A Practical Guide to the Internal Audit of the Operational Phase of PFI Projects

Decisions made during the development and procurement phases of a PFI project clearly have long-term implications, which need to be fully assessed and evaluated by internal auditors. This publication addresses these issues.

The Excellent Internal Auditor: A Good Practice Guide to Skills and Competencies (2011 Edition)

There have been significant changes in the role of internal audit during recent years. CIPFA has taken the opportunity to develop this latest edition to reflect those changes in order to continue to assist heads of internal audit to determine the short-term training and longer-term development needs of their auditors.

For further details and to order your copies go to the Shop.

Systems Based Auditing Control Matrices: Series 9 – People Management

There is general acceptance that people are an organisation’s most important asset. Accordingly organisations establish systems in order to recruit, develop and reward people. These people management systems are rarely if ever covered by auditors, and therefore are not given the type of attention that other lesser assets are given. The most likely reason is that people management is a very large and complex system, and audit simply does not have the means to undertake such a review. For further details and to order your copies please click here.

Systems Based Auditing Control Matrices: IT Governance – Series 8 (2010)

IT governance is a part of corporate governance that is concerned with IT performance and how the associated risks are managed. In order to assess IT governance and performance, a number of standards, frameworks and measures have been developed. These include:

• COBIT (Control Objectives for Information and Related Technology)
• ISO27001 Code of Practice for Information Security Management
• ISO38500 Corporate Governance of Information Technology
• ITIL (IT Infrastructure Library).

For further details and to order your copies go to the CIPFA Shop.

Effective Internal Audit (2010)

An online organisation-wide resource for internal auditors and those responsible for internal audit

The aim of this guide is to provide practical support, examples and resources to help make internal audit more effective across the public services. Click here for more information and to purchase online access.

Audit Viewpoint - 2011 Annual Subscription

CIPFA’s magazine for the audit practitioner, Audit Viewpoint, communicates expert, practical advice on a wide range of audit issues. Each edition discusses topical issues, introducing new concepts and disseminating good practice. It is also used to update readers on the activities of CIPFA's Audit Panel.  In response to your feedback seeking a more user friendly, accessible, and environmentally sustainable format, Audit Viewpoint is now an online resource: www.cipfa.org.uk/auditviewpoint and is available via a personal or multi-user subscription.

A Risk-based Approach to the Audit of Procurement (2010)

Public sector organisations each spend tens, if not hundreds of millions of pounds each year buying in goods, works and services.

In the past, CIPFA has advocated a systems-based approach to the review of this type of expenditure, which involved focusing on the key controls governing contracting processes during the pre-, current and post-contract stages. However, the modern audit approach to procurement requires a holistic view that concentrates on the issues associated with the key strategic risks faced by the organisation.

A Risk-based Approach to the Audit of Procurement will assist those who wish to adopt this system of analysis with regards to procurement. It is designed to facilitate a top-down approach and will aid auditors as they come across procurement related issues when carrying out the reviews that are necessary to provide assurance on an annual basis.

For further details and to order your copies go to the CIPFA Shop.

A Guide to Enhanced Systems Based Auditing: The Exeter Approach (2009)

To assess the effectiveness of systems of internal controls and risk and business continuity management and whether they are embedded, an Enhanced Systems Based Auditing (ESBA) approach has been devised. ESBA is ‘risk-based’ SBA that uses the internationally recognised COSO Enterprise Risk Management - Integrated Framework (2004) approach. To find out more, and to purchase your copies, please click here.

Contract Audit Toolkit (2009)

Based on Transport for London’s (TfL) highly commended entry to the CIPFA Cliff Nicholson Award for Innovation and Excellence in Audit 2009, the Contract Audit Toolkit gives auditors a knowledge and understanding of best practice in relation to procurement and contract management. Please click here to find out more and purchase your copies.

Combating Financial Crime: Further Guidance on Anti-money Laundering for Public Service Organisations (2009)

All individuals, in a professional and personal capacity, and all of the organisations employing them, are charged with important responsibilities under the UK’s anti-money laundering and anti-terrorist financing laws.

CIPFA has issued new guidance on the subject, in a publication which fully updates earlier guidance in 2005. It summarises the law as it now stands. In particular it provides an original explanation and interpretation of the provisions of the Money Laundering Regulations 2007, the UK’s response to the European Union 3rd Money Laundering Directive, as they apply specifically to public authorities, to CIPFA members, wherever they are employed, and to non-executive directors in public authorities. Click here for more details.

Perceptions of Audit Quality (2009)

CIPFA, in association with Cara Research, has now released the full results of the Perception of Audit Quality Survey 2008. The survey brought together over 1000 responses from UK public sector internal auditors and their clients.

Building on the 1997 survey of the same name, Perceptions of Audit Quality identifies the key areas in which internal audit services have met clients’ expectations in terms of quality and value for money, and where no discernable progress appears to have been made. Click here for more details.

