Create account Sign in
Home   >  IA   >  Preparing for an audit

Preparing for an audit

What is an internal finance audit?

An internal finance audit reviews how money is managed and recorded at your service. We aim to conduct audits at each service on a 2-3 year basis, but we may visit sooner if you have a concerning financial incident.

Types of internal finance audit:

  • If you hold service user funds, we will visit your service to conduct the audit in person.
  • If you only hold corporate funds, such as petty cash, we may request documents to be emailed for remote auditing.

Some of the things that we check:

  • Money Books (6 months): Includes all books at the service such as service user finance books, household books, and petty cash books.
  • Corresponding Receipts and Folios: These are matched against the entries in the money books.
  • Bank Statements: for cross-referencing purposes.
  • Safe Contents books and checks: We verify records, check the safe is secure, and ensure insurance limits are not exceeded.
  • Monthly manager checks: we check that manager audits are being completed monthly, and that they are identifying any issues.
  • Finance Files: Includes budget plans, permission forms, benefit letters, and bills.
  • Rotas: quality-checking standards.
  • Cash Balance Check: On-site cash is counted and verified.

Some of the things we look for:

  • Compliance with policies (e.g., staff meal limits, proper transaction evidence).
  • Accurate, detailed, and neatly recorded money books (e.g., double signatures, correct calculations).
  • Proper tracking of safe contents, including withdrawals and deposits of valuables and bank cards.
  • Documentation and adherence to service users’ financial arrangements.
  • Effective reporting and resolution of financial issues.
  • Confirmation that all funds are accounted for and no money is missing.

Note: The audit scope may vary based on organisational needs.

Preparing for your audit

Lorem ipsum is a dummy or placeholder text commonly used in graphic design, publishing, and web development. Its purpose is to permit a page layout to be designed.

Lorem ipsum is a dummy or placeholder text commonly used in graphic design, publishing, and web development. Its purpose is to permit a page layout to be designed.

If Your Audit is Conducted In-Person

Your confirmation email will list required documents and arrival details. The auditor will need a private, quiet workspace (preferably an office) with access to the safe and money.

DO:

  • Ensure someone knowledgeable about the service is available to answer questions.
  • Provide a private workspace for the auditor (if possible).
  • Make sure the shift coordinator can grant access to the safe and money.
  • Have all requested documents ready and organised.
  • Provide local policies for reference.

DON’T:

  • Leave the safe key accessible, as this bypasses safe key procedures.
  • Delay document preparation until the auditor arrives.
  • Leave the auditor with someone unable to answer questions.
  • Ask the auditor to work in a non-private space (if possible).
  • Leave auditors alone with service users without a support worker present.

If Your Audit is Conducted Remotely

You’ll receive:

  • A Remote Audit Checklist detailing documents to scan and send.
  • A Cash Security Procedure Form to complete regarding safe key management.

DO:

  • Send clear scans of books, receipts, and folios.
  • Provide all requested documents.
  • Complete and return the cash security form.
  • Send documents in order and clearly labelled.

DON’T:

  • Overlap receipts, making them unreadable.
  • Send unclear scans or photos.
  • Submit incomplete or disorganised documents.

After your audit

Lorem ipsum is a dummy or placeholder text commonly used in graphic design, publishing, and web development. Its purpose is to permit a page layout to be designed.

Lorem ipsum is a dummy or placeholder text commonly used in graphic design, publishing, and web development. Its purpose is to permit a page layout to be designed.

Audit Report

You’ll receive a written report (usually within 48 hours), which includes:

  • Score: Your score is based on the number and frequency of errors which have occurred across your financial records. Your score starts at 100%. Points are deducted for policy breaches or errors (e.g. frequent missing transaction dates would result in a 1% deduction). You need to get over 50% to pass your audit.
  • Risk Level: Your risk level is categorised as high, medium, or low based on the severity of the issues identified, not just frequency. You might get a high score and still get a high risk level. This is because you don’t have a large number of issues, but the issues which were identified are particularly concerning.
  • A detailed compliance breakdown.
  • Examples, auditor comments, suggested solutions, and policy references for any issues.
  • A bar chart of scores across audit categories.
  • Written feedback.

Action Plan

After your audit, you’ll receive an action plan listing all identified errors. You’ll need to outline the steps you’ll take to fix these issues. This must be completed and returned within 4 weeks.

What If We Fail?

If your score is below 50% you’ll get extra support, including:

  • A 2-week extension for your action plan deadline (total of 6 weeks).
  • An aftercare call with your auditor to review the report, discuss the action plan, and provide guidance.
  • Your service will be re-audited within 6 months.