1. Introduction
This Charter describes for the Council the purpose, authority and responsibilities of the Internal Audit function in accordance with the UK Public Sector Internal Audit Standards (PSIAS).
The PSIAS require that the Charter must be reviewed periodically and presented to “senior management” and “the board” for approval. For the purposes of this charter “senior management” will be the Corporate Management Team (CMT) and the board will be the Audit Committee.
The Charter shall be reviewed annually and approved by CMT and the Audit Committee. The Chief Internal Auditor is responsible for applying this Charter and keeping it up to date.
2. Internal Audit Purpose
The mission of Internal Audit is to enhance and protect organisational value by providing risk-based and objective assurance, advice and insight.
Internal Audit is defined in the PSIAS as “an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.”
Internal Audit supports the whole Council to deliver economic, efficient and effective services and achieve the Council’s vision, priorities and values.
3. Statutory Requirement
Internal Audit is a statutory service in the context of the Accounts and Audit Regulations 2015, which require every local authority to maintain an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes taking into account public sector internal auditing standards or guidance.
These regulations require any officer or Member of the Council to:
· make available such documents and records; and
· supply such information and explanations;
as are considered necessary by those conducting the audit.
This statutory role is recognised and endorsed within the Council’s Financial Regulations.
In addition,the Council's S151 Officer has a statutory duty under Section 151 of the Local Government Act 1972 to establish a clear framework for the proper administration of the authority's financial affairs. To perform that duty the Section 151 Officer relies, amongst other things, upon the work of Internal Audit in reviewing the operation of systems of internal control and financial management.
4. Internal Audit Responsibilities and Scope
Annually, the Chief Internal Auditor is required to provide to the Audit Committee an overall opinion on the Council’s internal control environment, risk management arrangements and governance framework to support the Annual Governance Statement.
Internal Audit is not responsible for control systems. Responsibility for effective internal control and risk management rests with the management of the Council.
Internal Audit activity must be free from interference in determining the scope of activity, performing work and communicating results.
The scope of Internal Audit includes the entire control environment and therefore all of the Council’s operations, resources, services and responsibilities in relation to other bodies. In order to identify audit coverage, activities are prioritised based on risk, using a combination of Internal Audit and management risk assessment (as set out within Council risk registers). Extensive consultation also takes place with key stakeholders and horizon scanning is undertaken to ensure audit activity is proactive and future focussed.
Internal audit activity will include an evaluation of the effectiveness of the organisation’s risk management arrangements and risk exposures relating to:
· Achievement of the organisation’s strategic objectives;
· Reliability and integrity of financial and operational information;
· Efficiency and effectiveness of operations and activities;
· Safeguarding of assets; and
· Compliance with laws, regulations, policies, procedures and contracts.
5. Independence
Internal Audit will remain sufficiently independent of the activities that it audits to enable auditors to perform their duties in a way that allows them to make impartial and effective professional judgements and recommendations. Internal auditors should not have any operational responsibilities.
Internal auditors will not review specific areas of the Council’s operation in which they have previously worked, until a period of at least 12 months has elapsed.
Internal Audit is involved in the determination of its priorities in consultation with those charged with governance. The Chief Internal Auditor has direct access to, and freedom to report in their own name and without fear of favour to, all officers and Members and particularly those charged with governance. This independence is further safeguarded by ensuring that the Chief Internal Auditor’s formal appraisal/performance review is not inappropriately influenced by those subject to audit. This is achieved by ensuring that both the Chief Executive and the Chairman of the Audit Committee have the opportunity to contribute to this performance review.
All Internal Audit staff are required to make an annual declaration of interest to ensure that objectivity is not impaired and that any potential conflicts of interest are appropriately managed.
6. Appointment and Removal of the Chief Internal Auditor
The role of Chief Internal Auditor is a shared appointment across the 3 Orbis partner authorities (East Sussex County Council, Surrey County Council and Brighton & Hove City Council).
