esaag internal audit guidelines

7/31/2019 ESAAG Internal Audit Guidelines

1/34

E S A A G

INTERNAL AUDITING GUIDELINES

for

East and Southern Africa Association of Accountants General

February 2001


2/34

INTERNAL AUDITING GUIDELINES

forThe East and Southern African Association of Accountants General

CONTENTS

PAGE

1. Introduction 1

2. Nature, Objectives and Scope of Internal Audit 1

3. Internal Audit Independence 7

4. Managing Internal Audit 12

5. Professional Proficiency 15

6. Relationships 20

7. Internal Audit Planning 23

8. Approaches to Internal Audit 26

9. Reporting, Monitoring and Follow-up 28

Glossary of Technical Internal Audit Terms 32


3/34

1. INTRODUCTION

1.0 These Internal Auditing Guidelines are recommended to all government institutions in member

countries. These may include Ministries, Departments, Regions, and other public sector

organisations or entities, where appropriate. The Guidelines are prepared in compliance withthe Standards for the Professional Practice of Internal Auditing developed by the Institute of

Internal Auditors and international best practice in public sector Internal Audit.

1.1 The guidelines are intended to provide best practice principals rather than specific guidance on

Internal Audit procedures and techniques. Each professional Internal Auditor should hold the

general skills and knowledge of Internal Audit practice.

1.2 A brief explanatory note to facilitate a clear understanding of the guidelines is included before

each guideline.

1.3 These guidelines provide criteria by which Internal Auditing in the Public Sector in member

countries should be measured and evaluated.

1.4 Any standards or guidelines should be dynamic to keep up to date and these guidelines will be

revised from time to time as necessary.

2. NATURE, OBJECTIVES AND SCOPE OF INTERNAL AUDIT

2.0 Explanatory Notes :

2.1 This guideline explains the nature, objectives and scope of Internal Auditing and indicates the

range of responsibilities that Internal Audit should cover. The Head of Internal Audit should

ensure that each Accounting Officer (see Glossary of Technical Internal Audit Terms at the end of

these Guidelines) in the public sector organisations for which they are responsible are aware of

the full range of activities that fall within the scope of Internal Audit.

2.2 Nature: The Institute of Internal Auditors defines Internal Auditing as "an independent objective

assurance and consulting activity designed to add value and improve an organisation's

operations. It helps an organisation accomplish its objectives by bringing a systematic,

disciplined approach to evaluate and improve the effectiveness of risk management, control andgovernance processes."

Internal Auditing Guidelines February 2001 Page 1 of 33


4/34

2.3 Internal Audit should be an independent function or division within the public sector organisation.

It assists management by reviewing, assessing and helping to improve the internal control system.

Internal Auditors work with Accounting Officers and other managers to help to improve internal

controls within their public sector organisation and so reduce the risks the Government faces in

achieving its objectives to an acceptable level. Internal Audit undertakes reviews of individual

systems and processes. As a result, recommendations are made to the relevant Accounting Officer

on how internal controls could be improved.

2.4 Scope: The scope of internal audit needs to cover the systematic review, appraisal and reporting

of the adequacy of the systems of managerial, financial, operational and budgetary control and

their reliability in practice, including:

the relevance of established policies, plans and procedures, the extent of compliance with

these

the appropriateness of organisational, personnel and supervision arrangements

the extent to which assets and interests are accounted for and safeguarded from losses of

all kinds arising from waste, extravagance, inefficient administration, fraud or other causes

the appropriateness, reliability and integrity of financial and other management

information and the means used to identify, measure, classify, report and act upon that

information

the integrity of computer systems, including systems under development

the follow-up action taken to remedy previously identified weaknesses.

2.5 The actual areas reviewed by Internal Audit should be determined by a risk assessment that guides

Internal Audit planning (see Guideline Seven).

2.6 There should be an Internal Audit service for all public sector and government organisations

including the armed and secret services.

2.7 Objectives: Internal Audit should operate in partnership with management by helping to enhance

their accountability, transparency and corporate governance. This is achieved by identifying and

evaluating their internal control systems and making recommendations for improvements and

refinements to these systems.

2.8 Internal Audit assists Accounting Officers by evaluating and reporting on the elements of the

internal control system for which the Accounting Officer is responsible. It is not, however, an

extension of, or a substitute for, effective internal controls. Responsibility for internal controlrests fully with the Accounting Officer, who should ensure that appropriate and adequate

arrangements for internal control exist in addition to any Internal Audit activity in their public



5/34

sector organisation. It is for the Accounting Officer to decide whether or not to accept and

implement Internal Audit findings and recommendations. However, the Accounting Officer should

be responsible to an Audit Committee and the Public Accounts Committee for ensuring that

prompt and effective action is taken to address Internal Audit's findings. An Audit Committee may

assist in ensuring that prompt and effective action is taken in response to audit recommendations.

2.9 Internal Audit may undertake checks that individual items of expenditure are necessary and have

been authorised as required. This may be undertaken before the payment is made (pre-audit) or

may be undertaken later (post-audit). Internal Audit may also be required to undertake

independent checks on stores and fixed assets. However, international best practice suggests that

the core element of Internal Audit work should be systems audit. The objective of systems audit is

to improve the controls operated by management rather than Internal Audit acting as a control

itself.

2.10 If Internal Auditors undertake pre-audit, they should not also undertake system reviews of the

same transactions or systems.

Advantages and Disadvantages of Pre-Audit

Advantages Disadvantages

Could help to ensure that expenditure is

necessary and appropriate.

May reduce officers' responsibilities for

internal control. Managers may not check

payments properly, but rely on Internal Audit

to do these checks.

Could help to ensure that expenditure is

properly authorised before payment is

made.

Payments may be delayed until Internal Audit

has completed their checks.

Could help to prevent management fraud. It may be an inefficient use of valuable

Internal Audit time.

Could help to reduce the incidence of fraud

or irregularity.

Could provide an opportunity for unethical

Internal Auditors to seek bribes.

Could help to confirm the existence of

projects, supplies and stores.

Could relax Internal Audit objectivity when

doing systems audit work.

Could put Internal Audit security at risk.

2.11 In some countries, Internal Audit may be required to undertake pre-audit. Where this is the case

consideration should be given to reducing this role. This could be achieved by only undertaking

pre-audit on larger payments or those that are particularly vulnerable to fraud or irregularity.

Public sector organisations with good internal controls could be rewarded with a reduced

requirement to have their expenditure subject to pre-audit.



6/34

2.12 Internal Audit is not necessarily best suited to under take investigations into suspected fraud,

corruption or irregularity. This is a specialised function that requires expert knowledge and

experience. The approach to fraud investigation is different to that used in routine Internal Audit

work. For these reasons, where possible, fraud investigations should be undertaken by a special

unit.

