The formally approved annual internal audit plan is developed from a detailed analysis of King's College London's systems, activities and risks.
This plan provides for a mix of different types of audit work, such as business assurance, value for money and strategic management reviews, systems audits and special investigations. Included within the plan is a specific programme of work which is dedicated to the key financial and other administrative systems. This is of particular importance in supporting the Audit and Compliance Committee and the Council in their assessment of the effectiveness of the university's internal control systems.
The plan will also reflect the HEFCE Audit Code of Practice. This requires the internal audit service to formally report on the adequacy and effectiveness of the university's arrangements for risk management, control and governance, as well as economy, efficiency and effectiveness.
Types of activity included in the internal audit plan
Risk is also an important aspect to take account of in drawing up the audit plan. This reflects the fact that risk management is a key element of the university's management arrangements. It is also an important component in the strategic and business planning processes. King's College Council has approved a Risk Management Policy which forms part of the university's internal control and corporate governance arrangements. This policy explains the university's underlying approach to risk management and documents the roles and responsibilities of the Council and other key parties.
• Value for Money or Efficiency Reviews which look at the economy, efficiency and effectiveness of specific university functions or operations;
• Business Assurance and Strategic Management Reviews that allow a more focused approach in business critical areas, including reviews of specific university risks. These might also include looking at a broad spectrum of operational activities or functions linked to a common management theme or purpose;
• Systems audits set up to appraise and test key controls within operational systems of the university, both financial and otherwise;
• Fraud and Special Investigations.
The internal audit plan is prepared by the Department of Audit and Business Assurance and is considered for approval at the June meeting of the Audit, Risk and Compliance Committee each year.