Support for Councils and Clerks

NALC is committed to providing a high-quality internal audit service which aims to assist local councils to maintain and improve internal controls in accordance with proper practices as set out in the Accounts and Audit Regulations.

Internal audit objectives and responsibilities

The primary objective of internal audit is to review, appraise and report upon the adequacy of internal control systems operating throughout the council, and to achieve this will adopt a predominantly systems-based approach to audit.

The council’s internal control system comprises the whole network of systems established within the council to provide reasonable assurance that the council’s objectives will be achieved, with reference to:

  • the effectiveness of operations
  • the economic and efficient use of resources
  • compliance with applicable policies, procedures, laws and regulations
  • the safeguarding of assets and interests from losses of all kinds, including those arising
  • from fraud, irregularity and corruption
  • the integrity and reliability of information, accounts and data

Accordingly, in the conduct of planned audits internal audit may:

  • carry out a selective assessment of compliance with relevant procedures and controls expected to be in operation during the financial year to be able to complete the Annual Internal Audit Report (AIAR) section of the Annual Governance and Accountability Return (AGAR)
  • review the reliability and integrity of financial information and the means used to identify, measure, classify and report such information
  • review the means of safeguarding assets and, as appropriate, verify the existence of such assets
  • appraise the economy and efficiency with which resources are employed, identify opportunities to improve performance and recommend solutions to problems
  • review the established systems to ensure compliance with those policies, procedures, laws and regulations which could have a significant impact on operations, and determine whether the council complies
  • review the operations and activities to ascertain whether results are consistent with objectives and whether they are being carried out as planned

The scope of the internal audit activity

There are no limitations on internal audit’s scope of activities. The scope of internal audit allows for unrestricted coverage of the council’s activities, including both financial and non-financial systems of internal control.


The main determinant of the effectiveness of internal audit is that it is seen to be independent in its planning and operation. To ensure this, internal audit will operate within a framework that allows:

  • unrestricted access to the officers of the council
  • reporting in its own name
  • segregation from the day to day operations of the council

Every effort will be made to preserve objectivity by ensuring that all internal auditors are free from any conflicts of interest and do not undertake any non-audit duties on behalf of the council.

Rights of access

There are no limitations on internal audit’s access to records. Internal auditors have the authority to:

  • access council premises at reasonable times agreed in advance
  • access all assets, records, documents, correspondence and control systems
  • receive any information and explanation considered necessary concerning any matter under consideration
  • require any employee to the council to account for cash, stores or any other council asset under his/her control
  • access records belonging to third parties, such as contractors when required

The council’s responsibilities

The Responsible Financial Officer and Proper Officer have clearly defined responsibilities for risk management, internal control, internal audit and preventing fraud and corruption.

The existence of internal audit does not diminish the responsibility of the council to establish systems of internal control to ensure that activities are conducted in a secure and well-ordered manner. Please be aware that if the council are late reporting for the present year, the council will fail the public rights test on the AGAR for the following year.


The internal auditor will formally report the results of audits and the recommendations made to the council and will follow up at subsequent internal audits to make sure that corrective actions are taken.

Data Protection

This internal audit offer is an additional service provided by NALC as described in our published privacy notice available on our website here. When booking this service you are providing consent to proceed. The delivery of the internal audit service involves the handling of some personal data supplied by the member council. For the purposes of data protection legislation NALC is the data controller and the internal auditor is the data processor. NALC and internal auditors, whilst separate entities, work in partnership to deliver a service that seeks to support and improve local councils. NALC and the internal auditor have entered into a data sharing agreement as part of their terms of engagement.

Audit procedure

Upon booking, NALC will provide the clerk with a link to a dedicated  folder on our shared secure Microsoft 365 OneDrive. Council papers and the completed customer information and guidance sheet must be uploaded to the dedicated folder. You can upload the information in an electronic format or be available to view on the council’s website. Electronic documents supplied shall be stored securely on NALC’s secure Microsoft 365 OneDrive and will be removed following completion of the audit. NALC will inform you of the internal auditor that will carry out the internal audit.

When allocated the internal auditor shall:

  • process the documents in line with NALC’s policies and procedures
  • raise queries or points of clarification as soon as possible direct with you
  • aim to complete the audit and upload the report to the allocated council folder on NALC’s secure Microsoft 365 OneDrive within 10-15 working days.

On receipt of the report we will provide a link to an electronic copy together with a signed copy of the AIAR (page 4 of the AGAR) which can be downloaded. This will be sent to both the chairperson and clerk/RFO/lead officer.

Going forward we would expect two visits (on-Line or via email) one in September/October looking at Governance and starting the audit trail and then one in April/May/June to check any governance issues have been achieved, finish audit trial. Undertake Internal Audit Report and sign off the Internal Auditor part of the AGAR.