Scope
The scope of internal audit activities includes all council activities including services which are:
- provided in partnership
- under contract with external organisations
There are no restrictions.
Activities which have specific internal audit engagements are identified in the internal audit plan.
Assurance engagements involve the objective assessment of evidence. This provides an independent opinion or conclusions regarding:
- an entity
- operation
- function
- process
- system
- other subject matter
The nature and scope of the assurance engagement are determined by internal audit.
Consulting engagements are advisory in nature. They are generally performed at the specific request of management.
The nature and scope of consulting engagements are subject to agreement with management. They should assist management in meeting the objectives of the organisation without undermining the key principles of independence and objectivity. Internal audit should not assume management responsibility.
The HIA will assist with the:
- implementation of the council's counter fraud policy and strategy
- investigation of fraud and irregularities in line with policy, strategy, and the constitution
The HIA must be notified of all suspected or detected fraud, corruption or impropriety.
Consultancy engagements should only be performed where resources and skills exist. They should focus on governance, risk and control – supporting the head of internal audit's annual opinion. They should not replace assurance engagements.
The HIA cannot give total assurance that control weaknesses or irregularities do not exist. Managers are fully responsible for the quality of internal control within their area of accountability.
Managers should ensure that appropriate and adequate arrangements exist for:
- risk management
- control systems
- accounting records
- financial processes
- governance (the control environment)
Managers should not depend on internal audit activity to identify weaknesses or control failures.