Prepared By: Antony Harvey, Deputy Head of Southern Internal Audit Partnership

 

February 2025

 

 

 

1.     Introduction

The Global Internal Audit Standards, issued by the Institute of Internal Auditors and effective in the UK Public Sector from April 2025, guide the worldwide professional practice of internal auditing and serve as a basis for evaluating and elevating the quality of the internal audit function.

 

While the Global Internal Audit Standards apply to all internal audit functions, it is acknowledged that internal auditors in the public sector work in a political environment under governance, organisational and funding structures that differ from those of the private sector.

 

Consequently, internal audit practitioners working in, or for, the UK public sector are required to apply the Global Internal Audit Standards subject to the interpretations and requirements of the Application Note: Global Internal Audit Standards in the UK public sector, issued by Relevant Internal Audit Standard Setters (RIASS).

 

In addition, relevant public sector bodies are also required to apply the  Chartered Institute of Public Finance & Accountancy (CIPFA) Code of Practice for the Governance of Internal Audit in UK Local Government which provides a conduit for meeting the essential conditions for governance set out in the Global Internal Audit Standards, tailored for UK local government.

 

The collective requirements shall be referred to as the Global Internal Audit Standards in the UK Public Sector.  All SIAP policies and procedures have been reviewed and updated to ensure compliance with these requirements with effect from April 2025.

 

The Standards require all internal audit providers to implement and maintain an ‘Internal Audit Charter’. 

 

The internal audit charter is defined as ‘a formal document that includes the internal audit function’s mandate, organisational position, reporting relationships, scope of work, types of service, and other specifications’

2.     Definitions

The Global Internal Audit Standards in the UK Public Sector apply the following definitions:

 

The Board – ‘the governing body authorised to provide the internal audit function with the appropriate authority, role, and responsibilities.’ At New Forest District Council (‘the Council’) this shall mean the Audit Committee. 

 

Senior Management – ‘the highest level of executive management of an organisation that is ultimately accountable to the Board for executing the organisation’s strategic decisions, typically a group of persons that includes the Chief Executive Officer or Head of Organisation’.  At the Council this shall mean the Executive Management Team (EMT). 

 

 

3.     Internal Audit Mandate

The mandate for internal audit in local government is specified within the Accounts and Audit [England] Regulations 2015, which states:

 

‘5. (1) A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.

 

(2) Any officer or member of a relevant authority must, if required to do so for the purposes of the internal audit—

 

(a) make available such documents and records; and

(b) supply such information and explanations

 

as are considered necessary by those conducting the internal audit.

 

(3) In this regulation “documents and records” includes information recorded in an electronic form.’

 

From 1 April 2025, the ‘standards or guidance’ in relation to internal audit are those laid down in the Global Internal Audit Standards in the UK Public Sector   and the Code of Practice for the Governance of Internal Audit in UK Local Government.

 

The scope of internal audit includes both assurance and advisory services covering the entire breath of the Council, including all activities, assets, and personnel of the organisation.

 

Fraud investigations may also be commissioned which will be conducted by the Southern Internal Audit Partnership’s Counter Fraud Unit. 

4.     Authority, Roles and Responsibilities

 

Authority

 

The Chief Internal Auditor is positioned at a level in the organisation that enables internal audit services and responsibilities to be performed independently of management and with objectivity, enabling escalation as appropriate.

 

The Chief Internal Auditor reports functionally to the Audit Committee, and organisationally to the Strategic Director - Corporate Resources & Transformation and Section 151 Officer, who is a member of the Executive Management Team and has statutory responsibility as proper officer under Section 151 of the Local Government Act 1972, for ensuring an effective system of internal financial control and proper financial administration of the Council’s affairs.

 

The Chief Internal Auditor has direct access to the Chief Executive who carries the responsibility for the proper management of the Council and for ensuring that the principles of good governance are reflected in sound management arrangements.

 

The Chief Internal Auditor has direct access to the Council’s Monitoring Officer where matters arise relating to Chief Executive responsibility, legality and standards.

 

Where it is considered necessary to the proper discharge of the internal audit function, the Chief Internal Auditor has direct access to elected Members of the Council and in particular those who serve on committees charged with governance (i.e. the Audit Committee).  Private meetings, without senior management present, are also be offered to the Chair of the Audit Committee.

