Our mission
Our mission is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight to our clients.
We will achieve the mission statement through our overall delivery arrangements. This charter sets out how this is done.
Purpose
We provide:
- an independent, objective assurance and consulting activity. It is designed to:
- add value and improve the council’s operations
- help the council to meet its objectives
- brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes
- the audit committee with information necessary for it to fulfil its own responsibilities and duties.
- support to management to fulfil its own risk, control and compliance responsibilities
Authority
The council is required by law to have an internal audit of its governance, risk and control processes. Under the Accounts and Audit Regulations 2015 the audit must take into account:
- the public sector internal audit standards (the standards)
- any mandatory guidance
The standards:
- set the basic principles for carrying out internal audit in the public sector
- provide criteria against which quality and performance can be evaluated
An application note for the standards is available on the Chartered Institute of Public Finance (CIPFA) website. This note sets out the proper practice for internal audit in local government.
We derive our authority from:
- the standards
- this charter
- the council’s constitution, specifically the financial procedure rules
The head of internal audit (HIA) is the chief audit executive. The HIA and internal audit staff are authorised to:
- have unrestricted access to all the council’s:
- records
- property
- personnel
- management
- elected members
- partnership services
- services under contract with external organisations
- receive information and explanations as a result of audit work
- obtain the assistance of council staff in relevant engagements. This includes other specialised services from within or outside the council.
We have no authority or management responsibility for any of our engagement subjects.
We (and our auditors) will not make any management decisions or engage in any activity which could reasonably be construed to compromise our independence.
Auditors are free from operational system involvement or influence.
Responsibility
The head of internal audit (HIA) is responsible for all aspects of internal audit activity, including:
- strategy
- planning
- performance
- quality
- reporting
Strategy
- Develop and maintain an internal audit strategy
- Review the internal audit strategy at least annually with management and audit committee
Planning
- Develop and maintain a risk based internal audit plan
- Engage with management and consider the council’s:
- strategic and operational objectives
- related risks in the development of the internal audit plan
- Review the internal audit plan periodically with management. The review will reflect changes in the risk environment. These changes must be approved when significant
- Present the internal audit plan, including updates, to the audit committee for periodic review and approval
- Agree an internal audit budget sufficient to fulfil the requirements of:
- this charter
- the internal audit strategy
- the internal audit plan
- The internal audit budget is reported annually to the cabinet and full council. This is for approval as part of the council's overall budget. The head of internal audit will draw any resourcing issues that potentially impact on the effectiveness of the internal audit function to the attention of:
- the chief executive
- section 151 officer
- the audit committee
- Coordinate with and (where relevant) provide oversight of other control, monitoring and assurance functions, including risk management and external audit.
- Consider the scope of work of the external auditors (and other assurance providers) for the purpose of providing optimal audit coverage to the organisation.
- Significant proposed changes to the internal control system
- Implementation of new systems
Advice can then be provided on the standards of controls to be applied. This need not prejudice the audit objectivity when reviewing systems at a later date.
- management – accountable for delivery
- corporate and third-party – external inspections and internal assurance functions
- internal audit – independent assurance
- Speaking to senior and operational managers who have the day-to-day responsibility for managing and controlling their service activities
- Working with corporate functions and using other third-party inspections to provide information on:
- performance
- successful delivery
- organisational learning
- Using the outcome of internal audit work to provide independent insight and assurance opinions
- Considering other information and business intelligence that feed into and has potential to impact on assurance
Performance
- Implement and deliver the risk based internal audit plan
- Maintain professional resources with sufficient knowledge, skills and experience to meet the requirements of:
- this charter
- the internal audit strategy
- the internal audit plan
- Allocate and manage resources to accomplish internal audit engagement objectives
- Establish and maintain appropriate internal auditing procedures incorporating best practice approaches and techniques
- Monitor delivery of the internal audit plan using appropriate performance indicators
- Hold regular senior management and statutory officer liaison meetings
Quality
- Establish a quality assurance framework to:
- provide a system for monitoring and evaluating our effectiveness and conformance with the standards
- ensure continuous improvement within the internal audit service
- ensure compliance with professional standards, code of ethics and council codes of conduct
- meet client expectations and demonstrate our importance to the business
- facilitate the head of internal audit’s statement on conformance with the international standards for the professional practice of internal auditing
- Undertake an annual assessment of the service and its compliance with the standards. Every five years the assessment is undertaken externally by a suitably qualified, independent assessor
- Obtain regular feedback on the quality and impact of our work (added value)
- demonstrates integrity
- demonstrates competence and due professional care
- is objective and free from undue influence (independent)
- aligns with the strategies, objectives and risks of the organisation
- is appropriately positioned and adequately resourced
- demonstrates quality and continuous improvement
- communicates effectively
- provides risk-based assurance
- is insightful, proactive and future focused
- promotes organisational improvement
Reporting
- Issue a report to management at the conclusion of each engagement. The reports will:
- confirm the results of the engagement
- state the timetable for the completion of agreed management actions
- Provide periodic reports to management and the audit committee. The reports will summarise:
- internal audit activities
- the results of internal audit engagements
- Provide periodic reports to management and the audit committee on the status of agreed management actions taken in response to internal audit engagements
- Report annually to the audit committee and management on internal audit performance against goals and objectives. The report includes an annual assurance opinion on governance, risk and control. This will also help inform the council's annual governance statement.
- Report as needed to the audit committee on management, resource, or budgetary impediments to the fulfilment of:
- this charter
- the internal audit strategy
- the internal audit plan
- Inform the audit committee of emerging trends and practices in internal auditing
- Provide results of the annual review on the effectiveness of internal audit. This will include:
- the outcomes of its quality assurance and improvement programme to both management and the audit committee
- a statement on the organisational independence of internal audit and conformance with the code of ethics. Any significant non-conformance must be included in the annual governance statement.
- The HIA will meet informally in private with members of the audit committee or the committee as a whole as required
- Report as necessary any significant risk exposures and control issues, including:
- fraud risks
- governance issues
- matters for or requested by the audit committee
- any response to risk by management that may be unacceptable to the council
Scope
- provided in partnership
- under contract with external organisations
- an entity
- operation
- function
- process
- system
- other subject matter
- implementation of the council's counter fraud policy and strategy
- investigation of fraud and irregularities in line with policy, strategy, and the constitution
- risk management
- control systems
- accounting records
- financial processes
- governance (the control environment)
Independence
- audit committee (the board)
- senior management team
- chief executive
- chief finance officer
- monitoring officer
- head of paid service
- has free and full access to the chair of the audit committee
- is employed by Lincolnshire County Council
- the section 151 officer
- the chair of the audit committee
- or both dependent upon the nature of the impairment
- perform any operational duties for the organisation
- initiate or approve accounting transactions external to the internal audit service
- direct the activities of any council employee not employed by the internal auditing service (unless they have been assigned to the service or to assist the internal auditor)
Governance
Audit committee
- the audit
- assurance
- reporting arrangements
- risk management framework
- internal control environment
- integrity of the financial reporting and annual governance processes
- approve the internal audit charter
- approve the risk-based internal audit plan
- receive reports from the head of internal audit on internal audit activity’s performance relative to its plan and other matters
Standards of internal audit practice
- Public sector internal audit standards (the standards)
- CIPFA local government application note
- CIPFA publication on the “role of the head of internal audit”
External work and charter validity
External work
- it does not impinge on the audit work carried out for the council
- there is no conflict of interest or impairment of independence arising from this work
Approval and validity of this charter
- internal audit arrangements
- public sector internal audit standards
- senior management
- the audit
- committee as the board of the organisation and council