The role of internal audit in government financial management: an international perspective The role of internal audit in government financial management: an international perspective

The role of internal audit in government financial management: an international perspective
The role of internal audit in government financial management: an international perspective
Back to TOC

The role of internal audit in government financial management: an international perspective*

Jack Diamond

* This paperwork was originally published by the Fiscal Affairs Department of the International Monetary Fund and it has been included in the current edition of the International Journal of Public Budget upon permission granted by the institution, without compromising this organization’s point of view.

Back to TOC

Next point

4.7 Annex II

Improving internal audit work practices29

In this paper it has been argued that for most developing and transitional economies the most relevant budget management model dictates a more compliance-oriented IA system. Accepting this approach, the following gives a brief overview of the main recommendations generally made in this area.

Extend the scope of IA

IA can play an important role in many areas, but given the lack of resources, a decision usually must be made to focus on priority areas and key weaknesses identified. Some typical areas, which may benefit from IA reviews are:

  • Evaluation of internal controls: One of the main functions of the IA is to examine and evaluate the adequacy and effectiveness of internal controls in the existing systems, as well as the new systems before these are introduced. This clearly implies that the entire system of internal controls in the government has to be reviewed for each ministry/department/agency, as well as function-by-function. This area needs to be emphasized because, if there are strong internal controls, the system will automatically have its own checks and balances and negate the possibility of errors, irregularities, and fraudulent manipulations.

  • The reports by LMs: LMs are expected to prepare regular financial statements and reports for purposes of monitoring performance. Internal auditors for reliability and integrity on a regular and consistent basis should review these reports. They should highlight any alarming trends.

  • Checking of payroll and pension systems: Typically, payroll is both a central and ministry function. Therefore, control over the payroll has to be done at the ministry as well as at the central level. The central teams should review the functioning of the overall systems based on the inputs from the various ministries as well as the controls/record keeping in different ministries. Internal auditors should be involved in checking of computerized payroll/pension systems. They should review the adequacy of various payroll input data, the effectiveness of the control mechanism, the susceptibility of the process to clerical errors, the adequacy of supervision of those who handle payrolls, necessary checks and balances and security features of the system. They should also review any sudden or unauthorized addition to the authorized strength of permanent and temporary staff.

  • Collection of revenue: Typically, much emphasis is placed on the audit of tax administrations, which have their own specialized IA units. However, at the same time, there are many nontax revenues and receipts, e.g. license fees, registration fees, visa fees, royalty, recovery of loans and advances, grants-in-aid, etc., which typically do fall under the same IA scrutiny. Usually, the IA of such revenues is nominal and is not given due importance. The IA should ensure that all revenues and other receipts due to the government are collected promptly, banked immediately, and be fully accounted for.

  • Adapt to the IT environment: The increasing use of IT presents new challenges for the internal auditors. In organizations that have a mixture of old and new systems, as is often the case in developing and transitional economies, the complexities in performing IA are more pronounced. Though the objective of audit remains the same in a computerized environment, auditors need to bring about changes in the techniques of auditing. IA should be involved in systems and program development to ensure that adequate controls and risk management processes are built into the system. This is particularly important when electronic data processing systems are being developed. These controls would include both general controls and application controls. General controls relate to the environment under which the system operates and application controls are built into the system and into computer programs.

The creation of special teams

In examining the IA of developing and transitional economies, it is not unusual to discover that there are many functions which are either not being performed, or the coverage is superficial because of inadequate staff, lack of specialized skills, etc. Often the most productive use of limited IA staff is in special central teams earmarked for conducting special audits in government agencies with the assistance of IA staff already stationed there. Examples of specialist skills that can be usefully dedicated to cover such areas are:

  • audit of internal controls, information systems, systems audit;

  • procurement/contract audit;

  • IA review of critical areas, such as pending bills, commitments, revenue collection, loan recovery, and debt management;

  • audit of payroll and pension systems, manpower audit; and

  • cost assessment audit in assigned ministries.

These teams should also be reserved for more complex and specialized tasks or for any special requests from budget institution managers or the MOF. They can also be utilized for special investigations, including cases of fraud. These teams should not be viewed as external audit teams. Rather, these staff will be temporarily deployed from MOF headquarters to supplement the efforts of the IA units in the ministries/agencies until they have adequate strength and skills to undertake such audits themselves.

Formulation of work plans

Existing operational standards for IA require that the internal auditor adequately plan, control, and record his work. Such planning should be done not only for individual audit assignments, but also for varying periods such as a quarter, a year, and even longer periods of three to five years.

The use of work plans is indispensable for the proper management of the IA. The approach to the audit planning process involves the following steps:

  • Identifying the audit population: The audit population should cover the full range of activities, processes, policies, systems, financial and other records, procedures and information reports. This should be linked to the detailed list of duties of internal auditors for the ministry/department/agency, etc.