 

Should organisation structures change, senior management and the Audit Committee will ensure that the reporting line of the Chief Internal Auditor remains with a member of the Executive Management Team and retains the relevant access to Members and officers as outlined above.

 

It is recognised that the Chief Internal Auditor supervises assurance services related to activities that are managed by the Strategic Director - Corporate Resources & Transformation to whom the Chief Internal Auditor reports administratively, however, this perceived impairment is mitigated through overview from the Head of Southern Internal Audit Partnership, and the alternative reporting lines detailed above.

 

Internal audit reporting protocols are in place to ensure that the scope of work and findings for all assignments are reported appropriately and that agreed management actions are approved by senior management. 

Every effort will be made to resolve disagreements that may arise during the audit process. However, if, unresolved issues (such as limitations to the scope of work or failure to agree appropriate actions in response to audit findings) are considered by internal audit to fall outside of the Council’s risk tolerance, these will be escalated to the relevant Assistant Director and Strategic Director in the first instance and then to the Strategic Director - Corporate Resources & Transformation, Chief Executive and Audit Committee as deemed necessary.

 

The Executive Management Team and the Audit Committee authorises the internal audit function to:

 

·         Have full and unrestricted access to all functions, data, records, information, physical property, and personnel pertinent to carrying out internal audit responsibilities. Internal auditors are accountable for confidentiality and safeguarding records and information. Such access shall be granted on demand and not subject to prior notice.

 

·         Allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques, and issue communications to accomplish the function’s objectives.

 

·         Obtain assistance from the necessary personnel of the Council and other specialised services from within or outside the Council to complete internal audit services.

 

Role

 

The role of internal audit is best summarised through its definition within the Global Internal Audit Standards in the UK Public Sector, as:

 

‘An independent, objective assurance and advisory service designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.’

 

Purpose

 

Internal audit strengthens the Council’s ability to create, protect, and sustain value by providing the Audit Committee and management with independent, risk-based, and objective assurance, advice, insight, and foresight.

 

Internal audit enhances the Council’s:

 

·         Successful achievement of its objectives.

·         Governance, risk management, and control processes.

·         Decision-making and oversight.

·         Reputation and credibility with its stakeholders.

·         Ability to serve the public interest.

Internal audit is most effective when:

 

·         It is performed by competent professionals in conformance with the Global Internal Audit Standards in the UK Public Sector, which are set in the public interest.

·         The internal audit function is independently positioned with direct accountability to the board.

·         Internal auditors are free from undue influence and committed to making objective assessments

 

The Council is responsible for establishing and maintaining appropriate risk management processes, control systems, accounting records and governance arrangements.  Internal audit plays a vital role in advising the Council that these arrangements are in place and operating effectively.  The Council’s response to internal audit activity should lead to the strengthening of the control environment and, therefore, contribute to the achievement of the organisation’s objectives.

 

Responsibility

 

The responsibility for maintaining an adequate and effective system of internal audit within the Council lies with the Strategic Director - Corporate Resources & Transformation, as the authority’s Chief Finance Officer (S151 Officer).

 

For the Council, internal audit is provided by the Southern Internal Audit Partnership.  The Chief Internal Auditor (Deputy Head of Southern Internal Audit Partnership) is responsible for effectively managing the internal audit activity in accordance with the Global Internal Audit Standards in the UK Public Sector.

 

The Chief Internal Auditor

 

Has the responsibility to:

 

·         At least annually, develop a risk-based internal audit plan engaging with the Audit Committee and Executive Management Team and submit the plan to the Audit Committee for review and approval.

·         Communicate the impact of resource limitations on the internal audit plan to the Audit Committee and Executive Management Team.

·         Review and adjust the internal audit plan, as necessary, in response to changes in the Council’s business, risks, operations, programs, systems, and controls.

·         Communicate with the Audit Committee and Executive Management Team if there are significant interim changes to the internal audit plan.

·         Ensure internal audit engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards in the UK Public Sector (and relevant laws and/or regulations).

·         Follow up on engagement findings and confirm the implementation of management actions or action plans and communicate the results of internal audit services to the Audit Committee and Executive Management Team periodically and for each engagement as appropriate.

·         Ensure the internal audit function collectively possesses or obtains the knowledge, skills, and other competencies and qualifications needed to meet the requirements of the Global Internal Audit Standards in the UK Public Sector and fulfil the internal audit mandate.

·         Identify and consider trends and emerging issues that could impact the Council and communicate to the Audit Committee and Executive Management Team as appropriate.

·         Consider emerging trends and successful practices in internal auditing.

·         Establish and ensure adherence to methodologies designed to guide the internal audit function.

·         Ensure awareness of the Council’s relevant policies and procedures, however should such policies and procedures conflict with the internal audit charter or the Global Internal Audit Standards in the UK Public Sector, such conflicts will be resolved or documented and communicated to the Audit Committee and Executive Management Team.

·         Coordinate activities and consider relying upon the work of other internal and external providers of assurance and advisory services.

·         Deliver an annual conclusion that can be used by the Council to inform its annual governance statement.  The annual conclusion will conclude on the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control.  Discuss the annual conclusion with the Audit Committee and Executive Management Team and submit the annual conclusion to the Audit Committee for review and approval.

 

The Chief Internal Auditor will liaise with the external auditors on matters of mutual interest and to seek opportunities for cooperation in the conduct of audit work. The external auditors will have the opportunity to rely on the work of internal audit where appropriate.

 

A range of internal audit services are provided (Annex 1) in the delivery of the audit plan and to form the annual conclusion. The approach is determined by the Chief Internal Auditor and will depend on the level of assurance required, the significance of the objectives under review to the organisation’s success, the risks inherent in the achievement of objectives and the level of confidence required that controls are well designed and operating as intended.

 

 

Fraud and irregularity

 

Internal audit will plan and evaluate their work to have a reasonable expectation of detecting fraud and identifying any significant weaknesses in internal controls. 

 

Management is required to report all suspicions of theft, fraud and irregularity to the Chief Internal Auditor so that they can consider the adequacy of relevant controls, evaluate the implication of the fraud on the risk, control and governance processes and consider making recommendations as appropriate.

Internal audit will not carry out investigations unless commissioned to do so and where this is the case, the Chief Internal Auditor will ensure that investigators are appropriately trained in carrying out their responsibilities.

Where there is evidence that Council staff are committing fraud, internal audit will liaise with Human Resources and the Directorate concerned. 

Internal audit will consider assurance over the Council’s Anti-Fraud, Bribery and Corruption Strategy and framework as part of the internal audit planning process.

 

5.     Internal audit resources

The Chief Internal Auditor is professionally qualified (CMIIA, CCAB or equivalent), maintains a comprehensive understanding of the Global Internal Audit Standards in the UK Public Sector, has wide internal audit and management experience, reflecting the responsibilities that arise from the need to build and manage an effective internal audit function (incl. recruitment, training and development), liaises internally and externally with Members, senior management and other professionals, and demonstrates sound sector knowledge & experience.

 

The Strategic Director - Corporate Resources & Transformation will provide the Chief Internal Auditor with the resources necessary to fulfil the Council’s requirements and expectations to fulfil the audit mandate and delivery of the internal audit strategy.

 

The Head of the Southern Internal Audit Partnership has a resource strategy in place to optimise internal audit resources. Ongoing sufficiency of resources (financial, human and technological) will be transparently communicated by the Chief Internal Auditor to the Executive Management Team and Audit Committee through regular reporting as part of the approval of the internal audit plan and further throughout the year as part of the progress reports and ultimately within the annual conclusion.

 

Any resource implications that put the fulfilment of the internal audit mandate at risk will be reported accordingly through the afore mentioned reports.

 

 

Financial Resource

 

The Head of Southern Internal Audit Partnership will manage the internal audit budget to enable the successful implementation of the internal audit strategy and achievement of the plan.  The budget includes the resources necessary for the function’s operation, including training and relevant technologies and tools.

 

The Head of the Southern Internal Audit Partnership will manage the day-to-day activities of the internal audit function effectively and efficiently, in alignment with the budget.

 

 

Human Resource

 

The Head of Southern Internal Audit Partnership will ensure that the internal audit service has access to an appropriate range of knowledge, skills, qualifications and experience required to deliver the internal audit strategy and operational risk-based audit plan.

 

The Chief Internal Auditor continually evaluates the competencies of individual internal auditors (regular one-to-ones, performance management and quality review processes), and encourages professional development.

 

The annual operational risk-based plan will identify the resources required to complete the work, thereby highlighting sufficiency of available resources. The Chief Internal Auditor can propose an increase in audit resource or a reduction in the number of audits if there are insufficient resources.

 

The Executive Management Team and Audit Committee will be advised where, for whatever reason, internal audit is unable to provide assurance on any significant risks within the timescale envisaged by the risk assessment process.

 

Significant matters that jeopardise the delivery of the plan or require changes to the plan will be identified, addressed and reported to the Executive Management Team and Audit Committee.

 

If the Chief Internal Auditor, Executive Management Team or the Audit Committee consider that the scope or coverage of internal audit is limited in any way, or the ability of internal audit to deliver a service consistent with the Global Internal Audit Standards in the UK Public Sector is prejudiced, they will advise the Strategic Director - Corporate Resources & Transformation, accordingly.

 

 

 

 

 

Technological Resource

 

The Head of the Southern Internal Audit Partnership will ensure the internal audit function has technology to support the internal audit process and regularly evaluate the technology used to pursue opportunities to improve effectiveness and efficiency.

 

The implementation of new technologies is supported through effective and timely training for internal audit staff.

 

The impact of any technology limitations on the effective and efficient delivery of internal audit services will be communicated to the Executive Management Team and Audit Committee.

 

 

6.     Ethics and Professionalism

The Chief Internal Auditor will ensure that internal auditors:

 

·         Conform with the Global Internal Audit Standards in the UK Public Sector, including the principles of Ethics and Professionalism: integrity, objectivity, competency, due professional care, and confidentiality.

·         Understand, respect, meet, and contribute to the legitimate and ethical expectations of the Council and be able to recognise conduct that is contrary to those expectations.

·         Encourage and promote an ethics-based culture in the Council.

·         Report organisational behaviour that is inconsistent with the Council’s ethical expectations, as described in applicable policies and procedures.

·         Apply the Seven Principles of Public Life alongside existing ethical frameworks.

 

7.     Independence and objectivity

The Chief Internal Auditor retains no roles or responsibilities that have the potential to impair the internal audit functions independence, either in fact or appearance. 

 

Should such circumstance arise, the Chief Internal Auditor will advise the Audit Committee of the safeguards put in place to manage actual, potential or perceived impairments.

 

Internal auditors will have no direct operational responsibility or authority over any of the activities they review.

 

Accordingly, internal auditors will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgment, including:

 

·         assessing specific operations for which they had responsibility within the previous year.

·         performing operational duties for the Council or its affiliates.

·         initiating or approving transactions external to the internal audit function.

·         directing the activities of any Council employee that is not employed by the internal audit function, except to the extent that such employees have been appropriately assigned to internal audit team or to assist internal auditors.

Internal auditors will:

 

·         disclose impairments of independence or objectivity, in fact or appearance, to the Chief Internal Auditor.

·         exhibit professional objectivity in gathering, evaluating, and communicating information.

·         make balanced assessments of all available and relevant facts and circumstances.

·         take necessary precautions to avoid conflicts of interest, bias, and undue influence.

 

Induction and refresher training combined with internal audit procedures and guidance provide a systematic and disciplined approach for gathering and evaluating information to provide a balanced assessment of the activity under review.

 

The Chief Internal Auditor will ensure that the internal audit function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication.

 

If the Chief Internal Auditor determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties.

 

Internal auditors will maintain an unbiased mental attitude that allows them to perform engagements objectively such that they believe in their work product, do not compromise quality, and do not subordinate their judgment on audit matters to others, either in fact or appearance.

 

In addition, to achieve the degree of independence and objectivity necessary to effectively discharge its responsibilities, arrangements are in place to ensure the internal audit activity:

 

·         operates in a framework that allows unrestricted access to the Executive Management Team and Audit Committee.

·         reports functionally to the Audit Committee.

