Skip to toolbar
  • Log In
  • Register
  • Home
  • Galleries
  • Members
  • Share
  • Contact us

An OECD website


Skip to content
  • Home
  • Galleries
  • Members
  • Share
  • Contact us
Login Menu

< < Back to Strategic Foresight

Strategic Foresight

Case

Establishing the Internal Audit Function in the French Ministry of Defence: A journey into uncharted waters

September 22, 2020

by François Gautier

Tags: foresight

Share

Highlights

  • Setting objectives and understanding the existing assurance landscape are critical first steps for developing and enhancing internal audit functions
  • When defining objectives, consider those that are “non-negotiable,” such as the internal audit governance structure. Steady and persistent communication and education are keys to achieve them, through the highs and lows
  • Effective internal audit functions, particularly new ones, rely on top management support and buy-in for long-term success

Having historically relied on internal and external assurance providers, the French Ministry of Defence (MoD), much like other ministerial departments, was not familiar with internal audit (IA) until recently. A 2011 decree officially introduced the concept of IA into the French public administration. This required each ministry to comply with professional auditing standards and establish an audit committee as well as an IA service. An intergovernmental coordination committee was set up to harmonise consistent approaches and feedback channels. In the nine years since, IA in the MoD has advanced and shown its value, although the journey is far from over. The time is ripe to take a step back and draw some lessons from this experience.

Raising the sails with two main challenges

  1. Limited audit culture: Independent and objective assessments of the MoD’s processes and operations are traditionally undertaken by Inspection Services, which cover numerous activities ranging from audit and evaluation to inspection and direct advisory work for top management. At times, their duties even extend to operational tasks. Internal audit is often limited to verification of financial and accounting processes, and;
  2. An overcrowded assurance landscape: Being a complex and multi-layered organisation, the MoD tends to rely on different internal and external assurance providers, mainly independent inspection bodies, which poses challenges vis-à-vis coordination.

The combination of these features initially led to a stripped-back, minimal approach to IA focusing on compliance with standards, for fear that an ambitious reform would end up adding yet another layer of bureaucratic burden for operational services.

Moving forward, with the highs and the lows

The graphic below shows the aims and progression of IA in the MoD, and the challenges that accompanied them.

Created by the author

Main lessons learned: Find the right balance between ambition and pragmatism

Identify specific context

Establishing an IA function is no easy process. Understanding the environment, the rationale and the expectations of senior management are initial steps that should not be underestimated. First, reflecting on the context helps in identifying the best approach to take, and the objectives to set, for the introduction of IA. You should be pragmatic in your approach and ambitious in your objectives.

Created by the author

Identify key success factors

Seek top management buy-in for the long term

Top management support and buy-in are key to the introduction and long term development of an IA function, particularly in an environment where the audit culture and external compulsory incentive (e.g regulatory or financial) are low.  In this regard, the main setback for IA between 2015 and 2017 was the lack of commitment and buy-in at senior and top level management. In the end, we secured buy-in by:

  • Focusing on IA governance: the early establishment of a small ministerial audit commmitee with non-executive members and external private sector senior experts chaired at the highest level proved effective not only in demonstrating initial management buy-in, but also in providing strategic guidance for the long term.
  • Providing quick wins and tangible results in the short term. Our initial focus on coordination aimed at quickly responding to management’s fear that IA would add another layer in a crowded assurance environment.  It was also the opportunity for IA to take the lead in an area where expectations were high and legacy poor. In the short term, the assurance coordination work of IA started with basic information sharing to initiate the process and start getting results.
  • In parallel, IA worked on the development of a proactive sharing and coordination tool with the MoD Business Intelligence service to ensure a more dynamic coordination in the longer term.  In another area, the development of the audit methodology started with a focus on recommendations and communication with auditees, where management expectations were high regarding IA in comparison to existing assurance activities, such as inspections or evaluations.

Clarify the objectives and goals of IA

Beyond compliance with standards, best practices or regulations, it is paramount to identify where the real added value of IA lies for the organisation. This of course may vary substantially depending on the context and the audit culture. In this process, we also identified non-negotiable objectives, such as the positioning of the IA service or the governance of the IA function (notably the composition and chairmanship of the audit committee) that were key to successful IA implementation.