2.13 Internal Audit can:

independently review and appraise the systems of control throughout the public sector

organisation (not just the financial controls);

recommend improvements to internal controls;

ascertain the extent of compliance with procedures, policies, regulations and legislation;

provide reassurance to management that their policies are being carried out with

adequate control of the associated risks;

facilitate good practice in managing risks;

save money by identifying waste and inefficiency, and by facilitating the spread of good

practice;

avoid duplication of effort by an effective partnership with the Auditor-General and other

review agencies;

by its activities help to ensure that assets and interests are safeguarded from fraud, deter

fraudsters and possibly identify fraud.

2.14 The existence of Internal Audit in a public sector organisation should not cause a general

relaxation or vigilance on the responsibility of the line managers. It is not the responsibility of

Internal Audit to detect and/or prevent fraudulent activities and irregularities. This is the

responsibility of all officers, managers and the Accounting Officer.

GUIDELINE ONE: NATURE, OBJECTIVES AND SCOPE OF

INTERNAL AUDIT

1

NATURE OF INTERNAL AUDIT

Internal Auditing is an independent objective assurance and consulting activity designed

to add value and improve an organisation's operations. It helps an organisation

accomplish its objectives by bringing a systematic, disciplined approach to evaluate and

improve the effectiveness of risk management, control and governance processes. The

effect of Internal Audit should be continual improvements and refinements to the internal

control system as a contribution to proper, economic, efficient and effective use of

government resources.

OBJECTIVES OF INTERNAL AUDIT



7/34

2 Internal Audit has two main objectives. These are to:

a) ensure that internal control and risk management systems are continually being

improved and optimised in response to an ever changing environment;

b) provide reasonable assurance to the relevant Accounting Officer and the Audit

Committee that significant risks in the public sector organisationare being appropriately

managed, with an emphasis on the role of internal controls.

3 The way that these objectives are achieved will vary between countries and

organisations. This leads to a variety of different approaches to Internal Audit. This

subject is covered in the Guideline below on Approaches to Internal Audit.

4 The Head of Internal Audit should be consulted when the Accounting Officer wishes to

change the system of internal control. The Head of Internal Audit should be required to

co-ordinate inter-ministerial or departmental issues concerning control.

5 If Internal Auditors are used to investigate potential fraud or irregularity they will need

specialist knowledge and experience. An expert team should be created to investigate

cases of actual or potential fraud and irregularity.

6

INTERNAL CONTROL

Internal control has been defined by the Committee of Sponsoring Organisations of the

Treadway Commission (COSO) inInternal Control Integrated Framework, as:

'A process, effected by an entitys board of directors, management and other

personnel(people), designed to provide reasonable assurance regarding the

achievement of objectives in the following categories:

Effectiveness and efficiency of operations; (basic operational objectives,

performance goals and safeguarding resources)

reliability of financial reporting

compliance with applicable laws and regulations.'

7 Internal control is a management tool used to provide reasonable assurance that the

public sector organisation's objectives are being achieved efficiently. Internal control

covers the whole system of controls, policies and procedures established by management

to meet their targets and objectives.

8 The responsibility for the adequacy and reliability of internal controls rests with

management. The relevant Accounting Officer has overall responsibility for the

establishment and maintenance of internal controls within their area of responsibility.

The Accounting Officer of each public sector organisation should ensure that proper

internal controls are introduced, reviewed, and updated to keep them effective. An Audit

Committee can assist with this role.

9

SCOPE OF INTERNAL AUDIT

The potential scope of Internal Audit is the whole system of internal control established



8/34

by a public sector organisation. This may include controls over all the organisation's

activities, not just controls over financial accounting and reporting. Internal Audit should

review all significant operational and management controls, including policies and

procedures for the management of risk. However, Internal Audit should concentrate its

efforts on the high risk areas and the most important internal controls.10 The Accounting Officer and Audit Committee should not restrict Internal Audit to work

on financial systems or checking that assets are safeguarded. Internal Audit work should

go beyond the accounts to check that public officials and others entrusted with public

resources are:

a) complying with applicable laws and regulations

b) achieving government objectives and desired services or benefits established by the

public sector organisation.

11 The Audit Committee and the Accounting Officers should ensure that Internal Audit has

the widest scope to ensure that internal controls across the whole public sector

organisation may be subject to review by Internal Audit.

12 Internal Audit should have unrestricted access to all the people, systems, documents and

property it considers necessary for the proper fulfilment of its responsibilities.



9/34

3 INTERNAL AUDIT INDEPENDENCE

3.0 Explanatory Notes :

3.1 Internal Audit should be sufficiently independent from line management to ensure that InternalAudit's professional judgements and recommendations are objective and impartial. To be

effective, Internal Audit needs to have adequate authority and report at a sufficiently senior level

within the public sector organisation. As a result, the Head of Internal Audit should report (for

pay and rations) at a level at least equivalent to the Accountant-General in the Ministry of

Finance or the Permanent Secretary in other ministries. Internal Audit should also report to an

Audit Committee and have a direct reporting line to the Accounting Officer.

3.2 It is generally considered that Internal Audit should not report to a manager if Internal Audit

regularly reviews systems that this manager is directly responsible for. For this reason, in some

countries it is considered inappropriate for the Accountant-General to be responsible for Internal

Audit. The reason for this is that the Accountant-General is the accounting advisor to the

Permanent Secretary in the Ministry of Finance and is also in charge of the treasury and the

national accounts. The Head of Internal Audit regularly reviews systems that the Accountant-

General is responsible for and so should not report on these systems to the same officer.

3.3 Internal Audit will achieve respect through the status it is given in a public sector organisation.For the individual Internal Auditor,objectivity is essential to ensure an attitude of mind

characterised by integrity, steadfastness and an impartial approach to work. Objectivity may be

impaired through familiarity both with systems and non-audit staff. This may occur if Internal

Audit staff are involved with the same work assignments and ministerial officers for several years.

3.4 Internal Audit should take its authority and terms of reference from the Audit Committee and

Accounting Officer to whom the Head of Internal Audit should report and have the right of direct

access. Internal Audit's terms of reference (or charter) should clearly outline the nature,objectives, responsibilities and scope of Internal Audit. Internal Audits terms of reference should

be approved by the Audit Committee subject to applicable legislation.



10/34

3.5 The written terms of reference for Internal Audit should clearly:

a) establish Internal Audit's position within the organisation

b) establish Internal Audit's right of access to all records (both electronic or otherwise),

assets, personnel and premises, and its authority to obtain such information and explanations,

as it considers necessary to fulfil its responsibilities

c) define the scope of Internal Auditing activities.