·         reports in their own name.

·         rotates responsibilities for audit assignments within the internal audit team.

·         completes individual declarations confirming compliance with rules on independence, objectivity, conflicts of interest and acceptance of inducements, and

·         ensures the planning process recognises, records and addresses potential conflicts of interest.

 

A register of potential conflicts of interest will be maintained with each case assessed and outcomes documented. If, despite this, independence or objectivity is impaired in fact or appearance, the details of the impairment will be disclosed to the Executive Management Team and Audit Committee.  The nature of the disclosure will depend upon the impairment.

 

The Executive Management Teamwill ensure that independence is safeguarded through ensuring internal audit’s access to staff and records, as set out in regulations and the charter, operates freely and without any interference and where there are actual or potential impairments to the independence of internal audit, the Executive Management Team will work with the Chief Internal Auditor to remove or minimise them or ensure safeguards are operating effectively.

 

The Audit Committee will support internal audit’s independence by reviewing the effectiveness of safeguards at least annually, including any issues or concerns about independence raised by the Chief Internal Auditor.

 

The Chief Internal Auditor will confirm to the Audit Committee, at least annually, the organisational independence of the internal audit function.  The Chief Internal Auditor will disclose to the Audit Committee any interference internal auditors encounter related to the scope, performance, or communication of internal audit work and results. The disclosure will include communicating the implications of such interference on the internal audit function’s effectiveness and ability to fulfil its mandate

 

Matters around the appointment, removal, remuneration and performance evaluation of the Chief Internal Auditor will be undertaken by the Head of the Southern Internal Audit Partnership.

The Audit Committee should provide feedback on the performance evaluation of the Chief Internal Auditor.  This will be achieved through an annual survey sent to all Audit Committee members.

 

 

8.     Due Professional Care

Internal auditors will perform work with due professional care, competence and diligence. Internal auditors cannot be expected to identify every control weakness or irregularity, but their work should be designed to enable them to provide reasonable assurance regarding the controls examined within the scope of their review.

 

Internal auditors will have a continuing duty to develop and maintain their professional skills, knowledge and judgement based on appropriate training, ability, integrity, objectivity and respect.

 

Internal auditors will apprise themselves of the Global Internal Audit Standards in the UK Public Sector and the Code of Practice for the Governance of Internal Audit in UK Local Government and will work in accordance with them in the conduct of their duties.

 

Internal auditors will be alert to the possibility of intentional wrongdoing, errors and omissions, poor value for money, failure to comply with management policy and conflicts of interest. They will ensure that any suspicions of fraud, corruption or improper conduct are promptly reported to the Chief Internal Auditor in accordance with the Council’s laid down procedures.

 

Internal auditors will treat the information they receive in carrying out their duties as confidential.  There will be no unauthorised disclosure of information unless there is a legal or professional requirement to do so. Confidential information gained during internal audit work will not be used to effect personal gain.

 

9.     Communication, Reporting and Oversight

Internal Audit Strategy

 

The Head of the Southern Internal Audit Partnership will develop and implement a strategy for the internal audit function that supports the strategic objectives and success of the Council and aligns with the expectations of the Audit Committee, Executive Management Team and other key stakeholders.

 

The internal audit strategy is a plan of action designed to achieve the audit function’s long-term objective(s).  The internal audit strategy includes a vision, strategic objectives, and supporting initiatives for the internal audit function to help fulfil the internal audit mandate.

Internal Audit Charter

 

The internal audit charter defines the internal audit function’s mandate, organisational position, reporting relationships, scope of work, types of service, and other specifications relevant to its effective operation.

 

Audit Plan

 

The Chief Internal Auditor will develop an internal audit plan that supports the achievement of the Council’s objectives.

 

The plan will be based on a documented assessment of the Council’s strategies, objectives, and risks.  Such assessment will be informed through engagement with the Audit Committee, and Executive Management Team as well as the Chief Internal Auditors understanding of the organisation’s governance, risk and control processes. 

 

The plan will be regularly reviewed with significant changes discussed and approved with the Executive Management Team and Audit Committee in a timely manner.

