Internal audit

Internal audit service details

Annual Audit Plan

  • Undertake a risk based review to inform the plan, including discussions with senior officers
  • Production of a realistic audit plan that ensures appropriate coverage to inform an annual opinion that is flexible to respond to changes as they arise
  • Monitor performance against the plan and working with the team to ensure delivery
  • Manage the plan to accommodate in-year changes in response to changing circumstances and risk profiles
  • Undertake benchmarking and report results

Delivery

  • Delivery of a full range of audits by Stoke’s experienced and qualified auditors using a comprehensive risk based approach
  • Provide assurance on key financial systems using a ‘health check’ approach for well controlled systems with low residual risk
  • Quality assurance (including report sign off) undertaken for all audit work by Stoke’s qualified Principal Auditors (and the Head of Internal Audit if required)
  • Undertake verification work to ensure recommendations are implemented without the need for resource intensive follow up audits

Reporting

  • Management reporting as required (frequency and content to be agreed)
  • Quarterly updates on internal audit activity to the Audit Committee
  • Production of an annual report to include an overall opinion on the authority’s control environment
  • Production of the authority’s Annual Governance Statement
  • Liaison with external auditors as required

Compliance with Public Sector Internal Audit Standards

  • Full compliance with the Standards, ensuring that all recommendations from self-assessments and external reviews are implemented.
  • Production of an annual Internal Audit Charter

Systems

  • Full use of Stoke’s audit management systems
  • Access for management to update recommendations to aid reporting (TBC following implementation of required web based functionality)

Links to Corporate Fraud / HR

  • Stoke’s internal audit team have strong links with corporate fraud and HR to provide a joined up service
  • Where control weakness are identified through corporate fraud or HR investigations, these can be linked with internal audit support as required

Governance

  • Communicate with the Section 151 Officer on any governance related issues (frequency and format to be agreed)
  • Representation at the Audit Committee by the Head of Internal Audit or a representative to present all reports on internal audit and corporate fraud activity.
  • To facilitate the Audit Committee to undertake a self-assessment of good practice and to complete the Audit Committee Members Skills & Knowledge Framework, as detailed in CIPFA’s “Audit Committees: A Practical Guide for Local Authorities & Police”, 2018.
  • Design and present appropriate training to the Audit Committee based on the outcome of the skills and knowledge framework assessment.

Policies

To review policies to include:

  • Whistleblowing Policy
  • Counter Fraud Statement
  • Corporate Fraud, Corruption & Error Strategy
  • Anti-Money Laundering Policy
  • Anti-Bribery Policy
  • Fraud Response Plan

IT Assurance

  • Stoke currently undertake IT audits utilising the skills of in-house staff, supplemented with external support where required
  • Stoke have recently commissioned an IT Needs Assessment to cover the next three years activity
  • This arrangement can be extended to cover your authority’s IT assurance requirements

Data Analytics

Stoke has recently invested in the latest version of IDEA, a powerful data analysis tool that quickly analyses 100% of data, improves data integrity and provides quick analysis

  • This will enable audits to be undertaken more effectively and efficiently and was being trialled with good results across a number of Stoke’s financial systems audits during 2018/19.
  • Stoke is currently developing its data analytics strategy with the vision to move to a continuous audit approach. The strategy can be developed jointly to provide benefits across your authority.

Risk Management

The team are able to provide a range of services on the formulation, development and promotion of a corporate risk management strategy which could include promoting risk management awareness and good practice to reduce the council’s cost of risk. A tailored package can be offered subject to your individual requirements.