How the Global Internal Audit Standards affect the public sector – a CIPFA consultation

InsightsPublic and social sector insights

How the new GIAS affect the public sector

15 October 2024
The new Global Internal Audit Standards (GIAS) are the biggest change to how Internal Audit (IA) functions operate in over ten years. These changes will have different interpretations across different sectors and will impact the public sector in a number of ways.

Since 2012, the PSIAS have translated the Institute of Internal Auditors (IIA) International Professional Practices Framework specifically for public sector organisations. In January 2024, the IIA issued new GIAS which are to be applied from 1 April 2025.

The Chartered Institute of Public Finance and Accounting (CIPFA) through the Internal Audit Standards Advisory Board (IASAB) issued an Application Note in October 2024 for consultation with stakeholders across the public sector in relation to the requirements and interpretations that public sector internal audit services will need to be aware of.

The consultation is open throughout October, closing at 18:00 on Thursday 31 October 2024, and we encourage all IA stakeholders in the public sector to respond to the consultation.

What are the key aspects of the GIAS that public sector IA professionals must be aware of?

  1. All internal auditors must confirm adherence to the Application Note as well as the GIAS. This includes External Quality Assessors (EQA) when reporting the outcome of their reviews. This means public sector IA functions will need to consider whether their arrangements for EQA meet the updated requirements.
  2. Alongside the ethical frameworks outlined in GIAS (1.2), public sector internal auditors are required to conform to the Nolan Seven Principles of Public Life.
  3. In the public sector, value for money must be considered alongside GIAS expectations around risk management, governance and control processes (9.1) when developing the strategy and plan. This also applies to internal auditors when undertaking their work. Public sector IA functions will need to consider how they are assessing value for money as part of their overarching approach to risk management, governance and control.

There are specific factors that the Application Note has interpreted as what conformance looks like on behalf of the public sector and how the public may need additional requirements. These are outlined below:

 

Resourcing

  • GIAS requires the Chief Audit Executive (CAE) to evaluate whether resources are sufficient to fulfil the IA mandate and charter (8.2). The section of the GIAS relating to ‘Applying the GIAS in the Public Sector’ acknowledges that in the public sector, boards are not given authority over the budget for IA.
  • With this in mind, the Application Note seeks to provide clarity on conformance with this standard by interpreting that the CAE must set out in the Charter the alternative approaches applied to the IA service. Additionally, CAE will not be expected to conform to 10.1 to 10.3 where they are unable to develop a discrete resource plan for IA services. However, the CAE is still expected to communicate any impact of insufficient resourcing to the board.
  • This means that there needs to be increased communication, or more focussed communication, around resourcing and how this impact IA delivery.

Overall conclusions

  • GIAS requires the CAE to make conclusions on the risk management, governance and internal control effectiveness (11.3). The Application Note provides additional guidance that, while public sector CAEs are required to conclude annually, this does not mean that planning must be conducted annually. However, it does clarify that where planning is conducted annually, the CAE must ensure senior management and board understand that planning supports an annual conclusion.

 CAE Qualifications

  • Standard 7.2 outlines the requirements for the CAE in relation to qualifications and competencies. The Application Note outlines the key qualifications and experience a CAE requires, however it also notes that challenges in recruitment may mean all the characteristics outline may not be achievable in the public sector. Where this is the case, the Charter should provide clarification of alternative arrangements for accessing appropriate IA professional and organisationally relevant expertise in an interim period until the CAE can obtain all characteristics for themselves.

Independent Assessors

  • The GIAS states the requirements for selecting an independent assessor or team, and that the CAE must ensure that at least one person holds an active Certified IA designation (8.4).
  • For the public sector, the Application Note provides an interpretation that this is replaced with a requirement for at least one person to have the characteristics required under CAE qualifications. This may mean that public sector CAEs will need to undertake further checks on assessors’ qualifications and experience.

Public sector internal audit services have had stability from the PSAIS for over ten years, and therefore need to consider how they can demonstrate conformance with the GIAS. Particular focus should be given to the areas outlined in the consultation document where application in the public sector may differ.

The GIAS implementation date is fast approaching, so CAEs must act now to address the changes.

Get in touch

For any support in preparing for the implantation of the new GIAS, or how these apply specifically to the public sector, please contact us and a member of the team will be in touch.

Contact us today

People in public and social sector looking at computer

Public and social sector insights

As expert advisers, with strong links across the public and social sector, our team draws on its market knowledge and industry experience to publish research and observations on new developments and regulations.

Read more

National contacts

Contact us

+44 20 7063 4000
Meet our local team
Discover our offices
Or use our contact form