Role
Objectives
As an independent appraisal function within the Council, Internal Audit’s primary objective is to review, appraise and report upon the adequacy of risk management and internal controls as a contribution to the proper, economic, efficient and effective use of resources. We provide an Internal Audit function to all of the Council, and to all levels of management. This objective serves to:
- Support the Director of Finance to discharge duties as Proper Officer in terms of Section 95 of the Local Government (Scotland) Act 1973.
- Contribute to and support the Finance Service’s objective of ensuring the provision of, and promoting the need for, sound financial systems.
- Support the corporate Best Value process by conducting VFM (Value For Money) studies.
- Provide a fraud and irregularity investigation service which safeguards the public pound.
- Provide input to the Council’s Corporate Governance process.
- Provide a liaison with the Council’s External Auditors.
Scope
Risk Management
The Council’s systems of internal control are part of its risk management process and have a key role to play in the management of significant risks, in accordance with the Risk Management Strategy
Much of Internal Audit’s work is involved with examining reputational, operational or strategic risks and providing an opinion on whether the internal controls, such as policies and procedures, put in place to manage these risks are working as intended. This opinion is substantiated, for example, by checking that the assets of the organisation are being safeguarded; that operations are conducted effectively, efficiently and economically in accordance with the organisation’s policies; that laws and regulations are complied with; and that records and reports are reliable and accurate. Internal auditors also review systems under development to ensure that good controls are built in, and may offer consultancy services or special reviews at the request of management.
Internal Audit is not an extension of, nor a substitute for, good management. We are responsible for giving assurance and providing advice on all control arrangements. We also assist management by evaluating and reporting to them the effectiveness of the controls for which they are responsible. However, the responsibility to manage risk always resides with management.
It is for management to consider the risks involved in the areas of concern raised by Internal Audit, agree the appropriate action to be taken or to record that they accept the risk of not taking action.
Corporate Governance
Public Sector Corporate Governance guidance prescribes that all local authorities provide a statement on the effectiveness of their systems of risk management and internal control within their annual reports. In order to achieve this, the Head of Internal Audit & Risk Management provides a report on his assessment of the adequacy, reliability and effectiveness of the Council’s system of internal financial control. This opinion is obtained through the Audit Section’s programme of work and is provided within the Audit Section’s Annual report to the Audit & Scrutiny Committee. This also provides information for the Council’s Corporate Governance Assurance Statement
Access and Status
Access
Internal Audit, through the Head of Internal Audit and Risk Management, will have unrestricted access to:
- The Chief Executive
- Members
- Individual chief officers
- All Council employees
In addition, Internal Audit staff will have the authority to:
- Enter all Council offices, establishments, or land at any time
- Have access to all records, documents and correspondence, including data held electronically, relating to the operation and administration of the Council.
- Require and receive explanations as necessary relating to areas under review.
- Require any employee to produce cash, stores or any other Council property under their control.
- Recommend improvements as appropriate
- Employ professionals such as civil engineers, quantity surveyors or IS specialists from appropriate Council Services, or externally, to assist in reviews or investigations, as required.
Independence
In order to meet our responsibilities it is essential that Internal Audit is independent of the activities which it audits to ensure the unbiased judgements essential to its proper conduct and impartial advice to management. To ensure this, we will operate within a framework that allows:
- Unrestricted access to senior management
- Reporting in its own name
- Segregation from line operations
Financial Regulations
Section 17 of the Council’s Financial Regulations provides information relating to services provided to the Council by Internal Audit. In particular reference is made to the following requirements:
- Internal Audit to be consulted on the adequacy of internal control when any new system is being introduced or materially altered (link below)
- Internal Audit to be notified of any matter which involves, or is thought to involve, irregularities concerning finance, assets or property of the Council or any suspected irregularities in the exercise of the functions of the Council.
- The Head of Internal Audit & Risk Management to have the right of free and confidential access to the Chair of the Audit & Scrutiny Committee in order to raise any concerns.