  • Evaluating the risk factor: In planning IA activities, an assessment of relevant risk factors and their significance is important. The internal auditor should examine these risks and put a relative value on each risk, e.g. high, medium or low. Based on the risk assessment, it can be decided where to assign limited audit resources and to define the timing, frequency, and approach of the audit.

  • Establish audit work schedules: These should include activities to be audited, timing of the audit, estimated time requirements taking into account the risk factor and scope of audit work planned. The schedule should be sufficiently flexible to cover unanticipated demands on the IA department.

  • Formulate associated staffing plans and financial budgets: These will flow out of work schedules and will include an estimate of the number of auditors required and the qualifications/skills required of each of them. The IA unit may examine at this stage the adequacy of its resources in relation to the audit work schedules.

  • Review planned audit coverage with top management: The audit work plans should be reviewed by the AO or the IA headquarters and the audit committee to ensure that all areas considered important or requiring special attention have been included in the planned audit coverage.

  • Performance reports: These should be submitted to the AO or the IA headquarters, and should compare performance with audit work schedules. Major reasons for variations should be explained. Performance against work plan and list of reports should be issued. Aspects of performance to be covered:

  1. list of major and important observations, and significant issues raised by the internal auditor;

  2. pending action on important observations and recommendations;

  3. cases where payments were made despite objections from the internal auditor and high value vouchers not shown to audit;

  4. cases where records were not being shown or required information were not being furnished to the internal auditor;

  5. financial reports, accounting statements sent to the MOF without checking by the internal auditor;

  6. any cases of theft, loss, and fraud detected during the month;

  7. any compensations or costs settled out of the court;

  8. any risk areas needing priority attention;

  9. any other important comments or constraints faced by the IA unit; and

  10. based on these reports, the central IA authority should send a consolidated monthly report to top MOF management for information and intervention wherever necessary, with a copy to the external auditor.

To ensure that the monthly performance reports have an effective input in resource management, it is necessary to ensure they are completed in a timely manner. The IA report to top MOF management should include a description of which ministries’ IA units did not produce adequate/comprehensive reports, and the reasons why.

Create audit committees

  • There is a need to establish audit committees in LMs to strengthen the role of the IA in instilling financial discipline. The committees should be formed within the ministries and departments consisting of top management and technical experts in the accounting, and budget fields. The main functions of the audit committee will be:

  • To review the work of the IA, to identify important areas where the internal auditor should focus in addition to his normal work;

  • To review the important findings of the IA and the C&AG and identifying important areas where corrective or preventive action is necessary;

  • Evaluation and effectiveness of action on audit recommendations of the C&AG and the internal auditor; and

  • To ensure implementation of legislative budget committee reviews and reports.

It is also useful to have a central IA committee in the MOF. A committee consisting of top MOF management, a head of the IA service, and a head of accounting service can be constituted to review the important findings reported by the IA and the action to be taken, to review cases where no action has been taken or objections of the IA have been bypassed, and to identify any critical areas where the IA should focus its work. This committee can also review action taken on legislative budget committee recommendations.

External review of the internal audit system

In addition to the review of adequacy and effectiveness of the IA by quality assurance teams of the IA headquarters, there should be an independent external review of IA practices every three years by outside professionals. They should:

  • identify and correct substandard practices;

  • check whether internal auditors are fulfilling their mandated responsibility; and

  • check whether they are observing professional standards.

Give suggestions to improve their performance and add value to the services being rendered by the IA. To ensure the effectiveness of the IA service, and its future development, it is recommended measures be taken to:

  • clarify and agree on the duties of internal auditors;

  • formulate IA standards relevant to the each country’s context;

  • prepare and update an IA manual; and

  • develop a training program for the IA staff, with a clear career development path.

Listing duties of internal auditors

Crucial to the proper management of the IA staff is the need to have a clear and well-documented job definition for an internal auditor. Such a clear definition of tasks would have several advantages:

  • allow a clear appreciation of the work of the IA in the organization. If such a list of duties is suitably disseminated to all levels in the organization, ambiguities and resulting disputes with regard to the jurisdiction of the auditor can be avoided;

  • enable proper planning of audit work and effective use of audit resources, and prevent dissipation of audit effort and manpower on just a few tasks;

  • serve as an instrument of management control and supervision as actual performance can be matched against designated tasks; and

  • facilitate construction of proper audit guides that will have to be developed.

Emphasize qualifications, skills, and experience for the auditors, and thus determine training needs of the individual IA units.

29 The author is grateful to I.P. Singh, Deputy Auditor General, India, for assistance with this Annex.

Next point