The 'Audit' section of the Framework Agreement sets out the high level requirements for audit.
To meet the requirements for internal audit, HSCIC must:
- ensure the Department is satisfied with the competence and qualifications of the Head of Internal Audit and the requirements for approving appointments in accordance with Public Sector Internal Audit Standards
- prepare an audit strategy, taking into account the Department‟s priorities, and forward the audit strategy, periodic audit plans and annual audit report, including HSCIC‟s Head of Internal Audit‟s opinion on risk management, control and governance as soon as possible to the Department
- keep records of fraud and theft suffered by HSCIC and notify the Department of any unusual or major incidents as soon as possible
The department is committed to the development of a group assurance model for DH and its arm's length bodies. HSCIC has agreed, in principle, that its internal audit provision will be delivered as part of a shared service once the contract period for its initial provider has expired. HSCIC will engage with the Department in the development of the group assurance model.
The Department's group internal audit service has a right of access to all documents prepared by HSCIC's internal auditor, including where the service is contracted out (until such time when the contract expires, after which Group Internal Audit will provide the audit service – including having access to all previous audit documentation).
For external audit, the Comptroller and Auditor General (C&AG) audits HSCIC's annual accounts. In the event that HSCIC has set up and controls subsidiary companies, HSCIC will, in the light of the provisions in the Companies Act 2006, ensure that the C&AG is appointed auditor of those company subsidiaries that it controls and/or whose accounts are consolidated within its own accounts. HSCIC shall discuss with the Department the procedures for appointing the C&AG as auditor of the companies.
- will consult the Department and HSCIC on whom – the National Audit Office or a commercial auditor – shall undertake the audit(s) on his behalf, though the final decision rests with the C&AG;
- has a statutory right of access to relevant documents including, by virtue of section 25(8) of the Government Resources and Accounts Act 2000, those held by another party in receipt of payments or grants from HSCIC;
- will share with the Department information identified during the audit process and the audit report (together with any other outputs) at the end of the audit, in particular on issues impacting on the Department's responsibilities in relation to financial systems within HSCIC;
- will, where asked, provide the Department and other relevant bodies with regulatory compliance reports and other similar reports which the Department may request at the commencement of the audit and which are compatible with the independent auditor's role.
The C&AG may carry out examinations into the economy, efficiency and effectiveness with which HSCIC has used its resources in discharging its functions. For the purpose of these examinations the C&AG has statutory access to documents as provided for under section 8 of the National Audit Act 1983. In addition, HSCIC is to provide, in conditions to grants and contracts, for the C&AG to exercise such access to documents held by grant recipients and contractors and sub-contractors as may be required for these examinations; and is to use its best endeavours to secure access for the C&AG to any other documents required by the C&AG which are held by other bodies.