- Accounting Officers;
- Boards of Directors (including Non-Executive Directors);
- Audit and Risk Assurance Committees (ARACs);
- The National Treasury;
- The members of the Legislature;
- The Kenyan Public; and
- Senior management directly involved in the areas subject to internal audit review, and any recommendations thereon.
The Internal Auditor General Department (IAGD) of the National Treasury supports Accounting Officers and AIE Holders in the Ministries, Departments, and Agencies in the effective discharge of their responsibilities by evaluating and reporting on the effectiveness of the internal controls systems implemented by Accounting Officers and AIE Holders to ensure:
- The appropriate assessment of risk and adoption of strategies to managerisks to within acceptable levels;
- Compliance with applicable policies, procedures, laws and regulations;
- The reliability of internal and external reporting and accountabilityProcesses; and
- Compliance with the relevant codes of conduct and ethical guidelines.
The Internal Auditor General Department (IAD) has been undergoing transformation for the last twelve (12) years with support from the Government of Kenya (GOK) and other development partners under PFMR programme. Key aspects of the ongoing reform initiatives include;
- Re-aligning the functioning of internal audit along best practice guidelines issued by the Institute of Internal Auditors (IIA),
- Shift from transactions/compliance audit procedures to more value adding Risk Based Audit Approach and Value for Money audit methodologies.
- Introduction and adoption of modern audit tools (IDEA) and management system (TEAMMATE) to improve efficiency in delivery of internal audit services in the public sector,
- Introduction of ministerial audit committees to enhance governance in the public sector,
- Piloting and implementation of the Institutional Risk Management Policy Framework (IRMPF) in the public sector.
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined
approach to evaluate and improve the effectiveness of risk management, control, and governance processes – The Institute of Internal Auditors Inc., (IIA).
Internal auditors deal with issues that are fundamentally important to the survival and prosperity of any organisation. Unlike external auditors, they look beyond financial risks and statements to consider wider issues such as the organisation’s reputation, growth, its impact on the environment and the way it treats its employees.
In summary, Internal Auditors help organizations’ to succeed. They do this by providing a combination of assurance and consulting services. The assurance part of their work involves informing management about how well the systems and processes designed to keep the organisation on track are working.
Accounting Officers and AIE Holders are responsible for putting in place effective g o v e r n a n c e, r i s k m a n a g e m e n t a n d c o n t r o l s y s t e m s i n t h e Ministry/Department/Agency they head. The primary role of Internal Auditors is to support Accounting Officers and AIE Holders in discharging these responsibilities, by performing independent and objective appraisals of the effectiveness of these systems. Internal Audit reports functionally to the Audit Committee and administratively to the Accounting Officers.
There are no restrictions placed upon the scope of work of the IAGD. Members of the IAGD engaged in internal audit work are entitled to unlimited access to information, facilities and records, and to receive all explanations they consider necessary to fulfill their responsibilities.
In addition to the routine internal audit reviews, the IAGD may, from time to time, carry out special audits/investigations in various State Organs and Public Entities.
Each engagement is specifically planned to ensure that the auditors obtain an adequate understanding of the audit area and can determine an appropriate scope and approach for the engagement. The output of this exercise should be agreed terms of reference including the engagement’s objectives, scope, timing and resource allocations, and documented in an Audit Planning Memorandum.
Each internal audit engagement culminates in a written report on the adequacy and effectiveness of the risk management, governance and control systems. The draft report is discussed with the management of the Ministry/Department/Agency to obtain their concurrence on its factual accuracy and practicality of the recommendations. The final signed report should include the actions agreed with management to address the internal audit findings, and the timeframe within which the recommendations should be implemented.
The audit field work comprises assessment and testing of key controls in place to manage the identified risks (e.g. the risks within programmes to deliver objectives such as new services and facilities and fiscal consolidation), or within core systems.
This would typically be undertaken through: discussion with key staff responsible for the relevant processes; review of relevant documentation; physical verifications and independent confirmations; and, testing of controls (which may be on a sample basis) to confirm that they are both designed and operating effectively.
Such controls may be financial, operational or compliance in nature and might range from the segregation of incompatible duties, to the analysis of business cases before strategic plans are implemented, to embedding appropriate cultural attitudes.
F o l l o w i n g t h e i d e n t i fi c a t i o n o f a c t i o n s t o i m p r o v e t h e Ministry/Department/Agency’s framework of governance, risk management and control, internal audit also plays a role in helping ensure such actions are taken.
This is achieved through a process to monitor and ensure that management actions have been effectively implemented.
Below is a summary of qualities that the department will strive to attain for quality service delivery.
Internal Auditors will seek to provide effective internal audit services and:
- Conform to the Professional Practices Framework of the Institute of Internal Auditors;
- Meet the function’s obligations contained in the Public Finance Management Act, 2012 and Public Finance Management Regulations;
- Have a clear methodology for its work which supports the PFMA/R;
- Collect performance measurement data for use in improving the function’s efficiency, measuring its impact on the organization and benchmarking itself against other internal audit services;
- Have a quality assurance and improvement programme in place that covers all aspects of the internal audit activity; and
- Undergo an external quality review of the service at least every five years, the scope of which must be agreed by and results communicated to the Accounting Officer/AIE Holder and the Audit Committee
As a high performing internal audit service, internal auditors will:
- Focus their work on where assurance is most needed, but ensuring sufficient assurance to support the governance statement; and
- Apply a risk-based approach to setting their internal audit plan, but also ensure sufficient coverage is provided of core systems and there is flexibility to meet key emerging issues.
Internal Auditors will:
- Avoid duplication of effort with other assurance providers; and
- Ensure the best value is received from the resources available.
As a high performing internal audit service, internal audit will:
- Understand and keep abreast of the increasing complexity of the relevant area of public service delivery;
- Seek to be respected, taken seriously and to have strong relationships with key stakeholders within the Government, built on credibility, strong communication skills and relevant experience;
- Provide advice and recommendations at all stages of the business cycle, driving and influencing decision making, not just providing retrospective assurance;
- Ensure its independence and will have procedures in place to manage any potential conflicts of interest;
- Provide relevant, effective, evidence-based and pragmatic advice and recommendations and robust conclusions, drawing on experience of best practice to help improve public service delivery; and
- Ensure that recommendations, which address their findings, are implemented in line with agreed timescales.