VERSION February 2003

RESEARCH COUNCILS’ INTERNAL AUDIT SERVICE INTERNAL AUDIT CHARTER

Introduction 1.

This Charter establishes the role and terms of reference of the Research Councils’ Internal Audit Service (RCIAS) within the Research Councils.

2.

It has been framed to: a.

meet the needs of the Research Councils,

b.

meet the condition within DTI (OST) Management Statement and Financial Memorandum that the internal audit arrangements established by the Council shall comply with the “HM Treasury’s Government Internal Audit Standards”1

c. comply with the organisational and operational standards outlined in HM Treasury’s ‘Government Internal Audit Standards’,

The Role of RCIAS 3.

RCIAS is an independent and objective appraisal service within the Research Councils. The main roles of internal audit are: a. primarily to provide an independent and objective opinion to each Research Council Accounting Officer, on risk management, control and governance 2, by measuring and evaluating their effectiveness in achieving the Council’s agreed objectives. In addition, internal audit’s findings and recommendations are beneficial to line management in the audited areas. b. also to provide an independent and objective consultancy service specifically to help line management improve the Council’s risk management, control and governance.

4.

RCIAS may carry out other reviews at the request of the Chief Executive, Audit Committee or senior management eg. fraud and special investigations, project “health checks” and reviews, security reviews, benchmarking, etc.

Independence 5.

Recognition of the independence of internal audit is fundamental to its effectiveness. Within the Research Council independence is secured by:

Government Internal Audit Standards issued by HM Treasury Audit Policy and Advice (October 2001) Risk management, control and governance comprise the policies, procedures and operations established to ensure the achievement of objectives, the appropriate assessment of risk, the reliability of internal and external reporting and accountability processes, compliance with applicable laws and regulations, and compliance with the behavioural and ethical standards set by the organisation

1

2

1

VERSION February 2003

a.

the Head of Internal Audit having the right of direct access to the Chief Executive and Chairperson of the Council Audit Committee.

b.

the approval of the RCIAS Strategic Plan and the Annual Audit Plan by the Chief Executive.

c.

the position of RCIAS within the Research Council ie the unit has no responsibility for operational functions. It has no direct responsibility for, nor authority over, any of the activities subject to RCIAS review.

d.

RCIAS staff not being involved in designing, building, managing or running systems which they may subsequently audit. This does not prevent RCIAS from giving advice and commenting on developments and change.

e.

the services performed by RCIAS being staff and advisory functions only, and in no way relieving management within the Council of responsibilities assigned to them.

f.

the internal auditors being independent to carry out their work freely and objectively. Independence permits them to render unbiased judgements and impartial advice to management.

Authority 6.

In accordance with the Government Internal Audit Standards from HM Treasury, RCIAS must have unrestricted access to all activities undertaken within the Research Councils.

7.

Auditors have the authority to obtain information and explanations they consider necessary to fulfil their objectives and responsibilities.

8.

RCIAS shall have the authority to require a timely written response to any findings and recommendations contained within their reports.

Scope 9.

RCIAS fulfils its terms of reference by systematic review and evaluation of risk management, control and governance which comprises the policies, procedures and operations in place to: a.

establish, and monitor the achievement of, the Research Councils objectives

b.

identify, assess and manage the risks of achieving the Research Councils objectives

c.

advise on, formulate, and evaluate policy, within the responsibilities of the Chief Executive

d.

ensure the economical, effective and efficient use of resources

e.

safeguard the Council’s assets and interests from losses of all kinds, including those arising from fraud, irregularity or corruption

2

VERSION February 2003

f.

the suitability of the organisation of areas audited for carrying out their functions, to ensure that services are provided in a way which is economical, efficient and effective;

g.

ensure the integrity and reliability of information, accounts and data, including internal and external reporting and accountability processes

10.

RCIAS should devote particular attention to any aspects of the risk management, control and governance impacted by material changes to the Council’s risk environment.

11.

The scope of RCIAS audit work includes arrangements for risk management, control and governance arrangements over subsidiary bodies including Institutes, units, surveys and centres.

Reporting 12.

Annual Report: The HIA RCIAS must submit to the Chief Executive at least annually a report of the audit activity and results. The main purpose of the annual report is to present HIA’s independent opinion of the overall adequacy and effectiveness of the Council’s risk management, control and governance processes. The Annual Report will be presented in draft format to the Audit Committee for comment.

13.

Assignment Report: Following the completion of each assignment, the results and, where appropriate, recommended corrective action will be presented in a formal report to the management of the function or activity under review. The findings and recommendations are normally discussed with management at audit closure, and their responses to recommendations obtained, before the report is finalised and distributed.

14.

Reporting to the Audit Committee: The HIA RCIAS reports regularly on the progress and the results of RCIAS work to the Audit Committee. Reports on material and sensitive audit findings will also be reported on at Audit Committee meetings.

Fraud 15.

Managing the risk of fraud is the responsibility of line management. In conducting audit assignments, the internal auditors will be alert to risks and exposures that could allow fraud. Where in the course of an audit fraud is found or suspected then RCIAS will liaise with Council management on how best to manage the situation.

16.

The HIA RCIAS should be informed of all suspected or detected fraud (HM Treasury requirement - Government. Internal Audit Standards 1.4.3 refers).

17.

The RCIAS will undertake the investigation of a reported or suspected fraud at the request of management. Terms of reference will be agreed for each assignment. The HIA will recommend whatever audit resources are required for investigation. Once a fraud investigation is concluded a report will be submitted to the Council management. The Council management will be responsible for actioning the report and determining whether controls need to be implemented or strengthened to reduce future vulnerability.

