Audit and Assurance Arrangements

Public Appointments Service

April 2016

Content

Audit and Assurance Arrangements 2

Internal Audit Charter 4

Audit Committee Charter and Terms of Reference 8

Quality Assurance and Improvement Programme 15

Risk Management Strategy and Policy 18

Role of and Procedures for the Internal Audit Function 32

Checklists for the Internal Audit Function 38

Audit and Risk Management Action Plan 40

Risk Management Guidance Document Action Plan 41

Appendices

Appendix 1 – Definitions (from the Risk Management Strategy and Policy)42

Appendix 2 – Considering the Likelihood of the Risk43

Appendix 3 – Considering the Impact of the Risk44

Appendix 5 – Incident and Near-Miss Report Form45

Audit and Assurance Arrangements

The Public Appointments Service has a number of audit and other arrangements in place which, together, provide assurance that the organisation is managing its resources properly and that it is actively assessing and managing risk.

Role of Audit Committee and reporting arrangements to the Chief Executive

PAS has an Audit Committee which operates in accordance with published Civil Service guidance[1]. The Audit Committee has an independent role in the provision of assurance to the Chief Executive. This includes consideration of the adequacy and effectiveness of the internal control systems, control environment and control procedures within PAS. The Committee also oversees the Internal Audit function within PAS and provides advice and professional guidance to the Chief Executive in relation to the development of the internal audit function. The Audit Committee also provides advice and guidance in relation to the systems of risk management and internal control within PAS.

The PAS Audit Committee operates under a written charter and includes external representation with appropriate expertise. The Chairperson of the Audit Committee is external to PAS.

The Audit Committee prepares an annual report to the Accounting Officer, reviewing its operations, and invites the Office of the Comptroller and Auditor General, as the external auditor of PAS, to meet with it at least once a year[2];

The Internal Audit function in PAS

The majority of the Internal Audit function’s reviews are outsourced to a professional services firm. The function operates to athree-year audit plan approved by the Chief Executive and under the oversight of the Audit Committee.

All draft audit reports are submitted to the PAS Management Board for the preparation of management responses. Once finalised, the completion of any actions arising is tracked and monitored via regular reports by PAS management to the PAS Audit Committee.

The Head of Corporate Services is also a member of the Civil Service “Heads of Internal Audit Forum” which provides a forum for the discussion of policy and operational issues relating to internal audit within civil service bodies as well as disseminating good practice and new developments within the internal audit profession.

Risk Management

PAS has a risk management system in place. This includes a Risk Management Framework and Risk Management Policy appropriate to the size and scale of the organisation and is in accordance with the relevant Civil Service Risk Management Guidance. An integrated and holistic approach to risk management is one of the key elements to achieving effective corporate governance. PAS takes its risk management responsibilities seriously and has processes in place to respond appropriately to significant business, strategic, operational, financial, compliance and other risks that threaten the successful achievement of the strategic and operational objectives of the organisation.

Risk Management is a standing item on the agenda of each meeting of the PAS Management Board. A Risk Management Group oversees the implementation and monitoring of this process. This group operates under the terms specified in the Risk Management Strategy and Policy outlined later in this document. The Group reports to the Internal Audit Committee at each meeting, and updates on current risks facing the organisation are given to the Board of PAS at each meeting. The Group (through the Chair) report to the Management Board following each meeting of the Risk Management Group.

Internal Audit Charter

Introduction

This Charter sets out the purpose, authority and responsibilities of the Internal Audit function in the Public Appointments Service.

Internal Audit Function

In accordance with the recommendations of the Accountability of Secretaries General and Accounting Officers, the Public Appointments Service is committed to maintaining and supporting a quality internal audit function.

The Internal Audit function will conduct its activities in accordance with the Internal Audit Standards issued by the Department of Public Expenditure and Reform and will have regard to best practice as enunciated by the Institute of Internal Auditors.

The Public Appointments Service will as necessary retain the services of an independent and suitably qualified Auditor.

The Internal Audit function ensures that an appropriate contract is put in place for outsourced internal audits and ensures that the contract terms are met and that the audits are conducted to a high standard.

Role and Responsibilities

The primary role of Internal Audit within the Office is to give assurance to the Accounting Officer and the Audit Committee as to the adequacy and effectiveness of the office’s internal control system and the risk management environment.

Responsibility for internal control, including the prevention and detection of fraud and risk management, rests fully with line managers who, notwithstanding audit activity, ensure that appropriate and adequate arrangements exist within their area of responsibility. Responsibility for implementation of audit recommendations also rests fully with the line management concerned.

