Internal audit

Internal audit

Home > How we use your information > Council privacy data > Internal audit

Why we collect information about you?

We have access to personal information for the following purposes:

  1. To provide assurance over the Council’s systems of governance, risk management and internal control.

  2. To make provision for internal audit in accordance with the Public Sector Internal Audit Standards.

  3. To perform consultancy and advisory services related to governance, risk management and control as appropriate.

  4. To facilitate the delivery of audit training.

What information do we collect about you?

As a service we do not collect data from the public directly but have access to the systems used across the council and we will draw conclusions from this personal data. The types of data we have access to are:

  1. Basic details about you such as name, address, telephone number, email address and date of birth

  2. Employer details

  3. Income details

  4. Bank details

  5. Income and expenditure

  6. National insurance number

  7. Nationality

  8. Health

  9. Criminal convictions and offences

  10. Household composition

Who do we share the information with?

We may share personal information about you with the following types of organisations:

  1. Other departments or teams within the Council in order to provide our services.

  2. Our appointed external auditors

  3. External independent reviewer in order for them to perform an external review of the internal audit service against the Public Sector Internal Audit Standards

  4. Counter Fraud Unit - to provide information to support fraud investigations

  5. Department of Work and Pensions - to support performance of audits in connection with Housing Benefits and we also share information when requested as part of any ongoing complaint investigation.

Is any information transferred to or stored on servers based outside the European Economic Area?

We do not transfer any of your personal information outside the European Economic Area (EEA).

How long do we keep your information?

We only keep your information for as long as it is required by us or other regulatory bodies in order to comply with legal and regulatory requirements or for other operational reasons. Our retention schedule provides further details on the length of time we retain different types of documents.

Who do we collect information from?

We do not collect data directly from the public but have access to the systems used across the council and we will draw conclusions from this personal data.

What are the consequences if we do not collect the data?

If we did not have access to the information that we currently collect, then we would be unable to fulfil our required statutory functions (see legal basis for processing).

Are any decision about you made by automatic means?


Tewkesbury Borough Council has a statutory requirement to maintain an Internal Audit function. The ‘Accounts and Audit Regulations (2015)’ requires every local authority in England to maintain an effective internal audit service to evaluate the effectiveness of its risk management, control and governance processes taking into account the Public Sector Internal Auditing Standards and associated guidance.

The Council’s Head of Financial Services and Asset Management has a statutory duty under Section 151 of the ‘Local Government Act 1972’ to establish a clear framework for the proper administration of the authority’s financial affairs. To perform that duty the Section 151 Officer relies, amongst other things, upon the work of Internal Audit in reviewing the operation of systems of internal control and financial management.

Key legislation:

  • Local Government Act 1972

  • Accounts and Audit (England) Regulations 2015

  • Local Government Finance Act 1992

  • Companies (Audit, Investigation and Community Enterprise) Act 2004

  • Charities Act 2011

  • Companies Act 2006

  • Public Sector Internal Audit Standards (2017)

  • Fraud Act 2006

Last updated: 25 June 2019 (AG)