Internal Audit

Quality Assurance
and Improvement
Programme

2019–2023
 Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework

Contents
Interpretation ......................................................................................................................................... 2
Benefits of a QAIP ................................................................................................................................. 2
PSIAS Standard 1300 ........................................................................................................................... 3
Internal Assessments ............................................................................................................................ 3
On-going Reviews.............................................................................................................................. 3
Periodic Reviews ............................................................................................................................... 4
External Assessment............................................................................................................................. 4
Responsibility / Communication of QAIP Results .................................................................................. 5
Appendix 1: Internal Audit service QAIP and performance monitoring arrangements. .......................... 6
Appendix 2: Internal Audit Service Improvement Plan ........................................................................ 10
Appendix 3: Internal Audit QAIP framework. ....................................................................................... 14

Quality Assurance Improvement Programme

1
Version 1, May 2022
 Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework

Interpretation
A Quality Assurance and Improvement Programme (QAIP) enables an evaluation of the
internal audit activity’s conformance with the Internal Professional Practices Framework
(IPPF), Definition of Internal Auditing and Standard 1300 (Quality Assurance and
Improvement Programme) within the Public Sector Internal Audit Standards (PSIAS) 2017
and an evaluation of whether internal auditors apply the Code of Ethics. The program also
assesses the efficiency and effectiveness of the internal audit activity with the primary
objective of the QAIP to promote continuous improvement to enable Internal Audit to meet
its mission namely, to

“Deliver a forward thinking to enhance and protect organisational value by providing risk
based, independent and objective assurance, consulting activity, advice and insight.”

Benefits of a QAIP
Internal Audit’s QAIP is designed to provide reasonable assurance to its stakeholders that
the service:

 Conforms with the mandatory guidance of the Public Sector Internal Audit Standards (PSIAS);
 Performs its work in accordance with its Charter (which is consistent with the
PSIAS);

 Is perceived by stakeholders as adding value and continually improving its

operations;
 Has the ability to increase the credibility of internal audit within the organisation;

 Anticipates, meets and exceeds stakeholder expectations by offering valuable advice and
insight;

 Operates in an effective and efficient manner; and

 Adds value and identifies areas for continual improvement to the services provided.

Quality Assurance Improvement Programme

2
Version 1, May 2022
 Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework

PSIAS Standard 1300

A QAIP covers the entire spectrum of assurance, consulting and fraud / irregularity work
performed by the internal audit activity in accordance with the Standard 1300 (Quality
Assurance and Improvement Programme), including. To implementthe Standard the Chief
Internal Auditor (CIA) must consider the requirements related to its four essential
components:

1. Undertaking both periodic and on-going internal assessments (Standard 1311);

2. Commissioning an external assessment and communicating the results to the Corporate

Committee (1312 & 1320);

3. Proper use of a conformance statement (Standard 1320 &1321); and

4. Disclosure of non-conformance (Standard 1322).

Internal Assessments
Internal assessments are undertaken through both on-going day to day supervision of
Mazars and periodic reviews of the audit work.

On-going Reviews

Continual assessments of quality are undertaken via:

 Management supervision of all audit activity and structured documented review of

Terms of Reference, working papers, draft and final reports;

 Audit quality procedures for each audit engagement to ensure consistency, quality
and compliance with planning, fieldwork and reporting standards;

 Feedback from audit clients obtained through surveys at the closure of each
engagement;

 Post audit evaluations undertaken at the end of each audit activity to identify trends
and any learning and development needs;

 Monitoring of internal performance targets and quarterly reporting to Senior

Management and Corporate Committee;

 High priority recommendation monitoring process in place to ensure implemented;

and
Quality Assurance Improvement Programme
3
Version 1, May 2022
 Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework

 Follow up audits undertaken where a limited assurance opinion on the control

environment provided.

Periodic Reviews

Periodic assessments are conducted via:

 Annual Risk Based Internal Audit Plan developed. This is dynamic and changes in
year due to risk, consultancy, irregularity and assurance needs;

 Quarterly Progress Reports presented to the Corporate Committee which includes

progress against the annual plan, reports issued during the period including details of
the risk and control opinions and summaries of key issues and outcomes from the
work undertaken in the period, including fraud and irregularity work;

 Annual self-assessment of conformance with the PSIAS and annual review of

compliance against the requirements of the QAIP, the results of which are reported
to Senior Management and the Corporate Committee;

 Feedback from Director of Finance and Chair of the Corporate Committee on

the CIA’s performance; and

 Annual Satisfaction Surveys to key stakeholders.

