LSE Internal Audit procedures (to be read in conjunction with the attached flowchart)



Similar documents
CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

BOARD CHARTER. Its objectives are to: provide strategic guidance for the Company and effective oversight of management;

Internal audit service protocol

Corporate Governance Report

BAHRAIN TELECOMMUNICATIONS COMPANY B.S.C. AUDIT COMMITTEE CHARTER

EVERCHINA INT L HOLDINGS COMPANY LIMITED (the Company ) Audit Committee

U & D COAL LIMITED A.C.N BOARD CHARTER

Internal Audit (policy & procedure)

- 1 - CATHAY PACIFIC AIRWAYS LIMITED. Corporate Governance Code. (Amended and restated with effect from 3rd March 2014)

APPRAISAL POLICY AND PROCEDURE FOR SUPPORT STAFF 1

Appendix 15 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

Accreditation of qualifications for registration as an oral health practitioner

E Lighting Group Holdings Limited 壹 照 明 集 團 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) Stock Code : 8222

The University s responsibilities and its arrangements for internal audit Internal audit protocol 2014/15 to 2016/17

AUDIT AND RISK MANAGEMENT COMMITTEE CHARTER

Procedure document. Department of Transport School Bus Centre Review

Information Commissioner's Office

INTERNATIONAL STANDARD ON REVIEW ENGAGEMENTS 2410 REVIEW OF INTERIM FINANCIAL INFORMATION PERFORMED BY THE INDEPENDENT AUDITOR OF THE ENTITY CONTENTS

How To Prepare A Configuration Change Change Request For The Tfnsw Cmaac

Hunter Hall International Limited

College Governance Statement of Principles, Scheme of Delegation and Terms of Reference

Audit Committee Institute Assessment of audit committees

ATTENDANCE AGREEMENT NATIONAL AGREEMENT BETWEEN ROYAL MAIL AND THE CWU

Internal Audit Division

Compliance. Group Standard

TRANSPORT INTERNATIONAL HOLDINGS LIMITED (the Company ) MEMBERS COMMUNICATION POLICY

BRITISH SKY BROADCASTING GROUP PLC MEMORANDUM ON CORPORATE GOVERNANCE

Appendix 14 CORPORATE GOVERNANCE CODE AND CORPORATE GOVERNANCE REPORT

Smart Meters Programme Schedule 2.5. (Security Management Plan) (CSP South version)

Document 12. Open Awards Malpractice and Maladministration Policy and Procedures

Birkbeck, University of London. Student Complaints Policy and Procedure

Welsh Government Response to the Report of the National Assembly for Wales Public Accounts Committee on Grant Management in Wales Final Report

Audit Committee Internal Regulations

(Incorporated in the Cayman Islands with limited liability) (amended and restated with effect from 1 January 2016)

BOARD CHARTER Link Administration Holdings Limited ("Company") ABN

Trust Board Report. Review of the effectiveness of the IM&T Committee

Audit, Risk and Compliance Committee Charter

Policy and Procedure for Handling and Learning from Feedback, Comments, Concerns and Complaints

Document Title: Trust Approval and Research Governance

CHARTER OF THE BOARD OF DIRECTORS

Board Charter. May 2014

Complaints Policy and Procedure. Contents. Title: Number: Version: 1.0

Framework Agreement between the Department of Health and the NHS Trust Development Authority. Annex C: Finance and Accounting

TERMS OF REFERENCE OF THE AUDIT COMMITTEE UNDER THE BOARD OF DIRECTORS OF CHINA PETROLEUM & CHEMICAL CORPORATION

Financial Management Framework >> Overview Diagram

Echo Entertainment Group Limited (ABN ) Risk and Compliance Committee Terms of Reference

1.1 Terms of Reference Y P N Comments/Areas for Improvement

i-control Holdings Limited 超 智 能 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) (the Company )

Effective complaint handling

CODE GOVERNANCE COMMITTEE CHARTER. 1 Functions and responsibilities of the Code Governance Committee

Request for feedback on the revised Code of Governance for NHS Foundation Trusts

HALOGEN SOFTWARE INC. AUDIT COMMITTEE CHARTER. oversee the qualifications and independence of the independent auditor;

