Internal Audit Charter
Maidstone Borough Council
Internal audit charter
1. The Internal Audit Charter (the ‘Charter’) is the formal document that defines internal audit’s purpose, authority and responsibility at Maidstone Borough Council (the “Council”). The Charter shows the Audit Partnership’s position within the authority, including the nature of the Head of Audit Partnership’s reporting relationships. The Charter defines the scope of audit work and approves the access to records, personnel and physical properties relevant to its completion.
2. Final approval of the Charter remains with the Audit, Governance & Standards Committee (the “Committee”). The Head of Audit Partnership will, in consultation with Senior Management, review the Charter each year and recommend to the Committee any necessary updates.
3. The Audit Partnership recognises and aspires to achieving the mission of Internal Auditing provided by the Institute of Internal Auditors (IIA):
“To enhance and protect organisational value by providing stakeholders with risk based and objective assurance, advice and insight.”
Standards of internal audit practice
4. This Charter recognises the compulsory nature of the IIA definition of Internal Auditing, Code of Ethics, Public Sector Internal Audit Standards (the “Standards”) and the International Professional Practices Framework (the “Framework”). The diagram on the next page sets out the Framework and the Core Principles.
5. The Audit Partnership complies with the Framework in full.
Framework Core Principles
1. Demonstrates integrity
2. Demonstrates competence & due professional care
3. Is objective and free from undue influence
4. Aligns with Council’s strategies, objectives & risks
5. Is appropriately positioned and adequately resourced
6. Demonstrates quality and continuous improvement
7. Communicates effectively
8. Provides risk-based assurance
9. Is insightful, proactive and future-focused
10. Promotes organisational improvement
Scope of work
6. The scope of the Audit Partnership’s work includes, first, tasks in support of the annual Head of Internal Audit Opinion. This work covers three subjects:
7. Internal control is how the Council assures achievement of its objectives. It includes ensuring effectiveness and efficiency, reliable financial reporting and compliance with laws, regulations and policies. It incorporates both financial and non-financial governance.
8. Corporate governance is the set of rules, practices and processes that direct and control the Council.
9. Risk management is how the Council identifies, quantifies and manages the risks it faces in trying to achieve its objectives.
10. Besides those three core subjects the Audit Partnership may, subject to specific arrangements, undertake engagements in the matters of counter fraud, risk management or consultancy advice as discussed elsewhere in this Charter.
Authority of internal audit
11. Internal Audit is a statutory service as defined within the Accounts and Audit Regulations 2015 (the “Regulations”). These demand the Council evaluates the effectiveness of its risk management, control and governance, considering the Standards.
12. Drawing authority from those Regulations and this Charter, the Audit Partnership has free and unrestricted capacity to plan and undertake audit work judged necessary to fulfil its scope.
13. To enable full performance of its duties, the Head of Audit Partnership and his team:
· Have direct access to the Committee Chairman;
· Have unrestricted access to all works, records, property and personnel;
· Can get help where necessary from Council officers and contractors involved in subject of audit engagements.
14. The Head of Audit Partnership and his team may not perform any of the following, except where directly related to running the Audit Partnership:
· Perform duties for the Council beyond this Charter’s scope;
· Begin or approve accounting transactions, and
· Direct the work of any Council employee.
15. The Head of Audit Partnership and his team must always undertake their work in line with the Framework which applies across the global practice of internal audit. This includes, notably, the Code of Ethics for Internal Audit. Also, members of the team who hold membership of professional bodies will comply with the relevant demands of that organisation, including relevant ethical codes. Undertaking work under the Standards will include:
· Developing a flexible risk-based audit strategy and annual plan. We will develop strategies and plans in consultation with senior management and present each year to the Committee for review and approval. We will also invite the Committee to review and approve significant changes to the plan;
· Tracking the status of agreed management actions and providing regular updates to the Audit Committee, including highlighting items of significant risk;
· Issuing period reports to senior management and the Committee summarising results of internal audit work;
· Continuing communication with the Council’s external auditors and other assurance providers to seek efficient assurance coverage;
· Communicating regularly with relevant interested parties on progress of the Audit Partnership, its work and findings; and
· Keeping Senior Management up-to-date with Audit Partnership performance.
