INTERNAL AUDIT TERMS OF REFERENCE 2012
Introduction
The Internal Audit terms of reference describe the purpose, authority, responsibilities and scope of the Authority’s Internal Audit Section.
All Internal Audit activities are carried out in accordance with the Council’s Financial Regulations and Procedures. The Internal Audit terms of reference are consistent with, and built upon, the Audit Requirements contained in the Financial Regulations – specifically, Part C – Audit & Risk Management, references to which appear in Italics in this document.
Statutory Requirement
The Accounts and Audit Regulations 2011 regulation 6, require that
“a relevant body must undertake an adequate and effective Internal Audit of its accounting records and of its system of internal control in accordance with the proper practices in relation to internal control”.
Definition of Internal Audit
The CIPFA Code of Practice for Internal Audit in Local Government (2006) defines Internal Audit as:
“an assurance function that provides an independent and objective opinion to the council on the control environment comprising risk management, control and governance by evaluating its effectiveness in achieving the council’s objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources”.
Internal Audit Standards
There is a statutory requirement for Internal Audit to work in accordance with the ‘proper practices in relation to internal control’. These practices are contained within the CIPFA Code of Practice for Internal Audit in Local Government. This Code has been adopted by the Borough of Poole Internal Audit section (Audit & Inspection - paragraph 3).
The Internal Audit section also complies with:
· Professional standards (e.g. Code of Ethics) and standards issued by other relevant professional bodies
· The Council’s Constitution, polices, procedures and regulations
· Relevant legislation, statutes and regulations
Organisational Independence
Internal Audit must be, and be seen to be, independent of the activities that it audits, to enable auditors to perform their duties in a manner that facilitates impartial and effective professional judgements and recommendations. To ensure this, Internal Audit will operate within a framework that allows:
· Independence in its planning and operation (Audit & Inspection - paragraph 5)
· Direct access to the Head of Paid Service, all levels of management and directly to elected members (Audit & Inspection - paragraph 6)
· The Chief Auditor to report in his/her own name without fear or favour
· Segregation from line operations
As far as is practicable, Internal Audit does not have any operational responsibilities. Internal Audit staff shall neither ‘own’ any systems under audit nor be given any responsibility for any aspect of work subject to audit.
Within the Audit & Management Assurance Section other functions are operated i.e. Business Continuity & Resilience, Risk Management & Insurance and also the Efficiency Review Programme, however where necessary the Chief Internal Auditor has put in place adequate segregation within the section to ensure independence.
Position of Internal Audit within the Authority
The Internal Audit function is carried out by the Audit & Management Assurance Section of the Financial Services Unit. The Chief Internal Auditor reports directly to the Head of Financial Services (Section 151 Officer).
Overview of Internal Audit is one of the roles of the Audit Committee. To facilitate this overview, the Chief Internal Auditor reports to the Audit Committee on a regular basis.
Internal Audit Objectives and Responsibilities
Internal Audit’s aim is to work in partnership with management to improve the Authority’s control environment and assist the Council in achieving its objectives. Internal Audit’s remit extends across the whole of the Council’s overall control environment as prescribed by the Council’s Assurance Framework. Its scope therefore includes (but is not limited to) internal control systems, risk management, corporate governance, counter theft, fraud and corruption, special reviews and the Council’s efficiency review programme.
Internal Control
The objective of Internal Audit is to examine, evaluate and report on the adequacy of internal control as a contribution to the proper, economic and effective use of resources (Audit & Inspection - paragraph 2) with particular reference to:
· The effectiveness of operations
· The economic and efficient use of resources
· Compliance with applicable policies, procedures, laws and regulations
· The safeguarding of assets and interests from losses of all kinds, including those arising from fraud, irregularity and corruption
· The integrity and reliability of information, accounts and data.
Accordingly, in the conduct of planned audits Internal Audit may:
· Review the reliability and integrity of information and the means used to identify, measure, classify and report such information
· Review the means of safeguarding assets and, as appropriate, verify the existence of such assets.
· Appraise the economy, efficiency and effectiveness with which resources are employed, identify opportunities to improve performance and recommend solutions to problems
· Review the established systems to ensure compliance with those policies, procedures, laws and regulations which could have a significant impact on operations, and determine whether the authority is in compliance with these
· Review operations and activities to ascertain whether results are consistent with objectives and whether they are being carried out as planned
Risk Management
Internal audits will be carried out on the risk management process operated through Corporate, Service Unit and project risk registers to manage key risks identified.
Corporate Governance
The Internal Audit function will also review the Authority’s Corporate Governance arrangements, including compliance with Codes of Conduct. Internal Audit also has responsibility for preparation of the Authority’s Annual Governance Statement and reviewing the Council’s Local Code of Corporate Governance.
Counter Theft, Fraud and Corruption
Managing the risk of fraud and corruption is the responsibility of management. Audit procedures alone, even when performed with due professional care, cannot guarantee that fraud or corruption will be detected. Internal Audit does not have responsibility for the prevention or detection of theft, fraud and corruption. Internal Auditors will, however, be alert in all their work to risks and exposures that could allow theft, fraud or corruption. Internal Audit may also be requested by management to assist with their fraud related work. Further details are contained in the Authority’s Counter Theft, Fraud & Corruption Policy.