Scope

The Internal Audit functionwill review and appraise the following:

(a)The adequacy, reliability and integrity of the information being provided for decision making and for accountability, and the extent to which this information is used;

(b)The degree of compliance with legislation (domestic and international) and other requirements laid down centrally (i.e. Department of Public Expenditure and Reform) and management plans, procedures and policies;

(c)The acquisition and disposal of assets and the safeguarding of assets and interests from losses, including those arising from fraud, malpractice and irregularity;

(d)Arrangements for the economic and efficient use of resources within the area under review.

In discharging this responsibility Internal Audit will also identify and report on any deficiency or weakness in systems and controls and make appropriate recommendations for improvement.

The Internal Audit Function will ensure that all information and records are treated in the strictest confidence throughout the Audit process. The Internal Auditor is responsible for ensuring the confidentiality and safekeeping of all records and information accessed in the course of its work.

Authority

The Internal Audit function derives its authority from the Accounting Officer.

In order to perform its functions, internal audit staff are authorised by the Accounting Officer to have full, free and unrestricted access to all the Office’s records, assets and personnel at all reasonable times, and are entitled to request and receive all the information and explanations they require for the proper performance of their duties.

Independence

To ensure the independence and objectivity of the Internal Audit function, the function will not assume operating responsibilities for, and will remain independent of, the activities it audits.

Audit Methodology

The internal audit function will produce a three-year audit work plan for all areas under its remit. The plan will be approved by the Accounting Officer and the Audit Committee.

In the course of each audit the Internal Audit function/outsourced Internal Auditor will:

work constructively with management and staff

give adequate notice to the Head of Sections prior to the commencement of an audit

determine and confirm system to be audited with line management

discuss progress with the relevant line manager and liaise with the Head of Corporate Services throughout the audit process

issue a draft report to the relevant line manager to confirm its factual accuracy and to agree where possible the conclusions and recommendations for improvements

agree a timescale for managements’ response

issue the report, incorporating managements’ response to the relevant line manager, relevant Head of Section and Head of Corporate Services

issue the report to Accounting Officer for review

present the final report to Audit Committee

circulate the final report to Management Board and Senior Management Team.

The final reports will also issue to the Comptroller and Auditor General as requested.

Follow-up reports will be carried out within a timescale to be determined by the Audit Committee. Summary follow-up reviews will issue to the audit committee informing them of any instances where audit recommendations have not been implemented as agreed.

Where Internal Audit and management fail to reach agreement on issues/recommendations considered to be of material importance by Internal Audit, the final audit report will reflect the position of both. The Audit Committee’s attention will be drawn specifically to these issues/recommendations, so that appropriate action can be taken.

Audit Committee Charter and Terms of Reference

PURPOSE

The Audit Committee is part of the control environment, tasked with providing independent advice to the Accounting Officer regarding the suitability and robustness of the organisation’s internal control systems and procedures.

AUTHORITY

The Audit Committee is appointed to provide independent advice to the Accounting Officer and is responsible to him/her for its performance in this regard.

The Audit Committee shall have the authority to investigate any matters within its terms of reference; the resources which it needs to do so and full access to information.

MEMBERSHIP

The Accounting Officer will appoint members and the Chairperson, unless otherwise provided by law.

The Chairperson of the Committee will come from outside the organisation, and has right of access to the Accounting Officer.

At least two members of the Committee will be external to the organisation (all members will be external to the organisation from September 2016).

At least one member of the Committee will be a nominee of the PAS Board.

The role requirements will be clearly communicated to potential members at the outset including time commitments and an indication of frequency of meetings.

Members may serve a three year term, with the option to extend by a further three year term.

A statement of members’ interests will be prepared on an annual basis.

Where a conflict of interest arises in the course of the work of the Audit Committee, the member will bring this to the attention of the Chairperson and, where necessary, leave the room for the duration of the discussion and not take part in any decisions relating to the discussion. A note to this effect will be included in the minutes of the meeting. Declarations of conflicts of interest is a standing item on all committee meeting agendas.

MEETINGS

To facilitate regular engagement with the organisation, the Audit Committee will meet at least quarterly, with the authority to convene additional meetings as circumstances require.

All committee members are expected to attend each meeting. Each member must meet the minimum attendance of 75% at audit committee meetings. A quorum shall consist of three Committee members, and in the absence of the Chairperson, a deputy Chairperson will be chosen from members and will chair the meeting.

