Policies & Guidelines
RTÉ Internal Audit Charter
The Board of RTÉ attaches a high priority to the establishment and maintenance of a strong control environment in all areas of its business, the objectives of which are to ensure:
- the accomplishment of business objectives and goals;
- compliance with policies, procedures, laws and regulations;
- the safeguarding of assets;
- the reliability and integrity of information, including financial information; and the economical and efficient use of resources.
This responsibility is reinforced by the requirement for the Chairman to formally report to the Minister for Communications, Energy and National Resources on the systems of internal financial control and related matters, pursuant to Section 13.1 of the Code of Practice for the Governance of State Bodies.
Executive management is responsible for the implementation, operation and monitoring of the control environment on a daily basis.
Internal Audit has a key role to play in the control environment by providing independent assurance on the continued appropriateness and effectiveness of controls. It is the policy of the Board of RTÉ to support and develop an Internal Audit function and to provide it with the multidisciplinary resources it requires to adequately discharge its responsibilities and to operate to best practice standards.
To assist Internal Audit in discharging its role, the Board of RTÉ envisages that all levels of management will:
- keep Internal Audit informed of significant strategic and operational changes and developments affecting the business;
- advise Internal Audit where internal control has been compromised or broken down; and
- co-operate fully at all times with the Internal Audit process.
From time to time, members of the Audit and Risk Committee will carry out an independent assessment of the performance of Internal Audit in this regard.
The Internal Audit Charter will be reviewed and updated periodically.
Internal Audit's mission is to support RTÉ in achieving its strategic objectives by:
- providing independent and objective assurance to the Board of RTÉ and to Executive management that effective systems and control are in place to manage all significant risks identified by management;
- providing assurance to the Board of RTÉ and to Executive management on the appropriateness and effectiveness of the "day to day? controls put in place by operational management to ensure that routine transactions are processed and recorded correctly;
- supporting operational management by providing best practice advice on risks and controls; and
- assisting the organisation in fulfilling its Corporate Governance responsibilities.
Role and objective
Internal Audit is an independent and objective assurance and consulting function. It is charged with bringing a systematic and disciplined approach to evaluating and improving the effectiveness of risk management, control and governance processes within RTÉ as a service to the Board of RTÉ and all levels of management.
It is management's responsibility to manage risk and maintain effective controls. The objective of Internal Audit is to provide reasonable assurance to both the Board of RTÉ and to management that the organisation's significant risks are being appropriately managed.
This is achieved by appraising the organisation?s risk identification and risk management processes and by recommending improvements, where appropriate.
Executive management has primary responsibility for the prevention of fraud and for detecting and dealing with any fraud that may occur. The Head of Internal Audit has responsibility for ensuring that audit work takes due account of the possibility of the occurrence of fraud and for investigating actual or suspected fraud incidents.
Internal Audit is provided with authorisation from the Board of RTÉ to carry out its activities. This authorisation allows Internal Audit full, free and unrestricted access to all the functions, records, assets, property and personnel necessary for the proper discharge of its responsibilities. No operational areas or levels within the organisation are precluded from Internal Audit review.
The Head of Internal Audit reports to the Director-General and is directly accountable to the Audit and Risk Committee. S/he will also have access to the Chairman of the Board of RTÉ should matters of a serious nature arise.The Audit and Risk Committee will define the function of Internal Audit, in consultation with the Head of Internal Audit, and will approve the programme of work undertaken by Internal Audit staff.
In order to achieve its objective, the scope of Internal Audit's remit extends to every aspect of business activity across the organisation, other than those matters specified below. The frequency of review will reflect the varying levels of potential risk attaching to different activities. The deployment of resources, which will be in accordance with plans agreed with the Audit and Risk Committee, will be weighted towards determining the efficiency and effectiveness of the systems of control.
As Board oversight of editorial matters is carried out by the Editorial and Creative Output Committee and not by the Audit and Risk Committee, the scope of Internal Audit does not include editorial matters, or the responsibility of the Director-General in his / her role as Editor-in-Chief. However, the Audit and Risk Committee will, as part of its broader review of risk, satisfy itself with regard to the effectiveness of the processes in place to achieve oversight of editorial risk.
Similarly, as the pensions risk is overseen directly by the Board of RTÉ, and separately by the Trustees of the individual pension scheme trusts sponsored by RTÉ, the scope of Internal Audit does not include the RTÉ sponsored pension schemes.
However, any requests from the Editorial and Creative Output Committee to carry out an editorial audit assignment, or by the Trustees of the schemes to carry out pension audit assignments, will be considered in the context of the Internal Audit planning process and this Charter does not exclude Internal Audit from carrying out assignment(s) in these areas.
Responsibility of Internal Audit
Internal Audit personnel will operate to the highest standards of integrity and conduct all work in accordance with the standards issued by appropriate professional bodies such as the International Standards for the Professional Practice of Internal Auditing.
