Internal audit

"Internal Audit is an assurance function that provides an independent and objective opinion to the organisation on the control environment, by evaluating its effectiveness in achieving the organisation's objectives. It objectively examines, evaluates and reports on the adequacy of the control environment as a contribution to the proper, economic, efficient and effective use of resources" - Chartered Institute of Public Finance and Accountancy (CIPFA) definition of Internal Audit

Why are we here?

By law, the Council's Section 151 Officer, (the senior officer in charge of the Council's financial arrangements), has a duty to make sure that there is a continuous review of the Council's financial arrangements, ensuring that the appropriate records are maintained and that the Council acts legally.

Part of the function of Internal Audit is to provide assurance that the Council's arrangements are subject to an appropriate level of internal control and to report any risks, weaknesses in the internal control system, or any financial loss or irregularity to the Section 151 Officer as well as the appropriate management.

What do we do?

The Internal Audit team provide an independent and objective opinion on the adequacy and effectiveness of the Council's governance, internal control and risk management arrangements. This means we look at how well the Council controls its activity to avoid loss or wastage and to protect the public money the Council spends and the assets it owns. For example:

  • We advise management on control, effectiveness and efficiency of Council activities

  • We help the Council to achieve its objectives by giving advice to support achievement of best practice.

  • We alert management to and review any significant weaknesses or irregularities

  • We provide assurance on:

    • the reliability and integrity of systems and the extent to which they are adequately and effectively controlled
    • the reliability of financial reporting
    • compliance with laws and regulations

Most of the above is achieved through completing Audit Reviews, which are scheduled through our risk-based Annual Work Programme. This programme, approved by the Audit Committee, is designed so that all areas of the Council's activities will be covered over a four-year period. However, Internal Audit also has the authority to review any matter at any time and can request supporting documentation and explanation from any officer of the Council.

For each audit, a formal report is produced. The report summarises the work undertaken and includes our independent opinion on the area under review. If any issues are identified, recommendations are put forward for management to consider.

During an internal audit, we will:

  • Establish and communicate the scope and objectives for the audit to appropriate management

  • Develop an understanding of the business area under review.

  • Describe the key risks facing the business activities within the scope of the audit

  • Identify control procedures used to ensure each key risk and transaction type is properly controlled and monitored

  • Develop and execute a risk-based sampling and testing approach to determine whether the most important controls are operating as intended

  • Report problems identified and negotiate action plans with management to address the problems

  • Follow up reported findings.

Our work is completed in line with professional standards. Internal Audit reports feed into service Business Plans and the Council's Annual Governance Statement.

Objectives, roles and responsibilities

The primary objective of Internal Audit is to independently review, appraise and provide assurance upon the control environment, making sure that controls are mitigating the Council from increased risk exposure.

Annual work programme

We are required to carry out annual audits of the core units and systems audit reviews are carried out over a rolling four-year programme

Fraud and corruption

Audit reviews are conducted with a mind to the fact that fraud is a risk within any system

Risk management

Risk management is the process by which risks are identified, evaluated and controlled

Who audits the auditors?

The National Audit Office are the external auditors that review the work carried out by Internal Audit