We will have access to information held by service areas in order to be able to undertake our work; this may include the following types of data:

• personal, for example name, date of birth, address, sex and marital status;
• employment information, for example national insurance number, details of employer, salary details, employment dates, next of kin, and sickness records;
• financial details, for example bank and / or building society account information including transactions and balances, insurance policies, credit history;
• health information gathered to assess eligibility for benefits;
• financial information regarding appraisal of financial standing of potential contractors;
• written statements and recordings of interviews conducted; and
• other information gathered during the course of an investigation or proactive exercise. 

Please note: This list is not exhaustive and will vary depending on the task to be undertaken. 

The information collected for an audit review is limited to the purpose of the audit. The scope of each audit review is detailed in a terms of reference which limits the scale of information that is examined but enough to provide an independent opinion on whether or not controls are adequate, appropriate and effective in providing reasonable assurance that risks to the achievement of service/system/process objectives are being managed effectively.