Internal audit charter
1. The Internal Audit Charter (the ‘Charter’) is the formal document that defines internal audit’s purpose, authority and responsibility at Maidstone Borough Council (the ‘Council’). The Charter establishes the Audit Partnership’s position within the authority, including the nature of the Head of Audit Partnership’s functional reporting relationships. The Charter also authorises access to records, personnel and physical properties relevant to the performance of engagement and defines the scope of internal audit activities.
2. Final approval of the Charter resides with the Audit, Governance & Standards Committee, but it will be reviewed each year by the Head of Audit Partnership in consultation with the Shared Services Board.
Mission
3. The Audit Partnership acknowledges and aspires to achieving the mission of Internal Auditing provided by the Institute of Internal Auditors (IIA):
To enhance and protect organisational value by providing stakeholders with risk based, and objective assurance, advice and insight.
Scope of work
4. The scope of the Audit Partnership’s work includes, in the first instance, tasks in support of the annual Head of Internal Audit Opinion. This work covers three areas:
Internal Control
5. The system of internal control is a process for assuring achievement of the Council’s objectives in operational effectiveness and efficiency, reliable financial reporting and compliance with laws, regulations and policies. It incorporates both financial and non-financial systems.
Corporate Governance
6. Corporate governance is the system of rules, practices and processes by which the Council is directed and controlled.
Risk Management
7. Risk management is the process of identifying, quantifying and managing the risks that the Council faces in attempting to achieve its objectives.
8. In addition to those three core areas the Audit Partnership may, subject to specific arrangements, undertake engagements in the areas of counter fraud, operational risk management or advisory as discussed elsewhere in this Charter.
Authority of internal audit
9. Internal Audit is a statutory service as defined within the Accounts and Audit Regulations 2015 (the ‘Regulations’) which require the Council undertake an effective internal audit to evaluate the effectiveness of its .risk management, control and governance processes, taking into account public sector internal auditing standards.
10. Deriving authority from those Regulations and those authorising this Charter, the Audit Partnership has free and unrestricted ability to plan and undertake audit assignments deemed necessary to fulfil its scope.
11. To enable full discharge of its duties, the Head of Audit Partnership and his team are authorised to:
· Have a right of direct access to the Chair of the Audit, Governance & Standards Committee;
· Have unrestricted access to all functions, records, property and personnel;
· Obtain assistance where necessary from Council officers and contractors involved in subject of audit engagements.
12. The Head of Audit Partnership and his team are not authorised to perform any operational duties for the Council, initiate or approve accounting transactions (except where directly related to the administration of the service) and direct the activities of any Council employee (except insofar as they have been appropriately assigned to assist engagements, or as described with the safeguards in this Charter).
Responsibility
13. The Head of Audit Partnership and his team have responsibility to undertake their work at all times in accordance with the Public Sector Internal Audit Standards (the ‘Standards’),the IIA’s Code of Ethics (the ‘Code’) and the broader IIA’s International Professional Practices Framework (the IPPF). In addition, those members of the team who have membership of professional bodies will comply with the relevant requirements of that organisation. Undertaking work in accordance with the Standards will include:
· Developing a flexible risk-based audit strategy and annual plan in consultation with senior management and presented annually to the Audit, Governance & Standards Committee for review and approval. The Audit, Governance & Standards Committee will also be invited to review and approve significant changes to the plan;
· Tracking the status of agreed management actions and providing regular updates to the Audit, Governance & Standards Committee, including escalation of items of significant risk;
· Issuing periodic reports to senior management and the Audit, Governance & Standards Committee summarising results of internal audit work;
· Continuing liaison with the Council’s external auditors and other assurance providers to seek optimal assurance coverage;
· Communicating regularly with relevant stakeholders on progress of the Audit Partnership, its work and findings; and
· Keeping the Shared Services Board (and so, the Director Finance & Business Improvement) informed on the performance of the Audit Partnership.
Reporting lines
14. The Head of Audit Partnership has responsibility for day to day management of the Audit Partnership. The Head of Audit Partnership reports administratively to the Director of Mid Kent Services and, with respect to activities undertaken at the Council, reports functionally to the Director of Finance & Business Improvement as the Council’s representative on the Audit Partnership Board. Organisationally, the Head of Audit Partnership reports to the Audit, Governance & Standards Committee. The Head of Audit Partnership also has a direct right of access to the Chief Executive as and when required.
15. Should the Head of Audit Partnership not be satisfied with the response of senior management to or engagement with a given audit review this will be highlighted to the relevant Director in the first instance and escalated to the Audit, Governance & Standards Committee if the matter remains unresolved.
