Local Authority Internal Audit Virtual Forum

25 May 2022


Please note:

  • All Institute responses are boxed and highlighted blue
  • Where the chair comments in that capacity this box is highlighted in yellow
  • For confidentiality, the identities of all delegates/attendees are anonymised

Institute's welcome

Good afternoon, everybody. I am John Wood, CEO at the Chartered IIA UK and Ireland, at the Institute.

The topic for today is ‘CIPFA’s Report Internal Audit: Untapped Potential’.  The report was published on the CIPFA website Monday 23 May 2022, here is a link to the report and you hopefully received the link when we reached out to you regarding this Forum. A launch event was held on 17 May and this can be watched here.

CIPFA conducted UK-wide research, sending an open survey to those in the public services, including those in the internal audit profession, management clients and audit committee members. The survey received a strong response with 831 submissions. The outcome of the research concludes that where internal audit is operating effectively, it is already providing this support, but there are pockets where internal audit is unable to do this. This report will examine how internal audit is currently making an impact, identify where it can do more and what is holding it back. Better internal audit means better public services.

The Chartered IIA and CIPFA see the outcome from the report as an opportunity to collaborate more closely for the benefit of the internal audit profession. 

Opportunities for collaboration include –

  • Improve the understanding and respect between internal audit and the audit committee
  • Supporting the development and understanding of the audit committee
  • Recruitment and retention of internal auditors, guest audit programmes, co-source arrangements linked to capacity and capability
  • The Global IIA is currently undertaking a refresh of the International Professional Practices Framework on which the PSIAS is based, when issued this will provide a further opportunity for collaboration, and
  • Challenges regarding the ‘political’ dimension linked to more independent audit committee members

Before we commence the session, I would like to provide the normal introductory comments:

I am joined today by:  

  • Piyush Fatania, Chair for today and a member of the Institute’s Council
  • Liz Sandwith, Chief Professional Practices Adviser for the Chartered IIA UK and Ireland

Chair's opening comments

Good afternoon everyone. I received the CIPFA report yesterday and I must admit I haven’t had chance to review this in detail yet, which is one reason I’m really looking forward to this afternoon’s session.

The CIPFA report examines the role and the perception of internal audit and about preparing the profession for the future. This is great, as it follows on from the messages from Anthony Pugliese, CEO and President of IIA Global, who was hosted by LACAN last week, where he mentioned these being amongst his priorities and those of IIA Global, so it was good to see some dovetailing here. It is as welcome as it is important because the role and perception of internal audit can vary greatly between different organisations. There is a need for greater consistency, greater quality and indeed adherence to professional practices to ensure that we as a profession and those that we audit have a clear understanding of what we do and indeed what we can do. Another element that affects us all I’m sure is the need to develop the capacity and ability to be a sustainable service. This report includes sections on recruitment, retention and training.

It is good to see CIPFA represented at this meeting. Both CIPFA and the Chartered Institute of Internal Auditors (CIIA) are keen to collaborate and support high-quality internal audit within the public sector and how they can continue the work set out in this report. Working together and alongside the Internal Audit Standards Advisory Board (IASAB), CIPFA and the Chartered IIA will continue to support internal auditors to meet the Public Sector Internal Audit Standards (PSIAS). They will also collaborate to improve internal audit’s status and profile in the public sector as well as cultivate a greater understanding between those we audit and the audit committees.

CIPFA and the Chartered IIA will also examine issues raised in the report around professional standards, such as the head of internal audit’s annual opinion and the quality assurance and improvement programme, to identify where guidance or support could improve practice.

Our speaker this afternoon is Diana Melville from CIPFA and I’d like to invite her to talk about the CIPFA Report.


Key takeaways

Slides from the session are attached here. Notes below are supplementary. 

Diana Melville, Governance Advisor, CIPFA

Thank you very much for your kind introduction and to Liz for her help over the last few months in working with us on the report and for working to share the survey when this was published. This allowed us to reflect as many views as possible and therefore make the report more meaningful.

  • I’m keen to emphasise that whilst there is a lot in here for internal auditors to reflect on, there is also a lot for clients to take on board. The report needs to be getting in front of clients and your audit committees so it would be helpful for you to share this with them.
  • The report looks at where we are now and highlights some good news stories. However, there are pockets which could be improved.
  • In terms of the future expectations of internal audit we need to work out how we move forward and what internal audit can and should be doing, whilst being honest about the barriers that hold people back.
  • We can’t dismiss the organisational context in terms of thinking about how the organisation might be holding back internal audit. Perhaps governance is weak, they don’t understand internal audit, they don’t understand the GRC agenda, or the audit committee isn’t very good – this can all lead to reduced expectations of internal audit and the increased likelihood that the internal audit team won’t be perceived as performing at as high a level as in other organisations.
  • We were delighted to see the increase in contribution added to the organisation by internal audit since the previous survey in 2008. It was interesting to see the disparity in responses between the HIAs and the rest of the internal audit team, with the former scoring this more highly, potentially due to the strategic access they have within the organisation afforded by their role. Is there a communication gap within the team regarding this?
  • The report identified that internal audit could be doing more. Yes, we are doing more advisory work, sitting on project boards, and steering groups and completing a wide range of non-planned assurance work, but this wasn’t always the perception of the client or the audit committee. Could communication be better? Do we need to make the audit committee more aware of what internal audit is doing and where it is spending its time?
  • There is also the difficulty in balancing resources. It’s not reasonable to send a trainee auditor to attend a management steering group, therefore putting more pressure on the HIA and other senior members of the team to attend these types of sessions. This warrants discussion with the audit committee and the senior leadership teams as to whether they would be willing to drop other work to accommodate this. It could also lead to a discussion about the longer-term profile of the team – do we need more experienced members?
  • Essentially, are we as internal audit doing enough to sell what they are doing and what our potential might be?
  • The long-term austerity that we have been operating under and the desire to protect front line services has likely impacted on the resources available for internal audit, as has likely been the case for other corporate functions such as risk management, performance management and corporate oversight. Have the cuts gone too far to deliver the level of internal audit assurance the organisation should be getting?
  • Often in internal audit, the HIA picks up additional roles, such a responsibility for risk management, counter fraud or procurement for example, which is a bit contradictory for its independence. There are safeguards in the Standards regarding this to make sure it works and the HIA should be challenged on this role. If the organisation is not able to be sure of satisfactory safeguards, this means they can’t get independent assurance, which is a challenge for the client as well as internal audit.
  • For job satisfaction, it’s important that internal auditors have a satisfactory experience, interesting work and client engagement with the audit process. People don’t want to work where they don’t feel valued. Internal audit can’t move on in a sustainable way if the organisation isn’t providing adequate support and training.

