Internal audit charter

Our mission

Our mission is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight to our clients.

We will achieve the mission statement through our overall delivery arrangements.  This charter sets out how this is done.

Purpose

We provide:

  • an independent, objective assurance and consulting activity.  It is designed to:
    • add value and improve the council’s operations
    • help the council to meet its objectives
    • brings a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes
  • the audit committee with information necessary for it to fulfil its own responsibilities and duties.
  • support to management to fulfil its own risk, control and compliance responsibilities

Authority

The council is required by law to have an internal audit of its governance, risk and control processes.  Under the Accounts and Audit Regulations 2015 the audit must take into account:

The standards:

  • set the basic principles for carrying out internal audit in the public sector
  • provide criteria against which quality and performance can be evaluated

An application note for the standards is available on the Chartered Institute of Public Finance (CIPFA) website.  This note sets out the proper practice for internal audit in local government.

We derive our authority from:

  • the standards
  • this charter
  • the council’s constitution, specifically the financial procedure rules

The head of internal audit (HIA) is the chief audit executive.  The HIA and internal audit staff are authorised to:

  • have unrestricted access to all the council’s:
    • records
    • property
    • personnel
    • management
    • elected members
    • partnership services
    • services under contract with external organisations
  • receive information and explanations as a result of audit work
  • obtain the assistance of council staff in relevant engagements.  This includes other specialised services from within or outside the council.

We have no authority or management responsibility for any of our engagement subjects.

We (and our auditors) will not make any management decisions or engage in any activity which could reasonably be construed to compromise our independence.

Auditors are free from operational system involvement or influence.

Responsibility

The head of internal audit (HIA) is responsible for all aspects of internal audit activity, including:

  • strategy
  • planning
  • performance
  • quality
  • reporting
The HIA will:
 

Strategy

  • Develop and maintain an internal audit strategy
  • Review the internal audit strategy at least annually with management and audit committee

Planning

  • Develop and maintain a risk based internal audit plan
  • Engage with management and consider the council’s:
    • strategic and operational objectives 
    • related risks in the development of the internal audit plan
  • Review the internal audit plan periodically with management.  The review will reflect changes in the risk environment.  These changes must be approved when significant
  • Present the internal audit plan, including updates, to the audit committee for periodic review and approval
  • Agree an internal audit budget sufficient to fulfil the requirements of:
    • this charter
    • the internal audit strategy
    • the internal audit plan
  • The internal audit budget is reported annually to the cabinet and full council.  This is for approval as part of the council's overall budget. The head of internal audit will draw any resourcing issues that potentially impact on the effectiveness of the internal audit function to the attention of:
    • the chief executive
    • section 151 officer
    • the audit committee 
  • Coordinate with and (where relevant) provide oversight of other control, monitoring and assurance functions, including risk management and external audit.
  • Consider the scope of work of the external auditors (and other assurance providers) for the purpose of providing optimal audit coverage to the organisation.
The HIA should be consulted about:
  • Significant proposed changes to the internal control system 
  • Implementation of new systems

Advice can then be provided on the standards of controls to be applied. This need not prejudice the audit objectivity when reviewing systems at a later date.

In developing the internal audit plan, we also take account of the council’s assurance framework.  We use the three lines of assurance which is obtained through our combined assurance work. These are:
  • management – accountable for delivery
  • corporate and third-party – external inspections and internal assurance functions
  • internal audit – independent assurance
We achieve these through:
  • Speaking to senior and operational managers who have the day-to-day responsibility for managing and controlling their service activities
  • Working with corporate functions and using other third-party inspections to provide information on:
    • performance
    • successful delivery
    • organisational learning
  • Using the outcome of internal audit work to provide independent insight and assurance opinions
  • Considering other information and business intelligence that feed into and has potential to impact on assurance

Performance

  • Implement and deliver the risk based internal audit plan
  • Maintain professional resources with sufficient knowledge, skills and experience to meet the requirements of:
    • this charter
    • the internal audit strategy
    • the internal audit plan
  • Allocate and manage resources to accomplish internal audit engagement objectives
  • Establish and maintain appropriate internal auditing procedures incorporating best practice approaches and techniques
  • Monitor delivery of the internal audit plan using appropriate performance indicators
  • Hold regular senior management and statutory officer liaison meetings

Quality

  • Establish a quality assurance framework to:
    • provide a system for monitoring and evaluating our effectiveness and conformance with the standards
    • ensure continuous improvement within the internal audit service
    • ensure compliance with professional standards, code of ethics and council codes of conduct
    • meet client expectations and demonstrate our importance to the business
    • facilitate the head of internal audit’s statement on conformance with the international standards for the professional practice of internal auditing
  • Undertake an annual assessment of the service and its compliance with the standards.  Every five years the assessment is undertaken externally by a suitably qualified, independent assessor
  • Obtain regular feedback on the quality and impact of our work (added value)
The standards are principles focused.  They consist of the basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of performance. 
 
