You are here:
Audit committee: choosing the best approach to internal scrutiny
Your trust has 4 options for who carries out your internal scrutiny. Assess the options and choose the best one for you, and learn how to evaluate them at the end.
What is meant by internal scrutiny
Internal scrutiny is the process of checking that your your financial (and other) controls and risk management procedures are effective. According to the academies financial handbook, this should cover:
- Evaluating whether your financial and other controls are compliant and suitable - checks include whether procedures are well designed, and whether they've been followed (by checking transactions)
- Advice to the board on how to address weaknesses in your controls and procedures
- Making sure all categories of risk are adequately identified, reported on and managed
As an audit committee, your role is to oversee the person or people who carry out this work. However, you won't do this work yourself. You'll set the programme of work they follow, and receive reports. You must also agree who will perform the work.
There are different approaches you can take as a trust, which we've set out below.
The options you can choose between
There are 4 options for how your trust can deliver internal scrutiny (you can also use a combination of the following):
- Employing an in-house internal auditor
- Buying in an internal audit service (either by the same auditors as performs your external audit, or a different audit firm)
- Appointing a non-employed trustee to do the role
- A peer review from a CFO or other finance member of staff from another trust
If you choose an internal audit service
Whether employing someone in-house or buying the service in, they should be members of a 'relevant professional body'. Examples given in ESFA guidance on the options are:
- The Charted Institute of Internal Auditors
- Another accountancy institute that are members of the Consultative Committee of Accountancy Bodies
- Another accountancy institute that are members of the Chartered Institute of Management Accountants
Mention of them here doesn't constitute endorsement of any one body in particular by us.
If you choose a non-employed trustee or peer reviewer
They should have qualifications in finance, accounting or audit, and "appropriate internal audit experience". Membership of any of the bodies mentioned above would cover this, but it can also be someone who has another finance or business qualification.
There's not a checklist of qualifications they can have to be qualified for this, it's about you being satisfied that they have appropriate experience and a good standard of financial management. If you do go for a peer review, you should minute the basis for the decision.
Factors for making the choice
Generally speaking, size and complexity will be the biggest influence on what you choose. Larger trusts will probably need to go for one of the internal audit services, rather than trustee or peer review (though there's no set size where this becomes the case).
The ESFA has a table of potential pros and cons for each, but to summarise:
- In-house or bought-in internal audit services will be underpinned by professional standards and ethics, and mean external auditors can place better reliance on their work - but these will bring costs and potential conflicts of interest or independence
- Trustee or peer reviews have no costs, and potentially better insight into your trust (or academy trust processes more generally), but can lack the same rigour and be more time consuming. There's also a potential lack of independence here, too, if you go for the trustee route
Where the cost may be worth it
Though the trustee or peer review options are low cost, they aren't necessarily the best value if they take more time or don't provide the scrutiny you need. The ESFA suggest thinking about the following as factors that make investment in in-house or bought-in internal audit worthwhile:
- The scale, diversity and complexity of your activities
- Your number of employees - as this number increases, so does the likelihood you'll need one of the paid-for audit services
- Changes to how you operate - if your structure, systems or processes change, you're more likely to need internal audit services
- The nature of your risks, and if they change (or if new ones emerge)
- An increasing number of "unexplained or unacceptable" events
Reviewing your approach
You must keep your chosen approach under review - particularly if you change in size, complexity or risk profile. The following resources can help you review the performance of your chosen approach, to inform your decision going forward.
The Chartered Institute of Internal Auditors has a questionnaire for evaluating the effectiveness of internal audit - see annex 4 of their guidance linked to here (click the 'Download this guidance as a PDF link')
HM treasury has a framework for assessing the quality of internal audit services. You might not find that every section applies, as it isn't trust specific, but will give you a good steer on the types of questions you can ask to review the performance (the questionnaire in chapter 5, on impact, may be particularly useful for trusts). You can download it here.
The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides.