Purpose
The Internal Audit Division assists the Court of Directors and Executive Management in protecting the Bank's assets, reputation and sustainability. It does this by independently and objectively evaluating the effectiveness of internal controls, risk management and governance processes. As part of this assurance, Internal Audit provides advice, insight and foresight, and recommends cost-effective improvements, including efficiencies, which are agreed with management and tracked until implementation.
Independence
Internal Audit is independent of the day-to-day business of the Bank. Internal Audit staff assume no operational responsibilities and will not review a business area or function in which they have had recent management or operational responsibility or are otherwise conflicted.
The Head of Internal Audit reports to the Chair of the Audit and Risk Committee. They have a dotted reporting line to the Executive Director, Risk, for administrative purposes. They have unhindered access to the Audit and Risk Committee and Executive Management, and meet periodically with the Chair of Court and the Governor.
Authority
Internal Audit derives its authority from Court, via the Audit and Risk Committee, and the Governor, with the support of Executive Management. It is authorised to examine the internal controls, risk management and governance arrangements in all areas of the Bank.
Internal Audit has full, free and unrestricted access to all Bank records, property and personnel, including where appropriate outsourced operations, within a reasonable period of making the request.
Resources
The headcount and other resources available to the Internal Audit Division will be determined annually by the Governors in consultation with the Head of Internal Audit, and subject to the approval of the Audit and Risk Committee.
Professional standards
Internal Audit is committed to adhering to the mandatory elements of the Global Internal Audit Standards, to the principles of Ethics and Professionalism therein and to the Public Sector Internal Auditor Standards published by HM Treasury.
Responsibilities
Internal Audit is required to:
- prepare and execute a risk-based audit plan, which is approved annually by the Audit and Risk Committee and Executive Management. It may also perform advisory services and special investigations (including in relation to fraud incidents, high-priority project/change activity or processes involving third-party suppliers), as directed by the Audit and Risk Committee, requested by Executive Management or determined by the Head of Internal Audit;
- identify, and agree with management, cost-effective opportunities to improve internal controls, risk management and governance processes. In circumstances where agreement with management cannot be reached the matter will be escalated to the Governor and, if still unresolved, full details will be reported to the Audit and Risk Committee;
- verify that such improvements are implemented within a reasonable timeframe;
- report the results of its audit work, including an opinion regarding the adequacy of the overall control environment in the area under review, to management;
- provide summaries of its work and performance in quarterly and annual reports to the Audit and Risk Committee;
- maintain frequent and open dialogue with management to maintain awareness of the key risk, control and governance issues facing the Bank;
- liaise closely with, and assess the effectiveness of, the other members of the Bank's three lines risk management model;
- co-ordinate and co-operate with the Bank's external auditors and, where applicable, the National Audit Office;
- provide assurance where required by applicable codes of conduct (such as BACS and CHAPS); and
- implement a quality assurance and improvement programme designed to evaluate conformance with professional standards, assess the efficiency and effectiveness of internal audit activity, and identify opportunities for improvement.
Approval
The Audit and Risk Committee will review and approve this charter annually. It was last approved on 20 March 2025.