External Assessment
In addition to internal assessments, the CIA is responsible for ensuring that the internal
audit activity conducts an external assessment at least once every five years.

The purposes of the assessment, which must be performed by an independent assessor or

assessment team from outside the organisation, is to validate whether the internal audit
activity conforms with the Standards and whether internal auditors apply the Code of Ethics.

A self assessment may be performed in lieu of a full external assessment, provided it is

validated by a qualified, independent, competent and professional assessor.

Quality Assurance Improvement Programme

4
Version 1, May 2022
 Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework

The review undertaken during 2015 by an independent assessor included a review of

the team’s conformance to the International Professional. The independent
assessment identified conformance and reported the outcomes to the Audit and Risk
Committee in Sept 2015.

The Corporate Committee was advised an External Assessment was overdue and
that it would be conducted in the 2022/23 financial year. The outcome will be
reported to the Committee once the external assessment completed.

Responsibility / Communication of QAIP Results

The CIA is committed to continuous improvement and is responsible for implementing the
QAIP and will ensure that the results of this programme are communicated to the
Corporate Board and the Corporate Committee (as defined within the Charters).
However, everyone within Internal Audit have responsibility for maintaining quality,
therefore all activities outlined in this QAIP involve all relevant staff and Mazars. The
communication of QAIP results will include:

 The outcomes in respect of both internal and external assessments;

 The internal audit service will only communicate that the internal audit activity
conforms with International Standards for the Professional Practice of Internal
Auditing, if results of both the QAIP’s internal and external assessments support
such a statement; and

 Any non-conformance with the IPPF’s mandatory elements of the standards, their
impacts and improvement plans.

Quality Assurance Improvement Programme

5
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 1

Appendix 1: Internal Audit service QAIP and performance monitoring arrangements.

To provide maximum assurance to inform the annual audit opinion
Measure of assessment Reporting
Risk Based Internal Audit Plan and Delivery
Annually to Senior Management and the
To undertake a risk based annual plan formulation exercise by risk assessment Corporate Committee. Changes reported
meetings with appropriate directors and / or their management teams based on their as they arise during the year.
need for assurance or key risks.
Deliver an effective and appropriately resourced Internal Audit function in line with
Provision of an internal audit service in
the Accounts and Audit Regulations and provide an annual Audit opinion.
compliance with the PSIAS including
reporting audit opinion on the internal
audit, risk management and governance as
set out in the Corporate Committee’s terms
of refence.

Planned Audit Activities Completed

Report from Mazars setting out the status
Hold regular contract monitoring meetings with Mazars to monitor the delivery of the of audits to the Statutory Functions Board
annual internal audit plan. and the Corporate Committee on a regular
basis.

Quality Assurance Improvement Programme

6
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 1

To provide maximum assurance to inform the annual audit opinion

Measure of assessment Reporting
Counter Fraud and Investigation Activity
Outcomes form part of Quarterly and
Deliver a comprehensive Counter Fraud and Investigations Service. Annual Internal Audit report which is
presented to Senior Management and the
Corporate Committee.

Priority Recommendations
Annual report to Senior Management and
Where a priority 1 or 2 recommendation is raised, the recommendations are followed up the Board.
and reported to the Statutory Functions Board and the Corporate Committee.
Quarterly progress reports to the Board.

Quality Assurance Improvement Programme

7
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 1

To ensure that the service is customer focused, adds value and continually improves
Measure of assessment Reporting
Post Audit Customer Satisfaction Survey Feedback
Annual report to Statutory Functions Board and the
Corporate Committee.
Seek management assessment of the audit process by issuing post audit
customer satisfaction survey feedback form which are to be sent directly to
the Head of Audit.

Acceptance of Recommendations
Analysis of recommendations raised by priority
Percentage of high / medium recommendations accepted which evidences including a review of recommendations not accepted
added value in risk mitigation. where relevant. Annual report to Statutory Functions
Board and the Corporate Committee.

Audit Reports

Audit report ‘corporate’ circulation list implemented to enable risks / issues / Corporate circulation list agreed and implemented.
recommendations to feed back into business as usual i.e. via Finance,
Performance and Change to enable the management of risk by
management.
Internal Audit’s Strategic Plan

Maintain a record of all audits carried out over the last five years and share Share as part of the annual audit plan and as and
with Directors as record of audits completed. when required.

