Content
Internal Audit Charter - Governing Policy
1. Purpose of Internal Audit
The primary purpose of internal audit is to add value to the University’s operations by providing an independent appraisal and advisory function for University Council, Audit and Risk Management Committee and senior management thereby assisting the University in achieving its mission. This is achieved by examining and evaluating the adequacy, effectiveness and efficiency of risk management, systems of internal control and the quality of management in an independent and professional manner.
A review or appraisal by Internal Audit does not in any way relieve officers of the University of their individual responsibilities and accountabilities.
2. Authority of Internal Audit
Authority is granted for full, free and unrestricted access to all of the University’s records, property, personnel and other documentation in order to carry out its work program. All employees are to assist Internal Audit in fulfilling their function. Internal Audit will have unfettered access to the Vice-Chancellor and President and to Audit and Risk Management Committee and report administratively to the Vice-Chancellor and President but functionally to the Audit and Risk Management Committee.
3. Scope of Internal Audit
The scope of Internal Audit shall be sufficiently comprehensive to ensure the effective and regular review of all operational, financial and related activities including:
- reviewing the reliability, timeliness, integrity and adequacy of the financial and operating information and the means used to identify, measure, classify, and report such information;
- evaluating and appraising the soundness, adequacy and application of accounting, financial, and non-financial and operating controls and recommending improvements where necessary;
- ascertaining the extent of compliance with established policies, plans, procedures, laws, and regulations and determining whether they are effective in securing their intended purpose;
- reviewing and benchmarking procedures and systems against leading practices;
- reviewing the accounting for, and safeguarding of assets and, as appropriate, verifying the existence of such assets;
- appraising the economy and efficiency with which resources are employed;
- reviewing operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned;
- assessing the effectiveness of risk management processes within the University;
- reviewing specific operations at the request of the Vice-Chancellor and President and the Audit and Risk Management Committee; and
- conducting investigations in relation to allegations of fraud, corruption and whistleblower complaints.
The scope of Internal Audit will include all parts of the University, including controlled entities.
4. Organisational relationships and independence
Internal Audit has a independent and neutral status within the University and will be directly responsible to the Audit and Risk Management Committee. Internal Audit staff have no direct operational responsibility or authority over any of the activities they review.
The University will outsource the Internal Audit function for the time being.
Internal Audit staff must be free of any interest that might be regarded as being incompatible with integrity and objectivity.
All correspondence received from Internal Audit by the Vice-Chancellor and President or Audit and Risk Management Committee members will be tabled at the next available Audit and Risk Management Committee meeting.
The existence of the internal audit function does not diminish the responsibilities of the Vice-Chancellor and President, Senior Management team and staff to implement and maintain effective systems of internal control.
5. Ancillary roles
From time to time, Internal Audit may be requested to undertake assignments by the Audit and Risk Management Committee or the Vice-Chancellor and President. Prior to Internal Audit accepting an assignment the following factors must be considered:
- any limitation on Internal Audit's ability to give independent advice;
- the impact on the core internal audit function; and
- the availability of skills and knowledge required to effectively perform the assignment.
6. Competence and standards
Internal Audit staff must possess the knowledge, skills, and technical proficiency essential to satisfactorily perform the tasks required of an internal auditor.
Internal Audit staff must be cognisant of the functions imposed in applicable standards and comply with professional standards of conduct. The applicable standards include standards issued by the Institute of Internal Auditors, the Certified Practising Accountants (Australia), the Institute of Chartered Accountants (Australia), the Information Systems Audit and Control Association and the standard relevant to Risk Management being AS/NZS 4360:2004.
7. Conduct of audit work
Internal Audit shall be accountable to the Vice-Chancellor and President and the Audit and Risk Management Committee for the:
- development, implementation and oversight of internal audit methods and procedures;
- development and control of an efficient internal audit program;
- scope and boundaries of audits; and
- fulfilment of the objectives of internal auditing.
8. Audit planning
Internal Audit should provide the Audit and Risk Management Committee with a copy of the three-year Strategic Internal Audit Plan. This should include Internal Audit’s overall objectives, work schedules, staffing, financial budgets, and a description of any limitations placed on Internal Audit’s scope of work.
Effective audit planning is important to the success of the internal audit function and to this purpose:
- the audit work schedule is to be developed based on the prioritisation of the audit universe using relevant risk factors;
- the technical proficiency and professional qualifications of internal audit staff are to be commensurate with the audit assignment to be performed;
- the activities and plans of Internal Audit are to be co-ordinated with those of the QAO to ensure coordination of internal and external audit coverage;
- Internal Audit must be informed of any actual or suspected fraud or illegal acts for inclusion in reviews as considered appropriate;
- the Audit and Risk Management Committee, Vice-Chancellor and President and external auditors should consider and communicate their views to the Internal Audit Manager on the potential risk areas to be covered by Internal Audit;
- all significant auditable areas should be covered in a three year cycle and each critical risk area (as agreed by Internal Audit, the Vice-Chancellor and President and the Audit and Risk Management Committee) should be covered annually, having regard to current risk assessment;
- audit plans should provide for internal audit input into the process of specifying, developing and testing new or revised systems; and
- internal audit planning will take account of materiality, level of assessed risk, significance in terms of organisational impact and public accountability.
9. Reporting
On the conclusion of each audit, a copy of the report on the audit outcome shall be issued to the relevant organisational head and to the Vice-Chancellor and President and shall be circulated to Audit and Risk Management Committee members.
The report shall present the audit objectives, scope, the conclusion based on the outcome of the audit, and an agreed implementation timetable for audit recommendations.
10. Confidentiality
Internal Audit staff will be required to maintain the confidentiality of information obtained in the course of their duties. Information should not be used for personal benefit. If there is any doubt over the conveying of information to a person, the Vice-Chancellor and President is to be notified. The Vice-Chancellor and President will determine the appropriateness of information transfer.
11. Review
This Internal Audit Charter is to be reviewed by the Audit and Risk Management Committee at an interval not exceeding three years. The review will be assessed by the Audit and Risk Management Committee and will require the Committee’s endorsement.
END
Approved: Council C05/101, 6 December 2005
Revised: Council C09/54, 18 August 2009
Back to top