Chartered Institute of Public Finance and Accountancy

Publications

The Audit Panel has produced many publications that are designed to provide practical assistance to both external and internal auditors. Recent publications are listed below. For further information on any of the publications or to purchase online, please click on the publication title or go to the CIPFA Shop.

If you would like to be kept informed of forthcoming and recently published titles simply subscribe to CIPFA's free weekly e-newsletter.

Audit ViewpointAudit Viewpoint - 2010 Annual Subscription

CIPFA’s magazine for the audit practitioner, Audit Viewpoint, communicates expert, practical advice on a wide range of audit issues. Each edition discusses topical issues, introducing new concepts and disseminating good practice. It is also used to update readers on the activities of CIPFA's Audit Panel.  In response to your feedback seeking a more user friendly, accessible, and environmentally sustainable format, Audit Viewpoint is now an online resource: www.cipfa.org.uk/auditviewpoint and is available via a personal or multi-user subscription.

A Guide to Enhanced Systems Based Auditing The Exeter ApproachA Risk-based Approach to the Audit of Procurement (2010)

Public sector organisations each spend tens, if not hundreds of millions of pounds each year buying in goods, works and services.

In the past, CIPFA has advocated a systems-based approach to the review of this type of expenditure, which involved focusing on the key controls governing contracting processes during the pre-, current and post-contract stages. However, the modern audit approach to procurement requires a holistic view that concentrates on the issues associated with the key strategic risks faced by the organisation.

A Risk-based Approach to the Audit of Procurement will assist those who wish to adopt this system of analysis with regards to procurement. It is designed to facilitate a top-down approach and will aid auditors as they come across procurement related issues when carrying out the reviews that are necessary to provide assurance on an annual basis.

For further details and to order your copies go to the CIPFA Shop.

A Guide to Enhanced Systems Based Auditing The Exeter ApproachA Guide to Enhanced Systems Based Auditing: The Exeter Approach (2009)

To assess the effectiveness of systems of internal controls and risk and business continuity management and whether they are embedded, an Enhanced Systems Based Auditing (ESBA) approach has been devised. ESBA is ‘risk-based’ SBA that uses the internationally recognised COSO Enterprise Risk Management - Integrated Framework (2004) approach. To find out more, and to purchase your copies, please click here.

Perceptions of Audit QualityContract Audit Toolkit (2009)

Based on Transport for London’s (TfL) highly commended entry to the CIPFA Cliff Nicholson Award for Innovation and Excellence in Audit 2009, the Contract Audit Toolkit gives auditors a knowledge and understanding of best practice in relation to procurement and contract management. Please click here to find out more and purchase your copies.

Perceptions of Audit QualityCombating Financial Crime: Further Guidance on Anti-money Laundering for Public Service Organisations (2009)

All individuals, in a professional and personal capacity, and all of the organisations employing them, are charged with important responsibilities under the UK’s anti-money laundering and anti-terrorist financing laws.

CIPFA has issued new guidance on the subject, in a publication which fully updates earlier guidance in 2005. It summarises the law as it now stands. In particular it provides an original explanation and interpretation of the provisions of the Money Laundering Regulations 2007, the UK’s response to the European Union 3rd Money Laundering Directive, as they apply specifically to public authorities, to CIPFA members, wherever they are employed, and to non-executive directors in public authorities. Click here for more details.

Perceptions of Audit QualityPerceptions of Audit Quality (2009)

CIPFA, in association with Cara Research, has now released the full results of the Perception of Audit Quality Survey 2008. The survey brought together over 1000 responses from UK public sector internal auditors and their clients.

Building on the 1997 survey of the same name, Perceptions of Audit Quality identifies the key areas in which internal audit services have met clients’ expectations in terms of quality and value for money, and where no discernable progress appears to have been made. Click here for more details.

Systems Based Auditing Control MatricesSystems Based Auditing Control Matrices: Series 7 (2008)

Series 7 contains Systems Based Auditing control matrices covering the crucial areas of:

  • Procurement
  • Sustainability
  • Partnerships
  • Insurance
  • Value Added Tax.

    Systems Based Auditing Control Matrices: Series 7 is available as a combined pack, comprising loose-leaf sheets in a robust binder, plus CD-ROM. The CD-ROM comes with a licence for the purchaser to network the matrices throughout the acquiring organisation, and this is included within the sale price. Terms for other categories of user, which includes those local authorities operating shared service arrangements, are available from CIPFA on request. The CD-ROM carries the material in pdf and Word formats and has conveniently embedded hyperlinks to allow users to navigate easily between the elements of each control matrix, ie Hazard Identification Documents (HIDs), Internal Control Questionnaires (ICQs) and Compliance Test Papers (CTPs).

    Systems Based Auditing Control MatricesSystems Based Auditing Control Matrices: Series 6 (2007)

    This sixth series of Systems Based Auditing features the following four critical non-financial systems (the first three of which are closely linked to ERM – Enterprise Risk Management):

    • Business Continuity Management
    • Information Technology Service Continuity Management
    • Civil Emergencies
    • Performance Indicators and Data Quality

    The value of risk management is now widely recognised. The need for business and service continuity, however, has not attracted the same attention even though it is far more important. Whilst risk management may/can reduce the impact and likelihood of an event, some events are bound to happen. It is essential, therefore, that continuity plans and procedures are prepared and in place in order to ensure prompt recovery and resumption, and thereby survival of the business concerned.

    As is the norm, the control matrices are non-sector specific (with the exception of Civil Emergencies which only applies to local authorities) and are therefore suitable for use in the public, private and voluntary sectors.