3.6 Objectivity is an independent attitude of mind that Internal Auditors should maintain when

performing Internal Audit work. It is important that Internal Auditors always retain a critical

edge in undertaking their work. Internal Auditors need to be sceptical in discussions with officers

and to obtain an adequate level of proof from Audit testing.

3.7 Objectivity requires Internal Auditors to carry out Audits in such a way that the quality of theirwork or their honest belief in the results of that work is not compromised. Internal Auditors

should not be placed in situations in which they feel unable to make objective professional

judgements.

3.8 Internal Auditors should not be placed in situations in which they feel unable to make objective

and impartial professional judgements. If any of the situations referred to below arise, Internal

Auditors should inform their Head of Internal Audit so that alternative arrangements for the

Internal Audit assignment may be made:

(a) Internal Auditors, notwithstanding their employment by the organisation, should be free

from any conflict of interest arising either from professional or personal relationships or from

pecuniary or other interests in an organisation or activity that is subject to Audit.

(b) Internal Auditors should be free from undue influences, which either restrict or modify the

scope or conduct of his work or over-rule or significantly affect judgement as to the content of the

Internal Audit report.

(c) Internal Auditors should not allow their objectivity to be impaired when Auditing an

activity for which they have had authority or responsibility in the past.

(d) Internal Audit should be consulted about significant proposed changes to the internal

control system or the implementation of new systems. Internal Audit may make recommendations

on the standards of control to be applied without prejudicing Internal Audit's objectivity in

reviewing those systems at a later date.



11/34

(e) Internal Auditors should not normally undertake non-Audit duties, but if they do,

exceptionally, they should ensure that management understands that they are not then functioning

as Internal Auditors.

3.9 International best practice suggests that Audit Committees should be established. Audit

Committees are generally considered to improve the independence of Internal Audit. Audit

Committees should be established for each public sector organisation. Members of an Audit

Committee, especially the chair, should be chosen so that they are sufficiently independent from

the senior managers of the public sector organisation and so they are suitably experienced. An

Audit Committee may deal with more than one organisation.

3.10 The role an Audit Committee with regard to Internal Audit is that it should:

approve Internal Audit's strategic and operational plans and review performance against

them

discuss with Internal Audit its findings and the responses of management to its major

recommendations; and, periodically, its views on the overall quality of internal control

consider the objectives and scope of any additional ( non-audit work) work undertaken by the

Internal Auditors to ensure there are no conflicts of interest and that independence is not

compromised

review the adequacy of the Internal Audit function, its adherence to professional standards,

particularly independence, standing, scope, resourcing, its liaison with the Auditor-General

and other review agencies and its reporting arrangements

meet regularly two or three times a year and meet with the Internal Auditors at their request

as they deem necessary

through its Chair represent the concerns of Internal Audit to the relevant Accounting Officer,

Permanent Secretary or Minister

be involved in the process of appointment or dismissal of the Head of Internal Audit

periodically review the Internal Audit terms of reference.



12/34

GUIDELINE TWO: INTERNAL AUDIT INDEPENDENCE13 Internal Auditors should be objective, and, as far as possible, operationally independent

of the management of the public sector organisation.

14 Internal Audit independence should permit it to provide impartial and unbiased

judgements that are essential for its proper function. Internal Audit independence should

also ensure that the Head of Internal Audit can report without 'fear or favour' to all levels

within the public sector organisation. Internal Audit independence can be ensured

through status and objectivity.

15 It is the responsibility of the Accounting Officer and the Audit Committee to ensure

that conflicts of interest do not arise and that Internal Audits objectivity and

independence are not compromised. If the independence or objectivity of Internal

Audit is impaired, in fact or appearance, the details of the impairment should be

disclosed to the Accounting Officer and the Audit Committee.

16

STATUS

The Head of Internal Audit should be responsible to an individual with sufficient

authority to promote Internal Audit independence and to ensure the broadest Internal

Audit coverage, adequate consideration of Internal Audit reports and appropriate action

on Internal Audit recommendations. Internal Audit needs the support of top management

officials so that they can gain the co-operation of officers and perform their work without

interference. Internal Audit should have a direct reporting line to the Accounting Officer

and the Audit Committee.

17 The Head Internal Auditor should report to the Accounting Officer and an Audit

Committee.

18

TERMS OF REFERENCE

Internal Audit should have written terms of reference (or charter) that are agreed by the

Accounting Officer and the Audit Committee. These should clearly outline the nature,

objectives, responsibilities and scope of Internal Audit. The Head of Internal Auditshould actively seek to develop and obtain approval of such terms of reference. The

terms of reference should be reviewed and revised, if necessary, at least every three

years.

19 The terms of reference for Internal Audit should include the requirement for Internal

Audit to have the access, to all personnel, records, assets and property that Internal Audit

considers necessary for it to undertake its work effectively.

20 The terms of reference for Internal Audit should be supported by a law, by-law or

regulation that specifies the position of the Internal Auditor in the government hierarchy.OBJECTIVITY



13/34

21 The term objectivity includes the requirement on the part of Internal Auditors to have an

independent mental attitude to the performance of their work. Objectivity should ensure

that Internal Auditors have an honest belief in their work product and that no significant

quality compromises are made.

22 Internal Auditors should not be placed in any situation where they feel unable to makeobjective professional judgements. Objectivity may be impaired through familiarity,

with both systems and officers. This may be created by Internal Audit staff being

involved with work assignments for too long a period of time. In order to maintain

maximum awareness and motivation amongst Internal Audit staff, work assignments

should be rotated on a planned basis. Transfers of Internal Audit staff between public

sector organisations are to be recommended, every few years, where possible.

23 Internal Audit assignments should be undertaken in such a way that there is no potential

or actual conflict of interest. Internal Audit staff should not undertake Audits of systems

if they worked in this area in the last year. Internal Audit staff should declare any

conflict of interest that may arise.

24 Recommending standards of control for new systems or reviewing procedures before

they are implemented is part of Internal Audit work. However, designing, installing and

operating systems is not an Internal Audit function. Performing such work is presumed

to impair Internal Audit objectivity.

25

POSITION

The position of Internal Audit should be categorised specifically as a Stafffunction as

opposed to allLine Functions. Internal Auditors should not supervise or manage other

sections or activities. If Internal Auditors perform non-audit work they are not

functioning as Internal Auditors. Performance of such activities is presumed to impair

Internal Audit objectivity. Therefore, the Internal Auditor should not undertake

executive functions outside their divisional activities.

26 The position of Internal Audit within the public sector organisation should be high

enough to ensure that there is no impairment of Internal Audit scope.