TIANGONG INTERNATIONAL COMPANY LIMITED (the Company ) TERMS OF REFERENCE OF AUDIT COMMITTEE

Terms of Reference - Board Risk Committee

Audit, Business Risk and Compliance Committee Charter Pact Group Holdings Ltd (Company)

General Practice Direction Direction given under section 18B of the Administrative Appeals Tribunal Act 1975

CHARTER FOR THE AUDIT COMMITTEE OF THE BOARD OF DIRECTORS SIGMA DESIGNS, INC. (As adopted by the Board of Directors effective as of May 2010)

Governance, Risk and Best Value Committee

Rolls Royce s Corporate Governance ADOPTED BY RESOLUTION OF THE BOARD OF ROLLS ROYCE HOLDINGS PLC ON 16 JANUARY 2015

Grievance Policy. 1. Policy Statement

City of Sydney Council. Petition Guidelines

GUIDANCE NOTE DECISION-MAKING PROCESS

Internal Audit Charter. Version 1 (7 November 2013)

AUDIT COMMITTEE MANDATE

ALLEGIANT TRAVEL COMPANY AUDIT COMMITTEE CHARTER

(the Company ) (Incorporated in Bermuda with limited liability) (Stock Code: 1060) TERMS OF REFERENCE OF AUDIT COMMITTEE

We released this document in response to a Freedom of Information request. Over time it may become out of date. Department for Work and Pensions

COMPLIANCE PROGRAM FOR XL GROUP PLC

PEACE MAP HOLDING LIMITED

Disciplinary Process Supplementary Guidance. Role of the Nominated Officer

Audit Committee. Directors Report. Gary Hughes Chairman, Audit Committee. Gary Hughes Chairman, Audit Committee

NHS Greater Huddersfield Clinical Commissioning Group. Remuneration Committee. Terms of Reference

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE

STATE HOSPITAL QUALITY PROCEDURES MANUAL

THE COMBINED CODE PRINCIPLES OF GOOD GOVERNANCE AND CODE OF BEST PRACTICE

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

Internal Audit Checklist

APPLICATION OF THE KING III REPORT ON CORPORATE GOVERNANCE PRINCIPLES

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

TAXREP 01/16 (ICAEW REP 02/16)

South East Water Corporation Finance Audit and Risk Management Committee Charter. October 2012

INTERNATIONAL STANDARD ON AUDITING (UK AND IRELAND) 700 THE AUDITOR S REPORT ON FINANCIAL STATEMENTS CONTENTS

PRIVATE HEALTH INSURANCE INTERMEDIARIES PRACTICE CODES JUNE 2015 VERSION 2

2014 Annual General Meeting. Date: Monday 7 th July 2014 Time: 5:45pm for 6:00pm start Venue: Executive Centre, Level 4 B Block, QUT Gardens Point

WORKPLACE HEALTH AND SAFETY AUDITING GUIDELINES

Newcastle University disciplinary procedure

CHINA CITY INFRASTRUCTURE GROUP LIMITED 中 國 城 市 基 礎 設 施 集 團 有 限 公 司 (Incorporated in the Cayman Islands with limited liability)

Mount Gibson Iron Limited Corporate Governance Policies and Practices Manual Shareholder Communication Policy

CORPORATE GOVERNANCE - BOARD CHARTER PART A DEFINING GOVERNANCE ROLES

Hertsmere Borough Council. Data Quality Strategy. December

CHILDREN AND ADULTS SERVICE RESEARCH APPROVAL GROUP

PROCEDURES FOR ENVIRONMENTAL AND SOCIAL APPRAISAL AND MONITORING OF INVESTMENT PROJECTS

Transcription:

