Public sector

New common standards adopted April 2013

For the first time in the UK there is a unified approach to internal audit. The common set of Public Sector Internal Audit Standards (PSIAS) applies to:

• Central government departments (HM Treasury)
• Scottish government
• Welsh government
• Northern Ireland Assembly
• The health service (Department of Health) 
• Local government 

PSIAS adopts the mandatory elements of IIA's International Professional Practices Framework (IPPF): the Definition of Internal Auditing, the Code of Ethics and the International Standards.

In this regard, the UK public sector bodies are following the same path as the Irish Department of Public Expenditure and Reform, which adopted the mandatory aspects of IPPF in 2012 for the central government sector.

The PSIAS defines the nature of internal auditing across the UK public sector setting basic principles and a framework for services that will provide value to organisations. The standards apply to all internal audit services providers, whether in-house, shared services or outsourced and therefore establish the basis for the evaluation of internal audit performance.

Additional interpretations and requirements have been inserted into the PSIAS to cater for the unique way public sector organisations are governed and managed. They are designed to ensure consistent application in the UK public sector and to address areas where the IIA Standards are either inappropriate or impractical.

Key interpretations

1. The IA charter must also define 'board' and senior management for the purposes of internal audit activity; cover arrangements for appropriate resourcing; define IA's role in any anti-fraud related work; and include arrangements for avoiding conflict of interest if IA undertakes non-audit activities (1000 Purpose, Authority and Responsibility).
    
2. The chief audit executive must hold a professional qualification (CMIIA, CCAB or equivalent) and be suitably experienced (1210 Proficiency).
    
3. Progress against any improvement plans, agreed following external assessment, must be reported in the annual report (1320 reporting on the QA&IP).
    
4. The risk based-based plan must take into account the requirement to produce an annual internal audit opinion and the assurance framework. (2010 Planning).
    
5. The risk based plan must explain how internal audit's resource requirements have been assessed. Where CAE believe that the level of agreed resources will impact adversely on the provision of the annual audit opinion, the consequences must be brought to the attention of the board. (2030 Resources).
    
6. The CAE must include in the risk -based plan the approach to using other sources of assurance and any work required to place reliance upon those other sources (2050 Coordination).
    
7. The CAE must deliver an annual internal audit opinion and report that can be used by the organisation to inform its governance statement. The annual opinion must conclude on the overall adequacy and effectiveness of the organisation's framework of governance, risk management and control (2450 Overall Opinions)      

In addition to the PSIAS, the standard setters for local government, CIPFA, has published a separate application note. We also anticipate the publication of further guidance around specific subject areas such as independence, quality and expressing opinions. We will make these documents available to members once they are issued.