Audit Committee – 13 February 2026
External Quality Assessment – Final Report
|
Purpose |
For Information |
|
Classification |
Public |
|
Executive Summary |
The purpose of this report is to provide the Audit Committee with the outcome from the External Quality Assessment (EQA) of the Southern Internal Audit Partnership against the new Global Internal Audit Standards in the UK Public Sector. |
|
Recommendation(s) |
The Audit Committee are requested to note 1. the report of the External Assessor following the External Quality Assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector (Appendix 1), and 2. the action plan developed against suggested opportunities for future development (Appendix 2). |
|
Reasons for recommendation(s) |
The Audit Committee has a responsibility to note the outcome of the external quality assessment in accordance with the Global Internal Audit Standards in the UK Public Sector. |
|
Ward(s) |
All Wards |
|
Portfolio Holder(s) |
Councillor Jeremy Heron – Finance and Corporate |
|
Strategic Director(s) |
Alan Bethune, Strategic Director of Corporate Resources. S151 Officer |
|
Officer Contact |
Antony Harvey, Deputy Head of Southern Internal Audit Partnership 07784 265289 |
1. The mandate for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015, which states:
‘A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.’
2. From 1 April 2025, the ‘standards or guidance’ in relation to internal audit are those laid down in the Global Internal Audit Standards (GIAS), Application Note: Global Internal Audit Standards in the UK Public Sector (Application Note) and the Code of Practice for the Governance of Internal Audit in UK Local Government. The collective requirements are referred to as the Global Internal Audit Standards in the UK Public Sector (the Standards).
3. The Standards (8.4) require that ‘the Chief Internal Auditor must develop a plan for an external quality assessment and discuss the plan with the Audit Committee. The external audit assessment must be performed at least once every five years by a qualified, independent assessor or assessment team. The requirement for an external assessment may also be met through a self-assessment with independent validation’.
External Quality Assessment (EQA)
4. An External Quality Assessment of the Southern Internal Audit Partnership was undertaken during September to December 2025. The scope was comprehensive including review of the Southern Internal Audit Partnership’s:
· Conformance with the Global Internal Audit Standards in the UK Public Sector.
· Mandate, charter, strategy, methodologies, processes, risk assessment and internal audit planning.
· Performance measures and outcomes.
· Qualifications and competencies including those of the Chief Internal Auditor.
· Integration into the organisation’s governance processes.
· Contribution towards the organisation governance, risk management, and control processes.
· Contribution to the organisations operations and ability to attain its objectives.
· Ability to meet the expectations of stakeholders.
5. The External Quality Assessment was undertaken by John Chesshire of JC Training Ltd who met all of the necessary requirements of the enhanced qualification and experience required of an external assessor in the public sector. John is also the current Chairman of the Internal Audit Standards and Advisory Board whose role includes oversight of the development and periodic revision of the Global Internal Aduit Standards. As such John is ideally positioned to provide the most credible assessment of the Southern Internal Audit Partnership against the new Standards.
External Quality Assessment Outcome
6. A full copy of the External Quality Assessment – Final Report is provided (Appendix 1), in concluding their conformance opinion, the external assessor states:
‘I undertook this EQA review to provide an independent, objective, examination of SIAP against the GIAS, the Application Note, and the expectations within the CIPFA Code, as well as considering the function’s effectiveness and delivery compared with other internal audit functions, current and emerging good practice(s).
The GIAS comprises five Domains, 15 Principles and 52 Standards. For each Standard, there are Requirements, Considerations for Implementation and Examples of Evidence of Conformance to achieve.
SIAP has achieved an excellent result of ‘generally achieves’ in this EQA in relation to the GIAS and Application Note. The IIA use the term ‘general achievement’ or ‘general conformance’ to indicate that “internal audit activities were performed in general conformance with the Global Standards.”
I include a summary of SIAP’s conformance to the GIAS, below. Overall, I believe that the team has achieved an excellent performance given its size, together with the breadth and depth of the benchmark established by the new GIAS.
I am delighted to confirm that SIAP fully achieves 46 of the 52 Standards and generally achieves the remaining six Standards.There are no partial conformances, or areas where the team do not conform with any Standards.
