Insights from the Study of Internal Audit Function in Selected ASEAN Central Banks

Abstract

This academic study examined the maturity of the internal audit function in the public sector in the member states of the Association of Southeast Asian Nations (ASEAN) by benchmarking the function with the Institute of Internal Auditors’ Capability Model for the public sector. Benchmarking the function enables us to understand the current capabilities of the internal audit function and the steps needed to enhance its capabilities. Considering the diversity in political, socio economic and governance structures in ASEAN, it becomes imperative that examining an organization that is critical to its nations’ interests, provides insight into the internal audit function in the public sector, and at the same time helps draw meaningful comparisons across ASEAN Member States. Central bank for the purpose of this study is the most appropriate institution. The central bank holds a unique and important role in a nation’s economy and its transactions can only be performed by a public sector organization. It is also an institution that shares a similar mandate across countries and is based on a legal framework — the Bank Act. The central bank is also expected to supervise the internal audit function of institutions under its supervision, and as such can be expected to have a well-developed internal audit function compared to other public sector organizations. To measure the maturity and capability of the internal audit function in central banks, the study benchmarked the current capabilities of the function with the Internal Audit Capability Model (IA-CM) developed by The Institute of Internal Auditors (IIA). The IA-CM measures key process areas (KPAs) on five capability levels and six elements of internal auditing. Information regarding the current capability of the internal audit function of the central banks was gathered using a survey. The survey contained questions that covered the majority of the KPAs of the IA-CM and was based on the Global Internal Audit Survey of the IIA for 2010 and 2015. The results of the survey show that, while the services and role of the internal audit function is consistently defined across the responding member states, significant variation exists among the states in regard to professional practices, people management and performance management. The remaining two elements—governance structures and organizational relationships—show slight variation among the responding member states. Key gaps observed were the absence of audit committees, evolving risk management processes, the lack of risk- based audit plans and external reviews of the internal audit function, and the emerging risk of information technology, which is expected to gain prominence over the next five years. As public sector auditing is key to good public governance, ASEAN Member States need to take steps to strengthen governance structures and professional practices, and ensure that internal audit functions are appropriately staffed to cope with the emerging risks faced by public sector organizations.