The ten core principles set out what we must do to be considered effective.  All these principles must be present and operating effectively to achieve our mission:
  1. demonstrates integrity
  2. demonstrates competence and due professional care
  3. is objective and free from undue influence (independent)
  4. aligns with the strategies, objectives and risks of the organisation
  5. is appropriately positioned and adequately resourced
  6. demonstrates quality and continuous improvement
  7. communicates effectively
  8. provides risk-based assurance
  9. is insightful, proactive and future focused
  10. promotes organisational improvement

Reporting

  • Issue a report to management at the conclusion of each engagement.  The reports will:
    • confirm the results of the engagement 
    • state the timetable for the completion of agreed management actions
  • Provide periodic reports to management and the audit committee.  The reports will summarise:
    • internal audit activities
    • the results of internal audit engagements
  • Provide periodic reports to management and the audit committee on the status of agreed management actions taken in response to internal audit engagements
  • Report annually to the audit committee and management on internal audit performance against goals and objectives.  The report includes an annual assurance opinion on governance, risk and control. This will also help inform the council's annual governance statement.
  • Report as needed to the audit committee on management, resource, or budgetary impediments to the fulfilment of:
    • this charter
    • the internal audit strategy
    • the internal audit plan
  • Inform the audit committee of emerging trends and practices in internal auditing
  • Provide results of the annual review on the effectiveness of internal audit.  This will include:
    • the outcomes of its quality assurance and improvement programme to both management and the audit committee
    • a statement on the organisational independence of internal audit and conformance with the code of ethics. Any significant non-conformance must be included in the annual governance statement.
  • The HIA will meet informally in private with members of the audit committee or the committee as a whole as required
  • Report as necessary any significant risk exposures and control issues, including:
    • fraud risks
    • governance issues
    • matters for or requested by the audit committee 
    • any response to risk by management that may be unacceptable to the council

Scope

The scope of internal audit activities includes all council activities including services which are:
  • provided in partnership
  • under contract with external organisations
There are no restrictions.
 
Activities which have specific internal audit engagements are identified in the internal audit plan.
 
Assurance engagements involve the objective assessment of evidence.  This provides an independent opinion or conclusions regarding:
  • an entity
  • operation
  • function
  • process
  • system 
  • other subject matter
The nature and scope of the assurance engagement are determined by internal audit.
 
Consulting engagements are advisory in nature.  They are generally performed at the specific request of management.
 
The nature and scope of consulting engagements are subject to agreement with management.  They should assist management in meeting the objectives of the organisation without undermining the key principles of independence and objectivity. Internal audit should not assume management responsibility.
 
The HIA will assist with the:
  • implementation of the council's counter fraud policy and strategy 
  • investigation of fraud and irregularities in line with policy, strategy, and the constitution
The HIA must be notified of all suspected or detected fraud, corruption or impropriety.
 
Consultancy engagements should only be performed where resources and skills exist.  They should focus on governance, risk and control – supporting the head of internal audit's annual opinion. They should not replace assurance engagements.
 
The HIA cannot give total assurance that control weaknesses or irregularities do not exist. Managers are fully responsible for the quality of internal control within their area of accountability. 
 
Managers should ensure that appropriate and adequate arrangements exist for:
  • risk management
  • control systems
  • accounting records
  • financial processes
  • governance (the control environment)
Managers should not depend on internal audit activity to identify weaknesses or control failures.

Independence

To provide for internal audit’s independence, the HIA reports directly to the:
  • audit committee (the board)
  • senior management team 
  • chief executive
We support the discharge of statutory responsibilities and those responsibilities set out in the constitution for the:
  • chief finance officer
  • monitoring officer
  • head of paid service
The HIA:
  • has free and full access to the chair of the audit committee
  • is employed by Lincolnshire County Council
The appointment or removal of the HIA will be in accordance with established procedures.
 
We have an impartial, unbiased attitude and will avoid conflicts of interest.
 
If our independence or objectivity is impaired, details of the impairment should be disclosed to either:
  • the section 151 officer
  • the chair of the audit committee
  • or both dependent upon the nature of the impairment
We are not authorised to:
  • perform any operational duties for the organisation
  • initiate or approve accounting transactions external to the internal audit service
  • direct the activities of any council employee not employed by the internal auditing service (unless they have been assigned to the service or to assist the internal auditor)
Constructive working relationships make it more likely that our work will be accepted and acted upon. 
 
The internal auditor does not allow our objectivity or impartiality to be impaired.

Governance

Audit committee

The audit committee is a key component of the council's governance framework.  They underpin good governance and financial standards by providing an independent and high-level focus on:
  • the audit
  • assurance 
  • reporting arrangements 
The committee provides independent assurance to the council members of the adequacy of the:
  • risk management framework
  • internal control environment 
  • integrity of the financial reporting and annual governance processes
It oversees internal audit and external audit.  This helps to ensure efficient and effective assurance arrangements are in place.
 
For the purposes of the UK Public Sector Internal Audit Standards the audit committee performs the role of the 'board'. 
 
The audit committee complies with CIPFA best practice standards through their terms of reference and work programme.
 
The audit committee will:
  • approve the internal audit charter
  • approve the risk-based internal audit plan
  • receive reports from the head of internal audit on internal audit activity’s performance relative to its plan and other matters

Standards of internal audit practice

We work in accordance with the international professional practices’ framework of the chartered institute of internal auditors.  
 
We are further guided by interpretation provided by the:
  • Public sector internal audit standards (the standards)
  • CIPFA local government application note  
  • CIPFA publication on the “role of the head of internal audit”
This charter is a fundamental requirement of the framework.

External work and charter validity

External work

Assurance Lincolnshire provides internal audit services to a number of public sector external clients.
 
The nature and extent of work for external clients is kept under review to ensure:
  • it does not impinge on the audit work carried out for the council
  • there is no conflict of interest or impairment of independence arising from this work

Approval and validity of this charter

This charter shall be reviewed and resubmitted periodically.  It will be also reviewed should there be any changes to:
  • internal audit arrangements
  • public sector internal audit standards 
Approval will be sought from:
  • senior management
  • the audit
  • committee as the board of the organisation and council