Go To Search
Click to Home
How Can Different Organizational Structures Pass Peer Review Under One Set of Standards?
By Erin Kenney

Quality Control: Where Governance and Independence Intersect 

The Association of Local Government Auditors (ALGA) peer review program is one of five recognized peer review programs in the 2018 Generally Accepted Government Auditing Standards (GAGAS 5.61). ALGA members striving to comply with GAGAS through our peer review program come from a myriad of organizational structures that differ greatly: some auditors are elected, some are appointed, some are internal, some are external—to name a few. How can organizations with such varying structures each comply with the same GAGAS governance and independence standards?

ALGA’s peer review coordinators have seen a lot— their depth of expertise and consistency in handling various challenges are hallmarks of ALGA’s peer review program. This article reveals how governance and independence challenges can be addressed consistently, despite varying organizational structures.


First let us tackle governance. In ALGA’s peer review program, governance ultimately equates to leadership. Audit leadership is responsible for governance of the audit function; to include its system of quality within the organization (GAGAS 5.05, 5.06). Importantly, GAGAS 5.07 states that audit organization leadership is responsible for the system of quality control.

For auditors, systems of quality control are documented in policies and procedures developed by audit leadership. Your policies and procedures manual include many requirements designed to ensure your organization meets GAGAS.

Following this logical progression, one expects the organization’s policies and procedures to ensure compliance with independence standards. The peer review team coming to evaluate your shop will expect to see it there. After all, GAGAS 5.08 specifies:

The audit organization should establish policies and procedures on independence and legal and ethical requirements that are designed to provide reasonable assurance that the organization and its personnel maintain independence and comply with applicable legal and ethical requirements.


What does the GAGAS say about independence? A word search indicates…well, a lot. Audit organizations and individual auditors must be independent and should avoid situations that could lead someone to conclude otherwise (GAGAS 3.18, 3.19). These “situations” are “threats to independence,” and several are noted in GAGAS 3.30:

a. Self-interest threat
b. Self-review threat
c. Bias threat
d. Familiarity threat
e. Undue influence threat
f. Management participation threat
g. Structural threat

Auditors apply the GAGAS Conceptual Framework to identify threats, evaluate the significance, and apply safeguards to eliminate or mitigate threats to an acceptable level. See 2018 GAGAS, Chapter 3, Figure 1: Generally Accepted Government Auditing Standards Conceptual Framework for Independence for a flowchart on applying the conceptual framework in accordance with GAGAS.

ALGA’s peer review committee is often asked specific questions regarding independence, particularly when it appears that audit leadership may be subject to undue influence or pressure. When this happens, we tell the audit organization that the peer review team will evaluate the safeguards that the organization has implemented. Keep in mind, if the audit shop identifies threats, the steps taken must be documented. Not only does this help the organization address threats, it alerts the peer review team during its evaluation.

GAGAS sections 3.50 through 3.69 describe many safeguards, including protections that may be implemented. However, GAGAS 3.51 notes that these safeguards do not apply for all circumstances. In that case, what to do?

One option is to look at safeguards implemented by internal auditors. Organizational independence can be complicated for internal auditors. The Institute of Internal Auditors International Standards for the Professional Practice of Internal Auditing (the Red Book) provides additional guidance that can be of help to government auditors. Consider the following reporting method and insert your governing body in lieu of the referenced “board.”

Organizational independence is effectively achieved when the chief audit executive reports functionally to the board. Examples of functional reporting to the board involve the board:

  • Approving the internal audit charter.
  • Approving the risk-based internal audit plan.
  • Approving the internal audit budget and resource plan.
  • Receiving communications from the chief audit executive on the internal audit activity’s performance relative to its plan and other matters.
  • Approving decisions regarding the appointment and removal of the chief audit executive.
  • Approving the remuneration of the chief audit executive.
  • Making appropriate inquiries of management and the chief audit executive to determine whether there are inappropriate scope or resource limitations (IIA ISPPIA 1110 Interpretation).


ALGA’s peer review program has evaluated several shops that do not consider themselves internal audit functions but still incorporate this type of guidance into their policies and procedures to address and mitigate threats to independence.
Prior to an ALGA peer review, audit organizations complete forms describing the audit functions and organizational structure. It is here that the ALGA peer review team may become aware of potential challenges. For example, Form 4 specifically requests structural information, and Form 7 requests a description of the organization’s quality control system. A few of these questions are excerpted below:

Form 4: Audit Organization Background Information

8. Describe the authority of your audit organization, how the Audit Director is appointed, to whom the audit organization reports, and where the audit organization is located within the governmental entity. Please attach an organization chart, if available.

9. Describe the mission, duties, and responsibilities of your audit organization. Include any duties or responsibilities other than auditing performed by your audit organization as required by charter, ordinance, trust indenture, state statute, benefit/retirement plan, etc.



ALGA’s peer review program recognizes unlimited types of structures, and consistently evaluates all three audit shop types: those that follow the Yellow Book, those that follow the Red Book, and those that follow both sets of standards (the “orange” shops). This is another advantage of ALGA’s peer review program. There are instances when ALGA consults with GAO or recommends the audit organization consult with GAO on independence matters. Ultimately, we can help to ensure that audit organizations are well positioned to undergo an ALGA peer review.

ALGA’s peer review coordinators are always there to help. Steeped in knowledge, highly communicative, and with boundless resources at their fingertips, ALGA’s peer review coordinators ensure consistency and fairness across the wide peer review spectrum.


Erin Kenney recently retired from Los Angeles Fire and Police Pensions as its Departmental Audit Manager. An ALGA 2019 ALGA Lifetime Achievement Award recipient, Erin has been involved in ALGA for over 10 years, and particularly with ALGA’s Peer Review Program as a Peer Review Committee member and Chair, and a Peer Review Workshop presenter. Erin currently works as a consultant for the Law Enforcement Inspections and Auditing Group (LEIAG) as its Vice President of Public Sector Auditing.

A Certified Internal Auditor (CIA), Certified Government Auditing Professional (CGAP), and Certified Fraud Examiner (CFE), Erin was also certified as a Robert Presley Institute of Criminal Investigation Instructor. Erin is a member of the Institute of Internal Auditors, the Association of Certified Fraud Examiners, and the Association of Local Government Auditors. She holds an undergraduate degree in Political Science from the University of Southern California and lives in the Hollywood Hills with her guitar-playing husband, Mickey.