Workiva advert Ideagen advert TeamMate

Internal Audit Effectiveness Report 2017

As an independent provider of internal audit effectiveness reviews, we have unique insight into how internal auditing functions operate. This report brings together our findings from reviews of a range of public and private sector organisations over the past year, with both large and small internal audit functions.

The report provides benchmarks and highlights potential areas for improvement. In it we examine the significant trends, examples of good practice and the key areas for improvement in five core aspects of internal audit: 

Positioning  |  People  |  Performance  |  Planning  |  Process


Download the full report


Executive summary

Since piloting external quality assessments (EQAs) in the latter part of 2011/12 we have undertaken over 80 reviews. These include public and private sector organisations with large and small internal audit functions.

We expect this growth to continue based on our unique ability to drive the development of the profession through benchmarking, guidance, qualifications and training. During 2016/17 we undertook 23 reviews (11 in the public sector, 9 in the private sector and 3 in the Financial Services sector) of which 15 generally conformed to the IIA Standards, 4 partially conformed and there was one instance where the internal audit function did not conform to the Standards.  This means 98% of internal audit functions we see are achieving high or good levels of performance which is an increase of 13% conformance since 2015/16.

This window into internal audit practice provides interesting reading with grounds for both optimism and concern.

  • At the top end of the results (upper quartile) we have been impressed by the approach and outlook of those internal audit functions who deliver the standards with no non-conformances and very few partial conformances.
  • Within the middle ground (2nd & 3rd quartiles) we typically see internal audit functions that perform well with no more than 5 or 6 partial conformances and perhaps an isolated non-conformance.
  • The positive message from our experience is that only 2% of internal audit functions are having difficulty conforming to the standards with 10 or more partial or non-conformances from a total of 56. This equates to an improvement in non-conformance of 23% in comparison to the 2015/2016 EQA Benchmark report.

Continuing the positive message we have seen only 6% of partial non-conformance with the Definition and Code of Ethics i.e. Rules of Conduct, which is really encouraging, demonstrating how seriously internal audit functions are taking conformance with the Standards.

One of the common themes in the areas for improvement is Planning (Standards 2000 to 2130). Our EQA work shows that of the six areas of conformance, 34.4% of recommendations are within Planning. Planning also has the greatest instances of partial or non-conformance of the Standards at 22%.

The knowledge, experience and support of our review team has helped these organisations to devise action plans to deliver significant improvement. The Chartered IIA is seeking to identify common themes in terms of non-conformance with the Standards so that technical guidance can be created to address these areas and thereby providing additional support to internal audit functions and aid conformance with the Standards.

Our colleagues at IIA Global, following the revision to the Standards, have provided implementation guidance to provide clarity and guidance as to how to demonstrate conformance with the Standards.  The implementation guides are available to members on the Chartered IIA website at www.iia.org.uk.

The detail within this report provides useful benchmarks and highlights potential areas for improvement based on our insight into the organisations we have worked with.

The key points highlighted, cumulatively, in the EQA review findings include:

  • Ensuring internal audit charters reflect the full range of services, roles and responsibilities provided to the organisation.
  • Demonstrating independence and objectivity through a functional reporting line to the chair of the audit committee.
  • Scheduling reports into audit committee meeting agendas according to a quality assurance and improvement programme (QA&IP) timetable.
  • Regularly reviewing the experience, knowledge and skills required for an effective internal audit operation in your organisation.
  • Designing an internal audit plan that has explicit alignment to strategic risks and justifies the choice of audits on the basis of their importance and value, illustrating the percentage coverage of key risks.
  • Looking at areas of governance, the performance of risk management and other critical issues as separate audits or part of every audit.
  • Working closely with other assurance providers to maximise coverage - avoiding duplication of effort and gaps in assurance.
  • Working with managers to focus assurance upon the management of priorities, risks and critical success factors.

EQAs by sector 2016-17:

Figure 2: Overall Performance against IIA Standards


Next: Positioning


Find out more about our EQA services 

Content reviewed: 16 November 2017