 

Audit Assignments

 

Internal auditors will communicate with management at the commencement of each review to ensure that the scope and timing of the work is understood and agreed, and this will be documented in a Terms of Reference.  Internal audit contacts agreed as part of this process will be expected to be available for discussions and to provide the information required to complete the assignment in line with the timelines agreed.  Regular communication throughout the review will ensure timely awareness of any issues arising and a close of audit meeting will also be held to summarise and confirm findings.  

 

The results of all planned audit assignments will be summarised in a formal report, including:

 

·         the purpose and scope of the reviews

·         the assurance opinion

·         an executive summary

·         action plans outlining issues arising and actions proposed by management to address them (including consideration of root cause and identification of key themes).

The reports will be distributed and agreed in line with established reporting protocols for each Directorate.

 

 

 

Progress Reports

 

Throughout the year the Chief Internal Auditor will maintain regular communications with the Executive Management Team and Audit Committee on internal audit performance and other matters such as:

 

•  revisions to the plan.
• any impairments to independence.
• significant risk exposures and control issues, including fraud risks, governance issues, and other areas of focus for management that could interfere with the achievement of the Council’s strategic objectives.
• results of assurance and advisory services.
• management’s responses to risk that the internal audit function determines may be unacceptable or acceptance of a risk that is beyond the Council’s risk appetite.

·         performance measures, including ongoing conformance with the Global Internal Audit Standards in the UK Public Sector.

• evaluation of resourcing to meet the requirements of the internal audit mandate / plan.   

 

 

Annual Conclusion

 

The Chief Internal Auditor shall deliver an annual conclusion that can be used by the Council to inform its annual governance statement.

 

The annual conclusion will conclude on the overall adequacy and effectiveness of the Council’s framework of governance, risk management and control.

 

The annual conclusion will incorporate as a minimum:

 

·         the opinion.

 

·         a summary of the work that supports the opinion.

 

·         a statement on conformance with Global Internal Audit Standards in the UK Public Sector and the Code of Practice for the Governance of Internal Audit in UK Local Government.

 

·         results of the quality assurance and improvement programme.

 

 

 

 

 

Quality assurance and Improvement Programme

 

The Head of the Southern Internal Audit Partnership maintains a quality assurance and improvement programme that covers all aspects of the internal audit function.  The programme includes:

 

External Quality Assessments – to be performed at least once every five years by a qualified independent assessor or assessment team (with appropriate characteristics and sector knowledge).  The requirement for an external quality assessment may also be met through a self-assessment with independent validation.

 

The decision on the appointment of the external assessor and format of the external quality assessment will be communicated to the Council’s Executive Management Team and Audit Committee.

 

Internal Quality Assessments – self-assessments to be performed annually to review internal audits conformance with the Global Internal Audit Standards in the UK Public Sector and the Code of Practice for the Governance of Internal Audit in UK Local Government along with progress towards performance objectives.

 

The Chief Internal Auditor will communicate annually the results of the internal quality assessment to the Executive Corporate Management Team and Audit Committee.  The results of external quality assessments will be reported when completed.

 

In both cases communications will include:

 

·         The internal audit function’s conformance with Global Internal Audit Standards in the UK Public Sector and the Code of Practice for the Governance of Internal Audit in UK Local Government and achievement of performance objectives.

 

·         Compliance with laws and regulations relevant to internal auditing.

 

·         If applicable, plans to address the internal audit function’s deficiencies and opportunities for improvement.

 

In addition, an annual satisfaction survey will be conducted with key stakeholders to assess the value of the service and to seek suggestions for improvement.

 

The results of the survey, annual self-assessment, and external assessment will be shared with the Executive Management Team and Audit Committee, together with plans to address any issues arising.