    Code of Practice for Internal AuditCode of Practice for Internal Audit in Local Government in the United Kingdom (2006)

    The context within which internal audit operates has seen significant changes over the last three years. The previous Code, published in 2003, has now been updated extensively to ensure that internal audit standards remain consistent with a modern local government setting.

    The revised Code of Practice covers the following areas:

    • Scope of Internal Audit
    • Independence
    • Ethics for Internal Auditors
    • Audit Committees
    • Relationships
    • Staffing, Training and Continuing Professional Development
    • Audit Strategy and Planning
    • Undertaking Audit Work
    • Due Professional Care
    • Reporting
    • Performance, Quality and Effectiveness

    Systems Based Auditing Control Matrices Series 5Systems Based Auditing Control Matrices: Series 5 (2006)

    The fifth in the perennially popular series of Systems Based Auditing (SBA) Control Matrices features the following critical non-financial systems:

    • Enterprise Risk Management
    • Health & Safety
    • Data Protection
    • Freedom of Information
    • Records Management

    Systems Based Auditing Control Matrices: Series 5 are available as a combined pack, comprising loose-leaf sheets in a robust binder, plus CD-ROM. The CD-ROM comes with a licence for the purchaser to network the matrices throughout the acquiring organisation, and this is included within the sale price. The CD-ROM carries the material in pdf and Word formats and has conveniently embedded hyperlinks to allow users to navigate easily between the elements of each control matrix, ie HIDs, ICQs and CTPs.

    The Excellent Internal AuditorThe Excellent Internal Auditor: A Good Practice Guide to Skills and Competencies (2006)

    This guide is a revised and updated version of CIPFA's Audit Training Planning Guide, published in 1994. It has stood the test of time in assisting internal audit units to determine their auditors short-term training and longer-term development needs. But there have been significant changes in the role of internal audit during recent years and the opportunity has been taken to thoroughly review the skills and competencies, and training and development needs, that are required to provide the complete and 'excellent' service from the internal audit function.

    A powerful matrix is provided within the guide which sets out the key skills considered relevant to carry out the role of an internal auditor. These skills are broadly generic across all levels of audit staff, and are split into three main areas - behavioural, technical, and management.

    Proceeds of CrimeSystems Based Auditing Control Matrices: Series 1 & 2 (2006 Fully Revised and Expanded Edition) (2006)

    These revised control matrices now incorporate Hazard Identification Documents (HIDs) that set out the hazards, the possible consequences of such and the expected controls and countermeasures that should be in place to reduce the risks. The Internal Control Questionnaires (ICQs) and Compliance Test Papers (CTPs) have been broken down conveniently into sub-headings so that specific areas of weakness can be readily identified.

    The control matrices provide a comprehensive method for recording, evaluating and reporting on control systems, and incorporate the revised ‘risk based’ SBA approach developed by Exeter City Council’s high-performing internal audit team. The control matrices are presented in a durable binder for practical referencing, and in handy CD-ROM format to enable flexibility of use and tailoring to local circumstances.

    The CD-ROM comes with a licence for the purchaser to network the matrices throughout the acquiring organisation, and this is included within the sale price. The CD-ROM carries the material in pdf and Word formats and has conveniently embedded hyperlinks to allow users to navigate easily between the elements of each control matrix, ie HIDs, ICQs and CTPs.

    Proceeds of CrimeAudit Committees – Practical Guidance For Local Authorities (2005)

    This guidance from CIPFA encourages local authorities to put in place an audit committee where they do not have one, and helps those with established committees to make them more effective.

    Ideally, audit committees should be separate from executive and scrutiny arrangements, and chaired independently from both these functions. Local authorities may organise their committee functions differently, but what is important is that the functions of an audit committee are delivered efficiently and effectively.

    Status and independence are important, but being effective also means having well informed people able to confirm to the council that the right processes are in place to give confidence that the local authority's financial stewardship and overall governance arrangements can be relied upon. CIPFA's guidance, therefore, provides valuable advice on the skills required by members, their selection and training, and how committees should be supported.

    It's a Risky BusinessIt's a Risky Business: A Practical Guide to Risk Based Auditing (Fully Revised Second Edition) (2005)

    The regulatory bodies of the main public sectors have issued codes of guidance and requirements that make specific reference to the implementation of risk management. Reporting on the development and implementation has become a key part of the annual reporting requirement in the form of Statements on Internal Control and is seen as an integral part of good corporate governance.

    This guide is a revised and updated version of It's a Risky Business, first published in 1996. It has been aligned to the CIPFA publication Risk Management in the Public Services and provides practical advice on how to audit each of the key elements of good risk management:

  • Vision, commitment and ownership
  • Structures, roles and responsibilities
  • Identifying the risks
  • Categorising and prioritising the risks
  • Action and response
  • Monitoring and review
  • The extended enterprise
  • Embedding risk management within the organisation

    It's a Risky Business CD RomThis essential guide is also available on CD-ROM. The contents of the guide are bookmarked on the CD-ROM for ease of use, and, of course, modified and updated checklists can be downloaded readily and tailored for local application. As all editing and updating can be conveniently done on a PC, the CD-ROM will enable organisations to apply the principles swiftly and, most importantly, with ease. Moreover, acquisition of the CD-ROM grants the purchaser a licence and ability to network the guide to all bona fide employees and non-executive personnel of the purchasing organisation.

    The Panel's Back Catalogue
    For further details click on the relevant title.

    Local Government Internal Audit Manual (Fully Revised Second Edition)

    Systems Based Auditing Control Matrices for Information Technology (Series 4)

    Systems Based Auditing Control Matrices: Series 3