Internal audit and assurance: further information
Further information on the Directorate for Internal Audit and Assurance.
Overview
The Directorate for Internal Audit and Assurance sits within the Director General Scottish Exchequer portfolio. We are independent from other functions and report directly to:
-
the Permanent Secretary
-
the Chair and Members of the Scottish Government Audit and Assurance Committee (SGAAC)
-
the Audit and Risk Committees of those organisations for which we provide an Internal Audit Service
-
Accountable Officers of public bodies to which we provide a service
Our aim is to give the right assurance and advice, at the right time. Supporting our partners to continuously improve the delivery of services in Scotland. Wherever appropriate we work in an integrated way across our functions to provide a tailored service to clients.
Who we work with
Each of our teams has a different remit and group of service clients.
What we offer
Portfolio, Programme and Project Assurance Hub
Services: We arrange and manage Independent Assurance Reviews for investments assessed by the Senior Responsible Owner as high-risk.
Clients: Scottish public bodies covered by the Scottish Public Finance Manual.
Contact: PPPAssurance@gov.scot
Digital Assurance Office
Services: We manage the Technology Assurance Framework (TAF) which is mandated for digitally enabled projects. Our engagement managers provide advice to Senior Responsible Owners and project teams to support successful delivery outcomes. We provide independent assurance of major digital projects throughout the project lifecycle and assess new or transformed digital services for compliance with the Digital Scotland Service Standard.
Clients: Scottish Government and other Central Government public bodies (excluding health bodies).
Contact: DigitalAssurance@gov.scot
Internal audit
Services: We agree risk-based internal audit plans, designed to add value and improve clients’ operations. We support clients to accomplish their objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. We head up, promote and support the internal audit profession in the Scottish Government.
Clients: Scottish Government, Executive Agencies and Non-Ministerial Offices.
Contact: DIAABusinessSupportHub@gov.scot
Counter fraud
Services: We help teams to conduct strategic fraud risk analysis, fraud risk assessments and developing counter fraud policy and practice. We work with key partners to provide expertise and independent assurance on the strategic and operational management of fraud risk, and response to fraud. We also lead, promote and support the Counter Fraud profession within Scottish Government.
Clients: Scottish Government
Contact: counterfraudmailbox@gov.scot
Data Protection Officer
Services: The Data Protection Officer provides staff across government with advice and assurance in how they handle and protect data. They do this by working closely with the Information Assets and Data Protection branch.
Their role includes:
-
reviewing Data Protection Impact Assessments (DPIA)s
-
reviewing Data Protection Risk Assessments
-
responding to incidents and breaches
The DPO is also the point of contact for members of the public with data concerns and the Information Commissioner’s Office.
Clients: Scottish Government and Executive Agencies (excluding Accountant in Bankruptcy)
Contact: DataProtectionOfficer@gov.scot
Our principles
Our independent services are delivered in line with the following principles:
-
we are a ‘critical friend’, open, honest and transparent. Supportive to our clients and willing to challenge
-
we give reasoned advice that adds value and supports successful delivery
-
we work collaboratively to plan assurance so that it is delivered at the right time, proportionate and risk based
-
we’re accountable, efficient and effective in our performance and approach
-
we’re competent, professional, inclusive, skilled and knowledgeable
Contact
Email: contactus@gov.scot