We use cookies to collect anonymous data to help us improve your site browsing experience.

Click 'Accept all cookies' to agree to all cookies that collect anonymous data. To only allow the cookies that make the site work, click 'Use essential cookies only.' Visit 'Set cookie preferences' to control specific cookies.

Set cookie preferences

Your cookie preferences have been saved. You can change your cookie settings at any time.

Publication - Factsheet

Internal audit and assurance: further information

Last updated
21 February 2025 - see all updates
Directorate
Internal Audit and Assurance Directorate
Topic
Public sector

Further information on the Directorate for Internal Audit and Assurance.

Overview

The Directorate for Internal Audit and Assurance sits within the Director General Scottish Exchequer portfolio. We are independent from other functions and report directly to:   

  • the Permanent Secretary  

  • the Chair and Members of the Scottish Government Audit and Assurance Committee (SGAAC)  

  • the Audit and Risk Committees of those organisations for which we provide an Internal Audit Service  

  • Accountable Officers of public bodies to which we provide a service  

Our aim is to give the right assurance and advice, at the right time. Supporting our partners to continuously improve the delivery of services in Scotland. Wherever appropriate we work in an integrated way across our functions to provide a tailored service to clients.  

Who we work with  

Each of our teams has a different remit and group of service clients.  

What we offer   

Portfolio, Programme and Project Assurance Hub   

Services: We arrange and manage Independent Assurance Reviews for investments assessed by the Senior Responsible Owner as high-risk.   
Clients: Scottish public bodies covered by the Scottish Public Finance Manual.  

Contact: PPPAssurance@gov.scot   

Digital Assurance Office  

Services: We manage the Technology Assurance Framework (TAF) which is mandated for digitally enabled projects. Our engagement managers provide advice to Senior Responsible Owners and project teams to support successful delivery outcomes. We provide independent assurance of major digital projects throughout the project lifecycle and assess new or transformed digital services for compliance with the Digital Scotland Service Standard.  
Clients: Scottish Government and other Central Government public bodies (excluding health bodies).  
Contact: DigitalAssurance@gov.scot   

Internal audit  

Services: We agree risk-based internal audit plans, designed to add value and improve clients’ operations. We support clients to accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. We head up, promote and support the internal audit profession in the Scottish Government.  
Clients:  Scottish Government, Executive Agencies and Non-Ministerial Offices.  
Contact: DIAABusinessSupportHub@gov.scot   

Counter fraud   

Services: We help teams to conduct strategic fraud risk analysis, fraud risk assessments and developing counter fraud policy and practice. We work with key partners to provide expertise and independent assurance on the strategic and operational management of fraud risk, and response to fraud. We also lead, promote and support the Counter Fraud profession within Scottish Government.  
Clients: Scottish Government  
Contact: counterfraudmailbox@gov.scot   

Data Protection Officer   

Services: The Data Protection Officer provides staff across government with advice and assurance in how they handle and protect data. They do this by working closely with the Information Assets and Data Protection branch.   
Their role includes:   

  • reviewing Data Protection Impact Assessments (DPIA)s  

  • reviewing Data Protection Risk Assessments  

  • responding to incidents and breaches  

 The DPO is also the point of contact for members of the public with data concerns and the Information Commissioner’s Office.  
Clients: Scottish Government and Executive Agencies (excluding Accountant in Bankruptcy)   
Contact: DataProtectionOfficer@gov.scot   

Our principles  

Our independent services are delivered in line with the following principles:  

  • we are a ‘critical friend’, open, honest and transparent. Supportive to our clients and willing to challenge 

  • we give reasoned advice that adds value and supports successful delivery 

  • we work collaboratively to plan assurance so that it is delivered at the right time, proportionate and risk based 

  • we’re accountable, efficient and effective in our performance and approach  

  • we’re competent, professional, inclusive, skilled and knowledgeable 

Contact

Email: contactus@gov.scot

First published
12 November 2018
Last updated
21 February 2025 - show all updates

  1. More information added and format of content amended to include chapters.

  2. Content updated to reflect directorate purpose.

  3. Content reviewed for accuracy.

Back to top