1 / 11

Internal Audit Risk and Assurance

Internal Audit Risk and Assurance. Samantha Buckland – Audit Manager Internal Audit. Content. Role of IA Engagement – Barriers and Approach Risk and Assurance IA role in Business and H&S risk . What is our authority?. Statutory authority through Accounts and Audit regulations

zuri
Download Presentation

Internal Audit Risk and Assurance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Internal Audit Risk and Assurance Samantha Buckland – Audit Manager Internal Audit

  2. Content Role of IA Engagement – Barriers and Approach Risk and Assurance IA role in Business and H&S risk

  3. What is our authority? • Statutory authority through Accounts and Audit regulations • Gives us right to all information and explanations necessary in order to perform our duties

  4. Objectives and Role of Internal Audit To provide “independent” assurance on the adequacy and effectiveness of governance, risk management and internal controls across the Council To investigate allegations of fraud, corruption or other lapses in control or governance arrangements To provide advisory work to support directorates, for example in development on new systems or processes To assist the Corporate Directors to sign their Annual Governance Statement

  5. Engagement Barriers Lack of understanding of IA role, for example bureaucratic, etc. Seen as critical, trying to ‘catch people out’, internal ‘police’, etc.

  6. Engagement • Approach • Presentations at all levels to explain the role of internal audit • Be seen as approachable and supportive • Review of the way we approach what we do • Making sure recommendations are pragmatic and address key risks

  7. Risk and Assurance • Definition of assurance • An evidence based statement designed to give confidence that…. • Integrate assurance • What do we mean by integration • How does it work? • Audit, Risk Management, H&S Team, Managers, Staff, etc.

  8. IA role in Business Risk • Risk based plan • Assurance on the identification, evaluation and management of risks in individual audits, for example: • Health and Safety • Establishments • Reports and recommendations • Agreed management actions • Follow-up

  9. Five Levels of Assurance • High - There is a sound system of control operating effectively to achieve service/system objectives. Any issues identified are minor in nature and should not prevent system/service objectives being achieved. • Substantial - The system of control is adequate and controls are generally operating effectively. A few weaknesses in internal control and/or evidence of a level of non compliance were noted during the audit that may put a system/service objective at risk. • Adequate - The system of control is sufficiently sound to manage key risks. However there were weaknesses in internal control and/or evidence of a level of non compliance with some controls that may put system/service objectives at risk. • Limited - Adequate controls are not in place to meet all the system/service objectives and/or controls are not being consistently applied. Certain weaknesses require immediate management attention as if unresolved they may result in system/service objectives not being achieved. • No Assurance - The system of control is inadequate and controls in place are not operating effectively. The system/service is exposed to the risk of abuse, significant error or loss and/or misappropriation. This means we are unable to form a view as to whether objectives will be achieved.

  10. Follow Ups • We will follow up recommendations with the accountable officers after the agreed deadline date has passed to ensure that these have been implemented. The follow up process varies according to the risk rating applied to the agreed recommendation • High - We will contact the accountable manager and make arrangements to undertake sample testing to verify implementation of the agreed recommendation • Medium - We will contact the accountable manager and ask them to provide evidence that the agreed recommendation has been implemented • Low - We will contact the accountable manager to request assurance that the recommendation has been implemented • Recommendations both implemented and overdue for implementation will be reported to the Corporate Management Team and the Governance and Audit Committee on a quarterly basis. • Where recommendations are overdue officers may be required to provide an explanation.

  11. Questions? • For further information please contact: • Samantha Buckland • (01622) 694611 • samantha.buckland@kent.gov.uk

More Related