Internal Audit Charter
Maidstone Borough Council

Purpose & Mission

1.             The purpose of Maidstone Borough Council’s (the “Council”) internal audit service (“Mid Kent Audit”) is to provide independent, objective assurance and consulting services designed to add value and improve the Council’s performance.  The mission of internal audit is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.  Mid Kent Audit helps the Council achieve objectives with a systematic, disciplined approach to evaluating and improving effectiveness of governance, risk management and control.

2.             Final approval of the Charter rests with the Audit, Governance & Standards Committee (the “Committee”).  The Head of Audit Partnership will keep the Charter under review and re-present for approval each year after consultation with Senior Management.

Standards for the Professional Practice of Internal Auditing

3.             Mid Kent Audit will govern itself by adherence to the compulsory parts of the Institute of Internal Auditors’ (IIA) International Professional Practices Framework (IPPF).  These include:

·         The Core Principles for the Professional Practice of Internal Auditing.

·         The Code of Ethics.

·         The International Standards for the Professional Practice of Internal Auditing. In the UK by the Internal Audit Standards Advisory Board and the Relevant Internal Audit Standards Setters adapt these into the Public Sector Internal Audit Standards (the “Standards”).

·         The Definition of Internal Auditing set out by the IIA. 


 

4.             Mid Kent Audit will also govern itself under the Local Government Application Note (2019 Edition[1]) set out by the Chartered Institute of Public Finance & Accounting (CIPFA).  Auditors who belong to other professional institutes will also adhere to the relevant Code of Ethics.

5.             The Head of Audit Partnership will report periodically to Senior Management and the Committee on Mid Kent Audit’s conformance to the Code of Ethics and the Standards.

Authority

6.             Internal Audit is a statutory service for local authorities as set out in the Accounts & Audit Regulations 2015 (the “Regulations”).  Specifically, Regulation 5 demands that authorities:

·         “… undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance”.

7.             The Head of Audit Partnership will report functionally to the Committee and administratively to the Mid Kent Services Director.  Within the Council, the Head of Audit Partnership will also liaise chiefly with the Director of Finance & Business Improvement as a representative of Senior Management.

8.             To assure that Mid Kent Audit has authority to fulfil its duties the Committee will:

·         Approve the Internal Audit Charter.

·         Approve the risk-based internal audit plan (including proposed resources).

·         Receive communications from the Head of Audit Partnership on Mid Kent Audit’s performance against its plan and other matters.

·         Through the Chair, be consulted on appointment or removal of the Head of Audit Partnership.

·         Through the Chair, contribute to Head of Audit Partnership appraisals carried out by the Mid Kent Services Director.

·         Make suitable enquiries of management and the Head of Audit Partnership to discover any improper limits to audit scope or resources.

·         Require suitable explanations of planned actions from lead officers, including through attendance in person, following adverse engagement opinions.

9.             The Head of Audit Partnership will have unrestricted access to, and communicate and interact direct with, the Committee including in private meetings without management present.

10.        The Committee and Senior Management authorise Mid Kent Audit to:

·         Have full, free and unrestricted access to all works, records, property and personnel relevant to carrying out any engagement. This is subject to accountability for confidentiality and safeguarding records and information.

·         Assign resources, set frequencies, select subjects, decide scopes of work, apply techniques needed to perform audit objectives and issue reports.

·         Seek and receive any support needed from the Council’s personnel, including contractors, to complete engagements.

11.        These duties also stem from Regulations. These direct the Council to: “make available such documents and records and supply such information and explanations as are considered necessary by those conducting the internal audit”.

Independence and Objectivity

12.        The Head of Audit Partnership will ensure Mid Kent Audit remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities without bias. These include matters of audit selection, scope, procedures, frequency, timing and report content.  The Head of Audit Partnership will report if independence or objectivity may be under threat in fact or appearance.


 

13.        Internal auditors will preserve an unbiased approach that allows them to perform engagements objectively. They will believe in their work, make no quality compromises, and not subordinate their audit judgement to others.

14.        Internal auditors will have no direct responsibility or authority over any of the subjects audited.  So, internal auditors will not set up internal controls, develop procedures, prepare records, or engage in any other action that may hinder their judgement. This includes:

·         Assessing services for which they had any responsibility within the previous year.

·         Setting up or approving transactions external to Mid Kent Audit.

·         Directing any Council employee not employed by Mid Kent Audit, except those properly assigned to help internal audit.

·         Reviewing parts of the Council staffed by close friends or family members.

15.        Where the Head of Audit Partnership has roles that fall outside internal audit, the Council will set up safeguards to limit impacts to independence or objectivity.

16.        At the Council, the Head of Audit Partnership has ancillary roles as set out in the Risk Management Framework, the Counter Fraud Policy and the Whistleblowing Policy.  As set out in the audit plan, the Head of Audit Partnership also has on-demand ancillary advisory roles on counter fraud and investigative work.

17.        In carrying out their roles auditors will follow the independence and objectivity principles in this Charter.  On Risk Management, specifically, auditors will adhere to the guidance set out by the IIA in its position paper on Risk Management and Internal Audit published on 11 July 2019.


 

18.        Internal auditors will:

·         Disclose any limit of independence or objectivity, in fact or appearance, to suitable parties.

·         Display professional objectivity in gathering, evaluating and communicating information about audit engagements.

·         Deliver balanced assessments of all available and relevant facts and circumstances.

·         Take necessary precautions to avoid undue influence by their own interests or by others in forming judgements.

19.        The Head of Audit Partnership will confirm to the Committee at least yearly the organisational independence of Mid Kent Audit.

20.        The Head of Audit Partnership will disclose to the Committee any interference and related implications in fixing the scope of internal audits, performing work or communicating results.