14/34

4 MANAGING INTERNAL AUDIT

4.0 Explanatory notes:

4.1 The appointment of appropriate staff is important to the success of Internal Audit. Internal

Auditors must be able to develop good working relationships with all officers. Internal Auditors

must also be able to quickly understand how systems work and be able to identify suitable

improvements. The Head of Internal Audit should ensure that all their staff are appropriately

trained and receive suitable guidance.

4.2 Controlling: Internal Audit work should be controlled at all levels of operation to achieve

objectives and ensure the economic and efficient use of resources.

4.3 The Head of Internal Audit should continually monitor Internal Auditors' performance. Any

significant variations from work plans should be investigated and dealt with appropriately. The

results of each Internal Audit assignment or groups of Audit assignments should be reviewed

against Internal Audit plans. Efficiency should be assessed and any necessary revisions made to

subsequent planned work.

4.4 Recording: The Head of Internal Audit should specify standards of Audit documentation, ensure

that those standards are maintained and monitor compliance with the standards.

4.5 Appraisal: Like any other department, Internal Audit should be constantly appraised to ensure

that its performance and value to the management of the public sector organisation is maximised.

The Internal Audit function is subject to budgetary constraints, in common with all other elements

of the public sector, therefore its value should continually be re-assessed. This appraisal or

assessment should be undertaken by Internal Audit managers and also periodically by

independent suitably experienced external assessors. The assessment should consider the views of

the Accounting Officer and other senior managers on the success of Internal Audit. It may alsoconsider Internal Audits effectiveness and any appropriate directional changes.

4.6 An Internal Audit management unit in the Ministry of Finance may assist in maintaining the

quality of internal audit across all public sector organisations and can assist with ensuring the

independence of Internal Audit. The Internal Audit management unit may have responsibility for

the staffing, planning, organisation and co-ordination of Internal Audit units in all public sector

organisations. The management unit may provide guidance to Internal Audit units in other public

sector organisations, monitor all Internal Audit reports, and co-ordinate training across the

public sector. In some countries Internal Audit units in all public sector organisations are

managed by a central Controller of Internal Audit in the Ministry of Finance.



15/34

GUIDELINE FOUR: MANAGING INTERNAL AUDIT27 The Head of Internal Audit should effectively manage Internal Audit to ensure it adds value

to the public sector organisation and to ensure that:

(a) Internal Audit work fulfils its terms of reference

(b) resources for Internal Audit are used efficiently and effectively

(c) Internal Audit staff undergo suitable professional development

(d) Internal Audit work conforms to approved standards

(e) the morale of Internal Audit staff is developed and maintained.

28 The Head of Internal Audit should submit periodic activity reports to the Accounting

Officer and the Audit Committee. These reports should compare:

(a) actual performance with goals and Internal Audit plans

(b) actual expenditures with financial budgets.

The Head of Internal Audit should explain major variances (positive or negative) together

with action taken to address these.

29 The Head of Internal Audit should ensure that Internal Audit staff are provided with a

suitable Audit Manual including written policies and procedures to guide them with their

work. This guidance should also include programmes for particular Internal Audit

assignments. The Internal Audit programmes should specify reporting lines at each level of

management.

30 The Head of Internal Audit should ensure that the work of all levels of Internal Audit staff is

effectively supervised from planning to conclusion. This supervision should include:

(a) provision of suitable instructions and guidance at the outset of an Internal Audit

assignment and approving the Audit programme

(b) seeing that the approved Audit programme is carried out unless deviations are both

justified and authorised

(c) ensuring that Internal Audit staff understand the work to be undertaken and obtain and

document sufficient relevant and reliable audit evidence

(d) determining that Internal Audit objectives are being met.

31

MANAGEMENT REVIEW

All Internal Audit working papers and reports should be reviewed by Internal Audit

managers before the reports are released. This review should include:

(a) determining that Audit working papers adequately support the Audit findings,

conclusions and report

(b) making sure that Audit reports are accurate, objective, clear, concise, constructive and

timely.32 Internal Audit working papers should show clear evidence of this management review.

QUALITY ASSURANCE APPRAISALS



16/34

33 There should be periodical reviews of Internal Audit performance to ensure that its

performance and value to the management of the public sector organisation is maximised

and to ensure compliance with appropriate standards and guidance.

34 The Head of Internal Audit should establish and maintain a quality assurance programme to

evaluate the operations of Internal Audit. This programme should provide reasonableassurance that Internal Audit work conforms to relevant standards and theseInternal

Auditing Guidelines. It should also ensure that Internal Audit adds value by improving

internal control. This quality programme should include:

(a) supervision (b) internal review

(c) external review.

35 Supervision of Internal Audit work should continuously ensure conformance with the

Institute of Internal Auditors Standards, theseInternal Auditing Guidelines, department

policies and Audit programmes.

36 Internal reviews should be performed periodically by senior Internal Audit staff to appraise

the quality of the Internal Audit work that is undertaken in all public sector organisations.

37 External reviews should be performed to assess the quality of Internal Audit work against

these Guidelines. These reviews should be performed by suitably qualified Internal

Auditors who are independent of the organisation and who do not have either a real or an

apparent conflict of interest. The external reviews should be undertaken at least once every

five years.

38 On completion of such reviews, formal written reports should be issued to the relevant

Accounting Officer and the Audit Committee. These reports should express an opinion on

Internal Audit's compliance with theseInternal Auditing Guidelines and, where necessary,

should include recommendations for improvement.

5. PROFESSIONAL PROFICIENCY


5.1 In carrying out their duties Internal Auditors should exercise due professional care, that is

competence based on appropriate experience, training, ability, integrity and objectivity.

5.2 Due professional care is defined as carrying out Internal Audit work with competence and

diligence. Due care does not mean infallibility. Consequently Internal Auditors cannot provide

absolute assurance that non-compliance or irregularities do not exist. However, it will be

incumbent upon the Internal Auditor to consider the effect of significant weaknesses in the systems

under review and evaluate the possibility of material irregularity or non-compliance with the



17/34

legislation and regulations when undertaking Internal Audit.

5.3 Professional care requires the use of Audit skills and judgements based on appropriate

experience, training, ability, integrity and objectivity. The level of professional care to be

exercised should be appropriate to the objective and complexity of the Internal Audit work being

performed.

5.4 In order to demonstrate due professional care, Internal Auditors should be able to show that their

work has been performed in the manner which meets the criteria set by these Internal Auditing

Guidelines or specific departmental policies.

5.5 Internal Audits should be performed by, or supervised and controlled by, Audit staff who have the

technical skills, experience and perspective which will enable them to comply with theseGuidelines. This is necessary to maintain Internal Audit's credibility as a dependable instrument

of management.

