The purpose of Group Internal Audit (GIA) is to enhance and protect the Group’s assets, reputation and sustainability by providing risk-based and objective assurance, advice and insight.
The team assists the Group in accomplishing its objectives by bringing a systematic and disciplined approach to evaluating and improving the effectiveness of the governance, risk management and internal controls.
GIA’s authority is received from the Group Audit Committee (GAC) and, with strict accountability for confidentiality and safeguarding records, gives the team unrestricted access to any and all of the Group’s records, personnel, property, and management information as well as to attend any committee forums pertinent to carrying out any engagement.
The Group Chief Internal Auditor reports directly to the Chair of the GAC and administratively to the Chief Executive Officer. Communication directly with the GAC is expected, including in private meetings without management present. GAC authority and responsibilities are reflected within the GAC Terms of Reference.
GIA’s work is performed free from interference, including in matters of audit selection, scope or report content to enable independence and objectivity to be maintained. If GIA determines that independence or objectivity may be impaired in fact or appearance, or there has been an attempt to unduly influence the auditors, the Group Chief Internal Auditor will disclose this to the GAC.
GIA commit that the team will exhibit professional objectivity and make balanced assessments of all available and relevant facts and circumstances about the activity or process.
They will have no direct operational responsibility or authority over any of the activities audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair their judgement or independence.
The Group Chief Internal Auditor will confirm to the GAC, at least annually, the organisational independence of the internal audit activity.
GIA operates as the third line within the Group’s three lines of defence risk management framework.
The role of GIA is to perform independent assessments of the adequacy and effectiveness of governance, risk management and internal controls performed by the first and second lines within the Group. If areas of efficiency are identified, these will be disclosed to management.
As a minimum, the scope will include:
In addition, GIA may occasionally provide advisory or consultancy services to help management develop an effective control framework. During these services, GIA will not be involved in designing controls to be implemented by the Group and neither will GIA provide sign off on projects. This will ensure the team maintains its independence for future audits.
The Group Chief Internal Auditor has responsibility to:
The Group Chief Internal Auditor has an open, constructive and co-operative relationship with all regulators that supports sharing of information relevant to carrying out their respective responsibilities.
In addition, there is a high degree of co-operation between GIA and the Group’s Risk and Compliance functions, third party providers and the external auditors, which will include the exchange of relevant information, in order to maximise efficiency and avoid duplication where possible.
The Group Chief Internal Auditor will maintain a quality assessment and improvement programme which meaningfully challenges GIA’s performance and adherence to its methodology and industry standards.
The GAC will:
GIA will govern itself by adherence to the mandatory elements of The Institute of Internal Auditors’ International Professional Practices Framework, including the Definition, Core Principles, Code of Ethics and International Standards.
In addition, GIA staff must comply with the Group’s policies and procedures and possess the knowledge, skills and discipline necessary to discharge their responsibilities.
This Charter was approved by the Group Audit Committee of OSB GROUP PLC and its subsidiaries on 17 October 2023.