5.—(1) A relevant authority must undertake an effective internal audit to evaluate the effectiveness of its risk management, control and governance processes, taking into account public sector internal auditing standards or guidance.
(2) Any officer or member of a relevant authority must, if required to do so for the purposes of the internal audit—
(a)make available such documents and records; and
(b)supply such information and explanations;
as are considered necessary by those conducting the internal audit.
(3) In this regulation “documents and records” includes information recorded in an electronic form.