Download original attachment
(PDF file)
This is an HTML version of an attachment to the Freedom of Information request 'Data Protection Act'.
INTERNAL AUDIT CHARTER 
Function  
1. 
Internal Audit is an independent review function that is responsible for 
providing an objective appraisal of all aspects of risk management and control 
throughout the GMC. Internal Audit provides a service to the Council and all levels of 
management. It is responsible for providing the Council, through its Audit Committee, 
with assurance on the arrangements for risk management and internal control.  
 
Independence 
 
2. 
Internal Audit is independent of the activities that it audits to ensure the 
unbiased judgements essential to its proper conduct and impartial advice to 
management. As such it has no executive role, nor any responsibility for the 
development, implementation or operation of systems. 
 
Role and Scope 
3. 
The role of Internal Audit is to understand the key risks of the GMC and to 
examine and evaluate the adequacy and effectiveness of the system of risk 
management and internal control as operated by the GMC. Internal Audit, therefore, 
has unrestricted access to all activities undertaken in the GMC, records, information 
and assets necessary to review, appraise and report on: 
 
a. 
The adequacy and effectiveness of the systems of financial, 
operational and management control and their operation in practice in relation 
to the business risks to be addressed. 
b. 
The extent of compliance with policies, standards, plans and 
procedures established by the Council and the extent of compliance with 
external laws and regulations, including reporting requirements of regulatory 
bodies. 
c. 
The extent to which assets and interests are acquired economically, 
accounted for and adequately safeguarded. 
d. 
The suitability, accuracy, reliability and integrity of financial and other 
management information and the means used to identify, measure, classify 
and report such information. 
e. 
The integrity of processes and systems, including those under 
development, to ensure that controls offer adequate protection against error, 
fraud and loss of all kinds; and that the processes align with the GMC’s 
strategic goals. 
f. 
The follow-up action taken to remedy weaknesses identified by Internal 
Audit review, ensuring that good practice is identified and communicated 
widely. 
g. 
The operation of the GMC’s corporate governance arrangements. 
Reporting 
4. 
Internal Audit reports regularly on the results of its work to the Audit 
Committee. The Head of Internal Audit is accountable to the Audit Committee for: 
 
a. 
Providing the Council, through its Audit Committee, with assurance on 
the arrangements for risk management and the system of internal control. 
b. 
Regular assessments of the adequacy and effectiveness of the GMC’s 
systems of risk management and internal control based on the work of 
Internal Audit. 
c. 
Reporting significant control issues and potential for improving risk 
management and control processes. 
d. 
Providing information on the status and results of the annual audit plan 
and the sufficiency of Internal Audit resources. 
Responsibility  
5. 
The Head of Internal Audit is responsible for: 
 
a. 
Developing and implementing an audit strategy and plan based on an 
understanding of the significant risks to which the GMC is exposed. 
b. 
Submitting the strategy and plan to the Audit Committee for review and 
agreement. 
c. 
Reporting to management the results of individual audit assignments.  
d. 
Maintaining a professional audit team with sufficient knowledge, skills 
and experience to deliver the plan. 
e. 
Ensuring internal audit work is performed with due professional care 
and in accordance with appropriate professional auditing practices and 
standards. 
f. 
Liaising with the external auditors to optimise the audit services 
provided to the GMC. 
 

Document Outline