1. SUMMARY/PURPOSE

1.1 This report is to seek agreement from the Audit Panel as to the role, scope, reporting protocol and responsibility of the Internal Audit function.

2. BACKGROUND

2.1 Amongst a number of good practice initiatives, the auditing profession has considered that internal audit functions within organisations should have their independence, scope and reporting lines formally set out in an audit ‘charter’ and that this should be accepted and approved by the organisation’s leadership. The function already had such a charter approved by the former Audit Committee, but it would seem timely now to review it and to seek the approval of the new Audit Panel. The proposed charter is set out as an Appendix to this report.

2.2 In summary, the charter establishes the:

Independence of the audit function so that it can comment objectively about the services it reviews.

Role of audit – to examine and evaluate the adequacy and effectiveness of internal control.

Scope to have unrestricted access to records, property, information and staff.

Reporting protocol – making Internal Audit accountable to senior management including both executive and non-executive leadership.

3. RECOMMENDATIONS

3.1 The Audit Panel is asked to endorse the proposed charter for Internal Audit or make appropriate changes where necessary.

Contact Point : Bob Streets, F 3622

R J Streets

Compliance and Risk Manager

G B Richardson

Chief Internal Auditor

APPENDIX

ISLE OF WIGHT COUNCIL CHARTER FOR INTERNAL AUDIT

FUNCTION

1. Internal Audit is an independent review function set up within the Authority as a service to the Council as a corporate body and all levels of management. The Head of Internal Audit is responsible for effective review of all aspects of risk management and control throughout the Authority’s activities. The Internal Audit function is not a substitute for management’s responsibility to ensure effective control over the Authority’s operations.

INDEPENDENCE

2. Internal Audit is independent of the activities that it audits to ensure the unbiased judgements essential to its proper conduct and impartial advice to management.

ROLE AND SCOPE

3. The role of Internal Audit is to understand the key risks of the Authority and to examine and evaluate the adequacy and effectiveness of the system of risk management and internal control as operated by the Authority. Internal Audit therefore, has unrestricted access to all activities undertaken in the Authority, in order to review, appraise and report on:

(a) The adequacy and effectiveness of the systems of financial, operational and management control and their operation in practice in relation to the business risks to be addressed;

(b) The extent of compliance with, relevance of, and financial effect of, policies, standards, plans and procedures established by the Council and the extent of compliance with external laws and regulations, including statutory reporting requirements;

(c) The extent to which the assets and interests are acquired economically, used efficiently, accounted for and safeguarded from losses of all kinds arising from waste, extravagance, inefficient administration, poor value for money, fraud or other cause and that adequate business continuity plans exist;

(d) The suitability, accuracy, reliability and integrity of financial and other management information and the means used to identify measure, classify and report such information;

(e) The integrity of processes and systems, including those under development, to ensure that controls offer adequate protection against error, fraud and loss of all kinds; and that the process aligns with the Authority’s strategic goals;

(f) The suitability of the organisation of the units audited for carrying out their functions, and to ensure that services are provided in a way which is economical, efficient and effective;

(g) The follow-up action taken to remedy weaknesses identified by Internal Audit review, ensuring that good practice is identified and communicated widely;

(h) The operation of the Authority’s corporate governance arrangements.

This monitoring of Internal Audit’s processes should be carried out on a regular basis by Internal Audit management and business management may rely on the professional expertise of the Head of Internal Audit to provide assurance. From time to time independent reviews should be carried out: for example, peer reviews by another Internal Audit function or review by External Audit. Testing compliance with the standards laid down in the audit manual is an essential approach to such a review.

REPORTING

4. Internal Audit reports regularly on the results of its work to the Audit Panel, which reports to the Resources Select Committee. The Head of Internal Audit is accountable to the Audit Panel for:

(a) Providing regular assessments of the adequacy and effectiveness of the Authority’s systems of risk management and internal control based on the work of Internal Audit.

(b) Reporting significant control issues and potential for improving risk management and control processes;

(c) Providing periodically information on the status and results of the annual audit plan and the sufficiency of Internal Audit resources;

(d) Seeking approval to the six year strategic audit plan and revisions thereto.

RESPONSIBILITY

5. The Head of Internal Audit is responsible for:

(a) Developing a strategic audit plan based on an understanding of the significant risks to which the Authority is exposed;

(b) Developing an annual audit plan based on the strategic plan and an understanding of the significant risks to which the Authority is exposed;

(d) Implementing the agreed annual audit plan.

(e) Maintaining a professional audit staff with sufficient knowledge, skills and experience to carry out the plan;

(f) Conducting audit work in compliance with auditing standards produced by the Institute of Internal Auditors (UK);

(g) Developing audit staff for redeployment elsewhere in the Authority.

Note

Some Internal Audit functions, because they have appropriate skills, also carry out value for money reviews (see 3(f) above), which go further than a normal audit. They question the continued provision of the particular services in its present form with its present objectives, and recommend other ways in which the service might be provided eg by organisational change or outsourcing. On occasion, audit staff may offer consultancy advice that goes beyond the normal remit of Internal Auditing but staff are clear that when this happens they are not operating as Internal Auditors.