Skip to main content

Looking at Internal Audit through a new lens

Posted by: , Posted on: - Categories: Analysis and factual trends, Making organisations work well
Head and shoulders of man in shirt and tie
Jon Whitfield, Chief Executive, Government Internal Audit Agency (GIAA)

We established the Government Internal Audit Agency (GIAA) in 2015, with the aim of creating a single audit practice for government. GIAA is now a professional organisation employing nearly 500 civil servants. They deliver internal audit, risk assurance and counter fraud services for 14 government departments and around 140 arm’s length bodies.

The agency covers three-quarters of central government - a significant step in transforming how the Civil Service uses internal audit. By linking our work to our customers’ risk-management frameworks, we provide assurance on how well they are managing the key risks to achieving their business objectives.

We came together as a melting pot of audit teams and other professionals from a wide range of departmental backgrounds. The Civil Service may speak a common language, but there are different ‘dialects’ and we have learned to listen to every voice. Diversity is one of our greatest strengths – bringing with it a wealth of experience and plenty of different ideas and opinions. It’s this mix that’s helped us to navigate a wave of cultural change.

Breaking out of silos

The challenge is to bring this change to life and reap the benefits across the Civil Service by providing insight, resilience and sharing knowledge. We simply couldn’t do that if we continued to work in silos, as we were doing.

Tim Le Mare, Delivery Director, GIAA: “One of our greatest strengths in the agency is the rich pool of talent and ideas we can rely on to help us move forward. As an organisation created to provide risk-based assurance, we’re also surprisingly confident about venturing into unknown territory.”

We’ve had to be brave and take a few risks ourselves trying out new ideas. We supported our people through change by providing an evidence-based toolkit drawing on behavioural science. We worked with an organisational psychologist to develop sessions to explore mindfulness, personal values and mindset to help build personal resilience.

I was prepared for a degree of scepticism, but these workshops turned out to be hugely popular.

Organisational psychologist Ross McIntosh, who worked with GIAA, said: “I’m overwhelmed by the positive response to our ‘skills for change’ sessions. Colleagues have been really open to the idea and we’ve had requests to do more – both face-to-face and online."

Connecting our people

I’ve always felt strongly about being as inclusive as possible. Our workforce is dispersed around the country, and using technology to connect our people has helped us build a new working community. We now hold regular webinars - including our first all-agency session in May this year - so that everyone can join in.

I hold my own monthly forums in a different office each time. It’s important for me to see our people where they actually work and to get a feel for what’s happening locally. It’s unrealistic to try to do that with all our agency meetings, so we’ve found new ways - including Skype meetings and webinars - to stay connected.

We’ve also found innovative ways to encourage engagement through our new intranet system, enabling more user input. Blogging and discussion groups have opened new channels for sharing ideas, discussing common concerns and, importantly, celebrating success and promoting opportunity.

Bringing former departmental audit teams together in one agency has enabled greater working across government which, in turn, offers better opportunities for individuals. Gareth Edwards is a member of our award-winning GIAA team in Swansea, who mostly audit the DVLA. As he describes, joining the agency allowed him to broaden his skills:

“I wanted to learn by helping in another area of work. My usual customer is the DVLA, so I was pleased to get a chance to support our team based at HM Treasury with their audit work.

“I’m based some 150 miles from Westminster, and wasn’t sure how would it work or how I would prioritise my work when accountable to two teams. I needn’t have worried. We built a good relationship and my new colleagues were just a phone-call away. Both my managers were flexible and encouraging.

“I completed audit assignments for HM Treasury and its arm’s-length bodies and was surprised by just how much I could achieve working remotely.

“Working with multiple clients let me identify and share good practice and I feel motivated by the variety of work. I’ve grown as an auditor and enjoyed testing myself with new clients and extending my network.”

New audit methodology

As well as managing the cultural aspect of change, it was imperative that we provided the training tools to ensure that everyone understood our new audit methodology and the bespoke software to support it.