Systems Based Auditing Control Matrices: Series 7 (2008)

Series 7 contains Systems Based Auditing control matrices covering the crucial areas of:

Systems Based Auditing Control Matrices: Series 6 (2007)

This sixth series of Systems Based Auditing features the following four critical non-financial systems (the first three of which are closely linked to ERM – Enterprise Risk Management):

• Business Continuity Management
• Information Technology Service Continuity Management
• Civil Emergencies
• Performance Indicators and Data Quality

The value of risk management is now widely recognised. The need for business and service continuity, however, has not attracted the same attention even though it is far more important. Whilst risk management may/can reduce the impact and likelihood of an event, some events are bound to happen. It is essential, therefore, that continuity plans and procedures are prepared and in place in order to ensure prompt recovery and resumption, and thereby survival of the business concerned.

As is the norm, the control matrices are non-sector specific (with the exception of Civil Emergencies which only applies to local authorities) and are therefore suitable for use in the public, private and voluntary sectors.

Code of Practice for Internal Audit in Local Government in the United Kingdom (2006)

The context within which internal audit operates has seen significant changes over the last three years. The previous Code, published in 2003, has now been updated extensively to ensure that internal audit standards remain consistent with a modern local government setting.

The revised Code of Practice covers the following areas:

• Scope of Internal Audit
• Independence
• Ethics for Internal Auditors
• Audit Committees
• Relationships
• Staffing, Training and Continuing Professional Development
• Audit Strategy and Planning
• Undertaking Audit Work
• Due Professional Care
• Reporting
• Performance, Quality and Effectiveness

Systems Based Auditing Control Matrices: Series 5 (2006)

The fifth in the perennially popular series of Systems Based Auditing (SBA) Control Matrices features the following critical non-financial systems:

• Enterprise Risk Management
• Health & Safety
• Data Protection
• Freedom of Information
• Records Management

Systems Based Auditing Control Matrices: Series 5 are available as a combined pack, comprising loose-leaf sheets in a robust binder, plus CD-ROM. The CD-ROM comes with a licence for the purchaser to network the matrices throughout the acquiring organisation, and this is included within the sale price. The CD-ROM carries the material in pdf and Word formats and has conveniently embedded hyperlinks to allow users to navigate easily between the elements of each control matrix, ie HIDs, ICQs and CTPs.

Systems Based Auditing Control Matrices: Series 1 & 2 (2006 Fully Revised and Expanded Edition) (2006)

These revised control matrices now incorporate Hazard Identification Documents (HIDs) that set out the hazards, the possible consequences of such and the expected controls and countermeasures that should be in place to reduce the risks. The Internal Control Questionnaires (ICQs) and Compliance Test Papers (CTPs) have been broken down conveniently into sub-headings so that specific areas of weakness can be readily identified.

The control matrices provide a comprehensive method for recording, evaluating and reporting on control systems, and incorporate the revised ‘risk based’ SBA approach developed by Exeter City Council’s high-performing internal audit team. The control matrices are presented in a durable binder for practical referencing, and in handy CD-ROM format to enable flexibility of use and tailoring to local circumstances.

The CD-ROM comes with a licence for the purchaser to network the matrices throughout the acquiring organisation, and this is included within the sale price. The CD-ROM carries the material in pdf and Word formats and has conveniently embedded hyperlinks to allow users to navigate easily between the elements of each control matrix, ie HIDs, ICQs and CTPs.

Audit Committees – Practical Guidance For Local Authorities (2005)

This guidance from CIPFA encourages local authorities to put in place an audit committee where they do not have one, and helps those with established committees to make them more effective.

Ideally, audit committees should be separate from executive and scrutiny arrangements, and chaired independently from both these functions. Local authorities may organise their committee functions differently, but what is important is that the functions of an audit committee are delivered efficiently and effectively.

Status and independence are important, but being effective also means having well informed people able to confirm to the council that the right processes are in place to give confidence that the local authority's financial stewardship and overall governance arrangements can be relied upon. CIPFA's guidance, therefore, provides valuable advice on the skills required by members, their selection and training, and how committees should be supported.

It's a Risky Business: A Practical Guide to Risk Based Auditing (Fully Revised Second Edition) (2005)

The regulatory bodies of the main public sectors have issued codes of guidance and requirements that make specific reference to the implementation of risk management. Reporting on the development and implementation has become a key part of the annual reporting requirement in the form of Statements on Internal Control and is seen as an integral part of good corporate governance.

This guide is a revised and updated version of It's a Risky Business, first published in 1996. It has been aligned to the CIPFA publication Risk Management in the Public Services and provides practical advice on how to audit each of the key elements of good risk management:

The Panel's Back Catalogue
For further details click on the relevant title.

Local Government Internal Audit Manual (Fully Revised Second Edition)

Systems Based Auditing Control Matrices: Series 3