INTERNAL AUDIT TERMS OF REFERENCE 2010

Introduction

The Internal Audit terms of reference describe the purpose, authority, responsibilities and scope of the Authority’s Internal Audit Section.

All Internal Audit activities are carried out in accordance with the Council’s Financial Regulations and Procedures. The Internal Audit terms of reference are consistent with, and built upon, the Audit Requirements contained in the Financial Regulations – specifically, Part C – Audit & Risk Management, references to which appear in Italics in this document.

Statutory Requirement

The Accounts and Audit Regulations 2003 regulation 6, require that

“a relevant body shall maintain an adequate and effective system of Internal Audit of its accounting records and of its system of internal control in accordance with the proper Internal Audit practices”.

Definition of Internal Audit

The CIPFA Code of Practice for Internal Audit in Local Government (2006) defines Internal Audit as:

“an assurance function that provides an independent and objective opinion to the council on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the council’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources”.

Internal Audit Standards

There is a statutory requirement for Internal Audit to work in accordance with the ‘proper audit practices’. These are in effect ‘the Standards’ for local authority internal audit. The guidance accompanying the Accounts and Audit Regulations 2003 states that proper internal control practices for internal audit are contained within the CIPFA Code of Practice for Internal Audit in Local Government. This Code has been adopted by the Borough of Poole Internal Audit section (Audit & Inspection - paragraph 3).

The Internal Audit section also complies with:

  • Professional standards (e.g. Code of Ethics) and standards issued by other relevant professional bodies e.g. the Institute of Internal Auditors, and the Audit Commission
  • The Council’s Constitution, polices, procedures and regulations
  • Relevant legislation, statutes and regulations

Organisational Independence

Internal Audit must be, and be seen to be, independent of the activities that it audits, to enable auditors to perform their duties in a manner that facilitates impartial and effective professional judgements and recommendations. To ensure this, Internal Audit will operate within a framework that allows:

  • Independence in its planning and operation (Audit & Inspection - paragraph 5)
  • Direct access to the Head of Paid Service, all levels of management and directly to elected members (Audit & Inspection - paragraph 6)
  • The Chief Auditor to report in his/her own name without fear or favour
  • Segregation from line operations

As far as is practicable, Internal Audit does not have any operational responsibilities. Internal Audit staff shall neither ‘own’ any systems under audit nor be given any responsibility for any aspect of work subject to audit. Where necessary, the Chief Auditor will put in place adequate segregation within the Internal Audit section to ensure independence.

Position of Internal Audit within the Authority

The Internal Audit function is carried out by the Internal Audit Section of the Financial Services Unit. The Chief Internal Auditor reports directly to the Head of Financial Services (Section 151 Officer).

Overview of Internal Audit is one of the roles of the Audit Committee. To facilitate this overview, the Head of Internal Audit reports to the Audit Committee on a regular basis.

Internal Audit Objectives and Responsibilities

Internal Audit’s aim is to work in partnership with management to improve the Authority’s control environment and assist the Council in achieving its objectives. Internal Audit’s remit extends across the whole of the Council’s overall Control Environment. Its scope therefore includes (but is not limited to) internal control systems, risk management, corporate governance, anti-fraud and corruption, special reviews and the Council’s efficiency review programme.

Internal Control

The objective of Internal Audit is to examine, evaluate and report on the adequacy of internal control as a contribution to the proper, economic and effective use of resources (Audit & Inspection - paragraph 2) with particular reference to:

  • The effectiveness of operations
  • The economic and efficient use of resources
  • Compliance with applicable policies, procedures, laws and regulations
  • The safeguarding of assets and interests from losses of all kinds, including those arising from fraud, irregularity and corruption
  • The integrity and reliability of information, accounts and data.

Accordingly, in the conduct of planned audits Internal Audit may:

  • Review the reliability and integrity of information and the means used to identify, measure, classify and report such information
  • Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
  • Appraise the economy, efficiency and effectiveness with which resources are employed, identify opportunities to improve performance and recommend solutions to problems
  • Review the established systems to ensure compliance with those policies, procedures, laws and regulations which could have a significant impact on operations, and determine whether the authority is in compliance with these
  • Review operations and activities to ascertain whether results are consistent with objectives and whether they are being carried out as planned

Risk Management

Internal audits will be carried out on the risk management process, systems and controls introduced by Service Units and/or arising from major projects to manage key risks identified.

Corporate Governance

The Internal Audit function will also review the Authority’s Corporate Governance arrangements, including Codes of Conduct. Internal Audit also has responsibility for preparation of the Authority’s Annual Governance Statement.

Anti-Fraud and Corruption

Managing the risk of fraud and corruption is the responsibility of management. Audit procedures alone, even when performed with due professional care, cannot guarantee that fraud or corruption will be detected. Internal Audit does not have responsibility for the prevention or detection of fraud and corruption. Internal Auditors will, however, be alert in all their work to risks and exposures that could allow fraud or corruption. Internal Audit may also be requested by management to assist with their fraud related work.

