Your Councillors

LB Merton CMT Cover sheet

MAIDSTONE BOROUGH COUNCIL

Audit Committee

30 MARCH 2015

REPORT OF Head of Audit Partnership

Report prepared by Russell Heppleston � Audit Manager�

��

1. Maidstone internal audit charter

1.1 Issue for Decision

1.1.1 The report is provided in order to allow the Committee to consider and approve the revised Internal Audit Charter for 2015/16.

1.2 Recommendation of the Head of Audit Partnership

1.2.1 The Audit Committee approves the Internal Audit Charter 2015/16.

1.3 Reasons for Recommendation

1.3.1 Our External Quality Review (EQA) from the Institute of Internal Auditors (IIA) last year included a number of comments on the Audit Charter.� Specifically, and in order to achieve full compliance, the EQA recommended a range of improvements and clarifications to better set out the Audit Service�s role with respect to consultancy, counter fraud and risk management.

1.3.2 The results of the EQA did not specifically recommend the development of a separate charter for each partner, but it is generally accepted within the industry as good practice.� The principal benefit here is that separate charters allows for individual tailoring of the service and its scope to meet client needs.� The attached Charter, therefore, reflects how our service operates at Maidstone; separate Charters will be presented to other Audit Committees (or equivalent) within the audit partnership.

1.3.3 One notable feature is that the revised Charter includes a mechanism for avoiding conflicts of interest in our activities.� Reflective of the role of the Audit Committee in providing oversight, the Charter proposes that major additional work requests are subject to consultation between the Head of Audit, Senior Management and the Chair of the Audit Committee prior to approval, and then reported to the next available Committee meeting in full.� This type of approach is common within the industry and, for the sake of illustration, would only have been invoked once during 2014/15, for the Planning Shared Service review.

1.3.4 An Audit Charter is a requirement of Public Sector Internal Audit Standards (Standard 1000) and is a foundational document setting out the purpose, authority and responsibility of the service. A partial extract, giving an introduction to the position of the Charter within the Standards is below:

Screen Shot 2015-02-16 at 11

1.3.5 �� We propose that the Audit Committee approve the Internal Audit Charter for 2015/16 attached in appendix A.

�

1.4 Alternative Action and why not Recommended

1.4.1 The Audit Committee as part of its terms of reference must maintain oversight of the internal audit function and its activities.� The Charter proposed sets out the basis on which the function operates. We recommend no alternative course of action.

1.5 Impact on Corporate Objectives

1.5.1 The role of Internal Audit is to help the Council accomplish its objectives. All audit work considers the adequacy of controls and risks associated with the delivery of the Council�s strategic and operational objectives.

1.6 Risk Management

1.6.1 Internal Audit seeks to establish and evaluate the controls that Management have put in place to manage risks.

1.7 Other Implications

1.7.1 None directly

1.�� Financial

2. Staffing

3. Legal

4. Equality Impact Needs Assessment

5. Environmental/Sustainable Development

6. Community Safety

7. Human Rights Act

8. Procurement

9. Asset Management

1.8 Relevant Documents

1.8.1.1 The following documents are to be published with this report and form part of the report:

Appendix A: Maidstone Internal Audit Charter

1.8.1.2 Background Documents

An Internal Audit Charter is a requirement of the Public Sector Internal Audit Standards. To view the Standards in full please see: Public Sector Internal Audit Standards

��

IS THIS A KEY DECISION REPORT?�� THIS BOX MUST BE COMPLETED

Yes�� No

If yes, this is a Key Decision because: ��..

��.

��

Wards/Parishes affected: ��..

��..

Mid Kent Audit

Internal Audit

Charter

Maidstone Borough Council

Internal audit charter

1. The Internal Audit Charter (the �Charter�) is the formal document that defines internal audit�s purpose, authority and responsibility at Maidstone Borough Council (the �Council�).� The Charter establishes internal audit�s position within the authority, including the nature of the Head of Audit Partnership�s functional reporting relationships.� The Charter also authorises access to records, personnel and physical properties relevant to the performance of engagement and defines the scope of internal audit activities.

2. Final approval of the Charter resides with the Audit Committee, but it will be reviewed each year by the Head of Audit Partnership in consultation with the Shared Services Board.

Mission

3. The Audit Partnership acknowledges and aspires to achieving the mission of Internal Auditing provided by the Institute of Internal Auditors (IIA):

To enhance and protect organisational value by providing stakeholders with risk based, objective and reliable assurance, advice and insight.

Scope of work

4. The scope of the Audit Partnership�s work includes, in the first instance, tasks in support of the annual Head of Internal Audit Opinion.� This work covers three areas:

Internal Control

5. The system of internal control is a process for assuring achievement of the Council�s objectives in operational effectiveness and efficiency, reliable financial reporting and compliance with laws, regulations and policies.� It incorporates both financial and non-financial systems.

