This Charter describes for the Council the purpose, authority and responsibilities of the Internal Audit function in accordance with the Global Internal Audit Standards (GIAS) and the Local Government Application Note.
The GIAS require that the Charter must be reviewed periodically and presented to “the board” for approval. In addition, senior management have a key role in providing input to the board and the Chief Internal Auditor. For the purposes of this charter “senior management” will be the Corporate Leadership Team (CLT) and the board will be the Audit, Standards and General Purposes Committee.
The Charter shall be reviewed annually and approved by CLT and the Audit, Standards and General Purposes Committee. The Chief Internal Auditor is responsible for applying this Charter and keeping it up to date.
The mission of Internal Audit is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.
The purpose statement included in the GIAS states “Internal auditing strengthens the organisation’s ability to create, protect, and sustain value by providing the board and management with independent, risk-based, and objective assurance, advice, insight, and foresight.
Internal auditing enhances the organisation’s:
· Successful achievement of its objectives.
· Governance, risk management, and control processes.
· Decision-making and oversight.
· Reputation and credibility with its stakeholders.
· Ability to serve the public interest.
Internal auditing is most effective when:
· It is performed by competent professionals in conformance with the Global Internal Audit Standards, which are set in the public interest.
· The internal audit function is independently positioned with direct accountability to the board.
· Internal auditors are free from undue influence and committed to making objective assessments.”
Internal Audit supports the whole Council to deliver economic, efficient and effective services and achieve the Council’s vision, priorities and values.
Internal audit is a statutory service in the context of the Accounts and Audit Regulations 2015, which require every local authority to maintain an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes taking into account GIAS or guidance.
These regulations require any officer or Member of the Council to:
· make available such documents and records; and
· supply such information and explanations; as are considered necessary by those conducting the audit.
This statutory role is recognised and endorsed within the Council’s Financial Regulations.
In addition, the Council's S151 Officer has a statutory duty under Section 151 of the Local Government Act 1972 to establish a clear framework for the proper administration of the authority's financial affairs. To perform that duty the Section 151 Officer relies, amongst other things, upon the work of Internal Audit in reviewing the operation of systems of internal control and financial management.
Annually, the Chief Internal Auditor is required to provide to the Audit Committee an overall opinion on the Council’s internal control environment, risk management arrangements and governance framework to support the Annual Governance Statement.
Internal Audit is not responsible for control systems. Responsibility for effective internal control and risk management rests with the management of the Council.
Internal audit activity must be free from interference in determining the scope of activity, performing work and communicating results.
The scope of Internal Audit includes the entire control environment and therefore all of the Council’s operations, resources, services and responsibilities in relation to other bodies. In order to identify audit coverage, activities are prioritised based on risk, using a combination of Internal Audit and management risk assessment (as set out within Council risk registers). Extensive consultation also takes place with key stakeholders and horizon scanning is undertaken to ensure audit activity is proactive and future focussed.
Internal audit activity will include an evaluation of the effectiveness of the organisation’s risk management arrangements and risk exposures relating to:
· Achievement of the organisation’s strategic objectives;
· Reliability and integrity of financial and operational information;
· Efficiency and effectiveness of operations and activities;
· Safeguarding of assets; and
· Compliance with laws, regulations, policies, procedures and contracts.
Internal Audit will remain sufficiently independent of the activities that it audits to enable auditors to perform their duties in a way that allows them to make impartial and effective professional judgements and recommendations. Internal auditors should not have any operational responsibilities.
Internal auditors will not review specific areas of the Council’s operation in which they have previously worked, until a period of at least 12 months has elapsed.
Internal Audit is involved in the determination of its priorities in consultation with those charged with governance. The Chief Internal Auditor has direct access to, and freedom to report in their own name and without fear of favour to, all officers and Members and particularly those charged with governance. This independence is further safeguarded by ensuring that the Chief Internal Auditor’s formal appraisal/performance review is not inappropriately influenced by those subject to audit. This is achieved by ensuring that both the Chief Executive and the Chairman of the Audit Committee have the opportunity to contribute to this performance review.
All Internal Audit staff are required to make an annual declaration of interest to ensure that objectivity is not impaired and that any potential conflicts of interest are appropriately managed.
