Audit reports
You are here: Home / Audit reports / Products / Good Practice Guides Developed by the External Audit Function / Collection of Good Practice Guides / 01 Compliance issues / Guide no. 01/02: Internal audit as a of top management steering tool

Document Actions

Guide no. 01/02: Internal audit as a of top management steering tool


(1) As a matter of principle, it is worthwhile setting up an internal audit function for federal authorities. Relevant decision should be based on appropriate risks analyses.

(2) Top management should design the internal audit function in line with its specific steering and control needs and show commitment to this function. To do so, it should set up a staff unit in charge of internal audit to adopt its annual working programme. Also top management should arrange for timely and direct reporting of the internal audit unit to the top management and urge the organizational units in question to respond to the internal audit findings.


As a matter of principle, top management of each federal authority decides about setting up an internal audit function. Where applicable, subordinate authorities have to comply with requirements imposed by their respective supreme federal authority. There are no Acts of Parliament and no statutory instruments stipulating that federal entities are required to set up an internal audit function.

 In 2004, we looked into the way in which several authorities used internal audit as a tool.

 (1) We found that many federal authorities did not have an adequate understanding of the objectives, tasks and working methods of an internal audit service. Often it was not perceived as a steering tool of top management. Many authorities had failed to set up an internal audit function.

 An internal audit function supports administrative and technical supervision, satisfies the requirement of transparency and promotes ‘ethical behaviour’. Moreover, it has a deterrent impact, since it has access to all procedures, processes and decisions within the authority, which thereby are ‘threatened by internal audit’. Where top management of an authority decides against having an internal audit function in spite of perceivable risks, it is co-responsible to a considerable extent for any ensuing irregularities, shortcomings or corruption.

We found that authorities often decided about whether or not to have an internal audit function in place without analysing the risks inherent in their tasks. Thus, they failed to use this key indicator to identify weaknesses. We therefore recommended that decisions for or against having an internal audit function be taken on the basis of appropriate risks analyses. When making this decision, the authority’s top management needs to assess as to whether the existing risks are so small in terms of potential damage and likelihood of occurrence that no internal audit function is needed.

(2) Different ways of integrating the internal audit function into the organisation were chosen. Most authorities opted for making internal audit a staff unit directly reporting to top management. Nevertheless, quite a number of authorities chose to integrate internal audit into their line structure. In our opinion, this lacking awareness demonstrated that the internal audit function was not identified and designed as an effective steering tool.

Not all internal audit units had agreed an annual working programme with top management. In some cases, top management waived any involvement in the internal audit unit’s mission planning and performance. In these cases, internal auditors acted e.g. only at the initiative of individual organisation units and reported their findings to those units only that had ‘commissioned’ internal audits.

On the whole, we found that the internal audit function had the greatest impact where top management demonstrated high commitment to this function, emphasising it by appropriate organisational arrangements. Thus, the attitude of top management is in our opinion critical to the success of internal audit. If an authority’s top management adopts this tool although it is not fully convinced of its merits or in response to external pressure, internal audit is likely not to develop a major impact.


In 2006, the Public Accounts Committee of the German Parliament endorsed our relevant findings. In March 2007, that Committee asked the Federal Ministry of the Interior to bring about a joint decision of the federal government departments about the framework conditions for the internal audit function in the federal administration, taking regard to the Bundesrechnungshof’s suggestions.

In December 2007, the Federal Ministry of the Interior responded by promulgating the following “Recommendations for Internal Audit Services in the Federal Administration” supplemented by guidelines and a case study. We consider these documents appropriate for giving authorities clear and concise guidance on key issues.

Our more recent studies in individual authorities have shown that improvements have been made in implementing and integrating the audit function. Nevertheless, they also show that the recommendations of the Federal Ministry of the Interior have not yet been fully implemented (cf. Bundesrechnungshof’s 2011 annual report, item 26).






Filed under:
© 2020 Bundesrechnungshof