Our auditors have come from teams who were previously working in other government departments using a variety of audit management software packages or, in some cases, none at all. Providing a new software package to help everyone plan and complete high-quality audits was a big ask. It was also an opportunity to make improvements and establish new standards.

Under the umbrella of the NAMMS project (New Audit Methodology and Management System), we designed and built a new training portal. Our NAMMS Academy offers a flexible learning resource that addresses both the cultural and technical aspects of the change programme.

Before fully rolling out NAMMS, user testing and pilots helped us assess its benefits and identify any problems. Feedback was important in avoiding technical problems as we transitioned across from different systems. It was the first time our teams had worked together using a common platform, sharing experience and agreeing a way forward.

Speaking customers' language

We based our new methodology and audit management system on best practice from the public and private sectors. To address the needs of our UK Government customers we use best practice business process frameworks developed by the Civil Service professions in partnership with government departments. These common frameworks help us speak the language of our customers, apply consistent models to similar work and share best practice across government.

An example of this is GDPR (General Data Protection Regulation), which gives enhanced protection for personal data, and imposes stricter obligations on those who process personal data. To prepare for this, we worked with customers using our standard framework to assess their readiness. This enabled us to then publish a thought leadership paper and an Accounting Officer bulletin to summarise our findings on best practice.

More collaborative leadership

We designed the NAMMS project to achieve GIAA’s aim to “become greater than the sum of our individual parts”. Senior colleagues have adapted to a new way of leading to support me at every crucial step of that journey. Previously, many of our senior leaders took the major decisions about internal audit in their teams and departments. Now, they work together to provide the customer insight and expertise that our executive management team and I need to make those decisions.

It took time to adjust to this more collaborative style, but it is now becoming embedded at all levels in the organisation. One fundamental principle that we’re committed to is the value of consultation.

Consistent approach

We now plan our audit work to a common methodology with common risks and business processes. This allows us to analyse our plans, identify key themes and common audit areas and bring people together to work on them, improving our own people’s skills and knowledge and ultimately, the service to customers.

A consistent approach to performance appraisal means our people are assessed as professionals relative to their peers. To provide an attractive prospect for upcoming talent, we’re focusing on building a pipeline for leadership and providing choice by offering general and specialist career paths in the internal audit and counter fraud professions.

GIAA Professional Practice Director Jo Rowley said: “Talking to and listening to each other is essential when creating a new organisation, but what really makes the difference for GIAA is working together outside of our old, familiar teams to build something new that we all own.”

New tools, new skills

The future looks exciting. Developments in technology will enable us to explore how data analytics, robotics and even artificial intelligence can play a role in risk-based auditing. Our specialist commercial auditors are already performing data-mining tests, which enable us to compare information quickly. For example, we can look at data from an external supplier alongside payroll master data to identify errors and fraud risks.

Our profession will need to learn new skills to make the most of these tools so we can make quicker comparisons on a larger scale. The time saved will allow auditors to look at more information in greater depth.

Having said that, nothing will replace the human touch when it comes to building relationships. So, my parting wish is that GIAA continues to listen to every member of the team and to our customers.

Pride and responsibility

From the start, our aim has been to provide the best possible internal audit service across government. As part of the wider government Finance Function we are entrusted with helping to protect public money. That’s a huge responsibility and a great motivator. It’s helped us to focus on bringing together all the best elements of our melting pot culture so that our customers and, ultimately, the public reap the benefits.

As I come to the end of my Civil Service career I am proud that we have established an organisation, and given it the tools, to deliver an internal audit and investigation service that can work beyond departmental silos. GIAA is well placed to support the Civil Service in meeting its current and future challenges

Sharing and comments

Share this page

1 comment

  1. Comment by Marija Liudvika Drazdauskiene posted on

    It has been very interesting to familiarise myself with how the Government Internal Audit Agency is structured and how it functions. Functioning to provide risk-based assurance, the GIAA works by providing insight, resilience and sharing knowledge. As a reader, I am convinced that the GIAA can provide "the best possible audit service across government". This post has given me an idea of how the functioning of the best Western government is ensured. Thank you.