Internal audit shall provide local governments with reliable evidence on how the financial and other systems are functioning within municipality government structures, highlighting their strengths and weaknesses. Audit findings, conclusions and recommendations usually support the continuous improvement of management processes within the municipalities.

Moreover, an internal audit is critical to protect the integrity and improve impartiality and objectivity on municipal decision-making processes. Internal audit is a particularly useful tool to detect violations in high-risk areas, such as asset management, procurement, cash handling, etc.

On the other hand, internal audit itself is not immune from integrity abusive practices.

In order to maintain high operational standards, the internal audit shall be required to act with an appropriate level of integrity. Implementing trainings for internal audit members in high-risk areas, such as, conflicts of interest, corruption, financial management, is a specific solution that may be considered as a profitable strategy to maintain high-quality operational procedures.


An integrity risk assessment of the internal audit processes may identify some or all of the following integrity risks/ risk factors (the list is not limited):

  • Local government does not conduct audits to conceal particular facts or activities. Performance audit is not risk based and fails to address critical risks. Auditors do not implement the audit plan. The audits do not follow the respective procedure and/or do not comply with the applicable requirements.

  • Impartiality and objectivity of the auditing process is not sufficiently safeguarded. CoI rules are not followed, favouritism and nepotism affect the audit implementation. There are breaches of confidentiality, leakage of information and/or concealing of information encountered.

  • Audit findings and conclusions are altered without justification against undue benefit. There is a political interference in the audit findings, conclusions and recommendations. Auditors do not base conclusions on adequate objective evidence to favour a third party.

  • There is no monitoring of the audit recommendations. Officials do not follow auditors’ recommendations. Officials implement corrections only, without making a further enquiry into the necessary corrective measures. The effectiveness of the corrective measures undertaken is not verified.


Following the risk assessment, the local government may consider the following risk management strategies as development points:

  • Introduce and maintain comprehensive and clear policy and procedures on internal audit per category. Align with applicable regulations, as well as with available standards. Cover all steps, including requirements to auditors, documentation and reporting; allocation of responsibilities, oversight mechanisms. Address the risk management, internal audit planning, internal audit resourcing, internal audit performance assessment and quality assurance. Communicate them effectively.

  • Maintain independence of auditors from the administration and the internal control structure. Commit auditors to an audit charter to outline the jurisdiction and authority.

  • Ensure effective risk-based audit planning. Turn risk and integrity risk management into a focus area in performance audits. Increase use of unplanned audits.

  • Set up an effective system to monitor implementation of the audit plan and provide for immediate corrective measures in case of unjustified non-implementation and delays.

  • Implement integrity operational controls: CoI declarations, rotation of auditors, “four eyes”, as appropriate.

  • Strengthen auditing capacities and increase professionalism of auditors. Conduct a thorough needs assessment to identify training needs and implement a continuous training for auditors. Pay special attention to specific areas (e.g. – legal framework, fraud audits, IT audits, etc), as well as to application of the audit techniques (sampling, interviews, sufficiency of evidence, etc.). Build and strengthen adequate capacities in audit committees to enable them to properly oversee the process. Ensure all staff is well aware of their accountabilities.

  • Ensure that internal communication system regarding audits is effectively functioning. Ensure full access by the auditors to all premises and records.

  • Set up an effective monitoring system to oversee implementation of audit recommendations, including a web-based Audit-Monitor Tool. The system is to address audit recommendations, register the progress made and to serve as a single dashboard for public managers to monitor and evaluate internal control actions.