3

VERSION February 2003

Competence and Standards 18.

Competence: The HIA RCIAS is responsible for ensuring that RCIAS is appropriately staffed in terms of numbers, grades, qualification levels and experience. In particular HIA RCIAS is to: a.

ensure staff possess appropriate qualifications and experience; and

b.

encourage and facilitate the training and continuing professional development of staff.

19.

Code of Ethics: Members of staff of the RCIAS must observe four main principles ie integrity, objectivity, competency and confidentiality. Individual auditors are required to declare any conflicts arising from audit work assigned to them.

20.

Standards: RCIAS is to operate in accordance with HM Treasury’s “Government Internal Audit Standards”“. The standards define the way in which the RCIAS should be established and undertake its functions. They cover both assurance-related and consultancy work. They apply equally to in-house staff, partnership staff and other contract staff.

21.

Quality Assurance: HIA RCIAS is to maintain a process of review of RCIAS to provide reasonable assurance that its work conforms to “Government internal audit standards” and to the requirements of this Charter. The review process is on going and is to include adequate supervision of work performed, an internal review process, and continuing development. External quality reviews are undertaken periodically by the Internal Audit Directorate of the Department of Trade & Industry.

Organisation and management 22.

Administration. For administrative purposes the RCIAS is ‘hosted’ within the BBSRC. The role of the ‘host’ Council for internal audit is to ensure that RCIAS is operated within the policy framework approved by the Internal Audit Supervisory Board (IASB). As ‘host’ Council, BBSRC acts as the contracting agent for the Partnering Contract, on behalf of the Research Councils. Specific responsibilities include: a. b. c. d.

Appointment of RCIAS staff and reporting lines for staff employed within RCIAS Provision of administrative, financial, personnel, computing support services and accommodation Accounting for RCIAS expenditure, income and submission of quarterly invoices to each Council for services provided by RCIAS Acting as the principal advocate for RCIAS with the other Councils

Operationally RCIAS is however independent of BBSRC and the Council is a client of RCIAS on the same basis as the other Councils. 23.

Supervision of RCIAS. There is an Internal Audit Supervisory Board (IASB) chaired by the Finance Director BBSRC with membership drawn from each Council. RCIAS is represented by HIA RCIAS and a partner from Ernst & Young. The primary role of the Board is to provide strategic direction and advice on the operation and development of RCIAS. This involves collective decisions and responsibility for key

4

VERSION February 2003

policy issues and establishes the framework for the ‘host’ Council to operate RCIAS through the Head of Internal Audit. Responsibilities include: a.

the provision of a strategic overview;

b.

the scrutiny of proposed budgets, resources and daily rates;

c.

the performance monitoring arrangements for the audit services provided by RCIAS;

d.

monitoring the effectiveness of Partnering arrangements and approval of any variations to the Partnering contract.

e.

the monitoring of progress on achievement of Councils’ Annual Work Plans in terms of strategy, methods of implementation, but recognising that individual Council’s management and Audit Committees will also monitor performance;

f.

the consideration of matters arising which may be of common interest, ethical or other issues;

g.

the review of schedules of work outstanding and outturns against budget (costs and time).

h.

providing guidance on staffing and other resource requirements;

24.

Funding. The costs of RCIAS are met by all the Councils. Annually a programme of work is agreed with each Council and RCIAS is reimbursed on the basis of the agreed programme. Any additional services or assignments required in year are subject to separate negotiation between HIA and Council management. The terms of reference and funding arrangements for each additional requirement being agreed on a case by case basis.

25.

Management. The HIA RCIAS is responsible for properly managing RCIAS so that: a.

an Annual Plan outlining the RCIAS programme of work is developed from the Audit Strategy, for the approval of the Chief Executive;

b.

audit work provides an independent and objective opinion to the Chief Executive;

c.

resources of RCIAS are efficiently and effectively employed;

d.

audit work conforms to the Government Internal Audit Standards as set by HM Treasury;

e.

Auditors comply with the ‘Code of Ethics for Internal Auditors in Central Government’ as outlined in the Government Internal Audit Standards.

5

VERSION February 2003

Relationship with the Audit Committee 26.

The Audit Committee is a separate committee chaired by a member of Council. In relation to RCIAS and internal audit work, the Audit Committee can advise on internal control and audit matters. The Audit Committee has its own terms of reference.

27.

HIA RCIAS attends meetings of the Audit Committee for matters such as the presentation of plans, to report progress, to provide information on assignment reports including any significant weaknesses or difficulties in resolving problems.

28.

Whilst the Audit Committee can consider and comment on long and short term plans, the responsibility for final approval of RCIAS plans rests with the Chief Executive as Accounting Officer.

29.

HIA RCIAS is afforded direct access to Audit Committee Chair on request.

Relations with External Auditors 30.

The Research Councils’ external auditors (NAO) fulfil a statutory duty for which they are responsible to Parliament. A number of subsidiary bodies ie Institutes, units, surveys and centres owned by Council also have external audit arrangements with accountancy companies. RCIAS endorse the principals published in the good practice guide by APA in HM Treasury on ‘Co-operation between Internal and External Auditors’ and maintain regular contact with the external auditors. A formal protocol agreed by the IASB exists outlining the cooperation arrangements between HIA RCIAS and the appropriate NAO Director.

6