Ideas & Insights

Why You Needed an Internal Audit Function Yesterday

Why You Needed an Internal Audit Function Yesterday

Internal Audit: Optimal Governance and Minimal Risk for Government Agencies

Best Practices for Organizations Seeking to Establish an Internal Audit Function

By: Richard Green, CPA, Partner and Industry Leader, State and Local Government

In the world of public and private enterprise, having a robust internal audit function has become standard operating procedure. Whether the internal audit group is staffed internally or co-/out-sourced to a professional services firm, this layer of oversight is a pillar of good governance and operates as an essential tool for managing risk. What has become standard for businesses is becoming more prevalent for government institutions. Increasingly, State and Local Government agencies are developing internal audit functions as a proactive measure to mitigate risk. The question for agencies today is: “If you don’t have an internal audit function, why not?”

What is Internal Audit?

Management and Those Charged with Governance of government agencies are responsible for providing assurance to publically-elected officials, and the electorate, that there is proper stewardship of public resources and effective delivery of services. To provide this assurance, organizations develop a three-tier system of checks and balances.

Optimal Assurance Structure for Government Agencies

Internal auditors are an integral aspect of an organization’s assurance structure. An independent internal audit function can be of great value to organizations by assisting management in monitoring the design and proper functioning of internal control policies and procedures. Internal auditors function as an additional level of control and help improve the agency’s overall control environment. Internal auditors can also provide value by conducting performance audits and special investigations/studies.

What Does Internal Audit Do?

The scope of internal audit work encompasses an enterprise-wide concept of corporate governance and risk. Organizations must have controls that manage risk and promote effective and efficient governance and performance. An effective internal audit function will generally provide:

  • Assurance services – An objective examination of evidence for the purpose of providing an independent assessment of risk management, control and governance processes.
  • Consulting services – Advisory and related activities, the nature and scope of which are agreed upon with the audit committee and are intended to add value and improve business operations.
  • Value–adding services – Focused on efficiency and effectiveness to improve processes and the economical use of finances and resources.

Organizations establish an independent internal audit function to provide continuous review of the effectiveness of risk management, control, and governance processes. Internal audit does this by:

  • Providing an independent, unbiased assessment of operations;
  • Providing management with reports on the effectiveness of risk management, controls, and governance processes;
  • Acting as a catalyst for risk management, control and governance process improvements; and,
  • Operating as a key advisor telling management what it needs to know, when it needs to know it.

The internal audit team supports organization stakeholders by:

  • Reviewing success rates for organizational objectives;
  • Assessing decision authorization;
  • Assessing reliability and integrity of information;
  • Reviewing asset safeguards;
  • Assessing organizational compliance with laws, regulations, policies, and contracts;
  • Assessing efficiency, effectiveness, and economy of business activities;
  • Reviewing controls for fraud and corruption;
  • Following–up previous audits to assess if responses have been effectively implemented; and
  • Looking for better ways of doing things.
Best Practices for Developing an Internal Audit Function

Every government agency should consider establishing a formal internal audit function. Such a function can play an important role in helping management optimize its framework of internal controls, which can result in minimized risk. As a rule, a formal internal audit function is particularly valuable for those activities involving a high degree of risk, including: complex accounting systems and contracts with outside parties.

Agencies looking to develop an internal audit function must follow three essential steps:

  1. Establish a charter in accordance with the organizations needs and professional standards.
  2. Develop a staffing model/structure that meets the organization’s needs.
  3. Before launch, conduct review to ensure internal audit function has appropriate levels of independence, resources and access.

Step 1: Establish a Charter

The internal audit function should be established formally by charter, enabling resolution, or other applicable legal means. The charter should be drafted to ensure the appropriate characters of an effective internal audit function:

  • Provides assurance to the audit committee and management on the effectiveness of risk management, control and governance processes;
  • Is independent of the organizational functions it audits;
  • Reports to an audit committee for its operations;
  • Reports to the chief executive officer for its administration.
  • Is led by a chief audit executive.
  • Performs its work in accordance with the internal audit standards.
  • Provides assurance services, and may also provide consulting services.
  • May perform various types of auditing – compliance, financial, ICT, integrated audit, etc.
  • May perform operational audits to review efficiency, effectiveness and economy of business activities.

It is recommended that the agency’s charter be structured in accordance with internal audit professional standards as established by the Institute of Internal Auditors and the U.S. General Accounting Office’s publication Government Auditing Standards.

Step 2: Develop Staffing/Structure Model

There a number of methods for delivering internal audit services within an organization.

Internal Audit Structures

Step 3: Final Checklist before Launch

  • Ensure internal audit function is independent from the activities it audits.
  • Internal audit is appropriately positioned in the organization governance framework to ensure its work complements the work of other internal and external assurance and review providers.
  • Ensure the internal audit function has sufficient resources, with access to internal auditors with the necessary skills, experience and personal attributes to achieve what is expected of it.
  • Internal audit provides an annual report of its work, including an assessment of the effectiveness of the organization control system.
Get Value-Added Support Developing your Internal Audit Function

While there are seemingly endless advantages to an internal audit function, each function is only as effective as its mandate, resources and guidance allow it to be. Whether you’re planning to create an in-house internal audit function, or co-/out-source elements of that function, the specialists in MGO’s State and Local Government Practice can provide valuable insights for every step on the road.

Questions? Let’s Talk.



Tagged with: