top stories

Comments from ACCA
June 2003

The Association of Chartered Certified Accountants (ACCA) is pleased to have this opportunity to comment on the Code of Practice: Internal Audit Standards for Local Government in the UK (the draft code). These comments have been prepared in consultation with members of ACCA's Internal Audit Sub-Committee.

ACCA is concerned that CIPFA has taken upon itself the task of developing the draft code without co-operating with other professional institutes who represent internal auditors and other stakeholders in local government. We believe that it is important that such a code should have widespread acceptance from its inception. For this reason we believe that, as a minimum, the other CCAB accountancy bodies and the Institute of Internal Auditors should have been fully involved in its development. This was the case with the document Internal Audit: A Guide to Good Practice for Internal Auditors and Their Customers (1999), which was developed by a working party representing the six CCAB accountancy bodies and the Institute of Internal Auditors.

In addition, we are concerned that the draft code will become the standard for internal audit in Scotland and Northern Ireland by default. The Office of the Deputy Prime Minister has issued regulations which will indicate that, for principal local authorities in England and Wales, 'proper practice for internal audit' will be as detailed in the code. The code, however, will have no regulatory backing in Scotland nor Northern Ireland despite its title indicating common applicability across the United Kingdom.

The Government Internal Audit Standards produced by HM Treasury, have now gained widespread recognition across the public sector. Thus it is appropriate for any standards for internal audit in local government to be based on these standards, as is the case with the draft code. We are pleased that the foreward to the draft code recognises this.

Given that the draft code follows the Government Internal Audit Standards so closely, we believe that it is unfortunate that the draft code does not adopt the definitions of internal control and internal audit used by these Standards. The draft code defines scope of internal audit as embracing 'the internal control environment of the organisation including all its operations, resources, services, and responsibilities in relation to other bodies (1.1 (f) of the draft code). In contrast, the Treasury Standards explicitly refer to risk management, control and governance in their corresponding paragraph (1.1.1 (g)).

In central government, the Accounting Officer has clear responsibility for internal control across the organisation and internal audit's prime purpose is to provide advice and opinions to the Accounting Officer. In local government, in England, Wales and Scotland the Responsible Financial Officer has responsibility for internal financial control whilst the authority itself has responsibility for maintaining an effective internal audit service and for the overall quality of internal control across the organisation. In Northern Ireland it is also the authority which has responsibility for internal financial control.

Consequently one of the main tasks of adapting the Government Internal Audit Standards for the local government environment is to assign clear responsibility for the various aspects of internal control and internal audit. The draft code defines 'those charge with governance' as those within the authority who have delegated authority for fulfilling the legal and regulatory requirements without being explicit on whether these responsibilities are for maintaining an adequate and effective internal audit service or internal control environment (or both).

We are pleased that the draft code recommends (at paragraph 2.2.3) that local authorities should establish 'an audit committee or equivalent'.

The draft code, however, does not make clear exactly who should have certain responsibilities in particular circumstances. Thus, for example, paragraphs 2.2, 6.2, 9.3 and 10.2.4 merely refer to 'the organisation' in this regard. Paragraph 4.4.4 only refers to 'the appropriate senior officer'. In addition, paragraphs 1.1 (d) and 3 state that internal audit should report to 'those charged with governance which is a circular argument. We believe that in most cases it will be the council, advised by an audit committee, which will fulfil the role undertaken by the Accounting Officer in central government. The code should be explicit about the body or individual who should have prime responsibility for certain tasks related to the authority's internal audit service.

ACCA does not accept that it is appropriate for external quality reviews of internal audit to be undertaken by the external auditors (paragraph 10.4). The external auditors will be mainly interested in internal audit to the extent to which they can rely on the work internal audit has undertaken on the organisation's main financial systems. The work of internal audit should have a much wider scope than this. Pressures from external audit in local government have meant that internal audit has had to concentrate on the main financial systems and to undertake substantive testing on these systems. This type of approach has been criticised as inappropriate by HM Treasury, although the draft code suggests (in the Glossary definition of 'risk-based systematic approach to assignments'), that substantive testing should be an appropriate approach adopted by internal audit.

We have included some comments of lessor significance in the Annex to this letter.