LSE Internal Audit procedures (to be read in conjunction with the attached flowchart) Audit activity is governed by the HEFCE Code of Audit Practice. 1. Determining audit activity a) Audits will be conducted at the initiative of the Head of Internal Audit who will devise an audit strategy that outlines the proposed course of audit activity for the year and which is approved by the Audit Committee. Audit activity is normally prioritised according to a mix of the following factors: HEFCE Code of Audit Practice; Existing risk management arrangements; perceived risks to the effectiveness of controls, compliance or governance within the School; the level of expenditure involved; opportunities for (or incidences of) fraud or irregularity; time since prior audit activity; outcome of previous audits and the need for follow up; alternate sources of assurance available (eg QAA, HEFCE or other regulatory bodies); request from DMT, management or Audit Committee; opportunities to enhance Value for Money. b) Where there is no convenient Audit Committee meeting, special (unplanned) Internal Audits may be carried out at the request of/with the approval of, the School Secretary and/or the Chief Financial Officer. 2. Briefing and scoping of audits a) Each audit will be allocated a lead person or sponsor. The sponsor will usually be the senior level person in the School who has DMT responsibility for the area concerned, the Director of ODAR, a Pro Director or the Head of an Academic Department. The sponsor has the ultimate responsibility for ensuring that agreed actions are followed through. b) Not all areas will have a clearly identifiable DMT sponsor and some may involve more than one area. In such cases, a suitable mechanism for sign off should be sought and, where appropriate, a sponsor may be appointed by the DMT. In the case of Academic Departments, the Head of Department is the de facto sponsor, although a mechanism for sharing the results with peers or with APRC may well be appropriate. c) Internal Audit will give as much notice of forthcoming audit activity as possible and will endeavour to meet with the sponsor well in advance to discuss the reasons for the audit, the concerns of the sponsor, the timing and conduct of the audit, the nomination of an operational lead and any other relevant details. d) When the audit brief is finalised, it will be issued as a set of terms of reference (ToR) to the sponsor, the operational lead and to other involved managers. e) The terms of reference will include: the proposed scope of the audit what is covered and what specifically is not; Page 1 of 6 Internal Audit Procedures Dec.docInternal Audit procedures Dec

the proposed methodology; the individuals likely to be involved; the potential risks the audit expects to cover; and the proposed timetable from the start of the audit until the report reaches the Audit Committee. f) Under normal circumstances, Internal Audit will issue the terms of reference at least two weeks before the commencement of the audit proper. g) It should be noted that an intended audit may deviate from the original proposal as a result of information uncovered in the course of the audit or other unforeseen factors. Where such deviation is not as a result of something that should remain confidential (e.g. suspected fraud), management will be informed of substantive changes in the focus of audit activity. 3. Channels of communication and responsibilities a) The senior level person or sponsor will be involved at the start and the end of any investigation. They are responsible for accepting the terms of reference and signing off that they are content that management responses are adequate. Sponsors will have the option of designating a delegated operational lead who will work with Internal Audit throughout the progress of the audit. Internal Audit services are responsible for the quality of the report and all staff involved in the audit and the reporting process are responsible for co-operating and contributing effectively and in a timely manner. b) This operational lead will have responsibility for ensuring all relevant information is provided in a timely manner, for securing compliance and co-operation with Internal Audit from other members of staff and for coordinating the consolidated response from the area to the audit findings, including ensuring that the sponsor is satisfied with the format and content of the management response. c) Staff and sponsors are given the opportunity to comment on findings, recommendations and management responses at multiple stages (i.e. during the course of the audit, at exit meetings and in the draft report phase). If a sponsor is not in agreement with any of these elements, it is his/her responsibility to bring this to the attention of the Internal Auditor and/or the Head of Internal Audit for discussion and, where possible, resolution. Where such differences cannot be reconciled, then the report may proceed to the Audit Committee with an explanatory note of the differences. d) The Chair of the Audit Committee will meet with the Head of Internal Audit at least termly for review purposes and before meetings of the Audit Committee at their discretion. Review meetings with DMT sponsors will also be held termly. e) The Head of Internal Audit will have regular access to the School Secretary to whom he/she reports, and to the Chief Financial Officer for problem resolution and review of audits. 4. Fieldwork a) Fieldwork generally comprises of interviews with relevant stakeholders, file and transaction review and data analysis, although workshops, questionnaires and other lines of enquiry may be appropriate depending on the topic under investigation. b) Fieldwork will end with a wash-up meeting where Internal Audit will outline the main findings to management and seek early confirmation of the likely response. Internal Audit will endeavour to provide a bullet pointed agenda outlining the key issues for discussion. A complete draft report is not available at this stage since this is the opportunity to determine Page 2 of 6 Internal Audit Procedures Dec.docInternal Audit procedures Dec