Chair's closing comments

A very good report. I feel our profession is at a juncture, and never have we been more needed by our partners, and never have our challenges been so varied nor the pace at which they come.

There are some positives in the report – it’s not all doom and gloom – it’s just a case of talking and promoting our services with senior management.   


Institute's closing comments

Thank you all.

As usual, notes, chat comments and the slides shared today will be placed on our web pages in the next day or two.

We are currently finalising our programme of sessions and topics for the second half of 2022.  If there are any topics you would like to see please send me an e-mail at liz.sandwith@iia.org.uk.

Our topic for the June session, 22 June 2022 at 3.30 is Cashflow management - staving off a S114 notice.

Fraud: Strengthening your approach – 15 June 2022 - Managing fraud is crucial for any organisation to prevent loss. The event will focus on the latest goings on in fraud and aims to give attendees practical techniques and ways that their organisation can strengthen how fraud is managed and prevented.

The event is free to members

Thank you everyone, see you in June.

Thank you for attending. As always, if you have any ideas or suggestions for what we might include in future agendas, please contact Liz Sandwith.


Q&A and chatbox comments

Q: You stated that increasing resources as a success factor was higher requirement in the public sector is there a comparative figure for the private sector?

A: (Diana) Not that I know of. It’s difficult to compare resources – what would you use as your benchmark? Similar size, turnover size of the organisation and what about the complexity of risk and internal audit delivery model? All of those things make a difference when you compare the size of the audit team and how big the audit plan should be. Over the years, we have had various benchmarking tools but they were all within the public sector rather than private comparators.

(Liz) I don’t have any comparative figures, but we’re busy finalising a benchmarking report which we hope will be ready in mid-June so perhaps that will begin to give some idea of size of team, size of organisation, budgets etc. 

Q: Is there a reference group for the questions selected for the survey, and who did this represent please?

A: On the survey we asked people if they wanted to be involved in further discussions, and if they selected yes, we got in contact with them. We had one group which was HIAs, one which was other internal auditors, one which was audit committee members, one which was clients and one which was a blend of auditors, clients and audit committee members.  

Q: You mentioned sharing the report with our clients and audit committees. Is CIPFA planning on sharing this with its members more widely and/or incorporating the findings and learning from the report within its training suite or at its conferences?

A: Yes. It will be at the CIPFA conference in July (Public Finance Live), we’ve a workshop for delegates there, which will be primarily attended be Chief Finance Officers from across the public services so that will be a good venue for that.

Q: The report sets out a number a good areas of advice but several improvements rely on the organisation and senior management action/views. How is the report being promoted and taken forward with those who can affect those things as Chief Auditors can only do so much without buy-in from others such as Chief Execs, s151 Officers, Monitoring Officers, Members, etc is it being promoted by SOLACE, LGA etc?

A: We haven’t got anything in the pipeline directly yet with SOLACE or LGA. We are talking to the LGA on the regional audit committee forums to discuss the support that CIPFA can provide to them on various forums. It is a good topic to be talking about in those forums. We also do audit committee training and it is featuring on those we’re doing directly ourselves. There will be articles going out in a number of publications as well, such as Public Finance magazine. It will feature in the IIA’s Audit and Risk magazine as well but obviously this is for internal auditors.   

Q: Do you think there would be benefit in getting the Chief Auditor role on a similar footing as the Statutory Officers? Good practice sets CIA reporting to Chief Exec etc but often in the Public Sector the role is seen as a subordinate to the Head of Finance/s151 Officer.   

A: The question was put to Diana post the meeting as it had received 10 votes

Diana – If the HIA was to be deemed a statutory officer there would have to be clarity around exactly what their role and responsibility was providing internal audit services wouldn’t be sufficient. It is certainly a question that has come up in the past and is certainly one to think about. It wouldn’t be for CIPFA to determine though and would be a matter for legislation and given the current amount of new legislation proposed at the moment, I’m not sure if this would be considered.

Liz – There are examples in the Financial Services sector where the Head of internal audit function (SMF5) The head of internal audit function is the function of having responsibility for management of the internal audit function of the firm, including reporting directly to the governing body of the firm on the internal audit function. According to the FCA, the purpose of the SM&CR legislation is to ‘reduce harm to consumers and strengthen market integrity by creating a system that enables firms and regulators to hold individuals to account.’ In other words, it’s designed to ensure those in senior roles have the skills, knowledge and integrity to act in the customers’ best interests, while setting a new standard of personal conduct for everyone working in financial services.