The Chief Auditor has made arrangements, supported through the Council’s Financial Regulations (Preventing Fraud & Corruption - paragraph 10), to be informed of all suspected or detected fraud, corruption or irregularities so that he can conduct an investigation, consider the adequacy of the relevant controls, and evaluate the implication of fraud and corruption for his opinion on the internal control environment.

Internal Audit will also be proactive in countering fraud and corruption. An annual ‘Fraud Risk Assessment’ has been completed by the Chief Auditor, which is used to plan Internal Audit anti-fraud and corruption work in the year.

Special reviews

Internal Audit may also, subject to resources and skills, carry out special reviews and projects at the request of the Head of Financial Services, Members, the Audit Committee, Management Team, Heads of Service Units and Project Managers of major projects. These reviews may contribute to the opinion that Internal Audit provides on the control environment.

Efficiency Programme

Internal Audit are responsible for developing a medium term efficiency programme to help deliver cash releasing efficiencies in future years.

Achievement of Objectives

To meet Internal Audit objectives the Chief Auditor will:

  • Prepare an Internal Audit Strategy and Annual Internal Audit Plan in consultation with those charged with governance. The plan will assess the resources required to carry out the work to fulfil the Council’s obligations under the Accounts & Audit Regulations 2003. This plan will be regarded as flexible, to allow for changing needs and priorities
  • Agree the scope of individual audits with the relevant Head of Service Units (or appropriate Manager/Project Manager).
  • Ensure a system of close supervision of audit work and maintain a review of audit files through the supervisory structure
  • Formally report the results of audits and the recommendations made to Heads of Service Units (or appropriate Manager/Project Manager). Where agreement on Internal Audit findings and recommendations cannot be reached, the Chief Auditor will escalate, if necessary to the Audit Committee.
  • Agree an Action Plan for implementation of Internal Audit recommendations with the Service Unit/Project Manager. The Service Unit/Project Manager will be responsible for the timely return of the Action Plan. Instances of persistent non-replies to Audit Reports will be reported to the Audit Committee.
  • Accountability for the response to advice and recommendations of Internal Audit lies with management. Internal Audit will, however, follow up on and report to the Audit Committee as necessary where agreed recommendations remain unimplemented.
  • The Chief Auditor will prepare an Annual Report to the Audit Committee. The report will include an opinion by the Chief Auditor on the overall adequacy and effectiveness of the Borough of Poole’s internal control environment. In addition, the report will include a summary of the audit work undertaken to formulate the opinion, including reliance placed on the work by other assurance bodies

The Scope of Internal Audit Activity

The Chief Auditor is required to manage the provision of a complete internal audit service to the authority.

There are no limitations on Internal Audit's scope of activities. The scope of Internal Audit extends to the authority’s entire control environment (both financial and non-financial).

The scope of audit work extends to services provided through partnership arrangements. The Chief Auditor will decide, in consultation with other parties, whether internal audit staff conduct the work to obtain the required assurance themselves or rely on the assurances provided by other auditors. Where necessary, the Chief Auditor will agree appropriate access rights in order to obtain the necessary assurances.

Internal Audit may also carry out special reviews or assignments where requested by management, which fall outside the approved work plan and for which a contingency is included in the audit plan.

In conducting its work, and if appropriate to do so, Internal Audit may choose to place reliance on the work of other organisations (e.g. Audit Commission, CSCI), to avoid duplication of effort and maximise resources.

Rights of Access

The Chief Internal Auditor and his/her nominated representatives have –

  • Rights to access all Council premises & property, all data, records, documents correspondence relating to any financial matter or any other activity of the Council
  • The right to require any member of staff or Member to provide any information or explanation needed in the course of their investigations

(Preventing Fraud & Corruption - paragraph 11)

Internal Audit Resources

The Chief Auditor will ensure that the Internal Audit Section is appropriately resourced in terms of numbers, grades, qualification levels and experience to meet its objectives. An Annual Training Plan is maintained, and all staff receive an annual Appraisal Interview. Where required, and if appropriate, the Chief Auditor may also use external contractors to support the Internal Audit function (for example where specialist knowledge of specific areas is required or resources need to be supplemented).

If the Chief Auditor concluded that resources were insufficient to meet Internal Audit’s responsibilities, he would formally report this to the S151 Officer, Chief Executive, and, if necessary, to the Audit Committee.

Related Documents

These are available on the Loop, and include:

  • Financial Regulations
  • Anti-Fraud and Corruption Policy
  • Employee Code of Conduct
  • Whistleblowing Policy

Review of Internal Audit Terms of Reference

In accordance with CIPFA good practice the Internal Audit Terms of Reference will be reviewed and updated as necessary every year.

Chief Auditor

March 2010

Internal Audit Terms of Reference approved by:

……………………………………………………

Head of Financial Services (Section 151 Officer)

……………………………………………………

Chairman of the Audit Committee.

Date:……………………………………………..

1

Borough of Poole Internal Audit