Corporate Governance

6. Corporate governance is the system of rules, practices and processes by which the Council is directed and controlled.

Risk Management

7. Risk management is the process of identifying, quantifying and managing the risks that the Council faces in attempting to achieve its objectives.

8. In addition to those three core areas the Audit Partnership may, subject to specific arrangements, undertake engagements in the areas of counter fraud or advisory as discussed elsewhere in this Charter.

Authority of internal audit

9. Internal Audit is a statutory service as defined within the Accounts and Audit Regulations 2011 (the �Regulations�) which require the Council to maintain an adequate and effective internal audit of its accounting records and of its system of internal control in accordance with proper practices.

10. Deriving authority from those Regulations and those authorising this Charter, the Audit Partnership has free and unrestricted ability to plan and undertake audit assignments deemed necessary to fulfil its scope.

11. To enable full discharge of its duties, the Head of Audit Partnership and his team are authorised to:

� Have a right of direct access to the Chair of the Audit Committee;

� Have unrestricted access to all functions, records, property and personnel;

� Obtain assistance where necessary from Council officers and contractors involved in subject of audit engagements.

12. The Head of Audit Partnership and his team are not authorised to perform any operational duties for the Council, initiate or approve accounting transactions (except where directly related to the administration of the service) and direct the activities of any Council employee (except insofar as they have been appropriately assigned to assist engagements).

Responsibility

13. The Head of Audit Partnership and his team have responsibility to undertake their work at all times in accordance with the Public Sector Internal Audit Standards (the �Standards�) and the IIA�s Code of Ethics (the �Code�).� In addition, those members of the team who have membership of professional bodies will comply with the relevant requirements of that organisation.� Undertaking work in accordance with the Standards will include:

� Developing a flexible risk-based audit strategy and annual plan in consultation with senior management and presented annually to the Audit Committee for review and approval.� The Audit Committee will also be invited to review and approve significant changes to the plan;

� Tracking the status of agreed management actions and providing regular updates to the Audit Committee, including escalation of items of significant risk;

� Issuing period reports to senior management and the Audit Committee summarising results of internal audit work;

� Continuing liaison with the Council�s external auditors and other assurance providers to seek optimal assurance coverage;

� Communicating regularly with relevant stakeholders on progress of the internal audit service, its work and findings; and

� Keeping the Shared Services Board (and so, the Director of Environment & Shared Services) informed on the performance of the internal audit service.

Reporting lines

14. The Head of Audit Partnership has responsibility for day to day management of the internal audit team.� The Head of Audit Partnership reports administratively to the Director of Mid Kent Services and, with respect to activities undertaken at the Council, reports functionally to the Director of Environment & Shared Services as the Council�s representative on the Audit Partnership Board.� Organisationally, the Head of Audit Partnership reports to the Audit Committee.� The Head of Audit Partnership also has a direct right of access to the Chief Executive as and when required.

15. Should the Head of Audit Partnership not be satisfied with the response of senior management to or engagement with a given audit review this will be highlighted to the relevant Director in the first instance and escalated to the Audit Committee if the matter remains unresolved.

Independence and objectivity

16. The internal audit service is and will remain free from interference in determining the scope and nature of its work and communicating its results.� The Head of Audit Partnership will comment on and affirm the independence and objectivity of the service in individual reports and, at least annually, in summary reports to the Audit Committee.

Accountability

17. The Head of Audit Partnership, in the discharge of his duties, will be accountable to the Audit Committee and the Director of Environment & Shared Services (through the Audit Partnership Board).� This will include the provision of an annual Head of Audit Opinion as well as periodic reporting on significant issues and audit findings.

Management responsibilities

18. To be effective, the internal audit service requires full co-operation of senior management.� In approval of this Charter the Audit Committee and the Director of Environment & Shared Services direct management to co-operate with internal audit in the delivery of the service.� This includes, but is not limited to, agreeing suitable briefs for audit engagements, acting as audit sponsors, providing access to appropriate records, personnel and systems, responding to draft reports and implementing management actions in line with agreed timescales.

19. Senior management also undertakes to keep the internal audit service abreast of significant proposed changes in processes, systems or organisation, newly identified significant risks and all suspected or detected fraud, corruption or impropriety.

20. Senior management will also ensure that the internal audit service has access to sufficient resources to fulfil the audit plan as directed by the Audit Committee.� Responsibility for arranging and deploying resources in fulfilment of the plan rests with the Head of Audit Partnership.

Non Audit Work

Consultancy

21. The Standards allow that Internal Audit resource may sometimes be more usefully focussed towards providing advice rather than assurance.� Where appropriate, the service may act in a consultancy capacity by giving guidance, providing that:

� The objectives of the engagement address governance, risk management or internal control,

� The request has been approved by a member of CLT,

� The service has the right skills, experience and available resource, and

� Internal audit�s involvement will not constitute a conflict of interest, compromise the appearance or fact of its independence and will not involve assuming a management role in providing advice.

