|
|
Print Version  |
|
April 19, 2005
|
|
|
INTERNAL AUDIT FORUM DISCUSSES ISSUES, BEST PRACTICES Executive Summary
The forum focused on issues, strategies and best practices identified at the first forum held in November 2003, in Toronto. All chief internal auditors of Canada’s provincial and territorial jurisdictions attended the event and the Acting Executive Director of the Centre of Excellence for Internal Audit represented the federal government. The host of the event was Mr. David Fairbotham, Executive Director, Internal Audit and Advisory Services, Office of the Comptroller General of British Columbia. Mr. Jacques Lapointe, Chief Internal Auditor and Assistant Deputy Minister, Internal Audit Division, Ontario Management Board Secretariat, partnered with CCAF to make the forum a success. The advice and guidance from this forum has provided valuable input into CCAF’s research, and has established a solid footing for further discussion. The headings below reflect the topics covered at the forum. This brief report can only touch some of the highlights of the discussion. For a detailed report, please refer to Internal Audit – Assuring its Value Through Good Governance and Accountability. It is available for download from the Foundation's member/subscriber web site. Strengthening Internal Audit – Best Practices One way to explore internal audit best practices is to examine criteria legislative audit offices use to audit internal audit functions. The Office of the Auditor General of British Columbia recently completed a review of internal audit in B.C. health authorities. In developing the audit scope and criteria, the Office reviewed best and expected practices for internal audit from numerous jurisdictions. Best practices include those relating to roles, responsibilities and authorities and board oversight of internal audit, resourcing the internal audit function, planning internal audit’s activities, audit processes, and evaluating internal audit’s performance. The Office of the Auditor General of Canada recently conducted an audit of internal audit in federal departments and agencies. Its report listed factors that would have a positive effect on internal audit, including:
Ms. Janet Harrison, Acting Executive Director, Centre of Excellence for Internal Audit, Treasury Board of Canada Secretariat, described the federal government’s proposed initiatives to strengthen internal audit. Ministers, Deputy Ministers and other stakeholders were being consulted about issues including a revised Internal Audit Policy, organizational independence of internal audit groups, a clear definition of roles and responsibilities of senior managers and departmental comptrollers, guidance on best practices and training, staffing of internal auditor positions across the federal public service, and the creation of standardized internal methodologies and tools. In a discussion of the role of audit committees in supporting internal audit independence, forum participants said an audit committee must oversee a department’s control and accountability processes and systems, and to do so effectively, it should have independent members (i.e. from outside the public service/government entity). Responsibilities could include oversight of the internal audit relationship with the legislative auditor, follow-up of management action plans, annual reporting on accomplishments, review of significant performance reports, appointment of the Chief Audit Executive, and a functional reporting relationship with the Chief Audit Executive. Forum participants said research is needed to identify the ideal circumstances and factors that support internal audit independence in a governmental setting. This could include indicators that demonstrate the function has achieved a good balance between independence and support, and best practices/principles that contribute to independence. Internal Auditing Standards The Institute of Internal Auditors Inc. (IIA) is the world leader in research and educational issues for internal auditing and is the standards-setting body for the profession. Its Professional Practices Framework (updated in January 2004) includes International Standards for the Professional Practice of Internal Auditing. According to Mrs. Elizabeth (Libby) MacRae, Senior Research Associate with CCAF and a member of The IIA’s international Professional Issues Committee, the Standards cover such topics as: Purpose, Authority, and Responsibility; Independence and Objectivity; Proficiency and Due Care; Quality Assurance and Improvement Program; Managing the Internal Audit Activity; Nature of Work; Engagement Planning; Communicating Results; etc. She told forum participants The IIA framework is accessible on The IIA website, together with a Government Auditor’s Resource Center for government internal auditors. Forum participants noted that all provincial and territorial internal audit groups promote adherence to The IIA Standards. They were very supportive of the Certified Internal Auditor (CIA) designation, the only globally accepted certification for internal auditors. Most provincial and territorial internal audit groups encourage the CIA designation; Ontario requires that all newly hired internal auditors become certified. Internal Audit Placement in the Organization Mr. Arn van Iersel, the Comptroller General of British Columbia, described internal audit in British Columbia and its move to centralization about six years ago; the roles of the legislative auditor and internal audit committees; and the uniqueness of the public sector with its varied, de-centralized and non-homogeneous services. He talked about the role of internal audit as a tool for management and the executive, and as part of comptrollership governance responsibilities. He said the British Columbia model provides internal audit organizations with a common strategy, charter, methodology and practices, and Deputy Minister involvement and buy-in. He also talked about independence of the