Created by the author

Never give up communicating and educating

The majority of my time as Head of IA at the MoD, in the initial phases, has been dedicated to establishing and maintaining communication between all levels of management. Although this is partially due to the specific context of the MoD, the communication process is vital wherever you are. Communication and education aimed at convincing, clarifying and explaining what IA is about, and how it fits in the MoD assurance framework demonstrates the added value of IA. An MoD IA policy approved by the Minister early in the process was very helpful in this regard as it gave all stakeholders a general framework to work from.  

Created by the author

The exchanges were also an opportunity to listen to legitimate fears and expectations, and adapt project priorities accordingly. In this process, language has been important so as to avoid jargon and expert terminology, such as making reference to practical goals instead of standards. As of 2020, IA is a mainstay in the assurance landscape of the MoD, with strong leadership, enhanced coordination and a harmonised methodology.

Created by the author

Heading the MoD’s IA during this implementation period was a privilege. Facing multiple challenges, including cultural changes, forced me to not take the benefits of IA for granted and to seek what could be the tangible benefits of IA in the unique MoD environment.

About the expert
François Gautier is Head of the Office of Internal Audit and Risk Management in NATO. Previously, he was the Head of the French Ministry of Defence Internal Audit Function (2017-2020). He first served as an army officer before working in audit for more than 15 years, in the Defence sector and in various international organizations.
The views in this article are the author’s only, and do not necessarily represent the views of the OECD or its member countries.
Share
< < Back to Strategic Foresight

Gallery index

  • How can auditors and oversight committees monitor the quality of public sector audit?

    April 27, 2021

  • Understanding & Repairing Misalignments on Risk

    April 23, 2021

  • From audits to action: Time for a strategic approach to accountability

    September 23, 2020

  • Strategic Foresight in Audit Institutions and Across the Public Sector

    September 22, 2020

  • Establishing the Internal Audit Function in the French Ministry of Defence: A journey into uncharted waters

    September 22, 2020

Let’s Discuss

Strategic Foresight

Home › Forums › Establishing the Internal Audit Function in the French Ministry of Defence: A journey into uncharted waters

  • Author
    Posts
  • Lisa Kilduff
    Member
    @lisa-kilduff
    September 22, 2020 at 3:47 pm #811

    Here you can discuss the topic of the content

    Reply
    Ahmed Barhoom
    Participant
    @a-barhoom
    May 25, 2021 at 10:56 am #1190

    Thank you for such an informative and focused subject.

    making reference to practical goals instead of standards?

    what you mean by practical goals, is it the one set up by the management in advance or other goals.

     

    the standards will be more strong to evidence specially if they were approved or international .

    Best regards

    Reply
    François Gautier
    Participant
    @fgautier
    June 2, 2021 at 3:34 pm #1195

    Dear Ahmed,

    practical goals do not oppose or contradict standards. What I experience is that an approach by standards only (“we do it because the international standards tell us to”) is very challenging when you seek senior management drive in.  The risk is that IA is considered only as a compliance issue which is very restrictive.

    A pragmatic approach to implement IA : starting from the organization objectives, culture and maturity level vis à vis IA, and demonstrating how IA, whose the effectiveness is strengthened by the compliance to international standards, can support and drive the performance of the organization.

    Of course this approach is less necessary when the organization has a comprehensive understanding of what is IA and how it can support the achievement of  the organization’s goals.

    best regards

    François

    Reply
  • Author
    Posts
Viewing 3 posts - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.
Log In
No apps configured. Please contact your administrator.

Privacy policy | Terms and Conditions | www.oecd.org

If you have suggestions on the design or content of the website, we want to hear from you.
Email us at [email protected] with your ideas.

Auditors Alliance

Sign into Auditors Alliance
Lost Password
Lost your password? Please enter your username or email address. You will receive a link to create a new password via email.

Lost Password

@

Not recently active

On this website we use first or third-party tools that store small files (cookie) on your device. Cookies are normally used to allow the site to run properly (technical cookies), to generate navigation usage reports (statistics cookies) and to suitable advertise our services/products (profiling cookies). We can directly use technical cookies, but you have the right to choose whether or not to enable statistical and profiling cookies. Enabling these cookies, you help us to offer you a better experience.