Committee Report Checklist
Stage 1
Report checklist – responsibility of report owner
|
ITEM |
Yes / No |
Date |
|
Councillor engagement / input from Chair prior to briefing |
|
|
|
Commissioner engagement (if report focused on issues of concern to Commissioners such as Finance, Assets etc) |
|
|
|
Relevant Group Head review |
|
|
|
MAT+ review (to have been circulated at least 5 working days before Stage 2) |
|
|
|
This item is on the Forward Plan for the relevant committee |
Yes |
23/03/25 |
|
Reviewed by |
|
|
|
Finance comments |
TC |
27/08/25 |
|
Risk comments |
|
|
|
Legal comments |
LH |
29/08/25 |
|
HR comments (if applicable) |
|
For reports with material financial or legal implications the author should engage with the respective teams at the outset and receive input to their reports prior to asking for MO or s151 comments.
Do not forward to stage 2 unless all the above have been completed.
Stage 2
Report checklist – responsibility of report owner
|
ITEM |
Completed by |
Date |
|
Monitoring Officer commentary – at least 5 working days before MAT |
L Heron |
29/08/25 |
|
S151 Officer commentary – at least 5 working days before MAT |
T Collier |
27/08/25 |
|
|
|
|
|
Confirm final report cleared by MAT |
|
|
|
Title |
External Quality Assessment |
|
Purpose of the report |
To inform |
|
Report Author |
Iona Bond, Deputy Head of Southern Internal Audit Partnership |
|
Ward(s) Affected |
All Wards |
|
Exempt |
No |
|
Exemption Reason |
N/A |
|
Corporate Priority |
Community Addressing Housing Need Resilience Environment Services |
|
Recommendations
|
|
|
Reason for Recommendation |
In accordance with the Global Internal Audit Standards in the UK Public Sector the Chief Internal Auditor is required to develop a plan for an external quality assessment. |
1. Executive summary of the report
|
What is the situation |
Why we want to do something |
|
• In accordance with the Global Internal Audit Standards in UK Public Sector the Chief Internal Auditor is required to develop a plan for an external quality assessment. |
• In accordance with the Global Internal Audit Standards in UK Public Sector the Chief Internal Auditor is required to develop a plan for an external quality assessment. |
|
This is what we want to do about it |
These are the next steps |
|
• Note arrangements for the pending external assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector. |
• To inform Management Team and Group Heads of the pending external assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector. • To inform Audit Committee of the pending external assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector at the meeting of 25 September 2025. |
1.1 This report provides an overview of arrangements for the pending external assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector.
2. Key issues
Contextual information
2.1 The mandate for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015, which states:
‘A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.’
2.2 From 1 April 2025, the ‘standards or guidance’ in relation to internal audit are those laid down in the Global Internal Audit Standards (GIAS), Application Note: Global Internal Audit Standards in the UK Public Sector (Application Note) and the Code of Practice for the Governance of Internal Audit in UK Local Government. The collective requirements are referred to as the Global Internal Audit Standards in the UK Public Sector (the Standards).
2.3 The Standards (8.3) require ‘the Chief Internal Auditor to develop, implement and maintain a quality assurance and improvement programme that covers all aspects of the internal audit function. The programme includes two types of assessments:
· External assessments
· Internal assessments’.
2.4 The Southern Internal Audit Partnership’s Quality Assurance and Improvement Programme is provided at Appendix A.
2.5 The Standards (8.4) require that ‘the Chief Internal Auditor must develop a plan for an external quality assessment and discuss the plan with the Audit Committee. The external audit assessment must be performed at least once every five years by a qualified, independent assessor or assessment team. The requirement for an external assessment may also be met through a self-assessment with independent validation.
Form of External Quality Assessment
2.6 There are two approaches to meeting the requirement of an External Quality Assessments.
· A Full-scope External Quality Assessment (EQA) involves an independent and qualified Assessment Team. This is a more expensive option, as there is less work required by the Southern Internal Audit Partnership. The EQA is conducted in accordance with the Quality Assessment Manual with most of the work conducted by the Independent Assessment Team.
· A Self-assessment with Independent Validation (SAIV) is where the Southern Internal Audit Partnership performs the “self-assessment” portion and an external, independent qualified validators review the self-assessment portion and provides their “independent validation.” The SAIV is conducted in accordance with the requirements of the Quality Assessment Manual and the self-assessment team is responsible to execute all aspects of the requirements as defined therein. This is a more economical approach because the Southern Internal Audit Partnership compiles most of the work.
