Internal audit

We have a professional, independent and objective internal audit service. This represents a key element in our ability to meet the requirement of the Accounts and Audit Regulations 2015 that the council delivers good governance and reviews the effectiveness of the arrangements in place.

Our internal audit section is required to operate in compliance with CIPFA’s Public Sector Internal Audit Standards (PSIAS), which encompass the mandatory elements of the IIA’s International Professional Practices Framework (IPPF).

Internal audit reports to both senior management and to members, via the Audit and Governance Committee (A&GC). The committee approves the section’s audit plans and receives update reports at its quarterly meetings.

2021/2022 -  Internal Audit Plan 21_22.pdf [pdf] 265KB
2020/2021 -  Internal Audit Plan 20_21.pdf [pdf] 266KB
2019/2020 -  Internal Audit Plan 19_20.pdf [pdf] 492KB

In accordance with the standards, internal audit

You can contact internal audit by telephoning 01903 737561 or 01903 737559, or emailing 


Our published constitution includes:

  • terms of reference for the Audit and Governance Committee
  • financial procedure rules
  • standing orders for purchasing, procurement, contracts and disposals

Corporate governance

This is defined by CIPFA/SOLACE as:

How the local government bodies ensue that they are doing the right things, in the right way, for the right people, in a timely, inclusive, open, honest and accountable manner. It comprises the systems and processes, and cultures and values, by which local government bodies are directed and controlled and through which they account to, engage with and, where appropriate, lead their communities.

We have a Local Code of Corporate Governance 2022.docx [docx] 128KB which is updated annually. We are also required to prepare an annual governance statement to support our published accounts. 

External audit

The council is subject to annual review by its appointed external auditors. This review will primarily focus on our annual statement of accounts, but will also consider key controls in financial systems and the work undertaken by internal audit. Our current external auditors are Ernst & Young LLP.


The following Council documents are related to fraud:

Arun Anti-Fraud Corruption Policy 2019.pdf [pdf] 611KB

Anti Bribery Policy.pdf [pdf] 38KB

Fraud Response Plan 2017 [pdf] 29KB

Further information can be found on our Fraud page.

General Data Protection Regulation – ‘Lawful Basis’

The ‘lawful basis’ for the use of personal data by external audit (currently Ernst & Young LLP) and internal audit (currently a Council-employed on-site team) is contained in the following:-

  • Local Audit & Accountability Act 2014  (LAAA)
  • Accounts & Audit Regulations 2015  (Regulations)

Further information is contained in:  Lawful Basis.pdf [pdf] 66KB

Money laundering

The Council has a published Money Laundering Policy.pdf [pdf] 43K which is available to all staff.

Risk management

This may defined as:

The management of integrated or holistic business risk in a manner consistent with the virtues of economy, efficiency and effectiveness.  In essence, it is about making the most of opportunities (making the right decisions) and about achieving objectives once those decisions are made.  The latter is achieved through controlling, transferring and living with risks.

The following key documents have been approved by the Council's senior management and Audit & Governance Committee.

Risk management policy statement [pdf] 630KB

Strategic Risk Register 2021/22[pdf] 596KB


The Council has a published whistleblowing policy 2019.pdf [pdf] 337KB .  The policy is primarily aimed at staff, however, members of the public and contractors etc. may also wish to raise concerns using the contact information provided.