The role of Chief Internal Auditor is a shared appointment across the 3 Orbis partner authorities (East Sussex County Council, Surrey County Council and Brighton & Hove City Council). In order to ensure organisational independence is achieved, all decisions regarding the appointment and removal of the Chief Internal Auditor will be made following appropriate consultation with Member representatives from each of the authorities’ audit committees.
Regardless of line management arrangements, the Chief Internal Auditor has free and unfettered access to report to the S151 Officer; the Monitoring Officer; the Chief Executive; the Audit Committee Chair; the Leader of the Council and the Council’s External Auditor. This includes periodic administrative reporting arrangements to an individual in the organisation who can support the internal audit function’s pursuit of the internal audit mandate.
There is a functional reporting relationship between the Chief Internal Auditor and the Audit Committee, who will receive reports on a periodic basis – as agreed with the Chair of the Audit Committee – on the results of audit activity and details of Internal Audit performance, including progress on delivering the audit plan.
These reporting arrangements feed into and support the maintenance of the independence of the function.
Managing the risk of fraud and corruption is the responsibility of management. Internal Audit will, however, be alert in all its work to risks and exposures that could allow fraud or corruption and will investigate allegations of fraud and corruption in line with the Council’s Anti Fraud and Corruption Strategy.
The Chief Internal Auditor should be informed of all suspected or detected fraud, corruption or irregularity in order to consider the adequacy of the relevant controls and evaluate the implication for their opinion on the control environment.
Internal Audit will promote an anti-fraud and corruption culture within the Council to aid the prevention and detection of fraud.
Internal Audit may also provide consultancy services, generally advisory in nature, at the request of the organisation. In such circumstances, appropriate arrangements will be put in place to safeguard the independence of Internal Audit and, where this work is not already included within the approved audit plan and may affect the level of assurance work undertaken; this will be reported to the Audit Committee.
In order to help services to develop greater understanding of audit work and have a point of contact in relation to any support they may need, Internal Audit has put in place a set of service liaison arrangements that provide a specific named contact for each service; and, regular liaison meetings. The arrangements also enable Internal Audit to keep in touch with key developments within services that may impact on its work.
The work of Internal Audit is driven by the annual Internal Audit Plan, which is approved each year by the Audit Committee. The Chief Internal Auditor is responsible for ensuring that Internal Audit resources are sufficient to meet its responsibilities and achieve its objectives.
Internal Audit must be appropriately staffed in terms of numbers, grades, qualifications and experience, having regard to its objectives and to professional standards. Internal Auditors need to be properly trained to fulfil their responsibilities and should maintain their professional competence through an appropriate ongoing development programme.
The Chief Internal Auditor is responsible for appointing Internal Audit staff and will ensure that appointments are made in order to achieve the appropriate mix of qualifications, experience and audit skills. The Chief Internal Auditor may engage the use of external resources where it is considered appropriate, including the use of specialist providers.
The work of Internal Audit will be performed with due professional care and in accordance with the GIAS, the Local Government Application Note, the Accounts and Audit Regulations (2015) and with any other relevant statutory obligations and regulations.
In carrying out their work, internal auditors must exercise due professional care by considering:
· The extent of work needed to achieve the required objectives;
· The relative complexity, materiality or significance of matters to which assurance procedures should be applied;
· The adequacy and effectiveness of governance, risk management and control processes;
· The probability of significant errors, fraud or non-compliance; and
· The cost of assurance in proportion to the potential benefits.
Internal auditors will also have due regard to the Seven Principles of Public Life – Selflessness; Integrity, Objectivity; Accountability; Openness; Honesty; and Leadership, as well as the GIAS’ Ethics and Professionalism domain and the principles underpinning this of: integrity, objectivity, competency, due professional care and confidentiality.
The Chief Internal Auditor will control the work of Internal Audit at each level of operation to ensure that a continuously effective level of performance – compliant with the GIAS and Local Government Application Note, is maintained.
A Quality Assurance Improvement Programme (QAIP) is in place which is designed to provide reasonable assurance to its key stakeholders that Internal Audit:
· Performs its work in accordance with its charter;
· Operates in an effective and efficient manner; and,
· Is adding value and continually improving the service that it provides.
The QAIP requires an annual review of the effectiveness of the system of Internal Audit to be conducted. Instances of non-conformance with the GIAS, including the impact of any such nonconformance, must be disclosed to the Audit Committee. Any significant deviations must be considered for inclusion in the Council’s Annual Governance Statement.