If a vote is required on any issue, a simple majority of all members present, including the Chairperson, will carry the motion, with the Chairperson having the casting vote in the event of a tie.

The Audit Committee should invite members of management, internal auditors or others to attend meetings and provide information, as necessary.

The Chairperson of the Audit Committee will meet with the Accounting Officer annually.

The agenda and supporting papers shall be circulated to all members at least one week prior to the meeting.

The agenda of the Audit Committee will be approved by the Chairperson and each Member of the Committee shall be entitled to put forward matters for inclusion on the Agenda.

Draft minutes will be prepared and, once approved by the Internal Audit Committee, will be circulated to the Accounting Officer and Management Team with the aim of circulating them within ten working days of the date of the meeting.

The Head of Corporate Services (with responsibility for Internal Audit and Finance) shall normally attend meetings. In addition, such persons as are from time to time invited by the Chairperson to attend may attend.

The Internal Auditor will attend the relevant portion of meetings required to present any audit report prepared by them.

Appropriate records of the work of the Audit Committee will be maintained.

•The Committee will make minutes of Internal Audit Committee meetings available to the Board of PAS.

The Internal Audit unit will provide administrative support to the Audit Committee.

ACCESS

The Chairperson of the Audit Committee shall have a right of access to the CEO on any matter pertaining to the internal audit function as the Committee considers appropriate or necessary, including its overall effectiveness, resources, training, use of technology etc.

The Audit Committee shall have a right of access to such information or documents, which, in the Committee’s opinion are relevant to matters falling within its terms of reference.

FUNCTIONS

The Audit Committee will carry out the following functions:

Internal Control

Advise on the organisation’s internal control systems, including information technology security and control.

Obtain and review internal audit reports, significant findings and recommendations together with management responses.

Monitor management’s implementation of audit recommendations from internal audit, external audit and other sources.

Governance and Risk Management

Advise on the systems of control underlying the risk management framework and processes, including:

receiving feedback from the Head of Corporate Services (with responsibility for Internal Audit and Finance)and the organisation’s management on the effectiveness of the risk management process; and

taking such feedback into account for input into the priorities of the Internal Audit Unit work programme.

Internal Audit

Review assessments of the internal audit function, including compliance with the Internal Audit Standards; evaluation of conformance with the IIA Standards 1300 (the results of which will be communicated to the Accounting Officer and Audit Committee) will be conducted every three to five years.

Review with the Head of Corporate Services (with responsibility for Internal Audit and Finance) and as necessary discuss with management, the Internal Audit Unit’s charter, audit plans, activities, staffing, and organisational status.

Receive progress reports on the audit plan assignments.

Raise any concerns with Accounting Officer regarding the independence of the Internal Audit unit.

On a regular basis, meet separately with the Head of Corporate Services (with responsibility for Internal Audit and Finance) to discuss any matters that the Audit Committee or Internal Audit Unit believes should be discussed privately.

External Audit

On at least an annual basis, meet with the nominee of the Comptroller and Auditor General.

Review the Internal Audit working relationship and liaison with the nominee of the Comptroller and Auditor General to ensure co-operation, avoidance of duplication and potential gaps in audit coverage.

Review the external audit management letter and the organisational response.

Financial Management

Advise on the systems of control underlying the financial management processes, including:

reviewing the results of the external audit; and

reviewing the procedures and practices associated with financial management and budgeting.

Reporting Functions

Regularly report to the Accounting Officer about audit committee activities, issues, and related recommendations by:

circulating to the Accounting Officer and the Management Board the agreed minutes of audit committee meetings as a matter of normal practice;

submitting an annual report to the Accounting Officer, within three months following year end, of the activities of the Audit Committee; and

availing of the Chairperson’s right of access to the Accounting Officer.

Provide an open avenue of communication between internal audit, the Office of the Comptroller and Auditor General, and the Accounting Officer.

Other Functions

Promote good accounting practices, ensuring better and more informed decision making and improved focus on value for money throughout the organisation.

Perform other activities related to the charter as requested by the Accounting Officer.

Review and assess the adequacy of the written charter on an annual basis and request Accounting Officer approval for proposed changes.

Respond to any special reporting requests, on matters relevant to the Committee, made by the Chief Executive Officer.

The Audit Committee may, following consultation with the CEO, obtain outside legal or other independent professional advice and secure the attendance at Committee meetings of outsiders with relevant experience and expertise if it considers this to be essential.

Confirm annually that all functions outlined in the written charter have been carried out.

The Audit Committee evaluatesits own performance on a regular basis.

ANNUAL REPORT