We’re here to Assure, Explain and Inspire.
Our Executive Leadership Team is responsible for directing the organisation
Governance and oversight at Audit Wales
We work with others from across the Welsh public sector and beyond
See our current and previous consultations
This section sets out how you may request information from us and provides some direct links to information of wider public interest.
The Auditor General is responsible for auditing most of the public money spent in Wales.
Access our data tools and useful data sources
Our commitment to high audit quality underpins all our work and decision making
The NFI matches data across organisations and systems to help public bodies identify fraud and overpayments.
Our programme of shared learning events focusses on topics that are common across public services
Our forward work programme for performance audit
See our latest news, blogs, events and more
Find out the latest news
See our blogs on many different topics
View our videos on our YouTube channel
Our events bring together individuals from across the Welsh public sector
We have installed ReadSpeaker’s webReader, which allows visitors to instantly convert online content to audio on our website.
Click on the icon above to try this out, and take advantage of the full range of useful webReader features by clicking the link below.
Readspeaker website
This accessibility statement applies to www.audit.wales. This website is run by Audit Wales. We want as many people as possible to be able to use this website.
View accessibility statement
We’re always looking to improve the accessibility of this website. If you find any problems not listed on this page or think we’re not meeting accessibility requirements, contact:
info@audit.wales
This privacy notice tells you about how the Wales Audit Office (WAO) processes information about you as a current or former member of staff. Staff means any individual working for, or as part of, the WAO, including employees, board members, workers (including agency, casual and contracted staff), volunteers, trainees and those carrying out work experience.
The Auditor General for Wales (AGW) is the auditor of most Welsh public bodies. His work includes examining how public bodies manage and spend public money. The WAO provides the staff and resources to enable him to carry out his work. Audit Wales is a trademark of the WAO and is the umbrella identity of the AGW and the WAO. The WAO is the employer of staff. Further information is available on the Audit Wales website.
The WAO processes your personal data in accordance with data protection legislation—the UK General Data Protection Regulation and the Data Protection Act 2018. Except in relation to the recording and other processing of your voice in Teams meetings, which is undertaken with your consent (see para 17 below), the legal basis for the processing is the provision of resources under section 21 of the Public Audit (Wales) Act 2013 for the AGW’s work and the performance of the contract of employment between the WAO and you as its employee.
We will use your information where it is necessary for the performance of your contract with the WAO or for compliance with any legal obligations, which apply to the WAO (as your employer or otherwise relevant).
These purposes include (but are not limited to):
We will keep your personal data for the periods specified in our Documents and Records Management Policy and we will hold your data securely in accordance with our Information Security Policy.
Artificial Intelligence (AI) may be utilised in the processing of personal data in accordance with our Artificial Intelligence and Digital Initiatives Policy but will not be used to make solely automated decisions.
Your personal data may be shared internally in accordance with the data protection principles where there is a legal basis for processing this.
We will share your information with external organisations, such as HMRC, the Cabinet Office, UK Security Vetting (UKSV) and professional bodies (e.g. ICAEW and CIPFA), for the following purposes:
Further information about the participation of the WAO in the data matching exercises conducted by the National Fraud Initiative and the relevant fair processing notices are available on the Audit Wales website, and hub.
We will share your information with software providers (e.g. Microsoft) where appropriate for the provision of digital services and AI processing.
We may share some personal information with external organisations for the purposes of mentoring or coaching schemes, development opportunities, conferences or events.
Otherwise, we will only share your information with your consent, or where there is a legal obligation for us to do so, or for health and safety purposes.
We may process sensitive personal information relating to health, sickness and well-being for the purposes of employment and/or health and safety purposes.
We may process sensitive information about physical or mental health conditions or disabilities in order to:
We process other sensitive personal information, such as racial or ethnic origin, religious belief, sexuality, disability and other protected characteristics to monitor compliance with equality legislation. Such processing includes statistical monitoring, but we will ensure that individuals are not identifiable from any reports produced using such information. Where special category personal data is processed this is done in accordance with our Policy for Processing Special Categories of Data, with an additional legal basis for that processing being met. The applicable basis will ordinarily be for employment, social security and social protection (authorised by law).
Where the processing of biometric information (e.g. voice recognition and/or facial recognition in MS Teams) is not strictly necessary, this will be done on an informed consent basis only. Further information will be provided to you in these circumstances to enable you to make an informed decision and your consent must be explicitly indicated on the accompanying consent form. You (as the data subject) are under no obligation to consent, you do not have to justify your decision, and you can withdraw consent at any time without detriment.
Participation in meetings (both internal and external) applicable to your role is essential for performance of your contract of employment. However, where these meetings are being audio and/or video recorded, whether in person or online, such recording and further processing of your biometric information and other information that is beyond the necessary subject matter of the meeting is for the WAO’s purposes on a consent basis, and this will generally be the case where the organiser of the meeting is an external party, such as an audited body. You should be given the option to consent verbally before recording starts or when you join the meeting if it has already begun. If you are not given the option, you should draw the need for this to the attention of the organiser of the meeting. If your concerns are not responded to appropriately, you may raise the matter with the Data Protection Officer. You do not have to consent to being recorded and alternative arrangements should be made available to you (e.g. pausing the recording, note taking). You may withdraw consent at any time, but this must be in writing if after the recording has been made.
Any audio and/or video recordings made by the WAO will be stored securely, processed and retained in the same manner as other special category (sensitive) data.
Sensitive personal data (e.g. health information mentioned during introductions to explain the need for reasonable adjustments) may be collected incidentally and processed during the course of recorded and AI-processed interviews and meetings undertaken for audit and corporate work purposes, including by way of sharing with third party external software providers.
In limited circumstances, the WAO may disclose your sensitive personal data to third parties, where there is a legitimate need or obligation or in exceptional circumstances if necessary to protect your vital interests (i.e. life-threatening situations), during or after your period of employment.
It is important that the information we hold about you is up to date. If your personal details change or if they are currently inaccurate then it is important that you let us know by updating your information on the Employee Self Service (ESS) system or by contacting your line manager. You can record any special requirements or requests for reasonable adjustments in the ESS system.
Under data protection law you have rights to ask for a copy of the current personal information held about you and to object to data processing that causes unwarranted and substantial damage and distress.
To obtain a copy of the personal information we hold about you or discuss any objections or concerns, please write to the Information Officer, Audit Wales, 1 Capital Quarter, Tyndall Street, Cardiff, CF10 4BZ or email infoofficer@audit.wales. You can also contact our Data Protection Officer at this address.
You have the right to complain directly to us about the handling of your personal data. Please email complaints@audit.wales.
To obtain further information about data protection law or to complain to complain about how we are handling your personal data, you may contact the Information Commissioner by visiting: www.ico.org.uk, writing to: ICO, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, or by telephone on: 0303 123 1113 (or 0330 414 6421 to speak in Welsh).
You should note, however, that the ICO would normally expect you to have exhausted our internal complaints procedures before dealing with a complaint. Further guidance may be found on the ICO’s website [opens in new window].