ITEMS OF LESSER SIGNIFICANCE

1. The third paragraph of the introduction to the draft code should be split and a new paragraph should start with 'The new Code defines�'. This paragraph should not refer to either a 'new' code of practice for internal audit or a 'new code' of ethics. In each case the passage of time will make these terms inappropriate. In addition, the penultimate sentence of this paragraph should be amended to, 'The Code also includes guidance on ethics that applies�'. The relevant section of the draft code is not provided as a code of ethics.
   
   
2. The definition of 'those charged with governance' at the end of the introduction to the code would be better placed in the glossary and should explicitly refer to the responsibility for internal audit.
   
   
3. The last sentence in paragraph 1.2.1 should be made clearer to ensure that it only refers to internal audit planning rather than its fieldwork.
   
   
4. The phrase 'all parties' in paragraph 1.3.2 should be explained.
   
   
5. It is not clear why the last phrase from paragraph 1.4.3 of the Government Internal Audit Standards has been omitted.
   
   
6. The end of paragraph 2.2.4 should refer to internal audit providing assurance on the internal control environment rather than 'the statement of internal control'. Paragraph 2.2.4 should also indicate that the audit committee should advice the council on an appropriate budget for internal audit.
   
   
7. Paragraph 2.5.1 was written before the events at Enron, WorldCom etc became public. Consideration should now be given to the need to revise this paragraph by prohibiting audit contractors providing additional services to the organisation, at least unless these have been agreed in advance by the audit committee.
   
   
8. Due to the importance of independence for internal audit, the standards for the management of conflicts of interest for internal auditors should be more stringent than for other council employees. Thus the wording of paragraph 2.6.1 of the Government Internal Audit Standards should be retained rather than being replaced by the wording suggested in the draft code.
   
   
9. The discussion on audit committees currently in the glossary to the draft code would be more appropriate if it was included in section 3 on this subject.
   
   
10. Section 3.2 should list those internal audit issues on which the audit committee should advise the council. This would ensure that the substance of the Government Internal Audit Standards guidance in this section was retained.
    
    
11. Paragraph 3.2(a) from the Government Internal Audit Standards should be retained to indicate that the audit committee should have a role in the appointment and dismissal of the Head of Internal Audit.
    
    
12. Paragraph 3.2(c) from the Government Internal Audit Standards should be retained in full to indicate the audit committee's role in considering the internal audit periodic plans in addition to the strategy. In addition, material changes to these plans should be agreed by the audit committee or equivalent and not 'the organisation' (paragraph 6.2.4).
    
    
13. Paragraph 3.3.2 from the Government Internal Audit Standards should be retained in full to ensure that the Head of Internal Audit is able to raise any issues they wish with the chair of the audit committee.
    
    
14. We consider that paragraphs 4.4.1 and 4.4.2 are useful additions to the draft code.
    
    
15. Paragraph 4.6.1 of the draft code should refer to the audit committee, as this should be the usual channel for internal audit to maintain relationships with elected members.
    
    
16. Paragraph 6.1.1 of the draft code is significantly weaker that the same paragraph in the Government Internal Audit Standards which should be retained.
    
    
17. Section 6.2 should advice that the audit committee or equivalent should approve the internal audit strategy and periodic plans rather than just 'the organisation'.
    
    
18. Paragraphs 7.1.2 and 7.1.3 from the Government Internal Audit Standards should be retained. It is helpful for internal audit to have a named senior manager who is the sponsor for each of their audit assignments.
    
    
19. The end of paragraph 7.3.2 should be amended to, 'and understand how the conclusions were reached'.
    
    
20. It is not clear why the draft code restricts audit follow-up to those 'assignments based on risk' (paragraph 7.4.1) rather than, as the Government Internal Audit Standards state, 'Internal Audit should follow-up assignments' (paragraph 7.3.1).
    
    
21. The order of the words 'performance' and 'control' at the end of paragraph 9.2.1 (a) should be reversed as internal audit is primarily concerned with control rather than performance.
    
    
22. The definition in the Glossary of 'Risk-Based Systematic Approach to Assignments' should start with the phrase, 'This approach to internal audit assignments should ensure that internal auditors:'. In addition, this definition should not refer to substantive testing.

Back to top