22. The Head of Audit Partnership is responsible for ensuring all requests are reviewed in accordance with the above criteria before making the final decision.� The specific role of Internal Audit in any particular engagement will be agreed with the sponsor, documented within the assignment plan and reported to the Audit Committee at the next opportunity.

23. With respect to significant requests, defined as those which require the purchase of additional resources or amendment to the agreed audit plan, the Head of Audit Partnership will consult the Chair of the Audit Committee before accepting the engagement.

Risk Management

24. Internal Audit�s role is Risk Management will be guided by the Institute of Internal Auditors position paper on The Role of Internal Auditing in Enterprise-Wide Risk Management and documented in the Council�s Risk Management Strategy.� Internal Audit will not undertake roles defined as inappropriate by that guidance.� Where Internal Audit undertake roles defined as �legitimate internal audit roles with safeguards� the nature and extent of those safeguards will be agreed with the Director of Environment & Shared Services and reported to the Audit Committee.

Counter Fraud

25. Internal Audit�s role on Counter Fraud will be in accordance with the Council�s Counter Fraud Strategy and with the resources approved by the Audit Committee in the Annual Audit Plan.

26. Internal Audit may assist or lead, as needed, in the investigation of significant suspected fraudulent activities within the Council and notify Management and the Audit Committee of the results.�

27. Where a significant investigation requires purchase of additional resource or amendment to the agreed audit plan the Head of Audit Partnership will consult the Chair of the Audit Committee after discussion with the Director of Environment & Shared Services.

Major Projects

28. Internal Audit will be informed of major projects and their progress through continuing discussion with Management.� Internal Audit response to major projects will be proportionate to the risk in terms of the inclusion of specific audit work within the annual audit plan.� Where a project team seeks advice or further support from Internal Audit, we will treat that request as one for consultancy support as described from paragraph 21.

Relationships

29. The Head of Audit Partnership and the audit team are involved in a wide range of relationships whose quality are important in supporting the effective delivery of the audit function.

Relationships with management

30. The internal audit service will maintain effective relationships with managers at the Council.� This will include consultation in the audit planning process both at an overall plan level and with respect to the scope of individual audit projects as well as regular meetings with key stakeholders.� Timing of audit work will also be agreed in conjunction with Management.

Relationships with external auditors and regulators

31. The internal audit service and Grant Thornton LLP have an established and sound working relationship described in more detail within the Internal/External Audit Protocol presented to the Audit Committee in March 2014.� We will continue to rely upon and draw from each other�s work subject to the limits and duties determined by our respective responsibilities and professional standards.� This enables us to evaluate and review work and only re-perform where necessary.� We will meet regularly and share our plans and reports.

32. The internal audit service will also take account of the results and reports from any other external inspections or reviews when planning and undertaking audit work.� Where appropriate the Head of Audit Partnership or appropriately delegated representative will represent the service in consultation and discussion with external agencies, inspectors or regulators.

Relationships with Members

33. The Head of Audit Partnership will be the first point of contact for Members, in particular members of the Audit Committee.� However, we place great store in gaining and maintaining an effective working relationship with Members and so will foster good contacts throughout the internal audit service as appropriate.

34. The Head of Audit Partnership will have the opportunity to meet separately (that is, without other officers in attendance) with the Chair of the Audit Committee and other Members if desired.

Standards of internal audit practice

35. This Charter recognises the mandatory nature of the IIA definition of Internal Auditing and Code of Ethics and the Public Sector Internal Audit Standards.� The Internal Audit team comply with these standards.

Quality assurance

36. The Standards require that audit be subject to a quality assurance and improvement programme.� For Mid Kent Audit, that programme incorporates both internal and external elements.

Internal assurance

37. All of our audit engagements are subject to review by management and the Head of Audit Partnership prior to finalisation.� These reviews seek to ensure that work undertaken is consistent with the Standards, consistent with the risks associated with the area under review and that conclusions are supported by detailed work undertaken.� We will vary the range and scope of reviewers to help maintain consistency and support learning within the service.

External assurance

38. An external assessment must be conducted at least once every five years by a qualified, independent assessor from outside the organisation.� The service�s most recent such assessment was completed by the Institute of Internal Auditors in 2014, with results reported to the Audit Committee.� The Head of Audit Partnership will keep the need for external assurance under review and discuss options with the Director of Environment & Shared Services and the Audit Committee as the need arises.

This Charter is authorised within Maidstone Borough Council:

Director of Environment & Shared Services: David Edwards

Audit Committee Chair: Councillor Alistair Black

With the agreement of:

Head of Audit Partnership: Rich Clarke

Mid Kent Services Director: Paul Taylor

Signed... Dated...

Next Review required...