This indicator assesses the standards and procedures applied in internal audit . It contains the following four dimensions and uses the M1 (WL) method for aggregating dimension score:

  • Dimension 26.1. Coverage of internal audit
  • Dimension 26.2. Nature of audits and standards applied
  • Dimension 26.3. Implementation of internal audits and reporting
  • Dimension 26.4. Response to internal audits


Regular and adequate feedback to management is required on the performance of the internal control systems, through an internal audit function (or equivalent systems monitoring function). Such a function should use a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. In the public sector, the function is primarily focused on assuring the adequacy and effectiveness of internal controls: the reliability and integrity of financial and operational information; the effectiveness and efficiency of operations and programs; the safeguarding of assets; and compliance with laws, regulations, and contracts. Effectiveness of risk management, control, and governance processes should be evaluated by following professional standards such as the International Standards for the Professional Practice of Internal Auditing, issued by the Institute of Internal Auditors. These include: (a) appropriate structure particularly with regard to organizational independence; (b) sufficient breadth of mandate, access to information; and power to report; and (c) use of professional audit methods, including risk assessment techniques. Internal audit provides assurance that systems are operating to achieve government objectives efficiently and effectively. They contribute to

budgetary outcomes by providing oversight and assurance and by timely recommendations to management regarding corrective action necessary when weaknesses are identified.


26:1. The internal audit function may be undertaken by an organization with a mandate across entities of the central government or by separate internal audit functions for individual government entities. The combined effectiveness of such audit organizations is the basis for rating this indicator.

26:2. It is important to differentiate audit and control: this indicator is concerned with internal audit and not as it often occurs (particularly in francophone African countries) with control activities, sometimes referred to as pre-audit. Internal audit functions concerned only with pre-audit of transactions, which is here considered part of the internal control system, are assessed in PI-25.

26:3. In decentralized systems, or where complete information is not available, a sampling approach should be applied, using the five major budgetary units or institutional units as measured by gross expenditure in the last completed fiscal year. For an A score, every one of the five units need to meet the requirements. For B and C scores four and three entities, respectively, need to meet the requirements. It would be preferable that assessors and government agree on the sampling approach.

In case of disagreement, differences of views can be accommodated in an annex as explained in the Framework under Part 3: The PEFA report, paragraph 4 (see PEFA framework).

26:4. If there is no internal audit function, the score for dimension 26.1 would be D. NA would be entered for dimensions 26.2, 26.3, and 26.4. The aggregate indicator score in this case would be D.

26:5. If information is only available for internal audit within BCG, assessors should determine the weight of BCG when scoring as the materiality for BCG may meet the requirements for an A, B or a C score. If the weight cannot be ascertained, the score would be D*.

Pillar Five: Predictability and Control in Budget Execution