Independence and Conflict of Interest
Internal Audit is required to be independent and objective, with objectivity essential to its effectiveness.
Internal Audit has no direct authority or responsibility for the activities it reviews. Internal Audit has no responsibility for the management of business activities, or for development or implementation of operational systems or procedures.
All Internal Audit staff and service providers report to the General Counsel and University Secretary (General Counsel
) who is the appointed Chief Audit Executive and reports:
- functionally for operations to the Committee through the Chair; and
- administratively to the Vice-Chancellor, with right of direct access to the Chancellor preserved.
Where the General Counsel may be responsible for a non-audit activity, the University has independence safeguards in place:
- when responsible for non-audit activities, the General Counsel is not acting in the capacity of the Chief Audit Executive when managing or performing those activities; and
- internal audit review of these non-audit activities must be managed and performed independently of the General Counsel. These reviews are to be sponsored by, and reported directly to, the Committee.
Each year at 31 December the Chief Audit Executive must confirm in writing to the Committee that for the past year there has been:
Authority and Confidentiality
- organisation independence for the Internal Audit function;
- conformance with the University Charter of Conduct and Values;
- conformance with the Code of Ethics issued by the Institute of Internal Auditors;
- no conflicts of interest by the Chief Audit Executive, or if so, how these conflicts were appropriately managed;
- no conflicts of interest by Internal Audit staff or service providers, or if so, how these conflicts were appropriately managed; and
- no non-audit duties performed by the Chief Audit Executive, Internal Audit staff or service providers. If so, how were these duties declared.
All Internal Audit work is undertaken under the authority of the Vice-Chancellor.
Internal Audit staff and service providers are authorised to have full, free and unrestricted access to all functions, premises, assets, personnel, records, and other documentation and information necessary to enable Internal Audit to fulfil its responsibilities.
All records, documentation and information accessed in the course of undertaking Internal Audit work are to be used solely for the conduct of these activities. Internal Audit staff and service providers are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work.
Management may request Internal Audit services in response to emerging business issues or risks. Internal Audit will attempt to satisfy these requests, subject to the assessed level of risk, availability of resources, and endorsement of the Committee.
Nature and Scope of Work
The scope of Internal Audit work embraces the wider concept of corporate governance and risk, recognising that controls exist in the University to manage risks and promote effective and efficient governance and performance. The types of Internal Audit work at the University are:
- Assurance Services – objective examination of evidence for the purpose of providing an independent assessment of risk management (including appropriate application of the University’s Risk Appetite Statement), quality control and governance processes.
- Consulting Services – advisory and related client activities, the nature and scope of which are agreed upon with the University and which are intended to add value and improve business operations.
- Other Value-Adding Services – focusing on efficiency and effectiveness to improve processes and the economical use of finances and resources.
The scope and coverage of Internal Audit work is not limited in any way, and may cover any of the programs and activities of the University and its controlled entities.
The Committee will be promptly advised of any resource limitations to which may impact the ability of Internal Audit to fulfil its responsibilities.
Quality Assurance and Improvement Program
The Chief Audit Executive, in collaboration with the Quality and Service Improvement team, is responsible for developing and maintaining a Quality Assurance and Improvement Program that includes:
Evaluation of Performance
- Ongoing Internal Assessments including:
- Supervision and review of Internal Audit engagements;
- Collecting feedback from management after each Internal Audit engagement;
- Performance evaluations; and
- Results of Internal Audit performance measures.
- Periodic Internal Assessments to be conducted annually:
- Review of the Internal Audit Charter for conformance with the Standards; and
- Self-assessment of conformance with the Standards.
- External Assessments conducted at least once every five years by a qualified, independent assessor or assessment team from outside the University
Internal Audit performance will be evaluated and the results reported to the Committee. This will include:
- results of the Quality Assurance and Improvement Program;
- feedback from management of areas where internal audit engagements have been performed; and
- performance of service providers.
Feedback on Internal Audit performance will be sought annually from members of the Committee.
Relationship with External Audit and Other Assurance Activities
Internal Audit will establish and maintain an open relationship with the External Auditor, Quality and Service Improvement and other assurance providers. Internal Audit will plan its activity to ensure the adequacy of overall assurance coverage and to minimise duplication of assurance effort.
External Auditors have full and free access to all Internal Audit plans, working papers and reports.