2.7 Both approaches include workpaper reviews, surveys, stakeholder interviews, and issuance of a report that provides a rating as identified by the Quality Assessment Manual, i.e., Full Achievement, General Achievement, Partial Achievement and Non-Achievement.
External Assessor
2.8 GIAS 8.4 sets out a requirement that when selecting the independent assessor or assessment team, the chief internal auditor must ensure at least one person holds an active Certified Internal Auditor designation.
2.9 The Relevant Internal Audit Standard Setters (RIASS) in their Application Note have determined that the qualification requirement in GIAS 8.4 (External Quality Assessment) should be replaced by a more comprehensive qualification requirement within the public sector.
2.10 The enhanced expectation within the public sector is that at least one person has the characteristics outlined for qualification as a chief internal auditor. The RIASS consider that such a person would normally have an understanding of the GIAS commensurate with the Certified Internal Auditor designation, including internal audit relevant continuing professional development and an understanding of how the GIAS are applied in the UK public sector. These matters must be considered as part of the selection process.
Independence
2.11 It is essential that there are no impairments to the independence of the external assessor or assessment team driven by past, present, or anticipated future relationships with the organisation, its personnel, or the Southern Internal Audit Partnership.
2.12 Appropriate due diligence has been carried out on the assessors and their assessments teams with which we have engaged to quote for the pending external quality assessment.
Scope & Frequency
2.13 There is a requirement that all internal audit providers undergo an external quality assessment performed by an independent and qualified assessor or assessment team at least once every five years to ensure conformance with the Standards.
2.14 It is permissible that more frequent external quality assessments are undertaken should this be considered necessary.
2.15 Given the requirement to supplement the external quality assessment with an annual self-assessment the outcomes of which will be fully and transparently reported to the Audit Committee, it is considered that an external quality assessment every five years remains a proportionate approach.
2.16 Should there be significant change to arrangements within the Southern Internal Audit Partnership including changes in leadership, operating model, methodologies or excessive staff turnover, the Head of the Southern Internal Audit Partnership will further engage with Senior Management and the Audit Committee to discuss whether an additional external assessment (within the 5-year timeframe) would be appropriate.
2.17 The scope of the external quality assessment will include a comprehensive review of the Southern Internal Audit Partnership’s:
· Conformance with the Global Internal Audit Standards in the UK Public Sector.
· Mandate, charter, strategy, methodologies, processes, risk assessment and internal audit planning.
· Performance measures and outcomes.
· Qualifications and competencies including those of the Chief Internal Auditor.
· Integration into the organisation’s governance processes.
· Contribution towards the organisation governance, risk management, and control processes.
· Contribution to the organisations operations and ability to attain its objectives.
· Ability to meet the expectations of stakeholders.
External Quality Assessment Providers
2.18 There are several organisations capable of providing external quality assessments, however, the requirement of public sector expertise does significantly limit the field. Consequently, the Head of Southern Internal Audit Partnership has engaged with the following providers to acquire details of approach and cost:
· Chartered Institute of Public Finance and Accountancy (CIPFA)
· JC Audit Training Ltd
· BHBi (in partnership with Littlejohn and Haley).
External Quality Assessment Providers Discounted
2.19 A further credible source of assessment provider would be the Institute of Internal Auditors (IIA), however, due to the IIA having undertaken the Southern Internal Audit Partnership’s external quality assessments in 2015 and 2020 this was not explored for our 2025 assessment as it is considered a fresh perspective on conformance and operating practices would be beneficial and mitigates any perceived impairment to independence.
2.20 The Global Internal Audit Standards do enable provision for reciprocal peer assessments rotated among three or more organisations within the same industry sector.
2.21 Due to their nature there would be no financial outlay in adopting this approach, however, there would be the opportunity costs of the Head of the Southern Internal Audit Partnerships time in reciprocating any peer review requested of the SIAP.
2.22 The independent status of the external assessment is paramount and there may be a perception that this is diminished as part of the peer review approach. As such the collaborative approach has not been explored further as part of this paper.
Implications for Multi Service Providers
2.23 The benefits of an EQA go beyond conformance with the GIAS. An EQA provides independent and objective assurance to internal audit stakeholders that the governance, management, and services of internal audit are meeting best practice and the needs of the organisation.
