Internal Audit A mostly friendly watchdog
Internal Audit is not an optional function. HEFCE requires that • “each HEI must have an effective Internal Audit function, which reports regularly to the audit committee and at least annually to the governing body and the accountable officer.” • IA should have and “be seen to have sufficient status, respect and support within the HEI”
The Head of the Internal Audit function must have direct access to the HEI’s Accountable Officer, the Chair of the Audit Committee and, if necessary,the Chair of the Governing Body. • Internal as well as external auditors must also have unrestricted access to information – including all records, assets, personnel and premises – and be authorised to obtain whatever information and explanations the Head of the Internal Audit function or the external auditor considers necessary.
An effective Internal Audit function helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to the evaluation of risk management, internal control, value-seeking, compliance and governance processes. What does a good Internal Audit function do?
How does it do this in practice? • Identify stakeholders and needs • Set or note existing baselines • Measure, evaluate and report • Improve processes, measures, targets, • Go round again…..
The back to basics approach to internal control which IA usually seeks to assess and report on. Aim – to improve the quality of financial reporting through a focus on corporate governance, ethical practices, and internal control. It focuses on the three key objectives of: effective and efficient operations reliable financial reporting adherence to relevant legislation and regulation The COSO cube of internal control
What to Audit The range of audit activity should be determined on a risk basis with reference to: • Regulatory requirements • Opportunities for fraud • Extent of expenditure • Results of previous audits • Time since last audit • Management request
Looking at SOAPMAPS • Segregation of duties • Organisation • Authorisation and approval • Physical construction • Management • Arithmetical and accounting accuracy • Personnel • Supervision
The hallmarks of a good audit • Sufficiently well scoped to add value • Sufficiently flexible to adapt to matters that emerge • Not flagged up so far in advance that there is time to alter the evidence • Involving every level of the process under scrutiny • Fair and reasonable – it is primarily a search for improvement not a witch hunt
LSE Audits • LSE is London Met but issues still arise on data quality - HESA return, TRAC returns, OFFA, IA is required to report on processes to complete these returns • Regulations and processes that are not followed weaken the School, (expenses, due diligence, cash handling etc) • The tabloid test (aka front page headlines how bad could it be?) • Fraud, theft, carelessness, honest mistake. • Seeking value for money – economy efficiency and effectiveness – they spend how much?
What’s in it for you? • Economy – how to save money. • Leveraging LSE buying power • Do we really need it? • Can we share? • Can we prevent leakage?
Efficiency – not wasting effort. • Is there a quicker way? • Can we avoid re-work? • Is someone else doing the same thing? • Can we get added value from our asset/resource?
Effectiveness – doing what it says on the tin. • Is the system properly designed to deliver the required outcome? • Is the system properly implemented to deliver the required outcome? • Are there perverse results?
What next? • The audit process is evolving - when it is your turn you will see there are deadlines and responsibilities clearly set out. • You’ve had an audit – what next? • Audit Committee – will you be a witness?. • Management – what action will you take? • Recommendation follow up – we will be back! • ?