Internal Audit

Published 24/11/2020   |   Last Updated 16/12/2024   |   Reading Time minutes

The overall objective of Internal Audit is to provide independent assurance on the adequacy and effectiveness of the whole systems of controls, financial management and others, which have been established to manage the risks of the organisation to enable the achievement of organisational goals and ensure accountability for public funds. Internal audit is just one of the sources of assurance available to the Accounting Officer, Commission and the Audit & Risk Assurance Committee.

Within this broad objective, it is Internal Audit's responsibility to review, appraise and report upon:

  • the soundness, adequacy and application of the organisation's financial and other internal controls;
  • the extent of compliance with the organisation's objectives, policies and procedures;
  • the degree to which the organisation's assets and interests are safeguarded;
  • the adequacy of systems in place to ensure that the organisation obtains value for money from its activities;
  • the reliability and adequacy of management information, and
  • the effectiveness of the risk management framework and processes.

The Head of Internal Audit is responsible for providing an annual report and opinion to the Accounting Officer on the adequacy and effectiveness of the organisation's governance, risk management and control arrangements. This in turn is based on an annual programme of reviews and other work as detailed in the Annual Audit Plan and in line with the three year Audit Strategy.

The Senedd Internal Audit services are provided by an in-house Head of Internal Audit. This is supplemented by a contract for the provision of additional internal audit services. These services are currently provided by TIAA, which was awarded in July 2013 and runs for four years to July 2017. In addition to the delivery of important assurance work, the contract provides an opportunity to:

  • Develop a collaborative approach with TIAA to ensure high quality service to the Commission and;
  • Expand the role of Internal Audit to place more emphasis on identifying and promoting opportunities to improve organisational performance.

The Head of Internal Audit provides reports to both the Accounting Officer and Audit & Risk Assurance Committee to enable discussion and scrutiny of important areas of governance, control and value for money.

The Committee approved the 2019-20 Internal Audit plan in March.

Internal Audit Standards

The Senedd's Internal Audit is undertaken in line with Public Sector Internal Audit Standards. These unified standards (PSIAS) for the UK, were brought together through been collaboration during 2012 between the Institute of Internal Auditors (IIA), Chartered Institute of Public Finance and Accountancy (CIPFA) and other relevant Internal Audit Standard Setters such as the NHS and HM Treasury. Previously there were a number of different bodies issuing standards for their particular part of the public sector. The standards are largely based on the Institute of Internal Auditors International Professional Practices Framework

Detail of the standards

The standards comprise Attribute and Performance standards.
Attribute standards define the governance and characteristics of organisations and parties carrying out internal audit i.e. purpose, authority and responsibility of internal audit activity; independence and objectivity; proficiency; quality assurance and improvement programme requiring both internal and external assessment.

The second set of standards is Performance standards which relate to the nature of Internal Audit activities. This includes:

  • Managing the audit activity - planning, resource management, coordination with other bodies;
  • Nature of work - general and IT governance, ethics related objectives, risk management, fraud risk, effective controls
  • Engagement Planning
  • Performing the work
  • Communicating results

In accordance with PSIAS, the Head of Internal Audit has produced an Internal Audit Charter which was approved by the Audit and Risk Assurance Committee in March 2017.