The Chief Internal Auditor has made arrangements, supported through the Council’s Financial Regulations (Preventing Fraud & Corruption - paragraph 10), to be informed of all suspected or detected theft, fraud, corruption or irregularities so that he/she can conduct an investigation, consider the adequacy of the relevant controls, and evaluate the implication of fraud and corruption for his opinion on the internal control environment.
Internal Audit will also be proactive in countering theft, fraud and corruption. The Council regularly reviews its exposure to the risk of fraud and corruption. Internal Audit support the maintenance of a risk register of all council fraud and corruption risks. Any high scoring risks are reflected in Service Unit Risk Registers, which are subject to regular review and the implementation of mitigating actions to reduce the risk level.
Within the Internal Audit Plan is the Counter Fraud and Corruption Work Plan which includes targeted reviews of service areas which have been identified as at high risk of fraud and corruption.
Special reviews
Internal Audit may also, subject to resources and skills, carry out special reviews and projects at the request of the Head of Financial Services, Members, the Audit Committee, Management Team, Heads of Service Units and Project Managers of major projects. These reviews may contribute to the opinion that Internal Audit provides on the control environment.
Efficiency Programme
Internal Audit are responsible for developing a medium term efficiency programme to help deliver cash releasing efficiencies in future years.
Achievement of Objectives
To meet Internal Audit objectives the Chief Internal Auditor will:
· Prepare an Internal Audit Strategy and Annual Internal Audit Plan in consultation with those charged with governance. The plan will assess the resources required to carry out the work to fulfil the Council’s obligations under the Accounts & Audit Regulations 2011. This plan will be regarded as flexible, to allow for changing needs and priorities
· Agree the scope of individual audits with the relevant Head of Service Units (or appropriate Manager/Project Manager).
· Ensure a system of close supervision of audit work and maintain a review of audit files through the supervisory structure
· Formally report the results of audits and the recommendations made to Heads of Service Units (or appropriate Manager/Project Manager). Where agreement on Internal Audit findings and recommendations cannot be reached, the Chief Internal Auditor will escalate, if necessary to the Audit Committee.
· Agree an Action Plan for implementation of Internal Audit recommendations with the Service Unit/Project Manager. The Service Unit/Project Manager will be responsible for the timely return of the Action Plan. Instances of persistent non-replies to Audit Reports will be reported to the Audit Committee, where the Service Unit Head may be required to attend the meeting (in accordance with the formal Escalation Procedure).
· Accountability for the response to advice and recommendations of Internal Audit lies with management. Internal Audit will, however, follow up on and report to the Audit Committee as necessary where agreed recommendations remain unimplemented.
· The Chief Internal Auditor will prepare an Annual Report to the Audit Committee. The report will include an opinion by the Chief Auditor on the overall adequacy and effectiveness of the Borough of Poole’s internal control environment. In addition, the report will include a summary of the audit work undertaken to formulate the opinion, including reliance placed on the work by other assurance bodies.
The Scope of Internal Audit Activity
The Chief Internal Auditor is required to manage the provision of a complete internal audit service to the authority.
There are no limitations on Internal Audit's scope of activities. The scope of Internal Audit extends to the Authority’s entire control environment (both financial and non-financial) as prescribed in the Council’s Assurance Framework.
The scope of audit work extends to services provided through partnership arrangements. The Chief Internal Auditor will decide, in consultation with other parties, whether internal audit staff conduct the work to obtain the required assurance themselves or rely on the assurances provided by other auditors. Where necessary, the Chief Internal Auditor will agree appropriate access rights in order to obtain the necessary assurances.
Internal Audit may also carry out special reviews or assignments where requested by management, which fall outside the approved work plan and for which a contingency is included in the audit plan.
In conducting its work, and if appropriate to do so, Internal Audit may choose to place reliance on the work of other organisations (e.g. External Audit, Inspection Agencies), to avoid duplication of effort and maximise resources.
Rights of Access
The Chief Internal Auditor and his/her nominated representatives have –
· Rights to access all Council premises & property, all data, records, documents & correspondence relating to any financial matter or any other activity of the Council
· The right to require any member of staff or Member to provide any information or explanation needed in the course of their investigations
(Preventing Fraud & Corruption - paragraph 11)
Internal Audit Resources
The Chief Internal Auditor will ensure that the Internal Audit Section is appropriately resourced in terms of numbers, grades, qualification levels and experience to meet its objectives. An Annual Training Plan is maintained, and all staff receive an annual Appraisal Interview. Where required, and if appropriate, the Chief Internal Auditor may also use external contractors to support the Internal Audit function (for example where specialist knowledge of specific areas is required or resources need to be supplemented).
If the Chief Internal Auditor concluded that resources were insufficient to meet Internal Audit’s responsibilities, he/she would formally report this to the S151 Officer, Chief Executive, and, if necessary, to the Audit Committee.
Related Documents
These are available on the Loop, and include:
· Financial Regulations
· Counter Theft, Fraud and Corruption Policy (includes the Whistleblowing Policy)
· Employee Code of Conduct
Review of Internal Audit Terms of Reference
In accordance with Standard 1 of the CIPFA Code of Practice for Internal Audit in Local Government, these Terms of Reference will be regularly reviewed and updated appropriately to meet the Council’s changing requirements and/or priorities.
Chief Internal Auditor
April 2012
Internal Audit Terms of Reference approved by:
……………………………………………………
Head of Financial Services (Section 151 Officer)
……………………………………………………
Chair of the Audit Committee
Date:……………………………………………..
5
Borough of Poole Internal Audit