THE INTERNAL AUDIT CHARTER

 To strengthen the organization’s ability to create, protect, and sustain value by providing the audit committee and management with independent, risk-based, and objective assurance, advice, insight, and foresight. 

Internal audit supports the organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. This is achieved by way of a risk-based plan of work, agreed with management and approved by the Audit Committee. A key output from the internal audit activity within the organisation is to provide the accountable officer with an objective evaluation of, and opinion on, the overall adequacy and effectiveness of the organisation’s framework of governance, risk management and control, and to do so in an economical, efficient and timely manner. This will be set out in the annual Head of Internal Audit Opinion.

This opinion will be based upon the core element of the Operational internal Audit Plan. This will clearly be described in the annual planning document presented to audit committee prior to the commencement of the financial year. The outcomes from additional assurance and advisory work identified within the internal audit plan, will be considered as part of the opinion, as will any relevant assurance from the previous year, the implementation of internal audit recommendations, and in exceptional circumstances any appropriate third-party assurance relied upon for this purpose. It may also take into account any specific consulting services undertaken by AuditOne. 

AuditOne will remain free of any conditions that threatens its ability to carry out activities in an unbiased manner. If it is felt that that our independence or objectivity is impaired in any way, details of the impairment will be disclosed to the appropriate parties and appropriate action taken to resolve the situation. 

The Associate Director Internal Audit will have direct access to both the Executive Team and Audit Committee Chair. This positioning provides the organisational authority and status to bring matters directly to senior management and escalate matters to the audit committee, when necessary, without interference and supports the internal auditors’ ability to maintain 

objectivity.   

The Associate Director Internal Audit will confirm to the Audit Committee, at least annually, the organisational independence of the internal audit function. If the governance structure does not support organisational independence, the Associate Director Internal Audit will document the characteristics of the governance structure limiting independence and any safeguards employed to achieve the principle of independence. The Associate Director Internal Audit will disclose to the Audit Committee any interference internal auditors encounter related to the scope, performance, or communication of internal audit work and results. The disclosure will include communicating the implications of such interference on the internal audit function’s effectiveness and ability to fulfil its mandate.

The Associate Director Internal Audit will ensure that the internal audit function remains free from all conditions that threaten the ability of internal auditors to carry out their responsibilities in an unbiased manner, including matters of engagement selection, scope, procedures, frequency, timing, and communication. If the Associate Director Internal Audit determines that objectivity may be impaired in fact or appearance, the details of the impairment will be disclosed to appropriate parties. 

The Associate Director Internal Audit will ensure that internal auditors:

• Conform with the Global Internal Audit Standards, including the principles of Ethics and Professionalism: integrity, objectivity, competency, due professional care, and 

                  confidentiality.

• Understand, respect, meet, and contribute to the legitimate and ethical expectations of the client organisation and be able to recognize conduct that is contrary to      those expectations.
• Encourage and promote an ethics-based culture in AuditOne. 
• Report organisational behaviour that is inconsistent with the organisation’s ethical expectations, as described in applicable policies and procedures.

Members of the AuditOne team will maintain an unbiased mental attitude that allows them to perform engagements objectively such that they believe in their work product, do not compromise quality, and do not subordinate their judgment on audit matters to others, either in fact or appearance.

Members of the AuditOne team will have no direct operational responsibility or authority over any of the activities they review. Accordingly, they will not implement internal controls, develop procedures, install systems, or engage in other activities that may impair their judgment, including:

• Assessing specific operations for which they had responsibility within the previous 

                  year. 

• Performing operational duties for the client organisation or its affiliates.
• Initiating or approving transactions external to the internal audit function.
• Directing the activities of any client organisation employee that is not employed by AuditOne, except to the extent that such employees have been appropriately assigned to assist AuditOne.

Internal auditors will:

• Disclose impairments of independence or objectivity, in fact or appearance, to      AuditOne at least annually. 
• Exhibit professional objectivity in gathering, evaluating, and communicating     

                  information. 

• Make balanced assessments of all available and relevant facts and circumstances.
• Take necessary precautions to avoid conflicts of interest, bias, and undue influence.

AuditOne will develop, implement, and maintain a quality assurance and improvement program that covers all aspects of the internal audit function. The program will include external and internal assessments of the internal audit function’s conformance with the Global Internal Audit Standards, as well as performance measurement to assess the internal audit function’s progress toward the achievement of its objectives and promotion of continuous improvement. The program also will assess, if applicable, compliance with laws and/or regulations relevant to internal auditing. Also, if applicable, the assessment will include plans to address the internal audit function’s deficiencies and opportunities for improvement.

Annually, the Associate Director Internal Audit will communicate with the Audit Committee and senior management about the internal audit function’s quality assurance and improvement program, including the results of internal assessments (ongoing monitoring and periodic self-assessments) and external assessments. External assessments will be conducted at least once every five years by a qualified, independent assessor or assessment team from outside of AuditOne. 