5.6 The Head of Internal Audit should therefore ensure that Audit staff have the capacity to meet the

responsibilities identified by the terms of reference agreed with the Audit Committee and the

Accounting Officer.

5.7 The Head of Audit should ensure that all Internal Audit staff are reminded of their ethical

responsibilities and also ensure that their declarations of interest are reviewed, and where

appropriate, updated at least once a year.

5.8 Internal Auditors should not accept any gift or inducement from an officer, worker, supplier or

other third party. Information acquired by Auditors in the course of their work should not be used

for unauthorised purposes or for personal benefit or gain. Internal Auditors should only accept

hospitality when this is consistent with the public sector organisations documented arrangements.

5.9 The most important source of information for Internal Auditors is the staff working within the area

subject to Audit. These officers know how the system actually operates and should have a

reasonable idea of how practical any improvements may be. Thus interviewing skills are essential

for all Internal Auditors. Internal Auditors need to be able to understand what may be a complex

system. Internal Auditors also need to be able to critically assess each stage of the process. Why

is its performed? Could it be undertaken more efficiently?



18/34

5.10 Staff who operate the system will know what they do, but not necessarily why they do it. They may

also try and explain the system in the most positive light. The skill of Internal Auditors is to

enable all the staff they interview to open up and describe what they actually do (not just what

they think they should do) and to identify any aspects they think could be improved.

Understanding why each step is taken is more difficult. Staff may just do it because weve

always done it that way or even worse because the Auditors told us to!

5.11 An experienced Internal Auditor will ensure that the staff they talk to are relaxed and so describe

the system, its bad points as well as the good points. They will also challenge the staff to ensure

that they describe what actually happens and through discussion ascertain whether any

improvements are possible and practical.



19/34

GUIDELINE FIVE: PROFESSIONAL PROFICIENCY

39

Staffing

Internal Auditors should be appointed through free and open competition on the basis of

merit. The criteria used to fill Internal Audit posts should be suitable and clearly

documented. They should be developed after considering the level of required scope and

responsibility. Deliberate attempts should be made to ensure the proficiency and

qualifications of each prospective Auditor.

40

Compliance with Codes of Conduct

Internal Audit staff should follow existing codes of conduct and ethics for their

organisation. All professional Internal Audit staff should be members of the relevant

accounting or Internal Auditing professional body and follow their code of conduct or

ethics. All Internal Auditors should follow a professional code of conduct which calls

for:

a) high standards of honesty

b) high standards of diligence

c) high standards of loyalty.

41

Knowledge Skills and Discipline

Internal Auditors should be required to (individually) possess the knowledge, skills and

competencies essential to the performance of effective Internal Audit. Internal Audit

staff should be required to possess the following skills:

a) proficiency in applying Internal Auditing Guidelines

b) knowledge of techniques required to perform Internal Audit

c) proficiency in accounting principles and techniques (especially government

accounting)

d) an understanding of management principles and administrative procedures to enable

recognition and evaluation of the materiality and significance of deviations from good

and acceptable practice.

42

Human Relation and Communication

Internal Auditors should possess the skills required to deal with people and to

communicate effectively. They should cultivate harmonious relationships with officers

and managers. Internal Auditors should be proficient in oral and written communication

to enable effective reporting.

43

Continuing Education

Training of Internal Auditors should be a planned and continuous process at all levels

and should be designed to cover:

a) basic training providing the minimum level of skills and knowledge which all



20/34

Internal Auditors should possess

b) development training in Audit skills, techniques and behavioural aspects to improve

the effectiveness of those staff currently engaged as Internal Auditors

c) management training for those Auditors with responsibility for managing and

directing Audit teams, together with those staff members who show the potential for

management positions

d) specialist training for those Auditors responsible for a special field of Audit work

which requires specialist skills and knowledge, for example, computer auditing or

performance auditing.

44 Internal Auditors, as responsible Government officers, should be responsible for

continuing their education in order that they maintain their knowledge, skills and

proficiency. They should keep themselves informed on changes and developments in

their public sector organisation's activities and other Government developments. Internal

Auditors also need to be aware of developments across the Internal Auditing profession.

45 If there is an Internal Audit management unit in the Ministry of Finance, this unit should

be responsible for the co-ordination of training requirements for all government Internal

Auditors. The foundation, from which the assessment of training requirements of

Internal Audit will be derived, should be the database of Internal Audit staff in all public

sector organisations.

46 Internal Auditors should be aware of their responsibility for continuing their education onorder to maintain their proficiency through participation in professional societies,

conferences and seminars, college courses, in-house training and engage in research to

identify new Internal Auditing developments.

47

Due Professional Care

The term due professional care means and includes the application of the care and skill

expected of a reasonable, prudent and competent Internal Auditor in the same or similar

circumstances.

48 In exercising due professional care, Internal Auditors should be alert to the following:

a) the possibility of intentional wrong doing

b) errors and omissions

c) inefficiency, waste, ineffectiveness

d) conflicts of interest

e) conditions and activities likely to give rise to irregularities

f) inadequate control situations.

49 In exercising due professional care the Head of Internal Audit is required to consider the

following:

a) the extent of Internal Audit work needed to achieve the Audit objectives



21/34

b) the relative complexity, materiality or significance of matters to which Audit

procedures are applied

c) adequacy and reliability of risk management and control processes

d) likelihood of material irregularities or non-compliance

e) the cost of Internal Audit work compared to potential benefits or the risk of poor

internal controls.

6. RELATIONSHIPS


6.1 Management and staff at all levels should have confidence in the integrity, independence and

capacity of Internal Audit. This should be reflected and maintained in good working relationships

between Internal Auditors and the staff in the sections that they review.

6.2 The Head of Internal Audit should seek to foster and maintain constructive working relationships

with stock verifiers, fraud investigators, inspectors and any other review staff. Consultations

between Internal Audit and review staff should lead to effective co-ordination and minimise



22/34

duplication of work.

6.3 Internal Audit should not improperly disclose any information obtained during the course of their

work. Permission should be provided by senior management before any information is passed

outside the organisation. Internal Audit will, quite properly, reveal to appropriate responsible

parties (for example, police or Auditor-General) all material facts they have established which, if

not so revealed, may prevent the uncovering of unlawful acts or could distort Audit reports. The

passing of this information should be treated as confidential and legally privileged. That is the

Internal Auditor will be exempt from any legal liability from the passing of such information.

6.4 It is important for Internal Audit to market the services it can provide to managers. This could

include producing leaflets and making presentations to Accounting Officers and other senior

officers on the services, assistance and role that Internal Audit can play.