In order to ensure organisational independence is achieved, all decisions regarding the appointment and removal of the Chief Internal Auditor will be made following appropriate consultation with Member representatives from each of the authorities’ audit committees.
7. Reporting Lines
Regardless of line management arrangements, the Chief Internal Auditor has free and unfettered access to report to the S151 Officer; the Monitoring Officer; the Chief Executive; the Audit Committee Chair; the Leader of the Council and the Council’s External Auditor.
The Audit Committee will receive reports on a periodic basis – as agreed with the Chair of the Audit Committee – on the results of audit activity and details of Internal Audit performance, including progress on delivering the audit plan.
8. Fraud & Corruption
Managing the risk of fraud and corruption is the responsibility of management. Internal Audit will, however, be alert in all its work to risks and exposures that could allow fraud or corruption and will investigate allegations of fraud and corruption in line with the Council’s Anti Fraud and Corruption Strategy.
The Chief Internal Auditor should be informed of all suspected or detected fraud, corruption or irregularity in order to consider the adequacy of the relevant controls and evaluate the implication for their opinion on the control environment.
Internal Audit will promote an anti-fraud and corruption culture within the Council to aid the prevention and detection of fraud.
9. Consultancy Work
Internal Audit may also provide consultancy services, generally advisory in nature, at the request of the organisation. In such circumstances, appropriate arrangements will be put in place to safeguard the independence of Internal Audit and, where this work is not already included within the approved audit plan and may affect the level of assurance work undertaken; this will be reported to the Audit Committee.
In order to help services to develop greater understanding of audit work and have a point of contact in relation to any support they may need, Internal Audit has put in place a set of service liaison arrangements that provide a specific named contact for each service; and, regular liaison meetings. The arrangements also enable Internal Audit to keep in touch with key developments within services that may impact on its work.
10. Resources
The work of Internal Audit is driven by the annual Internal Audit Plan, which is approved each year by the Audit Committee. The Chief Internal Auditor is responsible for ensuring that Internal Audit resources are sufficient to meet its responsibilities and achieve its objectives.
Internal Audit must be appropriately staffed in terms of numbers, grades, qualifications and experience, having regard to its objectives and to professional standards. Internal Auditors need to be properly trained to fulfil their responsibilities and should maintain their professional competence through an appropriate ongoing development programme.
The Chief Internal Auditor is responsible for appointing Internal Audit staff and will ensure that appointments are made in order to achieve the appropriate mix of qualifications, experience and audit skills. The Chief Internal Auditor may engage the use of external resources where it is considered appropriate, including the use of specialist providers.
11. Due Professional Care
The work of Internal Audit will be performed with due professional care and in accordance with the UK Public Sector Internal Audit Standards (PSIAS), the Accounts and Audit Regulations (2015) and with any other relevant statutory obligations and regulations.
In carrying out their work, Internal Auditors must exercise due professional care by considering:
· The extent of work needed to achieve the required objectives;
· The relative complexity, materiality or significance of matters to which assurance procedures should be applied;
· The adequacy and effectiveness of governance, risk management and control processes;
· The probability of significant errors, fraud or non-compliance; and
· The cost of assurance in proportion to the potential benefits.
Internal Auditors will also have due regard to the Seven Principles of Public Life – Selflessness; Integrity, Objectivity; Accountability; Openness; Honesty; and Leadership.
12. Quality Assurance
The Chief Internal Auditor will control the work of Internal Audit at each level of operation to ensure that a continuously effective level of performance – compliant with the PSIAS, is maintained.
A Quality Assurance Improvement Programme (QAIP) is in place which is designed to provide reasonable assurance to its key stakeholders that Internal Audit:
· Performs its work in accordance with its charter;
· Operates in an effective and efficient manner; and,
· Is adding value and continually improving the service that it provides.
The QAIP requires an annual review of the effectiveness of the system of Internal Audit to be conducted. Instances of non-conformance with the PSIAS, including the impact of any such non-conformance, must be disclosed to the Audit Committee. Any significant deviations must be considered for inclusion in the Council’s Annual Governance Statement.
February 2024