2.24 However, the introduction of new requirements in GIAS, such as the essential conditions placed on the audit committee and senior management, introduce practical challenges for multi-client providers (MCPs) such as the Southern Internal Audit Partnership which need to be considered.
2.25 The involvement of the audit committee and senior management can now present challenge for MCPs who have historically arranged one EQA to cover all clients. MCPs now need to consult with every audit committee they provide services to and provide individual reports, increasing the workload and costs which have not been previously factored.
2.26 There remains ongoing consultation, and we await further clarification in the spring/ summer, however, engagement with each of the potential assessor has made clear our operating model, position as a multi-client provider and need to ensure a robust process to demonstrate conformance on which all of our partner organisations can place reliance.
Recommended Approach
2.27 It is proposed that the Southern Internal Audit Partnership conduct their external assessment as a Self-Assessment with Independent Validation (SAIV) as outlined in paragraph 2.6.
2.28 The key drivers for the SAIV approach include:
· It is a recognised approach within the Standards, meeting the requirements of an external quality assessment.
· The approach requires external validation from an independent, qualified external assessor.
· Provides a more economical approach as a majority of information gathering is completed by the Southern Internal Audit Partnership. This is particularly pertinent due to our multi-client provider status.
· Minimises capacity implications for our Partners.
Next Steps
2.29 Following receipt of quotations from the providers (detailed in paragraph 2.18) a full assessment of proposals will be undertaken with appointment based on:
· Cost.
· Experience (profession and industry).
· Qualification.
· Independence.
· Approach.
2.30 The successful provider will be commissioned to undertake the SAIV with a requirement for completion by December 2025.
2.31 The Southern Internal Audit Partnership have already compiled a full self-assessment against the Global Internal Audit Standards in the UK Public Sector during July / August 2025 in preparedness for the external assessor.
2.32 A copy of the external assessor report will be presented to the first meeting of the Audit Committee in 2026. Additionally, an action plan for review and approval will be presented by the Chief Internal Auditor to address any identified deficiencies or opportunities for improvement, if applicable.
Conclusion
2.33 To accord with the Global Internal Audit Standards in the UK Public Sector the Head of the Southern Internal Audit Partnership has put in place arrangements for a SAIV to be conducted during November / December 2025.
3. Options appraisal and proposal
3.1 To inform the Audit Committee of arrangements for the pending external assessment of the Southern Internal Audit Partnership against the Global Internal Audit Standards in the UK Public Sector.
4. Risk implications
4.1 The absence of conducting an external audit assessment within the specified timelines will conflict with the expectation of the Global Internal Audit Standards of completing an EQA every 5 years.
5. Financial implications
5.1 There is no additional budget impact to the Council.
6. Legal comments
6.1 The Council is required to make proper provision for internal audit in accordance with the 1972 Local Government Act and the Accounts and Audit Regulations 2015.
6.2 The Council’s internal audit function is required to comply with the Global Internal Audit Standards (GIAS), which standards are designed to ensure high quality and effective internal audit functions.
6.3 By completing the external review of the effectiveness of internal audit the Council will ensure compliance with the GIAS. In addition, this external review will provide assurance in respect of the quality and the effectiveness of the Council’s internal audit function.
Corporate implications
7. S151 Officer comments
7.1 As S151 Officer, it is important to receive independent reassurance as to the effectiveness of the Council’s internal audit support which plays a key role in supporting the S151 to undertake their responsibilities. The S151 Officer is supportive of the approach set out and does not have any issues with the proposed provider to undertake the SAIV.
8. Monitoring Officer comments
8.1 The Monitoring Officer confirms that the relevant legal implications have been taken into account.
9. Procurement comments
9.1 There are no procurement implications immediately arising from this report.
10. Equality and Diversity
10.1 Equality and diversity are key considerations that feature in the assessment of risk and audit needs.
11. Sustainability/Climate Change Implications
11.1 Sustainability is a key consideration and features in the assessment of risk and audit needs.
12. Other considerations
12.1 None.
13. Timetable for implementation
13.1 The SAIV will be completed by December 2025. The EQA will be applicable for the period 1 April 2026 – 31 March 2031.
14. Contact
14.1 Iona Bond, Deputy Head of Southern Internal Audit Partnership iona.bond@hants.gov.uk
Please submit any material questions to the Committee Chair and Officer Contact by two days in advance of the meeting.
Background papers: There are none.
Appendices:
Appendix A - Quality Assurance and Improvement Programme