Attention: You need JavaScript enabled to use this site.

Internal Audit Charter

Function

Internal Audit is an independent review function set up within the Society as a service to the Board and all levels of management. The Chief Internal Auditor is responsible for the effective review of all aspects of risk management (including risk management culture) throughout the Society’s activities.

Independence

Internal Audit is independent of the activities which it audits to ensure the unbiased judgements essential to its proper conduct and impartial advice to management.

To maintain objectivity and independence, Internal Auditors shall have no direct operational responsibilities or authority over any of the activities they review. Additionally, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited or which may impair their ability to maintain their independence. Internal Audit colleagues who have transferred into Internal Audit from other areas of the Society will not provide Internal Audit services in relation to business activity for which they have had responsibility for a minimum of twelve months.

The Chief Internal Auditor has a direct reporting line to the Chair of the Audit Committee, meets at least once per year in a session with the Audit Committee and has regular meetings with the Chief Executive. Additionally, regular meetings are also held with other Executive Committee (ExCo) members. The Chief Internal Auditor also has the right of access to the Chair at all times.

The Chief Internal Auditor although a member of the ExCo, does not have any voting rights or decision making authority.

The Audit Committee are responsible for setting the objectives and appraising the performance of the Chief Internal Auditor. The Chief Internal Auditor’s remuneration is structured in a manner such that it avoids conflicts of interest and does not impair their independence and objectivity.

Where the tenure of the Chief Internal Auditor exceeds seven years, the Audit Committee discuss annually the Chair’s assessment of the Chief Internal Auditor’s independence and objectivity.

An External Quality Assessment of Internal Audit is conducted every five years.

 

Purpose

The purpose of the Internal Audit Department is to:

1. provide the Audit Committee with independent assurance as to whether the Society’s Risk Management Framework (RMF) is appropriate for the Society's Risk Profile, has been adequately defined, understood and implemented for each material risk, and is operating effectively;

2. assess whether the financial, operational and risk Management Information (MI), plus Key Performance Indicators supplied to senior management and the Board are accurate, relevant, timely and complete; and

3. provide assurance and consultancy services to the working groups of major projects and, where appropriate, carry out pre and post implementation audit reviews.


Scope

Internal Audit has unrestricted access to all activities undertaken by the Society, in order to review, appraise and report on: -

  • the adequacy and effectiveness of the systems of financial, operational and management control, and their operation in practice in relation to the business risks to be addressed (including good customer outcomes);

  • the adequacy and effectiveness of the risk management culture in place to proactively identify and manage issues;

  • the extent of compliance with, relevance of, and financial effect of, policies, standards, plans and procedures established by the Board and the extent of compliance with external laws and regulations, including reporting requirements of regulatory bodies;

  • the extent to which the assets of the Society are acquired, used efficiently, accounted for and safeguarded from losses of all kinds arising from waste, extravagance, inefficient administration, poor value for money, fraud or other cause and that adequate business continuity plans exist;

  • the suitability, accuracy, reliability and integrity of financial and other management information and the means used to identify measure, classify and report such information;

  • the integrity of processes and systems, including those under development, to ensure that controls offer adequate protection against error, fraud and loss of all kinds; and that the process aligns with the Society’s strategic goals;

  • the suitability of the areas audited for carrying out their functions, and to ensure that services are provided in a way which is economical, efficient and effective;

  • the follow-up action taken to remedy weaknesses identified by Internal Audit review, ensuring that good practice is identified and communicated widely; and
  •  the operation of the Society’s corporate governance arrangements.


Authority

Internal Audit colleagues have the full authority of the Audit Committee, the Board and the Chief Executive when carrying out their duties. The Department has the right of unrestricted access to records, IT systems, documents, properties, colleagues and directors in all areas of the Society’s operations. This right of access shall be exercised reasonably at all times and may be restricted to the Chief Internal Auditor in matters of extreme confidentiality. Access restrictions and lack of co-operation by colleagues or directors that affect the scope of any review will be reported to the Audit Committee.



Responsibilities

The Chief Internal Auditor is responsible for:-

  • developing an annual audit plan, based on an understanding of the significant risks to which the Society is exposed;
  • submitting the plan to the Audit Committee for review and agreement;
  • maintaining a professional audit team with sufficient knowledge, skills and experience to carry out the plan (including the use of external resources as necessary);
  • ensuring that the Department complies with the Standards and Guidelines for the Professional Practice of Internal Auditing (including the Code of Ethics) as upheld by the Chartered Institute of Internal Auditors – UK, in addition to the Internal Audit Financial Services Code of Practice. This includes maintaining a quality assurance and improvement programme to assess performance; and
  • meeting periodically with Second Line functions, and the external auditors, to help inform our understanding of the areas of greatest risk and to help co-ordinate activity to deliver assurance effectively and efficiently.


Reporting Requirements

The Chief Internal Auditor is accountable to the Audit Committee for:-

  • providing regular assessments of the adequacy and effectiveness of the Society’s systems of risk management and internalcontrol, based on the work of Internal Audit, and separately, an assessment of the risk management culture within all areasreviewed as appropriate;

  • reporting significant control issues and potential recommendations for improving risk management and control processes;

  • providing periodically, information on the status and results of the annual audit plan and the sufficiency of Internal Audit resources; and 

  • reviewing, updating and presenting this Charter to the Audit Committee on an annual basis.

 

Any breaches of the Society systems of control or other issues that cannot be resolved with Management will be reported to the Chair of the Audit Committee.

 
Back to top