Audit Committee – 21 March 2025
Internal Audit Charter and Risk Based Plan 2025-26
|
Purpose |
For information |
|
Classification |
Public |
|
Executive Summary |
In accordance with Regulations and Standards:
· the Council must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.
· all internal audit providers are required to implement and maintain an ‘Internal Audit Charter’.
· internal audit must create a risk-based internal audit plan that supports the achievement of the organisation’s objectives.
The internal audit charter is defined as ‘a formal document that includes the internal audit function’s mandate, organisational position, reporting relationships, scope of work, types of service, and other specifications’ and is reported to the Audit Committee annually. The risk based internal audit plan for 2025-26 has been developed at a strategic level providing a value adding, and proportionate level of assurance aligned to the Council’s Corporate Plan Priorities.
The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives.
|
|
Recommendation(s) |
The Audit Committee are invited to provide input to and approve the Internal Audit: Charter 2025-26 (Appendix A); and Risk-Based Plan 2025-26. |
|
Reasons for recommendation(s) |
In line with the Standards, the Audit Committee are responsible for the governance of the Council and it is imperative they are therefore engaged in input, review and approval of the internal audit mandate and charter; and risk based internal audit plan. |
|
Ward(s) |
All Wards |
|
Portfolio Holder(s) |
Councillor Jeremy Heron – Finance and Corporate |
|
Strategic Director(s) |
Alan Bethune, Strategic Director of Corporate Resources and Transformation. S151 Officer |
|
Officer Contact |
Antony Harvey Deputy Head of Southern Internal Audit Partnership 07784 265289 |
1. The mandate for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015, which states:
2. From 1 April 2025, the ‘standards or guidance’ in relation to internal audit are those laid down in the Global Internal Audit Standards (GIAS), Application Note: Global Internal Audit Standards in the UK Public Sector (Application Note) and the Code of Practice for the Governance of Internal Audit in UK Local Government. The collective requirements shall be referred to as the Global Internal Audit Standards in the UK Public Sector (the Standards).
3. The Southern Internal Audit Partnership have made all necessary adaptions to its processes, procedures and practices to ensure it is best placed to conform with these requirements with effect from 1 April 2025.
4. The Standards (6.2) require all internal audit providers to implement and maintain an ‘Internal Audit Charter’. The internal audit charter is defined as ‘a formal document that includes the internal audit function’s mandate, organisational position, reporting relationships, scope of work, types of service, and other specifications’
5. Standard 11.3 (Communicating Results) references the possibility that a chief internal audit may be required to make a conclusion at the level of the organisation about the effectiveness of governance, risk management and/or control. Section 10B of the Application Note makes it a mandatory requirement in the UK public sector, for the chief internal auditor to prepare such an overall conclusion at least annually in support of wider governance reporting. This overall conclusion must encompass governance, risk management and control. The requirement for an overall conclusion must also inform planning carried out under GIAS Standard 9.4 (Internal Audit Plan).
6. In accordance with the Standards (9.4) there is a requirement that internal audit must create a risk-based internal audit plan that supports the achievement of the organisation’s objectives. The internal audit plan provides the mechanism through which the Chief Internal Auditor can ensure most appropriate use of internal audit resources to fulfil the audit mandate and delivery of the internal audit strategy.
7. The aim of internal audit’s work programme is to provide independent and objective assurance to management, in relation to the business activities; systems or processes under review that:
Internal Audit Charter 2025-26
8. The internal audit charter is reported to the Audit Committee annually for review and approval and it has been updated to reflect the requirements of the new Standards. A copy is attached as Appendix A.
Internal Audit Risk-Based Plan 2025-26
9. The proposed risk based internal audit plan for 2025-26 is attached at Appendix B and has been developed at a strategic level providing a value adding, and proportionate level of assurance aligned to the Council’s Corporate Plan Priorities. It is based on a range of inputs including review of the Council’s Principal Risk Register and Service Risk Registers, sector knowledge and discussions with Directorate Management Teams.
10. Internal audit focus should be proportionate and appropriately aligned, and as such, only high and medium priority reviews identified during the planning process are incorporated within the Internal Audit Plan. The exception to this is where ‘mandatory’ audits (for example to certify the accuracy of grant claims to meet funding requirements) or specific management requests have been raised and sufficient capacity is available.
11. The audit plan will remain fluid to ensure internal audit’s ability to react to the changing needs of the Council. Any additions to the plan must be able to clearly demonstrate a contribution to the audit conclusion on risk management, control and governance.
12. Any changes to the plan (including advisory assignments) will be transparently reported to the Executive Management Team and the Audit Committee during the course of the year for approval as part of our regular Progress Reports.
13. The Internal Audit Charter ensures the Chief Internal Auditor has sufficient resource necessary to fulfil the requirements and expectations to deliver an internal audit conclusion.
14. Significant matters that jeopardise the delivery of the plan, or require changes to the plan will be identified, addressed and reported to the Audit Committee, through regular progress reports.
15. The endorsement and sponsorship of the plan(s) at Member / Executive officer level will assist in providing the engagement and buy-in of staff at an operational level to ensure the outcome of audit reviews are optimised.
16. The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements. Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively. The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives.
Options appraisal
17. No alternative options have been considered as this report is a requirement under relevant legislation and standards.
Consultation undertaken
18. This report has been discussed and agreed with the Executive Management Team.
Financial and resource implications
19. The audit plan consists of 400 audit days including 18 audit days provided to the New Forest National Park Authority under the current Service Level Agreement. The Council’s budget for 2025-26 reflects these arrangements.
Legal implications
20. There are no additional implications arising from this report.
Risk assessment
21. No formal risk assessment is required.
Environmental / Climate and nature implications
22. There are no additional implications arising from this report.
Equalities implications
23. There are no additional implications arising from this report.
Crime and disorder implications
24. There are no additional implications arising from this report.
Data protection / Information governance / ICT implications
25. There are no additional implications arising from this report.
|
Appendices: |
Background Papers: |
|
Appendix A – Internal Audit Charter 2025-26 Appendix B – Risk Based Internal Audit Plan 2025-26
|
Implementation of the Global Internal Audit Standards |