1.        PURPOSE OF REPORT AND EXECUTIVE SUMMARY

2.        INTRODUCTION AND BACKGROUND

2.1     An Audit Charter is a requirement of Public Sector Internal Audit Standards (Standard 1000) and is a foundational document setting out the purpose, authority and responsibility of the service. A partial extract, giving an introduction to the position of the Charter within the Standards is below:

3.        AVAILABLE OPTIONS

3.1     Audit, Governance and Standards Committee as part of its terms of reference must maintain oversight of the internal audit function and its activities.  The Charter proposed sets out the basis on which the function operates. We recommend no alternative course of action. 

4.        PREFERRED OPTION AND REASONS FOR RECOMMENDATIONS

4.1    Some of the updates for 2016/17 are merely taking the opportunity of a revision to tidy up the document.  This includes correcting one or two typographical errors and standardising the terminology (for example, using “Audit Partnership” to refer specifically to this service and leaving “internal audit” to denote the practice of internal audit more generally).

4.2     The more substantial part of the update seeks to build on Supplemental Guidance issued recently by the Institute of Internal Auditors (IIA) on how and whether internal audit can take up broader roles within an organisation.  These broader roles are often referred to as ‘second line of defence’ roles.

4.3     The ‘three lines of defence’ model is commonly used to describe controls existing within an organisation and is summarised in the diagram below (extracted from the IIA Guidance).

4.4     Traditionally, Internal Audit operates solely within the third line and that is the norm in many sectors (even most non-Local Government parts of the public sector).  Indeed, the Audit Standards are written in the expectation that internal audit will not have any role outside the third line which may impede (or appear to impede) its independence.

4.5     However, the global IIA has been under pressure recently from, among others, the UK Internal Audit Standards Advisory Board (which includes the Head of Audit Partnership) to recognise that in many organisations a good audit function could successfully play a number of roles, and that Standards could usefully acknowledge and inform those roles.  In particular, the IASAB sought to avoid a situation where existing guidance could be read to forbid auditors from undertaking those roles even where there are clear benefits to them doing so.

4.6     In response, the IIA has now issued a Supplemental Guidance report entitled “Internal Audit and the Second Line of Defence”.  That Guidance acknowledges that audit services may often possess the skills, knowledge and expertise to successfully fulfil certain second line of defence roles and doing so could be beneficial especially in smaller organisations.  Fundamentally, it acknowledges that organisations can – provided they do so knowingly and having weighed up the benefits – accept certain risks to the independence and objectivity of audit.

4.7     A key component of accepting those risks is being aware of the safeguards to independence that would operate, and having those safeguards acknowledged and approved by the Audit, Governance and Standards Committee.  The more substantive amendments proposed to our Internal Audit Charter set out those safeguards.

4.8     At present, audit does not occupy any roles that comprise second line of defence functions.  The Charter sets out the safeguards that would operate in the event of the Audit Partnership being asked to undertake those roles by Management.  In particular, the Charter considers the safeguards that would operate if the Audit Partnership were to play a more prominent role in Risk Management and Counter Fraud, including ownership of relevant corporate policies.

4.9     To be clear, the Head of Audit Partnership is satisfied that the Partnership currently operates with required independence and freedom from interference and that it would continue to do so, subject to the described safeguards, in the event of being asked to take on further responsibilities.  Consistent with the Public Sector Internal Audit Standards, the Head of Audit Partnership will contact Members immediately in the event of significant threat to independence or interference from Management.

4.10 We propose that the Audit, Governance and Standards Committee approve the Internal Audit Charter for 2016/17.

5.       CONSULTATION RESULTS AND PREVIOUS COMMITTEE FEEDBACK

5.1     The Charter was shared in draft with the Council’s Corporate Governance Group (which includes the Monitoring Officer, the Head of Finance & Resources (s151 Officer) and Head of Policy & Communications.  The Charter was subsequently considered by the Council’s Corporate Leadership Team, before being shared with the Audit Partnership Shared Service Board.  The document set out in the appendices reflects outcome of those discussions.

6.       NEXT STEPS: COMMUNICATION AND IMPLEMENTATION OF THE DECISION

6.1     The revised Charter will be circulated with the Internal Audit Plan (a report also on tonight’s agenda) to all Heads of Service and Senior Officers and included within the Audit Partnership’s Audit Manual to guide the work of the audit team when completing work at Maidstone BC.

7.       CROSS-CUTTING ISSUES AND IMPLICATIONS

8.        REPORT APPENDICES

The following documents are to be published with this report and form part of the report:

·         Appendix I: Maidstone Internal Audit Charter 2016/17 (tracked changes version to highlight updates proposed from 2015/16)

·         Appendix II: Maidstone Internal Audit Charter 2016/17 (without tracked changes for final approval)

9.        BACKGROUND PAPERS

None