Purpose
The Internal Audit Division assists the Court of Directors and Executive Management in protecting the Bank’s assets, reputation, and sustainability by independently and objectively evaluating the effectiveness of internal controls, risk management and governance processes. As part of this assurance Internal Audit recommends cost-effective improvements which are agreed with management and tracked until implementation.
Independence
Internal Audit is independent of the day-to-day business of the Bank. Internal Audit staff assume no operational responsibilities and will not review a business area or function in which they have had recent management or operational responsibility or are otherwise conflicted.
The Head of Internal Audit reports to the Chair of the Audit & Risk Committee and for administrative purposes has a dotted line to the Executive Director, Risk. The Head of Internal Audit has unhindered access to the Audit & Risk Committee and Executive Management, and meets periodically with the Chair of Court and the Governor.
Authority
Internal Audit derives its authority from Court, via the Audit & Risk Committee, and the Governor, with the support of Executive Management. Internal Audit is authorised to examine the internal controls, risk management and governance arrangements in all areas of the Bank.
Internal Audit has full, free and unrestricted access to all Bank records, property and personnel, including where appropriate outsourced operations, within a reasonable period of making the request.
Resources
The headcount and other resources available to the Internal Audit Division will be determined annually by the Governors in consultation with the Head of Internal Audit and subject to the approval of the Audit & Risk Committee.
Approval
This charter will be reviewed and approved annually by the Audit & Risk Committee. It was last approved on 22 November 2023.
Responsibilities
Internal Audit is required to:
- prepare and execute a risk based audit plan which is approved annually by the Audit & Risk Committee and Executive Management. It may also perform special investigations and ad hoc reviews (including in relation to fraud incidents, high priority project/change activity, or processes involving 3rd party suppliers), as directed by the Audit & Risk Committee, requested by Executive Management, or determined by the Head of Internal Audit;
- identify, and agree with management, cost-effective opportunities to improve internal controls, risk management and governance processes. In circumstances where agreement with management cannot be reached the matter will be escalated to the Governor and, if still unresolved, full details will be reported to the Audit & Risk Committee;
- verify that such improvements are implemented within a reasonable timeframe;
- report the results of its audit work, including an opinion regarding the adequacy of the overall control environment in the area under review, to management;
- provide summaries of its work and performance in quarterly and annual reports to the Audit & Risk Committee;
- maintain frequent and open dialogue with management to maintain awareness of the key risk, control and governance issues facing the Bank;
- liaise closely with, and assess the effectiveness of, the other members of the Bank’s three lines risk management model;
- coordinate and cooperate with the Bank’s external auditors and, where applicable, the National Audit Office;
- provide assurance where required by applicable codes of conduct (such as BACS and CHAPS);
- conduct its work in accordance with applicable professional standards including those published by the Institute of Internal Auditors and HM Treasury; and
- implement a quality assurance and improvement programme designed to evaluate conformance with professional standards, assess the efficiency and effectiveness of internal audit activity and identify opportunities for improvement.