Attention: You need JavaScript enabled to use this site.
Internal Audit is an independent review function set up within the Society as a service to the Board and all levels of management. The Chief Internal Auditor is responsible for the effective review of all aspects of risk management (including risk management culture) throughout the Society’s activities.
Internal Audit is independent of the activities which it audits to ensure the unbiased judgements essential to its proper conduct and impartial advice to management.
To maintain objectivity and independence, Internal Auditors shall have no direct operational responsibilities or authority over any of the activities they review. Additionally, they shall not develop nor install systems or procedures, prepare records, or engage in any other activity which would normally be audited or which may impair their ability to maintain their independence. Internal Audit colleagues who have transferred into Internal Audit from other areas of the Society will not provide Internal Audit services in relation to business activity for which they have had responsibility for a minimum of twelve months.
The Chief Internal Auditor has a direct reporting line to the Chair of the Audit Committee, meets at least once per year in a session with the Audit Committee and has regular meetings with the Chief Executive. Additionally, regular meetings are also held with other Executive Committee (ExCo) members. The Chief Internal Auditor also has the right of access to the Chair at all times.
The Chief Internal Auditor although a member of the ExCo, does not have any voting rights or decision making authority.
The Audit Committee are responsible for setting the objectives and appraising the performance of the Chief Internal Auditor. The Chief Internal Auditor’s remuneration is structured in a manner such that it avoids conflicts of interest and does not impair their independence and objectivity.
Where the tenure of the Chief Internal Auditor exceeds seven years, the Audit Committee discuss annually the Chair’s assessment of the Chief Internal Auditor’s independence and objectivity.
An External Quality Assessment of Internal Audit is conducted every five years.
The purpose of the Internal Audit Department is to:
1. provide the Audit Committee with independent assurance as to whether the Society’s Risk Management Framework (RMF) is appropriate for the Society's Risk Profile, has been adequately defined, understood and implemented for each material risk, and is operating effectively;
2. assess whether the financial, operational and risk Management Information (MI), plus Key Performance Indicators supplied to senior management and the Board are accurate, relevant, timely and complete; and
3. provide assurance and consultancy services to the working groups of major projects and, where appropriate, carry out pre and post implementation audit reviews.
Internal Audit has unrestricted access to all activities undertaken by the Society, in order to review, appraise and report on: -
Internal Audit colleagues have the full authority of the Audit Committee, the Board and the Chief Executive when carrying out their duties. The Department has the right of unrestricted access to records, IT systems, documents, properties, colleagues and directors in all areas of the Society’s operations. This right of access shall be exercised reasonably at all times and may be restricted to the Chief Internal Auditor in matters of extreme confidentiality. Access restrictions and lack of co-operation by colleagues or directors that affect the scope of any review will be reported to the Audit Committee.
The Chief Internal Auditor is responsible for:-
The Chief Internal Auditor is accountable to the Audit Committee for:-
providing regular assessments of the adequacy and effectiveness of the Society’s systems of risk management and internalcontrol, based on the work of Internal Audit, and separately, an assessment of the risk management culture within all areasreviewed as appropriate;
reporting significant control issues and potential recommendations for improving risk management and control processes;
providing periodically, information on the status and results of the annual audit plan and the sufficiency of Internal Audit resources; and
reviewing, updating and presenting this Charter to the Audit Committee on an annual basis.
Any breaches of the Society systems of control or other issues that cannot be resolved with Management will be reported to the Chair of the Audit Committee.