ESB Internal Audit Charter
As ESB, we subscribe to best practice corporate governance. Board members' responsibility statements and associated governance statements by senior management are supported by regular management reporting, formal risk management, financial control review and by the work of Group Internal Audit.
It is the policy of the Board of ESB to have and support a Group Internal Audit (GIA) function that operates to best international standards. GIA is an independent, objective assurance and consulting function charged with reviewing company activities across all areas within ESB Group, as a service to the Board and management.
GIA helps the organisation accomplish its objectives by examining and reporting on the management of risk, the adequacy of internal control and governance processes, and on the achievement of proper, efficient, effective and economic use of resources.
Scope and Authority of the GIA
Group Internal Audit (GIA) derives its authority from the Board through the Board Audit and Risk Committee and the Chief Executive. The Group Internal Auditor reports functionally to the Audit and Risk Committee of the Board and administratively to the Deputy Chief Executive of ESB.
GIA meets regularly with the Deputy Chief Executive to discuss all audits. It operates with independence and authority in relation to audits carried out and has unrestricted access to the Chairman, the Chief Executive and the Chairman of the Audit and Risk Committee.
GIA is authorised to examine any of the activities of ESB, its subsidiaries and associated companies, and has unrestricted access to all records, assets and personnel necessary to discharge its responsibilities.
ESB Management Responsibilities
It is management's responsibility to manage risk, maintain effective controls and implement audit agreed actions in a timely manner. Managers will proactively interface with auditors, respond to draft reports in accordance with agreed procedures and agree actions and timescales to rectify control weaknesses identified.
Management has the primary responsibility for prevention of fraud and for detecting and dealing with any fraud that may occur. Formal reporting of suspected fraud should comply with ESB Group Policy on fraud and other unlawful activities.
ESB Group Internal Audit’s Responsibilities
GIA discharges its responsibilities by critically reviewing on a risk focused basis:
- Compliance with objectives, policies, plans and procedures;
- Compliance with external legislation and regulation;
- That value for money is obtained across all activities.
- The reliability and integrity of internal financial and other controls and of management information;
- Controls to ensure risks are effectively identified and managed and that the Group's assets and interests are properly accounted for and safeguarded. This includes ensuring that the audit programme and methodology takes due account of the possibility of fraud and fully investigating any fraud or suspected fraud.
GIA may place reliance on local management controls or existing specialist or engineering audit within business units or the Corporate Centre, but in such instances will provide independent assurance to the Audit and Risk Committee that such measures are appropriate.
Professionalism and Independence of GIA
GIA conducts its activities in conformance with the International Standards for Professional Practice of Internal Auditing, and is subject to an external assessment at least every five years.
To preserve its independence and objectivity, GIA will not assume operating responsibilities and will remain independent of activities it audits. Without prejudice to its independence, it may selectively conduct consulting activities and advise management accordingly.
The Group Internal Auditor ensures that confidentiality and adherence to regulatory requirements is maintained over audit reports and all information and records obtained in carrying out audits.
Planning and Reporting and GIA
Following consultation with Executive Directors and review of risk analysis reports, the Group Internal Auditor agrees a risk based annual audit plan with the Chief Executive prior to approval by the Audit and Risk Committee.
The Group Internal Auditor reports quarterly and as requested to the Audit and Risk Committee, Chief Executive, Deputy Chief Executive and Group Finance Director. Final Audit Reports are issued to the manager(s) concerned, the relevant directors and to the Chief Executive/Deputy Chief Executive.
GIA will follow up on implementation of audit recommendations and report any significant non implementation to management and the Audit and Risk Committee. GIA is given the multi-disciplinary resources it requires to adequately discharge its responsibilities, including external specialist resources. In general, audit staff will have a primary degree or professional qualification.
GIA is a vehicle for the development of staff with managerial potential. Business Line Management will provide support in the rotation of suitable staff into and out of the area.