6.5 The relationship between Internal Audit and the Auditor-General's Office needs to take account of

their differing roles and responsibilities. Internal Audit is an independent appraisal function

within the organisation and Internal Auditors are direct employees. It is the Auditor-General's

role to ensure that the financial statements, operating performance and related statements are

properly stated in all material respects. Internal Audit and the Auditor-General may also have

responsibility for performance audit to ensure that economy, efficiency and effectiveness are

improved.

6.6 The aim should be to achieve mutual recognition and respect, leading to a joint improvement in

performance and the avoidance of unnecessary overlapping of work. It should be possible for the

Auditor-General and the Head of Internal Audit to rely on each other's work, subject to limits

determined by their different responsibilities, respective strengths and special abilities.

Consultations should be held and consideration given to whether any work of either Auditor is

adequate for the purpose of the other. Internal Audit does not automatically have a right of access

to the records of the Auditor-General. However, the relationship between the Head of Internal

Audit and the Auditor-General should be such that the Auditor-General will allow access to the

necessary records.

6.7 The Head of Internal Audit should seek, where appropriate, co-ordination of the plans of Internal

Audit with those of the Auditor-General's Office and the programme of, for example, stock

verifiers. This co-operation should promote the most effective total audit coverage and should

avoid duplication of work. The Auditor-General's Office will have to decide if they can place

reliance on the work of Internal Audit and so reduce the amount of work undertaken by their own



23/34

staff.

6.8 The Head of Internal Audit should meet regularly with staff from the Auditor-General's Office to:

discuss work plans for Internal Audit and the Auditor-General's Office

agree and review the performance of the work relied on

evaluate the relationships with the Auditor-General's Office and report as required to the

Accounting Officer and Audit Committee on this relationship

agree access to each other's audit programmes and working papers

exchange audit reports and management letters

enhance understanding of each other's audit techniques and methods

discuss any other matters of mutual interest.

GUIDELINE SIX: RELATIONSHIPS50 Internal Audits relations with other staff in the public sector organisation, the Auditor-

General, stock verifies and other review agencies should be based on mutual confidence,

understanding of each others needs and a reciprocal desire for co-operation.

Management, at all levels should have complete confidence in the integrity,

independence and capability of the Internal Audit unit.51 There should not be any form of rivalry or conflict between the Internal Auditors and

staff in the Auditor-General's Office. Similarly, there should be a constructive

relationship between Internal Auditors, stock verifiers and other review agencies.

52 The Head of Internal Audit should initiate action to ensure the development of co-

ordination, effective working relationships and the avoidance of duplication of work

with other review agencies. This could include:

a) liaison meetings to discuss matters of mutual interest

b) arranging for access to each others plans, system notes and findings

c) arranging for consultation on plans and proposed visits

d) reviewing training proposals to arrange joint training sessions where possible

e) dissemination of literature for discussion to promote understanding of techniques,

methods and terminology.

53 Copies of Internal Audit reports should be made available to the Auditor-General for

information and co-ordination.

54 Internal Auditors should be familiar with the legislation that defines the statutory

responsibility, duty and rights of access of the Auditor-General. The Head of Internal

Audit should recognise the differences between the roles of Internal Audit and that of the



24/34

Auditor-General.

55 The staff of the Auditor-General's Office may review the effectiveness of Internal Audit

as part of their evaluation of management control arrangements. This review should

determine the extent that the Auditor General's Office is able to rely on Internal Audit

work. Internal Audit should not necessarily undertake special tasks at the request of theAuditor General's Office. However, routine, planned Internal Audit work may be used

by the Auditor General's Office for their own purposes.

56 The relationship between the Internal Auditor and the public sector organisation should

be considered legally privileged. That is the Internal Auditor will be exempt from any

legal liability from the proper undertaking of their work.

Internal Auditors should not release Audit findings or other information outside the

normal reporting arrangements without the knowledge and permission of those

concerned.

57 Internal Auditors should normally consult and advise managers when arranging Audit

visits to their department. The exception to this rule would be for unannounced surprise

visits.

7. INTERNAL AUDIT PLANNING

7.0 Explanatory notes :

7.1 Internal Audit work should be planned at all levels of operation in order to establish priorities,

achieve objectives and ensure the efficient and effective use of Audit resources. Planning should

be based on Internal Audit's terms of reference and allow for coverage of all significant systems,

operations, staff and sites within the public sector organisation.

7.2 Internal Audit plans should be based on a comprehensive understanding of the public sector

organisation and the way in which it operates. High-risk systems or transactions and any known

problem areas should be clearly identified. The emphasis of the Internal Audit plan should be

directed towards these systems.

7.3 Internal Audit plans should be developed in consultation with senior staff and the relevant

Accounting Officer. The appropriate Audit Committee should then approve the Internal Audit

plans.



25/34

7.4 Internal Audit planning should include the following steps:

identify all auditable activities within the agreed scope of Internal Audit

carry out a risk assessment on these activities in conjunction with management, identifying

categories such as high, medium, low

prepare an audit needs assessment based on the risk assessment

develop an overall strategic plan from the audit needs assessment to cover these risks, over,

say, a three-year period

bring to the Accounting Officer and/or the Audit Committee's attention any mismatch between

Audit needs and actual Audit resources

identify systems to be covered in the first year of the strategic plan and prepare an annual

Internal Audit plan

discuss the strategic and annual plans with appropriate senior managers, Accounting Officers

and the Auditor-General's Office and amend as necessary

present the plans to the Accounting Officer and/or the Audit Committee for approval.

7.5 Internal Audit plans should be amended as necessary to take account of changing circumstances.

The Accounting Officer and the Audit Committee should formally approve all significant changes

to the Internal Audit plans.

GUIDELINE SEVEN: INTERNAL AUDIT PLANNING58 The Head of Internal Audit should establish plans to carry out the responsibilities of Internal

Audit consistent with the public sector organisation's goals and objectives.

59 The Internal Audit planning process should include the following:

(a) identifying goals

(b) preparation of strategic Internal Audit plans

(c) establishing proper staffing plans and financial budgets

(d) preparation of activity reports.

60 Internal Audit plans should:

(a) establish a list of systems that could be Audited and prescribe a period within which it is

desirable that each significant system should be examined

(b) define the tasks to be performed

(c) assist in the direction and control of work by identifying critical areas, setting target

dates and allocating resources.

61 To be effective, the Head of Internal Audit should:

(a) define audit needs taking into account the Internal Audit's terms of reference

(b) identify the staff and other resources needed and reconcile these with available,

resources



26/34

(c) choose an appropriate time period for the Audit plans

(d) record all plans in writing

(e) monitor work against planned activity and revise plans as appropriate.

62 Internal Audit plans should be based on a risk assessment. The risk assessment process, to

be conducted at least annually, includes an assessment of:a) relevant risks and their significance

b) consideration of senior management, the Accounting Officer and the Audit Committee's

professional judgement

c) identification of activities to be audited.

