Internal audit

We have now joined the Southern Internal Audit Partnership (SIAP) for the provision of its internal audit service. This represents a key element in our ability to meet the requirement of the Accounts and Audit Regulations 2015 that the council delivers good governance and reviews the effectiveness of the arrangements in place.

Internal audit is required to operate in compliance with CIPFA’s Public Sector Internal Audit Standards (PSIAS), which encompass the mandatory elements of the IIA’s International Professional Practices Framework (IPPF).

Internal audit reports to both senior management and to members, via the Audit and Governance Committee (A&GC). The committee approves the internal audit charter, the annual audit plan and receives update reports at its meetings. These can be found as agenda items on our Committees webpage.

You can contact internal audit by emailing


The council has a published whistleblowing policy.  The policy is primarily aimed at staff, however, members of the public and contractors may also wish to raise concerns using the contact information provided.


Our published constitution includes:

  • terms of reference for the Audit and Governance Committee
  • financial procedure rules
  • standing orders for purchasing, procurement, contracts and disposals

General Data Protection Regulation – ‘Lawful Basis’

The ‘lawful basis’ for the use of personal data by external audit (currently Ernst & Young LLP) and internal audit (currently a council-employed on-site team) is contained in the following:-

  • Local Audit & Accountability Act 2014  (LAAA)
  • Accounts & Audit Regulations 2015  (Regulations)

Further information is contained in:  Lawful Basis [pdf] 66KB

Corporate governance

This is defined by CIPFA/SOLACE as:

How the local government bodies ensue that they are doing the right things, in the right way, for the right people, in a timely, inclusive, open, honest and accountable manner. It comprises the systems and processes, and cultures and values, by which local government bodies are directed and controlled and through which they account to, engage with and, where appropriate, lead their communities.

We have a Local Code of Corporate Governance [docx] 128KB which is updated annually. We are also required to prepare an annual governance statement to support our published accounts. 

External audit

The council is subject to annual review by its appointed external auditors. This review will primarily focus on our annual statement of accounts, but will also consider key controls in financial systems and the work undertaken by internal audit. Our current external auditors are Ernst & Young LLP.

Risk management

This may defined as:

The management of integrated or holistic business risk in a manner consistent with the virtues of economy, efficiency and effectiveness.  In essence, it is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made.  The latter is achieved through controlling, transferring and living with risks.

The following key documents have been approved by the council's senior management and Audit and Governance Committee.