the need for additional evidence, or to clarify interpretation of information provided. The sponsor may wish to attend this meeting but it should not be unduly delayed because of heavy diary commitments. At this point, the discussion is open and honest and gives the audited area the opportunity to voice any concerns they may have about the findings and the possible recommendations. This is a dialogue and offers the opportunity to determine whether additional evidence is readily available that might alter the opinion of the auditors. c) Where Internal Audit already has a draft report ready, at this stage they may provide this in written form to stimulate discussion at the wash up meeting. This is less likely where audit work has been more difficult or where time pressures are particularly tight. 5. Reporting a) Internal Audits will result in a written report to management with recommendations for improvement, where appropriate, and may also be accompanied by workshops, presentations or ongoing self-assessment tools. b) At each meeting, the Audit Committee will receive a report on progress with the Internal Audit plan and each sponsor will get a regular report from Internal Audit about progress with their reports. c) Each Internal Audit report for Audit Committee should have a summary of key points. 6. Draft reports. 6.1 Basic Process (see flow chart for detailed process) Draft Report for discussion Opp to meet further with IA (may result in revised draft) Management Responses Final Report Sign Off & send to A.C a) Closing meetings are held with the operational lead in order to feedback on the initial findings, and give audited areas the opportunity to respond to these findings and to explain, clarify or even offer additional evidence if they want to. This helps ensure there are no surprises at the report stage. b) If the sponsor is unable to attend the meeting, he/she should nominate a trusted deputy with authority to act on his/her behalf and who will keep the sponsor fully informed of progress. c) The draft report for discussion will be issued to the operational lead and copied into the sponsor and other involved managers. At this stage, an additional discussion meeting may be appropriate at which the sponsor can seek clarification from, or express disagreement with, Internal Audit on the findings as well as clarification from his/her managers as to what the appropriate response will be; this includes actions to be taken, the named individuals responsible for each action and a timetable for completion of remedial action. This meeting, if required, should take place within two weeks of the issue of the draft report. d) All reports will contain, as a minimum, an explanation of the context of the audit, and the findings in terms of controls and compliance and the level of assurance the Internal Auditor gives on the basis of the audit activity carried out. In addition, there may be Page 3 of 6 Internal Audit Procedures Dec.docInternal Audit procedures Dec

recommendations and observations on general improvement or opportunities to enhance Value for Money. e) Where the report contains recommendations, there is a requirement for management to respond. The management response should include whether or not the recommendations are accepted and what actions will be taken to address the concerns raised, by whom and by when. This response should be provided within four weeks of issue of the draft for discussion (or if applicable the revised draft). 6.2 Management Responses a) Where there are recommendations, there is a requirement for management to respond. The management response should include whether or not the recommendations are accepted and what actions will be taken to address the concerns raised. This response should be provided as soon as possible and, in any case, within four weeks of issue. If it becomes clear that it is not possible to meet this timetable, the operational lead should notify Internal Audit of which recommendations are causing difficulty and provide a holding reply. This might take the form of noting that some areas are too complex for a rapid response and a full reply will be offered later (with a given deadline). b) The responses to the draft report and the action plan should be submitted to Internal Audit within four weeks of being issued. This MUST contain management responses that have been cleared in advance with the sponsor. It is the responsibility of the operational lead to clear all management responses with the sponsor and with other managers in the area. Internal Audit will not be responsible for the internal communication processes of the audited area. It is at this stage that factual accuracy must be checked if it has not already been addressed as a result of the closing meeting. If this stage is not completed in due time the Head of Internal Audit will raise the matter with the DMT level sponsor. c) Management responses should include as a bare minimum: Management s agreement with the recommendation (or reasons they do not agree); where recommendations are agreed, the actions that management will take to implement the recommendations and mitigate the identified risk; the name and role of the person(s) responsible for implementing the recommendations; and the date by which the actions will have been taken. d) Sponsors cannot legitimately agree to recommendations that involve changes being made to other areas that are not under their remit, such as the Finance Division or Human Resources. Therefore, these areas should be consulted separately. 7. Final reports and Sign-off a) Internal Audit will issue a final report which incorporates any agreed amendments arising out of the meetings, the draft report and the consolidated management responses. The Head of Internal Audit is responsible for the quality of the report s recommendations as well as being satisfied that the investigation has been suitably thorough. Any officer of the School who thinks they have reason to believe that the recommendations or the investigation are insufficiently robust has a duty to inform the Head of Internal Audit in good time so that these concerns can be considered and dealt with in a timely manner. b) The sponsor will be asked to formally confirm within seven working days that they are satisfied with the report. Page 4 of 6 Internal Audit Procedures Dec.docInternal Audit procedures Dec

