Audit and Assurance committee handbook

Foreword

In the period since the Audit and Assurance Committee handbook was reviewed in 2018, we have experienced seismic changes in our operating and risk environment. We continue to adapt to the challenges arising from the global pandemic, the UK’s exit from the EU, cyber threats and geo-political events worldwide.

The Directorate of Internal Audit and Assurance (DIAA) was created in 2019 to provide a more integrated approach to assurance across the core Scottish Government and public bodies. DIAA now provides assurance, advice and insights from our Portfolio, Programme & Project Assurance (PPPA) Hub and Digital Assurance Office (DAO) as well as from our Data Protection Officer and Head of Counter Fraud Profession.

In this context, an effective Audit and Assurance Committee* is essential to a strong corporate governance culture within public and private sector organisations.

The role is a challenging one and needs strong, independent members with an appropriate range of skills and experience. It will benefit from a strong collaborative relationship with the organisation to ensure that the committee gets the support and information that it needs. The committee will also need to act as the conscience of the organisation. This means providing insight and strong constructive challenge where required, such as on risks arising from fiscal and resource constraints, cyber-attack and transformation programmes. It also means challenging the agility of the organisation to respond to emerging risks.

This revision of the Handbook** sets out the fundamental principles with explanatory good practice notes, relating to the role, membership and work of Audit and Assurance Committees in those organisations to which the Scottish Public Finance Manual is directly applicable. This includes the core Scottish Government and bodies sponsored by the Scottish Government such as Executive Agencies, Non Ministerial Departments, Non Departmental Public Bodies and Other Significant Bodies.

The Handbook emphasises the sources of assurance available to Audit and Assurance Committees in addition to internal and external audit. We encourage all organisations within the Scottish Government family to define their assurance needs, map their various sources of assurance and develop an integrated approach to assurance which will secure best value for the public purse and embed best practice principles within their organisation.

A degree of flexibility, pragmatism and proportionality will be needed in applying the guidance in this Handbook to individual organisations. For example, the use of the term "Board" referred to in chapter 4 should be interpreted in the context of the "On Board" Guidance (March 2017), which defines the differences between Statutory and Management Advisory Boards. Subject to these caveats, any significant non-compliance with the principles in this Handbook should be explained and reported in the annual Governance Statement.

We commend this Handbook to you.

John Paul Marks
Permanent Secretary

Sharon Fairweather
Director of Internal Audit and Assurance

* Alternatively referred to as the Audit Committee / Audit and Risk Committee / Audit and Risk Assurance Committee. For the purposes of this Handbook-the term Audit and Assurance Committee will be used in a generic context.

**The Scottish Government Audit and Assurance Committee Handbook draws on, and is consistent with, generally accepted principles concerning corporate governance and the role of audit and assurance committees. Relevant source publications include:

• HM Treasury: Audit and Risk Assurance Committee Handbook (March 2016)
• HM Treasury: Corporate Governance in Central Government Departments: Code of Good Practice (July 2011)
• OPM and CIPFA: Good Governance Standard for Public Services (2005)
• Financial Reporting Council: The UK Corporate Governance Code (April 2016)
• Scottish Public Finance Manual
• On Board: A Guide for Members of Statutory Boards in Scotland (March 2017)
• On Board: A Guide for Members of Management Advisory Boards (March 2017)