Scope of Internal Audit Work

21.        The scope of internal audit work covers the Council’s whole control environment. This includes objective examination of evidence to create independent assessments to the Committee, management and others on the adequacy and effectiveness of governance, risk management and control.  Internal audit assessments include evaluating whether:

·         The Council properly identifies and manages risks on its strategic and other objectives.

·         The actions of the Council’s officers and contractors comply with the Council’s policies, procedures and applicable laws, regulations and governance standards.

·         The results of Council work and programs are consistent with agreed goals and objectives.

·         The Council carries out its work and programs effectively and efficiently.

·         Council systems enable compliance with the policies, procedures, laws and regulations that could cause significant impact.

·         Information and the means used to identify, measure, analyse, classify and report such information are reliable and have integrity.

·         The Council gains assets economically, uses them efficiently and protects them adequately.

22.        These assessments will lead to a Head of Audit Partnership opinion as described by the Standards. The opinion will report on the adequacy and effectiveness of the Council’s internal control, corporate governance and risk management. 

23.        The Head of Audit Partnership will report periodically to senior management and the Committee about:

·         Mid Kent Audit’s purpose, authority and responsibility.

·         Mid Kent Audit’s plan, and performance against its plan.

·         Mid Kent Audit’s conformance with the IIA’s Code of Ethics and Standards and action plans to address any significant issues.

·         Significant risk exposures and control issues, including fraud risks, governance issues and other matters demanding the attention of, or sought by, the Committee.

·         Results of audit engagement or other work.

·         Audit resource use and need.

·         Any management risk response that may be unacceptable to the Council.

24.        The Head of Audit Partnership also coordinates work where possible, and considers relying on the work of other internal and external assurance and consulting service providers as needed.  Mid Kent Audit may perform advisory and related client service work. Mid Kent Audit will agree the nature and scope of such work with the client, provided Mid Kent Audit does not assume management responsibility.

25.        Mid Kent Audit may identify opportunities for improving the efficiency of governance, risk management and controls during engagements.  Where identified, Mid Kent Audit will communicate these opportunities to management.


 

Responsibility

26.        The Head of Audit Partnership has the responsibility to:

·         Present, at least yearly, to senior management and the Committee a risk-based internal audit plan for review and approval.

·         Communicate to senior management and the Committee the impact of resource limits on the internal audit plan.

·         Review and adjust the internal audit plan, as necessary, in response to changes in the Council’s business, risks, programs, systems and controls.

·         Communicate immediately to senior management and the Committee any significant interim changes to the internal audit plan. A ‘significant’ change covers one or more of the following:

o   Removal of a ‘high priority’ audit engagement.

o   Commitments beyond the approved budget or resource envelope.

o   Other changes that, in the view of the Head of Audit Partnership, may inhibit ability of Mid Kent Audit to deliver a robust opinion as set out by the Standards.

·         Ensure each engagement of the internal audit plan adheres to quality standards.  This includes:

o   Setting out suitable objectives and scope.

o   Assigning suitable and adequately supervised auditors

o   Documenting work programs and testing results.

o   Communicating results with applicable conclusions and recommendations to proper parties.

·         Follow up on engagement findings and corrective actions. Report periodically to senior management and the Committee any corrective actions not taken effectively.

·         Ensure application of and adherence to the principles of integrity, objectivity, confidentiality and competency.

·         Ensure that Mid Kent Audit collectively has or gains the knowledge, skills and other competencies needed to fulfil this Charter.

·         Ensure consideration of trends and emerging issues that could impact and communicating these to senior management and the Committee as fitting.

·         Ensure consideration of emerging trends and successful practices in internal auditing.

·         Set up and ensure adherence to policies and procedures designed to guide Mid Kent Audit’s work.

·         Ensure adherence to the Council’s relevant policies and procedures, unless such policies and procedures conflict with the Charter.  Report any such conflicts to senior management and the Committee with a suggested path to resolution.

27.        The Council will also consider CIPFA’s Statement on the Role of the Head of Internal Audit in Public Sector Organisations (2019 edition). In particular when setting job roles and overseeing performance of the Head of Audit Partnership.

Quality Assurance and Improvement Programme

28.        Mid Kent Audit will keep a quality assurance and improvement programme that covers all its work.  The programme will include an evaluation of conformance with the Standards and an evaluation of whether internal auditors apply the IIA’s Code of Ethics.  The program will also assess the efficiency and effectiveness of Mid Kent Audit’s work and identify opportunities for improvement.

29.        The Head of Audit Partnership will communicate to senior management and the Committee on the quality and improvement plan. This will include results of internal assessments and an external assessment conducted at least once every five years by a qualified, independent assessor.


 

Charter Approval

This Charter is authorised within Maidstone Borough Council by:

Mark Green: Director of Finance & Business Improvement

Councillor Georgia Harvey: Chair of the Audit, Governance & Standards Committee

With the agreement of:

Rich Clarke: Head of Audit Partnership

Steve McGinnes: Mid Kent Services Director

 

Glossary and Standards Reconciliation

·         The Audit, Governance & Standards Committee (“Committee”) is the ‘Board’ as referenced by Standard 1000 and elsewhere in the Standards.

·         The Head of Audit Partnership is the ‘Chief Audit Executive’ as referenced by Standard 1000 and elsewhere in the Standards.

·         The Corporate Leadership Team (CLT) are ‘Senior Management’ as referenced by Standard 1000 and elsewhere in the Standards.  CLT includes the Council’s Chief Executive, Monitoring Officer and s.151 Officer.

·         The Wider Leadership Team (WLT) or their delegates are ‘Management’ as referenced by Standard 1000 and elsewhere in the Standards.

 



[1] The Application Note is a paid-for publication.  We can provide copies to Members on request but cannot link in full through the public version of this Charter.