Reforming Internal Audit for the Public Sector
Blogs Irfan Rehmat, CIA, ACA, FCCA May 13, 2026
When the Global Internal Audit Standards (GIAS) were released in 2024, public sector internal auditors like me had this question in mind: Could we apply the new Standards to a government-owned entity? Governance structures, strategic objectives, operations, and financial requirements are often more complex in public sector organizations than those of comparable profit-driven corporate entities.
When the GIAS came out, I had been working in a public sector internal audit function for several years. It had always been a challenge to apply the 2017 Standards, as they did not specifically cater to public-sector entities.
Specifically, I work in the United Arab Emirates’ district energy sector. Widely adopted across the Gulf Cooperation Council and in countries such as the U.S., district energy centralizes the production of chilled water and heated water in dedicated plants and distributes it through an underground network to multiple buildings for air conditioning and heating. This model replaces conventional standalone cooling and heating systems, offering improved energy efficiency, reduced carbon emissions, and optimized lifecycle costs.
However, the model also introduces operational complexity, such as long-term capacity planning and network reliability, metering accuracy, billing integrity, and customer service delivery. In this environment, internal audit extends well beyond traditional financial oversight and requires a deeper understanding of operational, technical, and regulatory policies and controls.
The Shift to a Strategic Role
Internal audit in the public sector has always been about verification, compliance with policies and procedures, and ensuring controls are in place. The new Standards, however, reform this role to align with corporate strategy and provide more insights. The GIAS introduced specific guidance on governance, ethical culture, and oversight structures tailored for public-sector internal audit functions. This guidance positioned internal audit as a strategic enabler rather than a traditional assurance function.
In the UAE’s district energy environment, this means the internal audit function needs to go beyond transactional reviews and engage with business aspects such as capacity building and optimization, demand forecasting, and ESG initiatives.
With the new Standards, I began asking deeper questions such as:
- Based on factors such as energy demand and general profitability, what type of infrastructure assets need to be constructed?
- Was the UAE’s 2025 net-zero strategy taken into consideration before employing contractors?
This change has transformed internal audit from a function auditing past data into a more future-driven strategic partner.
Governance and Accountability
In the public sector, governance structures can create overlaps between oversight and management. In my view, the most impactful aspect of the new Standards is the focus on clearly defining governance requirements for public sector entities. These enhancements clarified and reinforced the governance roles of the government, board of directors, and audit committee, ensuring the internal audit function remains independent, authoritative, and effective.
Coordination with Risk Management
The new Standards also reinforce the need for enterprise risk management (ERM) functions and internal audit to interact closely. This elevates internal audit’s role from one that merely validates controls to a more robust risk assurance function capable of challenging ERM risk assumptions and providing independent assurance in a rapidly changing risk landscape
In the environment of district energy companies, this would include:
- Operational continuity and infrastructure reliability.
- Climate-related and sustainability risks.
- Vendor concentration and third-party dependencies.
- Regulatory compliance within the utilities sector.
Adopting the GIAS
Adapting to the new Standards requires more than just a traditional or procedural approach. It demands a mindset transformation, challenging internal audit functions to rethink how they develop capabilities, engage with stakeholders, and structure teams. Standalone technical expertise is not enough; skills such as strategic thinking, data analysis, and strong communication and advisory skills will distinguish the high-performing, value-adding internal audit functions from the ineffective ones.
In my experience, this transformation is essential for internal audit to remain relevant in increasingly complex and dynamic environments.
For public sector entities, the new Standards present a unique opportunity to elevate the role of internal audit. As we move into the future, it is imperative that internal audit actively contribute to governance, risk management, and strategic decision-making and no longer merely provide assurance to stakeholders in isolation.
The new Standards are not just an update; they are a redefinition of the purpose of internal audit. In a sector as critical as district energy, where operational reliability and sustainability directly impact communities, the evolution of internal audit is not optional.
The views and opinions expressed in this blog are those of the author and do not necessarily reflect the official policy or position of The Institute of Internal Auditors (The IIA). The IIA does not guarantee the accuracy or originality of the content, nor should it be considered professional advice or authoritative guidance. The content is provided for informational purposes only.