63 Internal Audit strategic plans should take into account the following factors:

(a) the date and results of the last Internal Audit assignment

(b) the estimated time required, taking into account the scope of the planned work and the

nature and extent of audit work to be performed by others.

(c) requests by management

(d) major changes in operations, programs systems, and controls

(e) staffing, planning and effective utilisation of financial budgets

(f) Internal Audit priorities

(g) flexibility to cover unanticipated demands on the department.

64 Internal Audit plans and staffing and financial budgets should be developed from strategic

plans, administrative activities, education and training requirements and research anddevelopment efforts.

65 The Head of Internal Audit should submit annually to the Accounting Officer and Audit

Committee for approval a summary of Internal Audit's strategic plans, staffing plans and

financial budgets. All significant amendments to these plans should similarly be approved

by the Accounting Officer and Audit Committee.

66 The Head of Internal Audit should explain, if necessary, why the Audit needs are not being

met. This should prompt the relevant Accounting Officer to take action to ensure that their

public sector organisation is provided with sufficient Internal Audit resources.



27/34

8 APPROACHES TO INTERNAL AUDIT


8.1 There are several different approaches to Internal Audit. International best practice suggests thatsystems audit is the most effective way that Internal Audit can add value to an organisation.

However, in many countries it is considered necessary for Internal Audit to complement systems

audit with a pre-audit approach. If a pre-audit approach is adopted the Head of Internal Audit,

the Audit Committee and the Accounting Officer should discuss the extent that this is necessary.

They should also consider suitable means of reducing the proportion of time that Internal Auditors

spend on pre-audit work.

8.2 The systems approach to Internal Audit seeks to assess and improve the effectiveness of the publicsector organisations internal control system. The prime purpose of a systems Audit should be to

evaluate the extent to which the system may be relied upon to ensure that the objectives of the

system are met. Where internal controls are not adequate and reliable Internal Audit should make

practical recommendations to ensure that these controls are improved.

8.3 Internal Audit evidence should be adequate to meet the objectives of Audit assignments. Internal

Auditors should be satisfied with the nature, adequacy and relevance of Audit evidence before

placing reliance on that evidence. Information should be collected analysed and documented by

the use of appropriate Audit techniques.

8.4 The production of Audit evidence should be supervised and reviewed by the Head of Internal

Audit. To meet an acceptable standard the evidence should be sufficiently adequate and

convincing to the extent that a prudent, informed person would be able to appreciate how the

Auditor's conclusions were reached.

8.5 Internal Audit may also complement its systems approach with other techniques, for example:

performance auditing

control self assessment

advice and assistance on control issues

helping with risk management.



28/34

GUIDELINE EIGHT: AUDIT APPROACH67 Internal Auditors should ensure that their approach and methods enable them to discharge

their responsibilities effectively. This will involve careful thought and discussion with the

Accounting Officer, the Audit Committee and others on the most effective approach to

Internal Audit given the particular circumstances of the public sector organisation.68 Internal Audit should assess and improve the public sector organisation's risk management,

control, and governance processes. The internal auditing activity should assist the public

sector organisation in maintaining effective controls. Assistance can be provided by

evaluating the public sector organisation's controls to determine their effectiveness and

efficiency and by developing recommendations for improvement. Internal Auditors should

ensure that the costs of maintaining controls balances the potential benefits.

69

SYSTEM APPROACH

Internal Audit should, where possible, adopt a systems approach. The systems approach

aims to asses and helps to improve the control features that govern the system. This

approach should provide reasonable assurance that existing controls will ensure that each

systems objective is achieved.

70 When undertaking systems audit an Internal Auditor should:

a) document and analyse the internal control system across all public sector organisations

and establish Internal Audit plans

b) identify and evaluate the controls that are established in individual systems to achieve

the public sector organisation's objectives in the most economic and efficient manner

c) obtain and record relevant, reliable and sufficient audit evidence to support their

findings and recommendations

d) report findings and recommendations for each individual system that is Audited

e) provide an opinion on the adequacy and reliability of the controls in the individual

system under review

f) provide periodic assurance based on an evaluation of the whole internal control system

across all public sector organisations.

71 The use of the systems approach should enable Internal Audit to confirm the following:

a) the official system

b) whether it is operating according to agreed guidance and regulations

c) whether the system is adequate

d) whether the controls are reliable.

72 The system's adequacy should be used to ascertain the following:

a) what should happen to achieve the systems objectives

b) what could go wrong in view of the system's design

c) what has been done to stop things going wrong.



29/34

9 REPORTING, MONITORING AND FOLLOW UP


9.1 The findings and recommendations arising from each Internal Audit assignment should be

promptly reported to management. The recommendations should then be followed up to check

that agreed action has been implemented. A summary of Internal Audit findings,

recommendations and activities should be submitted periodically to the Accounting Officer and

the Audit Committee.

9.2 In general Internal Audit reports should:

state the scope, purpose, extent and conclusions of the Internal Audit assignment, including

Internal Audit's opinion on the adequacy of controls

make recommendations that are appropriate and relevant, that call for action to correct

identified weaknesses or improve the efficiency of operations

acknowledge the action taken, or proposed, by management.

9.3 Recommendations included in the Internal Audit reports should:

be practical and provide constructive solutions to problems identified

be sufficiently detailed to act as a guide for action and facilitate the efficient achievement of the

organisations objectives

be prioritised based on the significance of the weakness identified.

9.4 Conclusions are the Internal Auditor's evaluations of the effects of the findings on the particular

system reviewed. They should:

put the findings in perspective based on the overall implications and significance of the

weaknesses identified

identify the extent to which the system's control objectives are being achieved and the degree to



30/34

which the internal control systems should ensure that the goals and objectives of the public

sector organisation are accomplished efficiently.

9.5 Management should be required to respond in writing to each Internal Audit report. Management

and Internal Audit should agree officer responsibility and target dates for implementation of

agreed recommendations. The responsibility for final editing of Audit reports should remain with

the Head of Internal Audit who should always retain the right to issue reports without further

editing.

9.6 Follow-up activity is the process by which Internal Audit confirms that agreed recommendations

have been implemented by line managers. Internal Audit should periodically follow up Audit

reports to review and test the implementation of agreed Internal Audit recommendations.

9.7 The Head of the Internal Audit should submit to the Accounting Officer and Audit Committee, at

agreed intervals, a report of Internal Audit activity and results. The report should compare actual

Internal Audit activity against the annual Internal Audit plan and should clearly indicate the

extent to which the total Internal Audit needs of the public sector organisation have been met.

