The formally approved annual internal audit plan is developed from a detailed analysis of the College’s systems, activities and risks.
This plan provides for a mix of different types of audit work, such as business assurance, value for money and strategic management reviews, systems audits and special investigations. Included within the plan is a specific programme of work which is dedicated to the key financial and other administrative systems. This is of particular importance in supporting the Audit and Compliance Committee and the Council in their assessment of the effectiveness of the College’s internal control systems.
The plan will also reflect the HEFCE Audit Code of Practice. This requires the internal audit service to formally report on the adequacy and effectiveness of the College’s arrangements for risk management, control and governance, as well as economy, efficiency and effectiveness.
Types of activity included in the internal audit plan
Risk is also an important aspect to take account of in drawing up the audit plan. This reflects the fact that risk management is a key element of the College’s management arrangements. It is also an important component in the strategic and business planning processes. The College Council has approved a Risk Management Policy which forms part of the College’s internal control and corporate governance arrangements. This policy explains the College’s underlying approach to risk management and documents the roles and responsibilities of the Council and other key parties.
• Value for Money or Efficiency Reviews which look at the economy, efficiency and effectiveness of specific College functions or operations;
• Business Assurance and Strategic Management Reviews that allow a more focused approach in business critical areas, including reviews of specific College risks. These might also include looking at a broad spectrum of operational activities or functions linked to a common management theme or purpose;
• Systems audits set up to appraise and test key controls within operational systems of the College, both financial and otherwise;
• Fraud and Special Investigations.
The internal audit plan is prepared by the Director of Audit and Business Assurance. It is considered for approval at the June meeting of the Audit and Compliance Committee each year.