The work of Internal Audit will include (but is not limited to):
- Reviewing and appraising the identification and management of risk, together with the efficiency and effectiveness of the systems of control, recommending improvements, where appropriate;
- Reviewing the reliability, timeliness and integrity of financial and operating information, and the processes used to identify, measure and report such information;
- Reviewing and evaluating compliance with policies, plans, procedures, laws and regulations;
- Reviewing the means of safeguarding assets, physical and IT;
- Reviewing the adequacy and effectiveness of management action to address issues identified by Internal Audit and the external auditors;
- Investigating internal fraud, theft or other occasions where management has reservations concerning staff integrity.
Internal Audit's plans will be developed by prioritising risk in the various business and support functions throughout the organisation. Management?s goals and objectives, together with its perceptions of risk and exposures, will also form a key input to Internal Audit's strategic and operational planning process, as will the scope of the work of the External Auditors. Six-monthly Internal Audit plans will be agreed with the Audit and Risk Committee in advance of the period covered by the plan.
In planning, executing and reporting its work, Internal Audit will co-ordinate its activity with other assurance providers. While the objectives and focus of Internal Audit are different to those of the External Auditors, there is some overlap between the two functions. Therefore, the Head of Internal Audit will liaise regularly with the External Auditors to maximise the efficiency of the internal audit process. Internal Audit is not relieved of responsibility to review areas of the organisation which are subject to review by others, but it must assess the extent to which it can rely on the work of others in planning its audits.
Audit reports will be objective, timely, risk focused and will seek to add value to the risk management process. They will address control issues, provide actions for their improvement, indicate who is responsible for the relevant action and give a timetable for its completion.
Prior to the issue of any final report, meetings will be held with the relevant management in the area under review to obtain agreement on the substance and tone of the report. The management of the area under review, to whom the draft report is addressed, will promptly respond in writing, indicating what actions are being taken to address the finding raised in the report. Management will be granted a maximum of 15 working days to respond to Internal Audit. This period may be extended, at the discretion of Internal Audit, having due regard for exceptional circumstances or other demands. If management fails to respond within the required time period, Internal Audit is authorised to issue the draft report as a “final report”. In addition, where management has not committed to actions in the draft report, Internal Audit will include recommendations to address control issues in the final report.
The final report for each assignment, including the auditee's response, will be provided to:
- the manager with responsibility for the area subject to audit and a minimum of one line superior;
- the member of Executive with responsibility for the area subject to audit; and
- other relevant parties, as appropriate.
The Director General, other members of the Executive and the chairman of the Board of RTÉ will be provided with a copy of the report.
Internal Audit reports will be brought to the attention of members of the Audit and Risk Committee at scheduled meetings of the Committee. In addition, as considered necessary and on a periodic basis during the year, the Head of Internal Audit will update the Chairman of the Audit and Risk Committee on an informal basis as regards the current programme of work and any other relevant matters arising.
The Head of Internal Audit should receive detailed and timely feedback from management of progress in completing the actions identified in audit reports to address audit issues. Internal Audit will follow up and report to the Audit and Risk Committee on the implementation of agreed actions. The Head of Internal Audit will, as part of regular reporting, alert the Audit and Risk Committee on major issues that are outstanding.
Comprehensive records of activity will be maintained to demonstrate that audit work has been performed to best practice standards.
Any data or information obtained or received by Internal Audit personnel during the course of its work or otherwise shall be treated as internal and confidential to the organisation. Within the organisation, such data or information shall only be discussed with other RTÉ personnel on a “need to know” basis, respecting individual employees? privacy.
Internal Audit will be provided with the multi-disciplinary resources it requires to discharge its responsibilities and to complete its Internal Audit plans. In general, staff will have a relevant professional qualification. As required, external specialists / consultants will be engaged to assist Internal Audit in the performance of individual audit assignments.
The Head of Internal Audit reports functionally to the Director-General and is directly accountable to the Audit and Risk Committee.
Independence is essential in ensuring the effectiveness of the internal audit programme of work. Internal Audit's independence is assured by not exercising direct authority over, or having responsibility for persons, procedures or activities subject to audit review.
Internal Audit is not authorised to:
- perform any operational duties for the organisation;
- initiate or approve any accounting transactions external to the Internal Audit department;
- develop or install procedures; or
- direct the activities of any employee not employed within the Internal Audit department, except to the extent that such employees have been appropriately assigned to auditing teams or to otherwise assist Internal Audit.
Independence will not be compromised where Internal Audit personnel sit on steering committees or other project groups in order to contribute to the development of systems and procedures by advising on control and security issues.
The implementation of agreed actions and/or recommendations, whether generated singularly by Internal Audit or jointly by Internal Audit and operating management, will be the responsibility of the management of the area audited.
On 24 January 2013, this Internal Audit Charter received the approval of:
Tom Savage, Chairman of the Board of RTÉ
Sean O?Sullivan, Chairman of the Audit and Risk Committee
Noel Curran, Director-General
Peadar Faherty, Head of Internal Audit