(1) The
chief executive officer of a council that has an internal audit function must,
before appointing a person to be primarily responsible for the internal audit
function, or assigning such responsibility to an employee of the council,
consult with the relevant audit and risk committee on the appointment or
assignment of responsibility.
(2) Despite any other
law or instrument to the contrary, the person primarily responsible for the
internal audit function—
(a) must
ensure that any reports they prepare relating to the internal audit function
are provided directly to the audit and risk committee; and
(b) may
report any matters relating to the internal audit function directly to the
audit and risk committee.