Objective
Internal Audit is responsible for advising all levels of management and the Council (through its Audit and Scrutiny Committee), on the Council’s systems of internal control. It is a review activity which continuously reinforces line management’s responsibility for effective internal controls. The existence of internal audit is not a substitute for management’s responsibility to ensure the existence of a sound framework of internal control. Internal audit supports:
- Management’s organisational objectives
- The Audit and Scrutiny Committee’s need for overall assurance on the quality and cost effectiveness of risk management and internal controls.
Internal Audit areas of focus include:
- Risk Management and Internal control effectiveness
- Statutory, procedures and control compliance
- Implementation of recommendations
- Corporate governance
- Systems development
- Process improvement
- Performance reporting
- Value for Money and Best Value
Over time it is envisaged that the function will increase the proportion of reviews of operational systems, value for money and contribute to Best Value.
Scope
Internal Audit’s work provides assurance on the extent to which management controls ensure that:
- The Council’s assets are safeguarded from significant losses, including those caused by fraud, waste, inefficiency and commercially unsound practices;
- Relevant laws, rules and regulations are complied with;
- Operations are conducted effectively, efficiently and economically;
- Operations are conducted in accordance with Council policies and procedures;
- Management information systems are reliable and secure;
- Systems under development are monitored, that appropriate internal controls are built in and are consistent with the organisations’ needs;
- Significant Council risks are identified and effectively managed;
- Major Council projects achieve their objectives.
In addition, Internal Audit may perform special reviews requested by the senior management or the Audit and Scrutiny Committee. When plans are changed for such reviews, this is reported to the Audit and Scrutiny Committee so that it clearly understands the implications on resources and for the assurance it requires about internal controls, and any impact on the delivery of agreed plans.
Independence
Internal Audit is independent of the systems and activities it reviews and will objectively report its findings to the appropriate level of management in order to ensure corrective action is taken on a timely basis. To this end, Internal Audit has the authority to require a timely written response to any findings and recommendations contained in assignment reports.
Wherever internal audit provides proactive consultancy advice it must be careful to maintain its independence from the operational activity concerned to preserve its ability to undertake an objective review at a future date.
Consultancy advice includes guidance regarding the controls designed for developing systems or the implications for controls of amendments to systems; guidance regarding risk management and internal control strategies; and guidance regarding the development of best practice corporate governance structures and processes.
Authority and Access
Internal Audit has no responsibility for operational functions within the Council and no direct responsibility for, nor authority over any of the activities subject to internal audit review. Internal Audit derives its authority from the Council who enable them to have unrestricted access to all records, systems, documents, property and staff as required in the performance of its work.
Internal Audit has unrestricted access to the officer designated as responsible under Section 95 of the Local Government Act 1973, the Chief Executive and the Chair of the Audit and Scrutiny Committee.
Internal Audit Management
The Council’s Chief Internal Auditor has responsibility for:
- Assisting directors and management with risk management;
- Developing a plan that is based on assessed Council risks and Internal Audit’s objectives;
- Developing a programme based on the plan and which is flexible enough to meet changing organisational needs;
- Ensuring that resourcing arrangements are in place to deliver the plan and are flexible enough to cope with special requests;
- Providing regular progress reports to senior management and the Audit and Scrutiny Committee;
- Ensuring Internal Audit remains effective, credible, productive and focused on areas of most significance to the Council;
- Working with line management constructively to challenge and improve established and proposed practices and to put forward ideas for improving processes;
- Developing an appropriately skilled team, supported where necessary by external expertise, to meet best practice;
- Maintaining an open relationship with the external auditors; and
- Fostering a culture of joint-working with management leading to agreed solutions.
Internal Audit is not relieved of its responsibilities when areas of the Council are subject to review by others. It always needs to assess the extent to which it can rely upon that work, co-ordinate its audit planning with those other review agencies, e.g. external auditors, and decide what further investigations need to be carried out.
Quality and Skills
The Council’s Chief Internal Auditor has responsibility for ensuring the skills of Internal Audit staff are developed and maintained through:
- Recruitment of appropriately qualified and experienced staff,
- Re-skilling and training Internal Audit staff e.g. in complex technical areas, in the use of technology, implementing best practice and in developing inter-personal skills such as communication;
- Techniques such as benchmarking to identify and adopt appropriate best practices;
- The engagement of external specialists as and when necessary and cost-effectively to meet changing Council needs; and
- Developing and monitoring appropriate internal audit performance measures, including mechanisms for continuous improvement.
Internal Audit must demonstrate objectivity and professionalism, including applying best practice and compliance with the Code of Practice for Internal Audit for Local Authorities in the UK.