AuditOne has the responsibility to:

• At least annually, develop a risk-based internal audit plan that considers the input of the Audit Committee and senior management. Discuss the plan with the Audit Committee and senior management and submit the plan to the Audit Committee for review and approval. 
• Communicate the impact of resource limitations (if applicable) on the internal audit plan to the Audit Committee and senior management.
• Review and adjust the internal audit plan, as necessary, in response to changes in the organisation’s business, risks, operations, programs, systems, and controls.
• Communicate with the Audit Committee and senior management if there are significant interim changes to the internal audit plan.
• Ensure internal audit engagements are performed, documented, and communicated in accordance with the Global Internal Audit Standards and laws and/or regulations.      
• Follow up on engagement findings and confirm the implementation of recommendations or action plans and communicate the results of internal audit services to the Audit Committee and senior management [periodically] and for each engagement as appropriate. 
• Ensure the internal audit function collectively possesses or obtains the knowledge,      skills, and other competencies and qualifications needed to meet the requirements of the Global Internal Audit Standards and fulfil the internal audit mandate.
• Identify and consider trends and emerging issues that could impact the organisation     and communicate to the Audit Committee and senior management as appropriate.
• Consider emerging trends and successful practices in internal auditing.
• Establish and ensure adherence to methodologies designed to guide the internal audit function.
• Ensure adherence to organisation's relevant policies and procedures unless such      policies and procedures conflict with the internal audit charter or the Global Internal Audit Standards. Any such conflicts will be resolved or documented and communicated to the Audit Committee and senior management.
• Coordinate activities and consider relying upon the work of other internal and      external providers of assurance and advisory services. If the Associate Director Internal Audit cannot achieve an appropriate level of coordination, the issue must be communicated to senior management and if necessary escalated to the Audit Committee. 

The Associate Director Internal Audit will report to the Audit Committee and senior management regarding:

• The internal audit plan and performance relative to its plan.
• Significant revisions to the internal audit plan and budget. 
• Potential impairments to independence, including relevant disclosures as applicable.      
• Results from the quality assurance and improvement program, which include the      internal audit function’s conformance with The IIA’s Global Internal Audit Standards and action plans to address the internal audit function’s  deficiencies and opportunities for improvement.
• Significant risk exposures and control issues, including fraud risks, governance      issues, and other areas of focus for the Audit Committee that could interfere with the achievement of organisation's strategic objectives.
• Results of assurance and advisory services.
• Management’s responses to risk that the internal audit function determines may be      unacceptable or acceptance of a risk that is beyond the organisation’s risk appetite. 

The scope of internal audit services covers the entire breadth of the organisation, including all of the organisation’s activities, assets, and personnel.

The scope of internal audit activities also encompasses but is not limited to objective examinations of evidence to provide independent assurance and advisory services to the Audit Committee and management on the adequacy and effectiveness of governance, risk management, and control processes for the organisation. 

The nature and scope of advisory services may be agreed with the party requesting the service, provided AuditOne does not assume management responsibility. Opportunities for improving the efficiency of governance, risk management, and control processes may be identified during advisory engagements. These opportunities will be communicated to the appropriate level of management.

Internal audit engagements may include evaluating whether: 

• Risks relating to the achievement of the organisations strategic objectives are      appropriately identified and managed.
• The actions of the organisation’s officers, directors, management, employees, and      contractors or other relevant parties comply with the organisation's  policies,      procedures, and applicable laws, regulations, and governance standards.
• The results of operations and programs are consistent with established goals and objectives.
• Operations and programs are being carried out effectively, efficiently, ethically, and equitably.
• Established processes and systems enable compliance with the policies, procedures,      laws, and regulations that could significantly impact on the organisation. 
• The integrity of information and the means used to identify, measure, analyze,      classify, and report such information is reliable.
• Resources and assets are acquired economically, used efficiently and sustainably,      and protected adequately.

Internal audit does not replace or reduce management’s responsibility for maintaining adequate and effective systems of control. Throughout the year an update will be provided, via the regular audit committee progress report, on any issues that could impact on the year end opinion. There are inherent limitations in any system of internal control and thus errors or irregularities may occur and not be detected by internal audit work. The following limitations apply:

• Internal controls can only provide reasonable and not absolute assurance against misstatement or loss. Additionally, no assurance can be provided that the internal controls will continue to operate effectively in future periods or that the controls will be adequate to mitigate all significant risks that may arise in future.
• The responsibility for a sound system of internal controls rests with management and work performed by internal audit should not be relied upon to identify all strengths and weaknesses that may exist. Neither should internal audit work be relied upon to identify all circumstances of fraud or irregularity, should there be any, although the audit procedures have been designed so that any material irregularity has a reasonable probability of discovery.
• Managing the risk of fraud is the responsibility of management.
• Management are responsible for informing the Associate Director Internal Audit of any significant issue which may arise and be considered to be a weakness in, breach of or override of internal control.
• Reliance will be placed on management to provide internal audit with full access to staff and to accounting records and transactions and to ensure the authenticity of these documents.
• The matters raised in the audit reports will be only those that come to the attention of the auditor during the course of the internal audit reviews and are not necessarily a comprehensive statement of all the weaknesses that exist or all the improvements that might be made. The audit reports are prepared solely for management’s use and are not prepared for any other purpose.