The role of Internal Audit
The Institute of Internal Auditors defines internal auditing as:
“An independent, objective assurance and consulting activity designed to add value and improve an organisations operations. It helps an organisation accomplish its objective by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
The internal audit activity should therefore evaluate and contribute to the improvement of risk management, control and governance systems of the organisation. Typical input/responsibilities of the internal audit activity should include, amongst others:
The Internal Audit Activity should assist management in achieving the goals of the Municipality by evaluating the process through which:
• Goals and values are established and communicated.
• The accomplishment of goals is monitored.
• Accountability is ensured and corporate values are preserved.
Internal Audit should evaluate whether the controls, which management relies on to manage the risks down to acceptable levels, are appropriate and functioning as intended (i.e. are they effective yet efficient) and propose recommendations for enhancement or improvement.
The Internal Audit unit will conduct audits in accordance with the “Code of Ethics” and “Standards for the Professional Practice of Internal Auditing- of The Institute of Internal Auditors, as well as other corporate governance regulations.
Internal Audit Strategic/Coverage Plan
The “Standards for the Professional Practice of Internal Auditing- as issued by the Institute of Internal Auditors requires that: “The internal audit activity’s plan of engagements should be based on a risk assessment, undertaken at least annually. The inputs of senior management should be considered in this process.”
The critical success factors for an effective Internal Audit Plan are that it:
• Is aligned with strategic objectives of the organisation.
• Covers the strategic risk areas facing the organisation
• Is risk based – addresses the key risks areas/concerns of management.
• Is prepared in consultation with management, the audit committee and external auditors.
• Matches assurance needs with available resources.
The Internal Audit Plan will be aligned with the strategic risks identified and could encompass risk-based, compliance, financial discipline and cyclical reviews.
The output of the risk assessment process at the Municipality will, amongst others, be used to develop the Internal Audit plan by:
Identifying and allocating a priority ranking to the respective audit areas.
Based on experience, establishing the need and appropriateness for specific types of audits/ reviews.
Assessing the level of audit skills and estimating resources required for each type of audit/review
Determining a proposed timetable for the respective audits/reviews.
The planned audit activities will be focussed at strategic, process and component level as appropriate.
The plan for each year will be determined by the priority ranking (based on the risk assessment) of identified audit areas and the expertise and resources available to Internal Audit.
Internal audit reports via the Accounting Officer to the Municipal Audit Committee and has unrestricted access to the Chairperson of Audit Committee, the Accounting Officer and Senior Management.
Internal Audit is authorised to:
• Have unrestricted access to all relevant functions, records, property and personnel.
- Have full and uninhibited access to the Audit Committee and the Accounting Officer.
- Allocate its own resources; determine frequencies, subjects, scope of work to be performed; and apply the techniques required to accomplish its audit objectives.
- Obtain the necessary assistance of personnel in the various departments, sections and units of the Municipality where they perform internal audit reviews, as well as other specialised services from within or outside the organisation.
Internal Audit is not authorised to:
• Perform any operational duties for the Municipality.
- Initiate or approve accounting transactions external to the Internal Audit Activity.
- Direct the activities of any Municipality employee except to the extent that such employees have been appropriately assigned to the internal auditing teams or to otherwise assist the internal auditors in carrying out investigations.