I have undertaken ten reviews of diverse internal audit functions using the (new) GIAS to date and this result puts SIAP firmly within the top quartile and represents the highest level of achievement and conformance with the new GIAS that I have seen to date.’
Summary of IIA Conformance |
Standards |
Does not Conform |
Partially Conforms/ Achieves |
Generally Conforms/ Achieves |
Fully Conforms/ Achieves |
Total |
Purpose of Internal Auditing |
N/A |
|
|
|
|
N/A |
Ethics and Professionalism |
13 |
|
|
|
13 |
13 |
Governing the Internal Audit Function |
9 |
|
|
3 |
6 |
9 |
Managing the Internal Audit Function |
16 |
|
|
1 |
15 |
16 |
Performing Internal Audit Services |
14 |
|
|
2 |
12 |
14 |
|
|
52 |
0 |
0 |
6 |
46 |
52 |
7. In contextualising the overall assessment outcome, the external assessors clarify:
‘Given these results, you may ask why does SIAP not fully achieve/conform, overall, given this level of attainment? The reason is that the IIA have set an incredibly high, and some may say excessively high, benchmark for the ‘fully achieves’ level of attainment. To fully achieve or conform, the IIA state that “The internal audit function is fully achieving all 15 principles and the Purpose of Internal Auditing.” To fully achieve each of the 15 Principles, an internal audit function must fully conform with each of the 52 Standards.
Given that the GIAS remains ‘comply or explain’ in nature, an internal audit function can reasonably decide that some elements are not necessary to fully adopt, given the team’s nature, size, sector, cost/benefit, value for money considerations, or target maturity level. Not everything must be platinum-plated, and a level of common sense, judgement and proportionality is important.’
Opportunities for improvement
8. It is important to note that the external assessor in their final report clearly states ‘I do not make any formal recommendations in this report. To aid continuous improvement however, I do make a small number of suggestions for future development’.
9. Whilst there is no obligation on the Southern Internal Audit Partnership to address the highlighted areas of improvement, our culture as a learning organisation seeks continual development in ensuring our service is future proofed, lean, efficient, and effective. Consequently, an Action Plan (Appendix 2) has been compiled to consider each of the suggested future development opportunities.
Conclusion
10. The decision to undertake an early external quality assessment and the resulting outcome provides assurance to the Council that the Southern Internal Audit Partnership are operating in general conformance with the Global Internal Audit Standards in the UK Public Sector and remain well positioned as your internal audit provider.
Corporate plan priorities
11. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives.
Options appraisal
12. There are no other options to consider as an EQA is a requirement of the Global Internal Audit Standards against which all internal audit providers must conform.
Consultation undertaken
13. This report has been discussed with the Executive Management Team.
Financial and resource implications
14. Internal audit is provided through the Southern Internal Audit Partnership. The cost of the External Quality Assessment (EQA) is included within these arrangements.
Legal implications
15. The statutory requirement for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015. Internal audit functions within the UK Public Sector must conform with The Global Internal Audit Standards in the UK Public Sector (the Standards). The Standards require ‘the Chief Internal Auditor must develop a plan for an external quality assessment and discuss the plan with the Audit Committee. The external audit assessment must be performed at least once every five years by a qualified, independent assessor or assessment team. This report provides the Audit Committee with outcome from the External Quality Assessment.
Risk assessment
16. Failure to commission an EQA, report on the outcomes and address the highlighted areas of improvement could lead to an audit service which does not comply with the Standards and/or fails to continually develop to ensure our service is future proofed, lean, efficient, and effective.
Environmental / Climate and nature implications
17. There are no additional implications arising from this report.
Equalities implications
18. There are no additional implications arising from this report.
Crime and disorder implications
19. There are no additional implications arising from this report.
Data protection / Information governance / ICT implications
20. There are no additional implications arising from this report.
|
Appendices: |
Background Papers: |
|
External Quality Assessment – Final Report (Appendix 1) External Quality Assessment – Action Plan (Appendix 2)
|
Implementation of the Global Internal Audit Standards Internal Audit Charter and Plan 2025-26 External Quality Assessment |