Quality Assurance Improvement Programme

8
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 1

To ensure the service embeds and reflects organisational values

Measure of assessment Reporting
Staff Behaviours and Values - Accountability, Integrity,
Monitored at 121s and Performance
Empowerment, Respect and Excellence
Development Plans.
All Audit and Risk Management officers (including Mazars) to consider
and apply organisational values to their daily working behaviours and
approach e.g. to:

 Human: We care - Treating everyone with a high level of respect

is an absolute must-have trait of human leadership and reflects a
culture where I want to work.
 Ambitious: We push the boundaries - It’s a drive to succeed both
within yourself and for the council, and a desire to do my very
best for residents.
 Accountable: We take responsibility - This applies to any scenario
when we are dealing with customers throughout the council,
whether they are internal or external - it’s important to keep them
updated and deliver excellent service.
 Professional: We are Haringey's ambassadors - being
professional means providing a high standard of service
consistently to all of our customers - with a smile

Quality Assurance Improvement Programme

9
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 2

Appendix 2: Internal Audit Service Improvement Plan

Improvement Plan 2019/2020 onwards
Opportunities for Improvement / Actions Responsible Timescale
Officer(s)
1. Personal Development – Fraud Officer CIA With effect from
To undertake external training to enhance the work of the team, based on the outcome of 1st April 2019
consultations with the team.

2. Annual presentation of the Internal Audit Charter and Strategy to Corporate Committee CIA With effect from
1st April 2019
To continue to promote the role, purpose, status and authority of Internal Audit within the
organisation and explain how Internal Audit supports effective corporate governance.

3. Succession Planning CIA 1st December

2019
To review the structure of the team and appoint a deputy HOA enable more effective
succession planning and support ongoing resilience and sustainability whilst allowing the team
to engage in consultancy audits.

Quality Assurance Improvement Programme

10
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 2

Opportunities for Improvement / Actions Responsible Timescale

Officer(s)
4. Audit Process - Clarity CIA 1 April 2020

The audits take a lot longer to complete as the auditors and management are not clear about
the process and how the audit is to be carried out.
Develop a clear and unambiguous statement of the audit process that is circulated to
management at the start of the audit.
5. Audit Process – Clarity CIA 1 April 2020
To review and refine the audit terms of reference so that it becomes more risk focused and to
review and refresh the assignment report so that it clearly provides the audit opinion and the
reasons for the opinion in a systematic manner.

6. Follow Up – Repeat Recommendations CIA 30 Sept 2022

It was noted a number of recommendations were not implemented in a timely manner,
consequently, the follow up regime needs to be strengthened by tracking the implementation
of recommendations.

7. PSIAS – External Assessment CIA 31 March 2022

The external assessment for compliance with the Public Sector Internal Audit Standards is
overdue. Report this to the Corporate Committee and arrange for the assessment to be
completed promptly.

8. Team Structure / Vacancy CIA 30 Sept 2022

There is a vacancy in the fraud team that creates an opportunity to review the current structure
and consider appointment of apprentices / change of role.

Quality Assurance Improvement Programme

11
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 2

Opportunities for Improvement / Actions Responsible Timescale

Officer(s)
9. In-Case Anti Fraud System CIA 31 March 2023
The new system has been implemented and replaces the Civica system which had numerous
short comings. The new system needs to be bedded in to maximise its benefits.
In addition, consider the use of IDIS to offer data matching and proactive fraud system ben efit.

10. Delivery of Audit Plan CIA 31 March 2023

Covid has disrupted the timely deliver of the audit plan. Discuss arrangements for the delivery
of the audit plan with Mazars by considering a change in the profiling of audit work.

11. Include a statement of impairments to independence in the annual report (Advisory) CIA 31 July 2022
Include a statement in the annual report to confirm that there have not been any impairments
to the independence and objectivity of the Service. Alternatively, if there have been any
impairments, the annual report should set these out together with the action that was taken.

12. Consider the options available should the London Borough of Croydon or Mazars LLP opt CIA 31 Dec 2022
to terminate the APEX framework contract in 2024

Explore the options available to the Council should the scenario arise in 2024 and to draw up
an appropriate contingency plan.

Quality Assurance Improvement Programme

12
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 2

Opportunities for Improvement / Actions Responsible Timescale

Officer(s)
13. Include an indicative distribution list for the final audit report in the audit terms of reference CIA 31 May 2022
(Advisory)

Include an indicative distribution list for the final audit report in the audit terms of reference.

14. Include an indicative distribution list for the final audit report in the audit terms of reference CIA 31 May 2022
(Advisory)

Include a distribution list in the final audit report.

Quality Assurance Improvement Programme

13
Version 1, May 2022
Internal Audit Quality Assurance and Improvement Programme (QAIP) Framework Appendix 3

Appendix 3: Internal Audit QAIP framework.

Quality Assurance Improvement Programme

14
Version 1, May 2022