Independence and objectivity
16. The Audit Partnership is and will remain free from interference in determining the scope and nature of its work and communicating its results. The Head of Audit Partnership will comment on and affirm the independence and objectivity of the service in individual reports and, at least annually, in summary reports to the Audit, Governance & Standards Committee. The summary reports will consider and report separately to the Committee on each area of the Audit Partnership’s functions.
Accountability
17. The Head of Audit Partnership, in the discharge of his duties, will be accountable to the Audit, Governance & Standards Committee and the Director of Finance & Business Improvement (through the Audit Partnership Board). This will include the provision of an annual Head of Audit Opinion as well as periodic reporting on significant issues and audit findings.
Management responsibilities
18. To be effective, the Audit Partnership requires full co-operation of senior management. In approval of this Charter the Audit, Governance & Standards Committee and the Director of Finance & Business Improvement direct management to co-operate with the Audit Partnership in the delivery of the service. This includes, but is not limited to, agreeing suitable briefs for audit engagements, acting as audit sponsors, providing access to appropriate records, personnel and systems, responding to draft reports and implementing management actions in line with agreed timescales.
19. Senior management also undertakes to keep the Audit Partnership abreast of significant proposed changes in processes, systems or organisation, newly identified significant risks and all suspected or detected fraud, corruption or impropriety.
20. Senior management will also ensure that the Audit Partnership has access to sufficient resources to fulfil the audit plan as directed by the Audit, Governance & Standards Committee. Responsibility for arranging and deploying resources in fulfilment of the plan rests with the Head of Audit Partnership.
Non Audit Work
Consultancy
21. The Standards allow that Internal Audit resource may sometimes be more usefully focussed towards providing advice rather than assurance. Where appropriate, the service may act in a consultancy capacity by giving guidance, providing that:
· The objectives of the engagement address governance, risk management or internal control,
· The request has been approved by a member of the Corporate Leadership Team,
· The service has the right skills, experience and available resource, and
· The Audit Partnership’s involvement will not constitute a conflict of interest, compromise the appearance or fact of its independence and will not involve assuming a management role in providing advice.
22. The Head of Audit Partnership is responsible for ensuring all requests are reviewed in accordance with the above criteria before making the final decision. The specific role of the Audit Partnership in any particular engagement will be agreed with the sponsor, documented within the assignment plan and reported to the Audit, Governance & Standards Committee at the next opportunity.
23. With respect to significant requests, defined as those which require the purchase of additional resources or amendment to the agreed audit plan, the Head of Audit Partnership will consult the Chair of the Audit, Governance & Standards Committee before accepting the engagement.
Risk Management
24. The Audit Partnership’s role is Risk Management will be guided by the Institute of Internal Auditors position paper on The Role of Internal Auditing in Enterprise-Wide Risk Management. The Audit Partnership will not undertake roles defined as inappropriate by that guidance. Inappropriate roles include setting the Council’s risk appetite, imposing a risk management process and taking on full accountability for risk management.
25. The position paper lists the following as legitimate internal audit roles with safeguards:
· Co-ordinating risk management activities,
· Consolidated risk reporting
· Developing risk approach for approval and its subsequent maintenance
· Facilitating identification and evaluation of risks, and
· Coaching management in responding to risks.
26. The Council’s Risk Management Strategy allows for the Audit Partnership to undertake all of those roles, providing that safeguards are in place and agreed through the Audit Charter. The safeguards include:
· Internal separation of duties within the Audit Partnership, managed through the Deputy Head of Audit Partnership role. The Deputy Head of Audit Partnership will lead on reviews of the risk management approach which are reported separately to the Audit, Governance & Standards Committee and sponsored by the Director of Finance & Business Improvement.
· The Audit Partnership’s resource input into risk management will be approved each year by the Audit, Governance & Standards Committee through the Audit Plan and monitored through update reports.
· Overall responsibility for approving the risk management approach remains with the Policy & Resources Committee acting on the advice of the Council’s Corporate Leadership Team. The Audit, Governance & Standards Committee retains its constitutional role of conducting its own assessments on the effectiveness of the Council’s risk management approach which may, if required, also include independent review.
27. Although not part of the Council’s internal controls, the Audit, Governance & Standards Committee may also draw assurance from any work completed by the Council’s external auditors in completing their work supporting the Value for Money conclusion.
