INTERNAL AUDIT
Contents:
Scope
Key Points
Background
Internal Control System
Internal Audit Process
Internal Audit Assurance
Annex: Conduct of Internal Audit by Audit
Services
Scope
1. This section gives guidance on internal audit
arrangements and procedures.
Key Points
2. Internal audit should provide an independent and
continuing appraisal of an organisation's internal control
system and take the action needed to provide Accountable
Officer(s) with a continuing assurance that the
organisation's internal control systems are adequate and
effective.
3. Departments are responsible for ensuring that
appropriate and adequate internal controls exist within
their own areas of responsibility, and for deciding whether
or not to accept and implement Audit Services' internal
audit findings and recommendations.
Background
4. Internal audit should provide an independent and
continuing appraisal of an organisation's internal control
system and take the action needed to provide Accountable
Officer(s) with a continuing assurance that the
organisation's internal control systems are adequate and
effective. The operation and conduct of internal audit
should comply with the standards contained in the
"Government Internal Audit Manual" published by HMSO.
5. Accountable Officers are responsible for ensuring
that appropriate and adequate internal controls exist
within their own areas of responsibility, and for deciding
whether or not to accept and implement internal audit
findings and recommendations. The relevant Accountable
Officer has overall responsibility for ensuring that prompt
and effective action is taken on recommendations, and that
the risks resulting from inaction are recognised and
accepted. The Head of Internal Audit should have the right
of direct access to the Accountable Officer(s). Audit
Services within Scottish Executive Finance and Central
Services Department is responsible for the internal audit
of the core Departments of the Scottish Executive plus
certain other areas including some Executive Agencies and
offices of the Scottish Administration. More detailed
guidance on the conduct of internal audits by Audit
Services is set out in the
Annex.
Internal Control System
6. The internal control system comprises the whole
network of systems established in an organisation to
provide reasonable assurance that organisational objectives
will be achieved, with particular reference to:
risk management;
the effectiveness of operations;
the economical and efficient use of
resources;
compliance with applicable policies, procedures,
laws and regulations;
safeguards against losses, including those
arising from fraud, irregularity or corruption;
and
the integrity and reliability of information and
data.
7. Internal audit should not have responsibility for
executive functions or for the development or
implementation of systems. Internal audit may, however,
serve as a valuable source of advice on systems of control
and related matters without impairing its objectivity and
independence.
Internal Audit Process
8. Internal audit should:
analyse the internal control system and
establish a review programme;
identify and evaluate the controls which are
established in systems to achieve objectives in the
most economic and efficient manner;
report findings and conclusions and, where
appropriate, make recommendations for
improvement;
provide an opinion on the reliability of the
controls in the system under review; and
provide an assurance based on the evaluation of
the internal control system within the organisation
as a whole.
Internal Audit Assurance
9. An annual audit assurance is provided to Accountable
Officers through the professional opinion of the Head of
Internal Audit (or equivalent) on the adequacy and
effectiveness of the internal control system and the extent
to which it can be relied upon. That opinion is contained
in an annual report from the Head of Internal Audit to the
organisation's Audit Committee(s), and forms part of the
assurance required by Accountable Officers to enable them
to sign a
Statement on Internal Control in respect of their area of responsibility.
Back to top
Page Published/ Updated on: 21st December 2001