16. The Head of Audit Partnership has responsibility for day-to-day management of the Audit Partnership. The Head of Audit Partnership reports to:
· The Director of Mid Kent Services (an employee of Maidstone Borough Council) as his line manager.
· The Director of Finance & Business Improvement for matters related to audit work at the Council as a representative of Senior Management.
· The Committee for matters related to audit work at the Council. This line exists as the Committee are ‘those charged with governance’.
17. The Head of Audit Partnership also has a direct right of access to other Senior Management and Members if needed.
18. If the Head of Audit Partnership is not satisfied with the response of Management or officers in supporting audit work he will highlight this first with Senior Management. If the matter remains unresolved the Head of Audit Partnership will raise with the Committee.
Independence and objectivity
19. The Audit Partnership is free from interference in deciding the scope and nature of its work and communicating results. The Head of Audit Partnership will comment on and affirm the independence and objectivity of the service in individual reports and, at least yearly, in summary reports to the Committee. The summary reports will consider and report separately to the Committee on each part of the Audit Partnership’s work.
20. The Head of Audit Partnership, in performing his duties, will be accountable to the Committee and Senior Management. This will include providing an annual Head of Audit Opinion as well as periodic reporting on significant issues and audit findings.
21. To be effective, the Audit Partnership needs full cooperation of senior management. In approving this Charter the Committee and Senior Management direct officers to cooperate with the Audit Partnership in the delivery of the service. This includes, for example:
· Agreeing suitable briefs for audit work;
· Acting as audit sponsors;
· Providing access to suitable records, personnel and information systems;
· responding to draft reports, and
· Completing management actions in line with agreed timescales.
22. Senior Management also undertakes to keep the Audit Partnership abreast of significant proposed changes. As well as newly identified significant risks and all suspected or detected fraud, corruption or impropriety.
23. Senior Management will also ensure the Audit Partnership has access to enough resources to fulfil the audit plan as approved by the Committee. Responsibility for arranging and deploying resources to fulfil the plan rests with the Head of Audit Partnership.
24. The Standards allow that Internal Audit work may sometimes be more usefully focused towards providing advice rather than assurance. Where suitable, the service may act as consultants by giving advice, providing that:
· The work’s objectives concern governance, risk management or internal control;
· A member of Senior Management has approved the work;
· The service has the right skills, experience and available capacity, and
· The Audit Partnership’s involvement will not set up a conflict of interest, compromise its independence (in appearance or fact) and will not involve assuming a management role in providing advice.
25. The Head of Audit Partnership is responsible for reviewing all proposals for work against these criteria and for making the final decision on acceptance. We will agree the specific role of the Audit Partnership in any work with the sponsor. We will also document the role within the work plan and report to the Committee at the next opportunity.
26. For significant proposals, the Head of Audit Partnership will consult the Committee Chairman before accepting the work. We define ‘significant proposals’ as those demanding changes to the agreed audit plan beyond using any otherwise unallocated consultancy time. The Head of Audit Partnership will also consult the Committee Chairman before accepting any work that, in his view, has significant strategic importance to the Council.
27. The IIA position paper on The Role of Internal Auditing in Enterprise-Wide Risk Management guides the Audit Partnership’s role in risk management. The Audit Partnership will not undertake roles defined as inappropriate by that guidance.
28. The position paper lists the following as legitimate internal audit roles with safeguards:
· Coordinating risk management work;
· Consolidated risk reporting;
· Developing a risk approach for approval and its later maintenance;
· Helping identification and evaluation of risks, and
· Coaching management in responding to risks.
29. The Council’s Risk Management Strategy allows for the Audit Partnership to undertake all of those roles, providing safeguards are in place and agreed through the Audit Charter. The safeguards include:
· Internal separation of duties within the Audit Partnership;
· Time commitment to risk management approved each year by the Audit Committee;
· Overall responsibility for approving the risk management approach remaining with the Committee acting on the advice of the Council’s Senior Management.
30. The Committee also keeps its constitutional role of conducting its own assessments on the effectiveness of the Council’s risk management approach which may, if wanted, also include independent review.
