Check out the latest information and advice on coronavirus (COVID-19).
The Central Midlands Audit Partnership is an Internal Audit partnership which consists of 6 partner organisations – Derby City Council, South Derbyshire District Council, Amber Valley Borough Council, Derby Homes, Derbyshire Fire & Rescue Service and Ashfield District Council. The Partnership is “hosted” by Derby City Council. Our address is The Council House, Corporation Street, Derby, DE1 2FS.
The team will have access to information held by service areas in order to be able to undertake their work; this may include the following types of data:
Information is collected in a number of ways. This includes:
CMAP provides an independent function whose primary objective is to provide assurance to the partner organisations on their risk management, control, fraud and governance processes. The requirement for internal audit function is set out in legislation; Section 151 of the Local Government Act 1972. The requirement for an annual governance statement is defined in the Accounts and Audit Regulations 2015.
The team comprises two main functions:
These functions require us to hold or have access to information from systems and processes across the council so that we can undertake our work and in doing so:
Where required we may publish and/or shared with key stakeholders (partners) information collected in the course of the audit work/investigation.
CMAP has a duty to protect the public purse. The following acts and regulations provide the basis on which the officers of the team operate:
We may share elements of information with other internal services within partner organisations to enable the establishment of the effectiveness or otherwise of corporate systems and processes.
During the course of an investigation data may be shared with other departments within partner organisations such as human resources; with government departments and organisations such as the Cabinet Office (National Fraud Initiative), the police, Her Majesty’s Revenues and Customs, the department for work and pensions, the National Health Service, and the border agency etc.
Information may be shared with legal practitioners, tribunals and courts where criminal or civil action is taken against an individual.
We will not sell or rent your information to third parties. We will not share your information with third parties for marketing purposes.
CMAP has retention schedules in place that ensure information is only held for as long as it is needed.
The partners’ IT security and confidentiality policies ensure that your information is protected, and available only to staff directly involved in your care. Details of how we keep your information secure are available on the general privacy information page.
If you want to know more about how CMAP uses information, your rights or have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance.
You can contact our Data Protection Officer on 01332 640763 or by email at email@example.com.
For independent advice about data protection, privacy and data sharing issues, you can contact the Information Commissioner's Office (ICO):