 

Executive Management Team

 

As those responsible for the leadership and direction of the Council it is imperative that the Executive Management Team are engaged in:

 

• input, review, and approval of the internal audit mandate and charter (minimum annually).
• input, review, and approval of the internal audit strategy.
• input, and approval of the risk based internal audit plan (making appropriate enquiries of the Chief Internal Auditor to determine inappropriate scope and resource limitations).
• receiving regular progress reports from the Chief Internal Auditor on the outcomes and internal audits performance relative to its plan.
• review and approval of the Chief Internal Auditors annual conclusion.
• review of the quality assurance and improvement programme, engaging with, and receiving the results of internal and external assessments, including areas of non-conformance.
• review and approval of the internal audits performance objectives/ measures

 

The Audit Committee

 

As those responsible for the governance of the Council it is imperative that the Audit Committee are engaged in:

 

• input, review and approval of the internal audit mandate and charter (minimum annually).
• input, review, and approval of the internal audit strategy.
• input, and approval of the risk based internal audit plan (making appropriate enquiries of management and Chief Internal Auditor to determine inappropriate scope and resource limitations).
• receiving regular progress reports from the Chief Internal Auditor on the outcomes and internal audits performance relative to its plan.
• review and approval of the Chief Internal Auditors annual conclusion.

• review of the quality assurance and improvement programme, engaging, with, and receiving the results of internal and external assessments, including areas of non-conformance.
• review and approval of the internal audit’s performance objectives/ measures.

• participation in discussions with the Chief Internal Auditor and senior management about the “essential conditions,” described in the Global Internal Audit Standards in the UK Public Sector.
• overview of significant advisory services not already included in the audit plan, prior to acceptance of the engagement.

10.Review of the internal audit mandate and charter

This mandate and charterwill be reviewed annually (minimum) by the Chief Internal Auditor and reported to the Executive Management Team and Audit Committee for approval to ensure that any changes to the Global Internal Audit Standards in the UK Public Sector, reorganisation within the organisation or other significant changes affecting the nature and scope of internal audit services are considered.   

 

 

 

Annex 1

 

Assurance Services

 

o   Risk based audit: in which risks and controls associated with the achievement of defined business objectives are identified and both the design and operation of the controls in place to mitigate key risks are assessed and tested, to ascertain the residual risk to the achievement of managements’ objectives. Any audit work intended to provide an audit opinion will be undertaken using this approach.

 

o   Developing systems audit: in which the plans and designs of systems under development are assessed to identify the potential weaknesses in internal control and risk management; and programme / project management controls are assessed to ascertain whether the system is likely to be delivered efficiently, effectively and economically.

 

o   Quality assurance review: in which the approach and competency of other reviewers / assurance providers are assessed in order to form an opinion on the reliance that can be placed on the findings and conclusions arising from their work.

 

o   Advisory services: in which advice can be provided, either through formal review and reporting or more informally through discussion or briefing, on the framework of internal control, risk management and governance.

 

The nature and scope of advisory services may be agreed with the party requesting the service, provided the internal audit function does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during advisory engagements. These opportunities will be communicated to the appropriate level of management. 

 

o   Data analytics: is a process of assessing data to find trends, patterns or other insights.   Internal auditors use data analytics to find and define risks, errors, and anomalies that could reveal deeper problems.  The extended use of data analytics helps provide greater levels of assurance through analysis of a total population rather than traditional sampling methodologies.

 

o   IT Audit: a specialist IT audit team are in place that are experienced in covering all aspects of established and emerging technologies. With IT underpinning a vast majority of how we function assurance in this area is crucial.  To be able to provide a fully qualified team of IT audit specialists is a fundamental component of the audit offering.

 

 

o   Fraud and irregularity investigations: Internal audit may provide specialist skills and knowledge to assist in or lead fraud or irregularity investigations, or to ascertain the effectiveness of fraud prevention controls and detection processes.

 

o   Value For Money: is implicit in the vast majority of our internal audit work, however, value for money work can also be conducted through review of the optimal use of resources to achieve an intended outcome, and can be summarised as:

·         Economy – minimising the cost of resources used or required (inputs) – spending less

·         Efficiency – the relationship between the output from goods or services and the resources to produce them – spending well

·         Effectiveness – the relationship between the intended and actual results of public spending (outcomes) – spending wisely

 

o   Third party assurance: the availability of objective assurance from other assurance providers will be considered in determining audit needs. Where internal audit needs to work with the internal auditors of other organisations, a practice which is expanding with the development of more organisational strategic partnerships, the roles and responsibilities of each party, as well as billing arrangements, will be clearly defined, agreed and documented prior to the commencement of work.  Internal audit will also ensure awareness of and seek to place reliance on the work of other independent review bodies.