31. Although not a part of the Council’s internal controls, the Committee may also draw assurance from any work completed by the Council’s external auditors in completing their work supporting the Value for Money conclusion.
32. The Audit Partnership’s role on Counter Fraud will follow the Council’s Counter Fraud Strategy and with the time commitment approved by the Committee in the Audit Plan.
33. Senior Management will keep the Audit Partnership up-to-date with major projects and their progress through continuing discussion. The Audit Partnership’s response to major projects will be proportionate to the risk judged when completing audit planning. Where a project team seeks advice or further support from Internal Audit, we will treat that proposal as one for consultancy support as described in the Consultancy section of this Charter.
34. The Head of Audit Partnership and the audit team hold a wide range of relationships whose quality is important in supporting the effective delivery of the audit service.
Relationships with management
35. The Audit Partnership will preserve effective relationships with managers at the Council. This will include consulting on audit plans both across the Council and for individual projects. We agree audit work timing with project sponsors.
Relationships with external auditors and regulators
36. The Audit Partnership and Grant Thornton LLP have a settled and sound working relationship described in more detail within the Internal/External Audit Protocol presented to the Committee in March 2014. We will continue to rely and draw from each other’s work subject to the limits determined by our respective responsibilities and professional standards. This enables evaluation and review of the Council’s controls leading to repeat work only where necessary for audit standards (internal or external audit). The Audit Partnership and Grant Thornton LLP meet regularly, sharing plans and reports.
37. The Audit Partnership will also take account of the results and reports from any other external inspections or reviews when planning and undertaking audit work. Where suitable the Head of Audit Partnership or properly delegated representative will represent the service in consultation and discussion with external agencies, inspectors or regulators.
Relationships with Members
38. The Head of Audit Partnership will be the first point of contact for Members, in particular members of the Committee. However, we place great store in gaining and preserving an effective working relationship with Members and so will foster good contacts throughout the Audit Partnership as fitting.
39. The Head of Audit Partnership will have the opportunity to meet separately (without other officers present) with the Committee Chairman and other Members if wished.
40. The Standards demand that the audit partnership maintains a quality assurance and improvement programme. For the Audit Partnership, that programme incorporates both internal and external parts.
41. Audit engagements are subject to review by management before completion. These reviews seek to ensure that work undertaken is consistent with the Standards, consistent with the risks associated with the subject under review and that conclusions follow the detailed work undertaken. The Audit Partnership varies the range and scope of reviewers to help uphold consistency and support learning within the service.
42. An external assessment must take place at least once every five years by a qualified, independent assessor from outside the organisation. The Audit Partnership’s most recent such assessment was from by the Institute of Internal Auditors in spring 2015, with results reported to the Committee. The Head of Audit Partnership will keep the need for external assurance under review and discuss choices with Senior Management and the Committee as the need arises.
43. We will consult the Committee before commissioning a full external quality assessment.
This Charter is authorised within Maidstone Borough Council:
Director of Finance & Business Improvement: Mark Green
Audit, Governance & Standards Committee Chairman: Councillor Steve McLoughlin
With the agreement of:
Head of Audit Partnership: Rich Clarke
Agreed by Audit, Governance & Standards Committee: January 2019
Next Review required: Annually
Glossary of Terms
Term in Standards
Term in Charter
Chief Audit Executive
Head of Audit Partnership
Includes others who may act in his role,, with his express delegated authority. The Head of Audit Partnership has the pronouns ‘he and his’ in this document because of the current incumbent in the role but duties and responsibilities would similarly fall on his successors.
The Audit, Governance & Standards Committee in Maidstone meets the Standards definition of the highest level body charged with responsibility to oversee governance.
Includes all extra services delivered by the audit partnership that do not stem from the risk analysis that underpins the Audit Plan.
Internal Audit Activity
The Audit Partnership
The Council’s internal audit service is provided by Mid Kent Audit, working with Ashford, Maidstone, Swale and Tunbridge Wells Borough Councils.
Maidstone Borough Council’s Corporate Leadership Team.
People appointed as Heads of Service or Managers by Maidstone Borough Council, or acting in this role with proper delegated authority