Counter Fraud
28. The Audit Partnership’s role on Counter Fraud will be in accordance with the Council’s Counter Fraud Strategy and with the resources approved by the Audit, Governance & Standards Committee in the Annual Audit Plan.
29. This role may include developing and maintaining relevant policies, including the Counter Fraud Strategy itself for approval by appropriate officer groups and the Policy & Resources Committee or Audit, Governance & Standards Committee as required by the Council’s constitution.
30. The Audit Partnership may also undertake training and awareness raising activity for officers and Members on the Council’s Counter Fraud Strategy and related policies and procedures. Such training will be undertaken in consultation with appropriate officer groups.
31. The Audit Partnership may assist or lead, as needed, in the identification and investigation of suspected fraudulent activities within the Council and notify Management and the Audit, Governance & Standards Committee of the results. This may include examining matches identified by the National Fraud Initiative, the Kent Intelligence Network or any other data matching activities.
32. Where a significant investigation requires purchase of additional resource or amendment to the agreed audit plan the Head of Audit Partnership will consult the Chair of the Audit, Governance & Standards Committee after discussion with the Director of Finance & Business Improvement.
Major Projects
33. The Audit Partnership will be informed of major projects and their progress through continuing discussion with Management. The Audit Partnership’s response to major projects will be proportionate to the risk in terms of the inclusion of specific audit work within the annual audit plan. Where a project team seeks advice or further support from Internal Audit, the Audit Partnership will treat that request as one for consultancy support as described from paragraph 21.
Relationships
34. The Head of Audit Partnership and the audit team are involved in a wide range of relationships whose quality is important in supporting the effective delivery of the audit function.
Relationships with management
35. The Audit Partnership will maintain effective relationships with managers at the Council. This will include consultation in the audit planning process both at an overall plan level and with respect to the scope of individual audit projects as well as regular meetings with key stakeholders. Timing of audit work will also be agreed in conjunction with Management.
Relationships with external auditors and regulators
36. The Audit Partnership and Grant Thornton LLP have an established and sound working relationship described in more detail within the Internal/External Audit Protocol presented to the (then) Audit Committee in March 2014. Each will continue to rely upon and draw from each other’s work subject to the limits and duties determined by our respective responsibilities and professional standards. This enables evaluation and review of work leading to re-performance only where necessary. The Audit Partnership and Grant Thornton LLP regularly and share plans and reports.
37. The Audit Partnership will also take account of the results and reports from any other external inspections or reviews when planning and undertaking audit work. Where appropriate the Head of Audit Partnership or appropriately delegated representative will represent the service in consultation and discussion with external agencies, inspectors or regulators.
Relationships with Members
38. The Head of Audit Partnership will be the first point of contact for Members, in particular members of the Audit, Governance & Standards Committee. However, the Audit Partnership places great store in gaining and maintaining an effective working relationship with Members and so will foster good contacts throughout the internal audit service as appropriate.
39. The Head of Audit Partnership will have the opportunity to meet separately (that is, without other officers in attendance) with the Chair of the Audit, Governance & Standards Committee and other Members if desired.
Standards of internal audit practice
40. This Charter recognises the mandatory nature of the IIA definition of Internal Auditing and Code of Ethics, the Public Sector Internal Audit Standards and the International Professional Practices Framework. The Audit Partnership comply with these standards.
Quality assurance
41. The Standards require that audit be subject to a quality assurance and improvement programme. For the Audit Partnership, that programme incorporates both internal and external elements.
Internal assurance
42. All audit engagements are subject to review by management prior to finalisation. These reviews seek to ensure that work undertaken is consistent with the Standards, consistent with the risks associated with the area under review and that conclusions are supported by detailed work undertaken. The Audit Partnership varies the range and scope of reviewers to help maintain consistency and support learning within the service.
External assurance
43. An external assessment must be conducted at least once every five years by a qualified, independent assessor from outside the organisation. The Audit Partnership’s most recent such assessment was completed by the Institute of Internal Auditors in 2014, with results reported to the (then) Audit Committee. The Head of Audit Partnership will keep the need for external assurance under review and discuss options with the Director of Finance & Business Improvement and the Audit, Governance & Standards Committee as the need arises.
This Charter is authorised within Maidstone Borough Council:
Director of Finance & Business Improvement: tbc
Audit, Governance & Standards Committee Chair: Councillor Steve McLoughlin
With the agreement of:
Head of Audit Partnership: Rich Clarke
Mid Kent Services Director: Paul Taylor
Agreed by Audit, Governance & Standards Committee: 21 March 2016
Next Review required: Annually