CONTENTS

3           Introduction

3           Regulatory context

4           2026/27 internal audit work programme

5           Annex A: internal audit work programme 2026/27

            

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Introduction

 

1             This report sets out the proposed 2026/27 programme of work for internal audit, provided by Veritau for North Yorkshire Pension Fund.

2             The work of internal audit is governed by the Global Internal Audit Standards in the UK Public Sector (GIAS UK Public Sector). These standards are made up of:

▲   the Global Internal Audit Standards (GIAS), set by our professional body, The Institute of Internal Auditors, and

▲   the Application Note: Global Internal Audit Standards in the UK Public Sector, produced by the Relevant Internal Audit Standard Setters[1].

3             The identification of risks has been informed in a number of ways including the ongoing discussion of risks and priorities with key officers. Proposed work has also taken into account the requirements of The Pensions Regulator’s General Code of Practice.

4             To help us best meet internal audit professional standards, internal audit should also adopt flexible planning processes. Planned audit work will be regularly reviewed and if required, adjusted in response to changes in the business, risks, operations, programmes, systems and internal controls. This could mean that the work programme changes during the year as risks and priorities change.

Regulatory context

 

5             In March 2024, The Pensions Regulator’s General Code of Practice came into effect. The code requires that all pension schemes need to have effective systems of governance and internal controls that:

       provide the governing body with oversight of the day-to-day operations of the scheme

       include any delegated activities for which the governing body remains accountable

       provide the governing body with assurances that their scheme is operating correctly and in accordance with the law

6             Expectations on what the systems of governance and internal controls should be in place are included in the code[2].

 

7             The code also requires governing bodies ensure elements of their Effective Systems of Governance (ESOG) are subject to regular internal review. Reviews should assess whether each element is functioning as intended, and whether changes are required. Each element of the ESOG should be reviewed at least every three years (unless otherwise specified in law or the code).

8             In 2025/26 we agreed with officers that Internal Audit would take a role in reviewing elements of the ESOG. Many components of the ESOG align with areas where Internal Audit already provides assurance, or could do so. As a result, most audits in the proposed 2026/27 work programme directly support ESOG requirements. We intend to continue this approach in 2026/27.

2026/27 Internal audit work programme

 

9             The proposed internal audit work programme for 2026/27 is included in annex A.

10          The exact objectives and scope for each audit will be agreed with the relevant senior officer prior to fieldwork starting.

11          For completeness, and to provide extra information on the proposed scope of upcoming work, we have included information in the work programme on the role of the governing body audit, which was referred to in the 2025/26 progress reporting, and which is planned to start in Q1 2026/27.

12          We will provide updates on the progress and findings of the work to the Pension Board during 2026/27.  

 

 

 

 

ANNEX A: Draft internal audit work programme 2026/27

 

Area	Scope of work
Expenditure	To review key controls in respect of the pensions payments made directly from the Altair system. The exact scope is to be agreed with officers.
Internal controls	The Fund’s governance and policy documents make up a key part of its internal control framework, helping ensure the scheme is operated in line with legal and scheme requirements. We will test aspects of these internal controls and associated processes to determine whether they meet expected standards and are operating as intended.
Investments	The Pension Regulators General Code of Practice[3] (Investment matters) refers to a number of investment areas included elsewhere in the code where it is expected an effective system of governance is in place. The areas include investment governance, decision making, monitoring and stewardship. We will review the arrangements being applied in practice with the expectations per the code.
Role of the governing body	The Pension Regulators General Code of Practice[4] (Management of activities) refers to a number of areas included elsewhere in the code where it is expected an effective system of governance is in place. The areas include the role of the governing body, meetings and decision making, and knowledge and understanding. We will review the arrangements being applied in practice with the expectations per the code.
Other assurance work	Continuous audit planning and information gathering, and the follow up of work we have already carried out, ensuring that agreed actions have been implemented by management.
Client support, advice and liaison	Meeting with officers and board report preparation and attendance.