PART 2Internal control

Responsibility for internal control3.

A relevant authority must ensure that it has a sound system of internal control which—

(a)

facilitates the effective exercise of its functions and the achievement of its aims and objectives;

(b)

ensures that the financial and operational management of the authority is effective; and

(c)

includes effective arrangements for the management of risk.

Accounting records and control systems4.

(1)

Subject to paragraphs (3) and (4), and, in so far as they are not in conflict with those paragraphs, to any instructions given by a relevant authority to its responsible financial officer, that officer must determine, on behalf of the authority—

(a)

the form of its accounting records and supporting records; and

(b)

its financial control systems.

(2)

The responsible financial officer for a relevant authority must ensure on behalf of that authority that the financial control systems determined by that officer in accordance with sub-paragraph (1)(b) are observed and that the accounting records of the authority are kept up to date.

(3)

The accounting records must, in particular, contain—

(a)

entries from day to day of all sums of money received and expended by the authority and the matters to which its income and expenditure or receipts and payments relate; and

(b)

a record of the assets and liabilities of the authority.

(4)

The financial control systems determined in accordance with paragraph (1)(b) must include–

(a)

measures—

(i)

to ensure that the financial transactions of the authority are recorded as soon as, and as accurately as, reasonably practicable;

(ii)

to enable the prevention and the detection of inaccuracies and fraud, and the reconstitution of any lost records; and

(iii)

to ensure that risk is appropriately managed;

(b)

identification of the duties of officers dealing with financial transactions and division of responsibilities of those officers.

Internal audit5.

(1)

A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.

(2)

Any officer or member of a relevant authority must, if required to do so for the purposes of the internal audit—

(a)

make available such documents and records; and

(b)

supply such information and explanations;

as are considered necessary by those conducting the internal audit.

(3)

In this regulation “documents and records” includes information recorded in an electronic form.

Review of internal control system6.

(1)

A relevant authority must, each financial year—

(a)

conduct a review of the effectiveness of the system of internal control required by regulation 3; and

(b)

prepare an annual governance statement;

(2)

If the relevant authority referred to in paragraph (1) is a Category 1 authority, following the review, it must—

(a)

consider the findings of the review required by paragraph (1)(a)—

(i)

by a committee; or

(ii)

by members of the authority meeting as a whole; and

(b)

approve the annual governance statement prepared in accordance with paragraph (1)(b) by resolution of—

(i)

a committee; or

(ii)

members of the authority meeting as a whole.

(3)

If the relevant authority referred to in paragraph (1) is a Category 2 authority, following the review it must—

(a)

consider the findings of the review by members of the authority meeting as a whole; and

(b)

approve the annual governance statement prepared in accordance with paragraph (1)(b) by resolution of members of the authority meeting as a whole.

(4)

The annual governance statement, referred to in paragraph (1)(b) must be—

(a)

approved in advance of the relevant authority approving the statement of accounts in accordance with regulations 9(2)(b) or 12(2)(b) (as the case may be); and

(b)

prepared in accordance with proper practices in relation to accounts M1.