Primary navigation:

QFINANCE Quick Links
QFINANCE Reference

Home > Auditing Best Practice > World-Class Internal Audit

Auditing Best Practice

World-Class Internal Audit

by Robin Pritchard

Executive Summary

  • To be able to contribute and add value, internal audit must have the full backing of the board based on a sound understanding of what the service should deliver.

  • There is a need for internal audit to ensure that it is in touch with the highest-profile control and risk environment within the organization and its relationship to industry and world events.

  • Internal audit planning must be focused so that reporting is timely and properly directed toward critical organizational and business issues.

  • To be regarded as world class, internal audit has to have the capability, skills, and confidence to influence the provision of assurance within the context of the increasing call for independent assurance from stakeholders.

The Awareness Dilemma

The world in which we live and work today has the most complex, diverse, and challenging demographics ever known to man. Not only have we developed an appetite for travel, trade, and communication across all boundaries, but the technological advancement, awareness of the dimensions of security, and the conflicts arising from political direction and change represent a demanding challenge for everyone. This encompasses both issues that are recognized as traditional risks to governance processes across all sectors of the economy and new threats that provide a constant and changing challenge to management to deliver on corporate objectives. A well-known Chinese proverb advises: “If you must play, decide on three things first: the rules of the game, the stakes, and the time to quit.”

If in addition we map across this landscape the impact of the global financial crisis and the subsequent recession—which may yet in 2011 bring still further turmoil to financial markets, particularly in the eurozone—we have an environment in which world-class internal auditors can demonstrate the worth of their profession because, put simply, management cannot deal with the implications for their organization alone.

There is an increasing call for assurance that organizational expectations will be achieved, and, although this has historically reflected a financial focus, there is emerging evidence that a wider view is now much more appropriate to deal with the issues being faced by organizations. Interestingly, this voice does not come only from executive management but increasingly from stakeholders, who will, one assumes, expect nonexecutive directors to fulfil their responsibilities and provide protection of wider interests beyond share value or a balanced budget.

Clearly, there are many forms of assurance by which the board and executive management can be informed, either through the governance process or independently from external sources; however, an intrinsic aspect of the assurance framework must be a potentially enhanced role for internal audit. If organizations choose to use the independence of the internal auditor as the primary vehicle that informs the governance process, to satisfy national or global governance reporting requirements, then there is a significant challenge for internal audit to respond to the elevated transparency of an assurance agenda.

Case Study: Part 1

Following a tender exercise in which providers of outsourced internal audit services were invited to provide a professional view of the need for internal audit services for the United Kingdom’s National Patients Safety Agency (NPSA), KPMG was appointed on a three-year contract.

The distinguishing elements of KPMG’s tender reflected a significantly better understanding of the NPSA’s strategic objectives and the risks associated with the delivery of services within the anticipated agenda of cuts in public-sector expenditure following the UK general election in May 2010. The proposed plan contained a full reflection of the operational activity of the Agency, with a reduced but appropriate degree of attention to key financial controls.

Additionally, KPMG proposed a 40% reduction in the days to be committed to internal audit, a higher skill mix than other providers, a significant commitment to the contract from the partner/manager team, and a clear understanding of the International Professional Practices Framework (IPPF) issued by the Institute of Internal Auditors (2009).

Back to Table of contents

Further reading


  • Chambers, Andrew. Tolley’s Internal Auditor’s Handbook. 2nd ed. Edinburgh, UK: LexisNexis Butterworths, 2009.
  • Crane, Andrew, and Dirk Matten. Business Ethics. 3rd ed. Oxford, UK: Oxford University Press, 2010.
  • Institute of Internal Auditors (IIA). International Professional Practices Framework (IPPF). Altamonte Springs, FL: IIA Research Foundation, 2009.
  • Pickett, K. H. Spencer. The Essential Handbook of Internal Auditing. Chichester, UK: Wiley, 2005.
  • Poole-Robb, Stuart, and Alan Bailey. Risky Business: Corruption, Fraud, Terrorism and Other Threats to Global Business. Rev. ed. London: Kogan Page, 2003.
  • Swanson, Dan. Swanson on Internal Auditing: Raising the Bar. Ely, UK: IT Governance Publishing, 2010.
  • Verschoor, Curtis C. Audit Committee Essentials. Hoboken, NJ: Wiley, 2008.


  • British Petroleum (BP). “Deepwater Horizon accident investigation report.” September 8, 2010. Online at: [PDF].


Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share