Audit & Risk

Models of effective internal audit – how should you organise your internal audit function?

A new report from the IIA looking at six main delivery models for internal audit outlines the advantages and challenges of each, explains David Lyscom, IIA policy director.

in Policy Blog.

We are often asked for advice about setting up a new internal audit function, or indeed about revamping an existing one. Is there a best practice way of managing internal audit for particular types of organisation?

In response the institute’s Policy and Technical Team has done some research on the different models and published it on our website. In our report, Models of internal audit, we look at six main delivery models and outline the advantages and challenges of each.
We use practical case studies based on interviews with the heads of internal audit at TfL, BT Group, Mid-Kent Internal Audit Partnership, the Irish Department for Public Expenditure and Reform, the University Internal Audit Consortium, the Mersey Internal Audit Agency, the Civil Aviation Authority and Baker Tilley.

So, which is the best model?

Unsurprisingly our conclusion is horses for courses. There is no right or wrong way to deliver internal audit. Organisations need to be free to choose what works for them according to the nature of what they do, how the organisation is structured, the way processes operate, their financial circumstances and the risks to their strategic objectives. We hope that the menu of options on offer in our paper will help organisations to ask the right questions about their needs, and decide what will work for them.

We were, however, able to draw some general conclusions from the research. The first is that organisations care about and value internal audit. They spend valuable time considering how to develop and improve their own particular models. This is not just about keeping costs down, although that is important. It is about maximising the efficiency and effectiveness of professional practice – choosing a model that offers objective opinions, assurance and a range of experience and skills that positively impacts the way the organisation delivers success. The research also reveals that the profile of internal audit is being raised, creating higher expectations, new pressures and competition, and that it would not be surprising if new models were to emerge in future.

We identified a number of the common attributes emerging from the study that can be used to measure success in any service delivery model of internal audit operation, such as a structure that promotes independence and objectivity, knowledge of the organisation, its markets and risks, and expertise in areas such as IT and contracts.
So how you structure your internal audit does not appear to be as important as how it is able to operate and what it does in practice. Again, this is not a surprising conclusion as it is the global standards that count, not how you apply them in detail.

I hope you find the report useful, both in looking at your own function, but also in your discussions with stakeholders, especially audit committees, about how your operation compares with others and what reform or fine tuning could bring in practice.

The IIA: find out more

Visit the main IIA site

Jobs

Senior Auditor

Ref: HE/3188
Directorate: Finance & Business Services
Location: Nationwide
Salary: £40,188 - £44,208
Number of Positions: 5
Full-time

Principal Auditor

Salary: £36,937 - £39,660
Permanent – 37 hours
Location: Westgate Plaza One, Barnsley, South Yorkshire

Careers advice

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

Chartered by Experience

There is a new route to becoming a chartered internal auditor: Chartered by Experience.

Training & Development

Destination designation

The Chartered IIA is keen to work with organisations that want to ensure all their internal auditors have the right skills to succeed in today’s industry. One of these is Citigroup, which recently launched a training scheme accredited by the institute and put 20 senior internal auditors through the Chartered by Experience route to achieve CMIIA. So what does this look like in practice?
Words: Ruth Prickett

Gold standard – the value of recognition

Being chartered demonstrates your skills and competence and gives you influence within both your organisation and the wider profession. All dedicated internal auditors should aspire to it, writes Ian Peters, chief executive of the IIA.

PwC launches cyber-breach simulation game for executives

Big four consultancy PwC has launched "Game of Threats" – an interactive game to teach senior executives the risks of cyber-attacks and encourage them to test how they would respond in real time.

Tools

Harnessing the power of technology in ERM: driving a continuous and verifiable process

Sponsored content
Some of the greatest strides in the formalisation of enterprise risk management (ERM) have occurred within the past decade – prompted by problems such as the global financial crisis and the increasing threat of cyberattacks. So how do organisations effectively focus on a formalised risk management structure? Workiva's white paper "Harnessing the Power of Technology in ERM: Driving a Continuous and Verifiable Process" suggests some answers.

You asked us

Our technical helpline provides valuable advice to members on a host of professional issues. Here are some of the questions you’ve recently asked.

Raising Standards

IIA Global is introducing two new professional Standards and updating some of its existing Standards with effect from 1 January 2017. So what are the changes?