Challenges facing UK public services are many — years of austerity budget cuts, the continued pandemic, cybercrime, climate change and more. Ensuring good governance in the public sector means, in part, supporting and understanding the role of internal audit. CIPFA’s Diana Melville explains why internal audit should be top of mind for all public organizations in the UK.
The Chartered Institute of Public Finance and Accountancy (CIPFA) recently published a major research report on internal audit in the UK public services. It found that internal audit often doesn’t get the respect or recognition it deserves in organizations and that heads of internal audit must take a more proactive approach to advocating the benefits that their teams can provide. By increasing the profile of internal audit, we will increase its impact.
“Internal Audit: Untapped Potential” included a survey of internal auditors, their management clients and audit committee members (831 responses in total), providing a strong evidence base for how internal audit is currently working and the impact it is making.
The survey identified that audit teams are currently providing a wide range of consultancy advice and support, far beyond traditional assurance audits. Awareness and recognition of internal audit’s value could be strengthened though, by heads of internal becoming more prominent advocates for the profession — helping to build understanding and raising expectations of what internal audit can do.
CIPFA identified client expectations as a critical area of concern. Good internal audit teams cannot be fully effective if client naivety on governance, risk and assurance limits their understanding of what internal audit can do. A weak audit committee can mean that internal audit’s findings are not given robust consideration and have less impact. The report recommends that organizations improve their governance arrangements and understanding of their wider assurance needs to enable effective internal audit.
The report demonstrated real strengths in the internal audit profession, but it also highlighted some vulnerabilities. To ensure that UK public services have the internal audit service they need in the future, organizations and auditors need to take strategic action now.
What was clear from our research is that internal audit supports management. In our survey, 87% of clients (managers and audit committees) agreed that internal audit’s contribution supports the management of the organization. CIPFA asked the same question in a similar survey in 2008, when only 60% of clients agreed, demonstrating a significant improvement.
The UK public sector has gone through a period of sustained austerity, which has exacerbated resource pressures on internal audit teams. It was not surprising that heads of internal audit and clients identified challenges around capacity and investment in training and development. Forty-three percent of internal auditors said that increasing the capacity of internal audit was a priority for improving its impact and effectiveness.
Recruiting and retaining experienced staff emerged as a worry for many heads of internal audit in our focus groups — we know these concerns are not limited to the public sector. So where will the heads of internal audit of the future come from? It’s essential that the public sector can attract and retain talented professionals and invest in training and development. (And the internal audit crisis isn’t unique to the UK or the public sector; Gartner’s research reveals the extent to which audit functions are hampered by technology and talent challenges.)
This isn’t just about resources though — ensuring that internal auditors are valued and respected within the organization, and that they experience a positive attitude toward their work, is even more important. When we asked what could improve the impact of internal audit, the top answer was to develop the understanding of the purpose of internal audit and its value.
There are significant challenges facing the UK public sector. As well as immediate pressures around resources and the impact of the Covid-19 pandemic, there are global risks such as cybercrime and climate change. Specific services such as health, social care and housing face significant demand and policy challenges. There have also been instances where organizations have struggled to respond, exposing their own weakness in governance and financial management. Internal audit must be able to respond to this agenda if it is to be effective.
There are also opportunities, however. Our research found that auditors shared a good awareness of how they could do more, for example making greater use of data analysis to support their work.
The overriding message from the report was that we need to talk about internal audit more. Within organizations, we would like to see management clients and audit committees reflect on the strength of their governance, risk, and assurance arrangements, and consider how these align with the work of internal audit teams. We would like to see better quality discussions about the internal audit strategy and longer-term planning for the audit team.
Expectations now and in the future need to be discussed and reviewed if internal audit is to succeed. While effective internal audit is only one element of a successful and efficient public body, it’s important that it is not left behind.
Ensuring that public services have the robust internal audit they will need in the future requires a joint approach. If we want high quality public services, then good internal audit needs to be part of the solution.
Read CIPFA’s full report here.
Diana Melville is lead adviser for the Better Governance Forum and is CIPFA’s representative on the Internal Audit Standards Advisory Board. She is a CIPFA-qualified accountant and a member of the Chartered Institute of Personnel and Development. Prior to joining the institute in 2008, she was head of internal audit at Salisbury Council and held other audit roles in local government and at the National Audit Office. 