9.8 In the annual Internal Audit report the Head of the Internal Audit should give a formal opinion to

the Accounting Officer and Audit Committee on the extent to which reliance can be placed on the

public sector organisations internal control system. The attention of the Accounting Officer and

Audit Committee should be drawn to any major Internal Audit findings where action appears to be

necessary but has not been undertaken.

GUIDELINE NINE: INTERNAL AUDIT REPORTING73 The Head of Internal Audit should report periodically to the Accounting Officer and the

Audit Committee on Internal Audit's purpose, authority, responsibility, and performance

relative to its plan. Reporting should also include significant risks and control issues,

corporate governance issues, and other matters needed or requested by the AccountingOfficer and the Audit Committee.

74 The findings and recommendations arising from each Internal Audit assignment should be



31/34

promptly reported to the Accounting Officer and others who are affected by the report. The

final Internal Audit report including any comments from the Accounting Officer should be

reported to the Audit Committee.

75 The Head of Internal Audit should have complete freedom in the way in which Internal

Audit findings are reported and to whom each report is issued. The Head of Internal Auditshould review and approve each final Internal Audit report before it is issued.

76 Internal Audit reports should contain all material facts known to the Auditor concerning the

system under review to avoid distortion or concealment of any unlawful or improper

practice.

77 Internal Audit reports should be regarded as confidential and exclusive to the public sector

organisation concerned except for privileged external reviews by the Auditor-General and

Permanent Secretary to the Treasury.

78 The Head of Internal Audit should submit monthly or periodic progress reports to the

Accounting Officer and the Audit Committee and explain significant deviations from

approved strategic plans, staffing plans and financial budgets.

79 The Head of Internal Audit should provide an annual report to the Accounting Officer and

the Audit Committee. This report should include:

a) the Head of Internal Audit's opinion on the adequacy and reliability of the whole internal

control system

b) the extent that the Internal Audit needs of the public sector organisation have been met

c) any significant Internal Audit findings where action appears necessary but has not been

taken

d) any systems within the public sector organisation where the internal controls are not

adequate and reliable

e) a comparison of actual Internal Audit activity against the agreed annual plan.

80

COMMUNICATING RESULTS

When communicating results of their work Internal Audit should:

a) oral reports may be issued and should be confirmed in writingb) discuss conclusions and recommendations at appropriate ministerial, departmental or

regional levels before issuing final written reports

c) issue a signed written report after each Internal Audit assignment that is objective clear,

concise, constructive and timely.

d) give reports which clearly present the purpose, scope and results of the Audit

e) give reports with recommendations for potential improvement, suggestions of corrective

action and acknowledgement of satisfactory performance

f) obtain and include in the report the system managers' views about the conclusions or

recommendations



32/34

g) include the officer who is to implement each agreed recommendation and a target dates

for its implementation.

81

MONITORING AND FOLLOW-UP

Internal Auditors should follow up their reports to ascertain that appropriate action is taken

on agreed Internal Audit recommendations. Internal Audit should determine, withappropriate Audit testing, that corrective actin has been taken and is having the desired

effect.

82 If the Accounting Officer does not agree with an Internal Audit recommendation or does not

ensure that agreed recommendations are implemented they should accept the associated

risks. The Audit Committee may advice the Accounting Officer to implement an Internal

Audit recommendation if it considers necessary to achieve sound internal control.

83 The Auditor-General may review and report on the extent that Internal Audit

recommendations have been implemented. Internal Audit may also review the extent that

recommendations made by the Auditor-General have been implemented.



33/34

Glossary of Technical Internal Audit Terms

Accounting Officer the head of a government ministry or department who is personallyresponsible for the management and internal controls of the ministry or department and anyfraud or irregularity that may occur.

Adequacy of internal control an assessment of the quality of internal control. Controls maybe considered to be adequate if, when applied consistently, the controls should help to providereasonable assurance that a control objective will be achieved.

Auditor-General the head of the governments external audit service. The Auditor-Generalis responsible for certifying that the government accounts show a true and fair view, there hasbeen a proper use of public funds and often for undertaking value for money reviews.

Audit Committee a high level committee, comprising, where possible, independent, non-executive members, with responsibility for overseeing the independent review of the frameworkof internal control, monitoring the Internal Audit function and the external audit processes.

Audit Needs Assessment- an assessment undertaken by Internal Audit in consultation withmanagment to determine the extent of Internal Audit that is needed within an organisation andthe frequency that particular systems should be reviewed.

Control objectives the objectives of a control system. Used by Internal auditors as aframework for undertaking systems auditing and so assessing the overall quality of the internalcontrol system.

Control Self Assessment an approach to risk management, that may be facilitated byInternal Audit, that enables management to assess the risks and controls to the achievement ofthe organisations objectives. It may include the development of a risk register that lists themain risks the organisation faces and an action plan for improvements to internal control.

Head of Internal Audit- is a generic title for Chief Internal Auditor or Director of Internal Auditor any other equivalent title.

Internal Audit-is an independent objective assurance and consulting activity designed to addvalue and improve an organisation's operations. It helps an organisation accomplish itsobjectives by bringing a systematic, disciplined approach to evaluate and improve theeffectiveness of risk management, control and governance processes.

Internal Control- is a process, effected by an entitys board of directors, management andother personnel (people), designed to provide reasonable assurance regarding theachievement of objectives in the following categories:

effectiveness and efficiency of operations; (basic operational objectives, performance goalsand safeguarding resources)

reliability of financial reporting

compliance with applicable laws and regulations.

Management- implies the Permanent Secretary and Accounting Officers in Ministries, orControlling officers in Regions or other responsible officers in a public sector organisation.

Performance Audit an approach to Audit that aims to improve the economy, efficiency andeffectiveness of operations. The objective of Performance Audit is to improve the value formoney provided by a public sector organisation.

Public Sector Organisation types of public sector entities, for example, ministries,departments, regions or districts, as examples of the range of possible governmental entitiesthat may exist.



34/34

Reliability of Internal Control an assessment of the extent that internal controls are appliedconsistently by all staff, at all times and in all circumstances.

Risk the chance (or probability) that one or more of the organisations objectives will not beachieved. It may refer to the failure to achieve objectives efficiently or the occurrence ofunwanted outcomes. It may also refer to the inability to exploit possible opportunities.

Risk management- the formal identification, assessment and planned management ofsignificant risks facing the organisation.

Systems Audit- systems audit is the structured analysis of internal control in relation to theobjectives of the organisation. Systems audit should enable internal audit to make practicalrecommendations to address any weaknesses that have been identified within the context ofrisks to the achievement of the systems objectives. It should also enable internal audit to forman opinion on the adequacy and reliability of the organisations internal control system.

esaag internal audit guidelines

Documents