Internal Audit Quality Assurance and Improvement Programme (QAIP)
Internal Audit Quality Assurance and Improvement Programme (QAIP)
Internal Audit Quality Assurance and Improvement Programme (QAIP)
2.1. Scope
PSIAS are clear in defining two types of quality assurance assessments: internal and external
assessments.
External Assessments
Must be conducted at least once every five years by a qualified, independent
assessor or assessment team from outside the organisation
The Head of Audit and Assurance must agree with the Audit Committee the form of
the assessment and the qualification and independence of the external assessors.
2.2. Reporting
The results of the QAIP and progress against any improvement plans must be reported in
the Internal Audit Annual Report.
Non-conformances with the Code of Ethics or the Standards must be disclosed by the Head
of Audit and Assurance to senior management and the Audit Committee.
Performs its work in line with the Internal Audit Charter (approved annually by the
Audit Committee). The charter incorporates (and is consistent with) the definition of
internal auditing as set out is PSIAS.
Operates in an effective and efficient manner
Is perceived by stakeholders as adding value to GMCA
The Head of Audit and Assurance is responsible for the development, annual review and
implementation of the QAIP. The QAIP covers all types of internal activities.
In addition to the requirements of PSIAS, as mentioned above the Internal Audit Code of
Practice also provides some good practice recommendations for the QAIP. These are
included in Appendix 1 along with how they are built into GMCA’s QAIP.
4. Internal Assessments
In accordance with PSIAS Standard 1300, internal assessments are undertaken
through both on-going and periodic reviews.
The QAIP will be subject to periodic review and will be updated accordingly
following any changes to PSIAS or Internal Audit’s operating environment and
will be reviewed at least on an annual basis.
In January 2020 the Institute of Internal Auditors (IIA) published the Internal Audit Code of Practice which provides a number of
recommendations aimed at enhancing the overall effectiveness of Internal Audit and its impact within organisations operating within the UK
and Ireland. The recommendations are intended to be a benchmark of good practice against which organisations can assess their internal audit
function. Section G of the Code, “Quality Assurance and Improvement Programme”, contains six recommendations relating to how the quality
of the internal audit function is measured and periodically assessed. Whilst not specifically aimed at the public sector, alongside PSIAS GMCA
will take into account the recommendations of the Code.
These recommendations are detailed below along with how at the GMCA Internal Audit Service will meet those recommendations.
32. Internal audit should maintain an up-to-date set of policies and Internal Audit has an up to date set of policies and
procedures, and performance and effectiveness measures for the internal procedures that is reviewed annually by Internal Audit
audit function. Internal audit should continuously improve these in light of management.
industry developments.
33. Internal audit functions of sufficient size should develop a quality QAIP in place consisting of a variety of ongoing and
assurance and improvement programme, with the work performed by periodic internal assessments as well as an external
individuals who are independent of the delivery of the audit. The individuals
The scope of the QAIP review should include internal audit’s understanding
and identification of risk and control issues, in addition to the adherence to
audit methodology and procedures. This may require the use of resource
from external parties. The quality assurance work should be risk-based to
cover the higher risks of the organisation and of the audit process. The
results of these assessments should be presented directly to the audit
committee at least annually.
34. Where the internal audit function is outsourced to, or co-sourced with, Annual report of Head of Audit and Assurance to the
an external provider, internal audit’s work should be subject to the same Audit Committee which reports performance against
QAIP work as an in-house function. The results of this QAIP work should be the QAIP.
presented to the audit committee at least annually for review. Chief internal Quarterly reporting to the Audit Committee of progress
auditors should report regularly to the audit committee on the actions or against actions within the Internal Audit Effectiveness
progress implementing the outcomes of the review. Improvement Plan
35. In addition, the audit committee should obtain an independent and An external assessment of the effectiveness of the
objective external quality assessment at appropriate intervals, irrespective of GMCA Internal Audit Service will be undertaken no
the size of the organisation. This could take the form of periodic reviews of later than 2024/25, which will be five years since the
elements of the function, or a single review of the overall function. In any establishment of an in-house Internal Audit Service at
event, the internal audit function as a whole should as a minimum be subject GMCA.
to a review at least every five years, as set out in the International
Professional Practices Framework (IPPF) for internal audit. The conformity of
internal audit with this guidance should be explicitly included in this
evaluation. The chair of the audit committee should oversee and approve the
appointment process for the independent assessor.
2330 Documenting A full and true record of all work undertaken and
information results of testing is documented within the working
Testing papers.
2420 Quality of The draft report opinion is in line with the agreed
communications rating methodology. Where auditor judgement is
Draft Report applied outwith the defined scoring mechanism, a
clear explanation is provided.
Please rate each of the following statements in line with the scoring mechanism provided.
Our aim is that the work of Internal Audit adds value and has a positive impact on
governance, risk, and systems of internal control.
Was there anything more we could have done to support you/your service in this regard?
The following Key Performance Indicators have been defined to measure the performance
of the Internal Audit Service.