mandate (6.1)
o Board interaction (8.1)
o Quality (8.3)
· Domain IV – Manage the internal audit function
o Internal Audit Strategy (9.2)
o Coordinating reliance (9.5)
o Communicating results (trends / root cause) (11.3)
o Performance measurement (12.2)
6. The authority for determining standards applicable to internal audit in the UK public sector rests with the Relevant Internal Audit Standard Setters (RIASS), supported by the UK Public Sector Internal Audit Standards Advisory Board (IASAB).
7. During October 2024 the RIASS issued a consultation document in response to the GIAS (Application Note). Simultaneously CIPFA issued a consultation on a new Code of Practice for the Governance of Internal Audit:
8. Application Note – GIAS in the UK Public Sector (consultation closed 31 October 2024)
9. Code of Practice for the Governance of Internal Audit in the UK Local Government (consultation closed 28 November 2024)
Application Note – GIAS in the UK Public Sector
10. The IASAB has considered the content of the GIAS and has determined that it is applicable to the internal audit of UK public sector bodies, subject to a small number of additional requirements and interpretations.
11. The key requirements and interpretations covered within the Public Sector Application Note that are not encompassed within the main text of the GIAS include:
· in the UK public sector, a chief internal auditor must prepare an overall conclusion encompassing governance, risk management and control (governance should support any specific sector obligations or processes).
· that the chief internal auditor will be both professionally qualified and have appropriate public sector skills and knowledge.
· a requirement for at least one of the external assessment team (required periodically to undertake an External Quality Assessment of the internal audit function) will have the characteristics required of a chief internal auditor in the UK public sector.
12. Any External Quality Assessment undertaken must provide an overall opinion on the internal audit functions conformance with the GIAS and Application Note on GIAS in the UK Public Sector.
Code of Practice for the Governance of Internal Audit in UK Local Government
13. The new standards include ‘essential conditions’ for the governance of internal audit. When the IIA published GIAS, it recognised that in the public sector, governance structures or other laws or regulations may impact on how the essential conditions can be applied.
14. This is the case in UK local government, where there isn’t a straightforward replacement for the ‘board’ as described in GIAS. Elected representatives are ultimately those charged with governance, whether that is the full council of an authority or an elected police and crime commissioner.
15. Audit committees are non-executive advisory bodies with limited decision-making powers. Internal audit’s primary mandate comes from statutory regulations rather than the decision of the audit committee.
16. The GIAS provides for the chief internal auditor to reach agreement with those in governance roles and senior management on alternative conditions that still allow for conformance with the standards. The Code of Practice for the Governance of Internal Audit in UK Local Government provides the route to satisfying the essential conditions in GIAS (UK public sector), tailored for UK local government. The GIAS (UK public sector) directs the local government sector bodies to apply the Code.
17. The Code meets the objectives of the essential conditions, by providing for the necessary governance of internal audit, but in a way that is appropriate for UK local government bodies. It includes roles and responsibilities of the audit committee, senior management, and those charged with governance towards internal audit.
Conclusion
18. The Southern Internal Audit Partnership have completed an initial self-assessment / gap analysis against the GIAS and developed an action plan to ensure the Partnership is in the strongest possible position for when the Standards take effect in April 2025.
19.
As part of that
action plan SIAP will be engaging with Senior Management and
members of the Audit Committee during January / February 2025 to
contribute to the development of key requirements of the GIAS
including the Internal Audit Strategy and key performance
measures.
Corporate plan priorities
20. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives.
Options appraisal
21. The requirement to adopt the Global Internal Audit Standards are a legislative requirement in accordance with the Accounts & Audit Regulations [England] 2015. There are no alternative options.
Consultation undertaken
22. The requirement to adopt the Global Internal Audit Standards have been discussed with the Executive Management Team.
23. The Southern Internal Audit Partnership contributed to the public consultations on both the Application Note – GIAS in the UK Public Sector and Code of Governance for Internal Audit in UK Local Government.
Financial and resource implications
24. There are no financial and resource (including HR) implications arising from the recommendations.
Legal implications
Risk assessment
26. No formal risk assessment is required.
Environmental / Climate and nature implications
27. There are no additional implications arising from this report.
Equalities implications
28. There are no additional implications arising from this report.
Crime and disorder implications
29. There are no additional implications arising from this report.
Data protection / Information governance / ICT implications
30. There are no additional implications arising from this report.
|
Appendices: |
Background Papers: |
|
List appendices here:- Appendix 1 – Global Internal Audit Standards Appendix 2 – SIAP – Global Internal Audit Standards Roadmap |
Global Internal Audit Standards Application Note – GIAS in the UK Public Sector – consultation Code of Practice for the Governance of Internal Audit in UK Local Government |