Agenda item

The Institute of Internal Auditors (IIA) published new Global Internal Auditing Standards (GIAS) in January 2024 with the Internal Audit Standards Advisory Board (IASAB) and CIPFA publishing the Global Internal Audit Standards in the UK Public Sector Application Note, in December 2024.  The existing Internal Audit Charter and Audit Strategy have been reviewed and updated to take into account the requirements of the new Standards.

This report seeks the Committee’s feedback on the Strategy and approval of the Charter and Mandate.

Moira Mackie (Head of Internal Audit) briefed the Committee that the new Internal Audit Strategy 2025-2028, Charter and Mandate were reviewed and updated taking into account the requirements of the new Global Internal Audit Standards (GIASs) (please see information paper on page 83). CIPFA had helped adapt the private-sector focused GIASs for the use of the public sector.  For example, the Board was interpreted as equivalent to the Audit Committee in local authorities.  The GIASs also set out the roles and responsibilities of the Internal Auditors who should act in an ethical and transparent manner while maintaining communication to the satisfaction of the Audit Committee. Moira further said that the Strategy was developed to show continuous improvements over time along with progress reports submitted to this Committee.  The Charter and Mandate had been completely refreshed to align with the new GIASs and required the Committee’s approval.  Members noted that while the GIASs were applicable in the UK from January 2025, the public sector were implementing the new Standards from 1^st of April 2025.

Councillor David Morton was concerned about the liabilities of this Committee for the wrong doings such as fraud cases found in the Statement of Accounts it had signed off.  David Hughes (Director of Audit, Fraud, Risk and Insurance) assured that under the Accounts and Audit Regulations 2015 and the Council’s requirements made through the S151 officer, robust arrangements had been in place for risk management and for internal control and protection against frauds.  As regards personal liabilities, David Hughes pointed out that according to the Council’s insurance policies, all officers and members were covered in carrying out their duties as part of the Council.

Councillor Florian Chevoppe-Verdier appreciated the Strategy and quoted some favourite sections on pages 19 and 22. He sought examples on ways to leverage technology for ‘enhanced efficiency’ during service delivery. David Hughes highlighted the benefits of using data analytics in audit works, for example, by looking for areas of anomalies or trends among the whole population of data before deciding to carry out an audit of a particular area. The Internal Audit team was already working closely with the Council’s Business Intelligence team to collect internal data on potential issues around fraud.  The continuous audit approach in the Internal Audit Plan 2025/26 was also using data analytics to track potential concerns and provide assurance in a more efficient and less costly way.

Addressing Councillor Lisa Homan’s questions, David Hughes noted that the new GIASs superseded the previous one promulgated in 2018 and applied similarly globally to all UK companies around the world.  He acknowledged that the Council could under the new Standards look at potential contractors’ internal audit strategies. 

In reply to Councillor Homan’s further concern about contractors’ risk assessment, David Hughes said this fell within the scope of contract management audits which involved risk management.  The audits would look at how departments were managing the risks of major suppliers/contractors and details of their contract management particularly those key ones on the departments’ risk register.

Councillor Homan referred to the performance indicators for measuring the success of the Internal Audit Strategy on pages 23 & 24 and asked about the reporting timelines. David Hughes noted that in addition to the Head of Internal Audit’s Annual Report submitted every June, there would be progress reports on performance and corrective actions taken for indicators that were not on track.

RESOLVED

That the Committee agreed

1.     To note the draft Internal Audit Strategy as set out in Appendix 1; and

2.     To approve the draft Internal Audit Charter and Mandate as set out in Appendix 2.