internal audit function and the costs of too much independence, including alienation of management as a client and duplication of the role of the Auditor General. Some participants felt the reporting level in the organization is only one factor. Equally important are such factors as the personality of the person to whom the chief audit executive reports, whether that person has the time to devote to the function and is a change agent in the organization, and supports the contribution of the internal audit function. Reporting relationships vary among provinces and territories and within the federal government. The Chief Internal Auditors in Alberta and the Yukon report to the Secretary of the Cabinet, while all others report to either a Deputy or Assistant Deputy Minister level, some positions of which are also the provincial/territorial comptroller. Participants identified several factors that contribute to internal audit independence and objectivity:
While most provincial and territorial internal audit functions are centralized, their budgets are not necessarily. Some rely on Ministry funding for internal audits conducted within a particular Ministry. This can impact on the potential scope and number of audits. Participants felt strongly that full control over the internal audit budget increases independence, as does strong corporate audit committee support for centralized funding. In most provincial, territorial and federal internal audit functions, reports are generally accessible through access to/freedom of information laws. Participants noted the impacts of such public availability, including delays in finalizing draft reports, possible sanitizing of reports, and the potential for people to confuse internal audit with legislative audit. Risk Assessment in Internal Audit Planning Mr. John Gunter, Director, Government Audit Services, Government of Yukon, made a comprehensive presentation on audit planning and risk assessment. In the ensuing discussion, most participants said they use risk-based information in developing the internal audit plan. They stressed the importance of having management buy-in to the risk assessment process. Executive questionnaires or senior management surveys are popular means of obtaining qualitative information on actual and perceived risks. In terms of risk scoring and prioritizing, most chief internal auditors use a combination of risk criteria, including management concerns, size of program or operation, operational environment, and change or complexity of systems and processes. Most jurisdictions do not make extensive use of audit planning software tools. When identifying key risk areas and developing internal audit plans, most chief internal auditors consult legislative auditors and review legislative audit plans and previous reports. Some share their risk assessment conclusions with the legislative auditor to reduce duplication and improve working relationships and audit results. Internal Audit Capability and Capacity Participants at the forum felt that it is particularly challenging to determine and secure the resources needed for an effective internal audit function. In addition to core resources for ongoing internal audits, appropriate internal audit capacity must be in place to address the risk management needs of new or expanding programs. Participants noted that additional work could be done in this area to benchmark and develop matrices for calculating appropriate internal audit resources to effectively carry out the internal audit mandate. Mr. Jacques Lapointe, Chief Internal Auditor & Assistant Deputy Minister, Internal Audit Division, Ontario Management Board Secretariat, briefed the forum on a Capability Maturity Model that The IIA is developing. The model describes the characteristics and establishes standards of performance for government internal audit functions at five different stages of evolution. The stages track the development of an audit function from start up, to a mature function, and finally to a world-class, best practice operation. Jacques reviewed the five core elements of the model – Governance, Standards, Organization, Human Resources, and Services. A key principle of the model is that effective implementation of the elements at each level is necessary to build the capacity and infrastructure to support growth to the next level. Common Tools and Methodologies The session was led by Mr. Nick Shandro, Chief Internal Auditor, Executive Branch, Government of Alberta, Office of the Chief Internal Auditor. It featured a round table discussion of the methodologies, tools, training workshops and courses employed by internal audit groups. For example, Alberta uses Teammate, an audit management system software developed by PricewaterhouseCoopers, as well as other project management, time reporting and data extraction software. Forum participants also learned that in March 2004, the Ontario Audit Centre for Excellence developed the 2003-2004 annual Internal Audit Division Client Satisfaction Survey. The survey was posted on the division’s website, and a survey notification request was sent to internal audit clients. The Way Forward The participants at the 2004 National Forum for Chief Government Internal Auditors identified the following areas for further study or consideration:
Working groups have been established to address the areas that chief internal auditors identified as priorities for discussion at the next National Forum, to be held in Quebec City in October 2005. |
|
|
Return To Top of Page Copyright © 2006 CCAF-FCVI |
At the second National Forum for Government Chief Internal Auditors held in Victoria, British Columbia on October 4-5, 2004, the chief internal auditors of Canada’s senior governments learned, among other things, about the results of two recent legislative audits of internal audit functions and held discussions on such varied issues as internal audit standards and the placement of internal audit inside governmental organizations.