c) Upon receipt of clearance from the sponsor, the report will then be considered agreed and signed off and will subsequently be supplied to the Audit Committee for their consideration at the next suitable committee meeting. d) If, after one month from the issue of the draft report, the sponsor / management and Internal Audit are unable to come to agreement on the content of a report, the report will be issued as an Un-agreed Report and the Audit Committee and senior management will be made aware that it contains Internal Audit findings, opinions or recommendations with which management disagrees. This should be a rare occurrence. The Audit Committee will be provided with reasons for cases of this kind. e) Final Reports will be circulated to: the Operational Lead; the Sponsor; the School Secretary; the Chief Financial Officer; other related individuals as necessary e.g. where recommendations impact on other service areas or divisions (such as Finance); and members of the Audit Committee (in full or in summary as necessary). f) Where appropriate the Audit Committee will decide on the nature and location of any additional follow up work arising out of a particular report. 8. Audit Committee a) Audit reports are part of the School s cycle of accountability and are presented to the Audit Committee. Reports have a shelf life and should go to Audit Committee as soon as possible. They should not be unduly delayed without good cause. The Committee receives a regular report on the status of all reports and has requested that they see all reports that are beyond the date for final completion at the next available meeting, regardless of their status, unless an exception has been agreed. 9. Follow up a) Audit is a circular activity and all recommendations will be subject to reporting and follow up in order to determine progress on implementing recommendations and to close the loop on managing any control weaknesses identified. The Audit Committee will receive regular reports on progress made in each area by Internal Audit and by the relevant managers. b) It is for the relevant manager and sponsor to ensure that actions in support of, or arising from, the agreed Audit are carried out effectively. 10. Assignment progress monitoring a) Internal Audit will keep a log of the progress on each audit assignment, including status and expected dates for completion of each stage. This log will be reviewed with the Secretary and Director of Administration and the Director of Finance and Facilities on a regular basis and will also form the basis of interim updates to the Audit Committee. Page 5 of 6 Internal Audit Procedures Dec.docInternal Audit procedures Dec

Draft Internal Audit Process Flowchart HOIA notifies department/service area of upcoming audit HOIA identifies audit sponsor (DMT to nominate audit sponsor in cases where this is not easily identifiable) HOIA to meet with audit sponsor to discuss reasons for audit, any concerns either party may have, nomination of operational lead Set terms of reference for audit including proposed timetable and the individuals likely to be involved (usually sent to sponsor, operational lead and relevant officers 2 weeks before start of audit) HOIA/BDO conduct fieldwork Clearance meeting (operational lead, relevant officers and audit sponsor, if necessary) Draft report for discussion Responses to the draft report should be submitted to the Head of Internal Audit within 4 weeks of being issued. Must contain management responses cleared by the sponsor. In the event of disagreement with findings, an additional meeting may be required with the sponsor s). Agree HOIA and management (operational lead with input from audit sponsor if necessary) agree audit findings, management response and action plan HOIA finalises report Agree Disagree Convene further meeting between HOIA, sponsor, operational lead and relevant officers to determine areas where consensus can be achieved and areas of dispute (Usually within 2 weeks of issue of draft report) Sponsor is given 7 working days to confirm whether they have any issues with the report Report agreed Audit report reported to Audit Committee Disagreement If after 2 month from commencement of audit the sponsor/ management and Internal Audit are unable to come to agreement on the report, it will be issued as disagreed report. The Audit Committee and Senior Management will be made aware that it contains Internal Audit recommendations on which Management disagree. Page 6 of 6 Progress on implementation of actions reported to Audit Committee Internal Audit Procedures Dec.docInternal Audit procedures Dec

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information