(1) This document sets out the purpose, authority and the responsibility of the Internal Audit function at Charles Sturt University (the University). It provides the framework for the conduct of internal audits and has been approved by the University Council on the recommendation of the Audit and Risk Committee. (2) This Charter applies to all areas of the University and its controlled entities. (3) This Charter has the same force and effect as a policy. (4) The Internal Audit function assists the University Council and committees in the effective execution of its responsibilities by providing independent analysis, advice and recommendations concerning the operations and processes of the University. As such, Internal audit programs should be developed to provide in‐depth and quality analysis to identify improvements to meet strategic objectives. (5) In addition to the University's policies and procedures including the Internal Audit Charter, the Internal Audit function operates under the guidance of the International Professional Practices Framework (IPPF), published by the Institute of Internal Auditors, including the Core Principles for the Professional Practice of Internal Auditing, Definition of Internal Auditing, Code of Ethics and International Standards for the Professional Practice of Internal Auditing (Standards). (6) Internal Audit's role is to enhance and protect organisational value by providing independent, risk-based objective assurance, advice and insight. (7) Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. Internal Audit assists the University to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes (Definition of Internal Auditing - The Institute of Internal Auditors). (8) Internal Audit staff or contractors must have an impartial, unbiased attitude and avoid any conflict of interest whether actual or perceived. (9) The Internal Auditor will communicate to the Council’s Audit and Risk Committee any perceived or potential conflicts of interest that may compromise the objectivity of Internal Audit. (10) Independence is essential to the effectiveness of internal auditing. This independence is obtained primarily through the organisational reporting structure. The Internal Audit function must be free from influence in relation to the allocation of resources, audit selection and scope, and the techniques required to accomplish audit objectives. (11) The Internal Audit function shall have no direct responsibility or authority over any of the operations reviewed. It shall not design and install procedures, prepare records, or engage in any other activity that it would normally review and appraise. (12) The Internal Auditor reports functionally to the University Council through the Audit and Risk Committee and has right of direct access to the Chancellor, Vice-Chancellor and the Audit and Risk Committee. The Internal Auditor has access to regular closed sessions with the Audit and Risk Committee. (13) Functional reporting to the Audit and Risk Committee involves the Committee: (14) Where the Internal Auditor is responsible for non-audit activities, safeguards will be put in place to ensure independence or objectivity. (15) To maintain independence, Internal Audit staff shall not undertake any operating responsibilities outside of Internal Audit work, without the endorsement of the Vice-Chancellor and the approval of the Audit and Risk Committee. (16) All Internal Audit work is undertaken under the authority of the University Council on the recommendation of the Audit and Risk Committee. (17) Subject to budget availability, and on the authority of the University Council and/or Audit and Risk Committee, Internal Audit work may be conducted by external service providers where: (18) For an engagement to be considered Internal Audit work, the appointment, coordination and oversight of engagements performed by external service providers under clause 19, must be managed by the Internal Auditor. The conduct of such engagements must comply with this Internal Audit Charter. (19) The Internal Audit function, with strict accountability for confidentiality and safeguarding records and information, is authorised full, free and unrestricted access to any and all of the University's functions, premises, assets, personnel, records and other documentation, information and physical properties relevant to the performance of engagements and timely assistance should be rendered by other University staff in order to facilitate the progress of audit work. (20) All records, documentation and information accessed in the course of internal audit activity are to be used strictly for internal audit purposes. Internal Audit staff are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work. (21) All Internal Audit documentation and work papers remain the property of the University, including where Internal Audit services are provided by external service providers. (22) The scope of Internal Audit work shall include: (23) The Internal Audit function must evaluate the effectiveness and contribute to the improvement of governance, risk management and control processes using a systematic, disciplined and risk-based approach that promotes continuous improvement. (24) In the conduct of its activities, the Internal Audit function will play an active role in: (25) The Internal Audit function will support the University by: (26) Management may request Internal Audit services in response to emerging business issues or risks. The Internal Audit function will attempt to satisfy these requests, subject to the assessed level of risk, availability of resources, and subject to the approval of the Audit and Risk Committee in the context of the Internal Audit Plan. (27) The existence of Internal Audit does not relieve management from the responsibility of ensuring that adequate controls are in place for the proper management of business activities and risk for which they are accountable, including responsibility for periodically reviewing internal controls. (28) The Internal Auditor is responsible, in consultation with the Audit and Risk Committee, for: (29) The Internal Audit function will liaise with the external auditor to ensure that internal and external programs, when combined, provide optimal coverage of auditable areas, and to minimise duplication of audit effort. Periodic meetings and contact between internal and external audit shall be held to discuss matters of mutual interest and facilitate coordination. (30) The external auditor will have full and free access to internal audit books, records, documents and papers to the extent required by law. (31) The Internal Audit function will prepare a flexible Internal Audit Plan using an appropriate risk-based methodology. This plan will take into account: (32) The Internal Audit Plan is reviewed annually and endorsed by the Audit and Risk Committee prior to recommendation to the University Council for approval. The Head of Internal Audit, with the approval of the Audit and Risk Committee, may make alterations to the Internal Audit Plan where it is deemed appropriate to do so. (33) Before an internal audit engagement commences, a terms of reference document will be prepared, which will be agreed with the relevant Portfolio Lead(s)/audit sponsor and signed off as their agreement with the scope of services to be provided by the Internal Audit function. (34) The Internal Audit function will report to the Audit and Risk Committee on: (35) The Internal Audit function will report periodically to the Executive Leadership Team, on matters such as the progress of implementing the Internal Audit Plan, and the progress of implementation of internal and external audit recommendations. (36) A written report will be issued by the Internal Audit function to the relevant stakeholders, such as Portfolio Lead(s)/audit sponsor and the Vice-Chancellor, as well as to the Audit and Risk Committee at the conclusion of each internal audit engagement, which includes management's response and corrective actions taken or to be taken in regard to specific findings and recommendations. (37) If management's response to any finding is not considered adequate, or where management seeks to accept a risk that may be outside the risk appetite of the University, the Internal Audit function will consult with management of the function being reviewed and seek to reach a mutually agreeable resolution. If an agreement is not reached, the Internal Auditor shall pursue the matter through channels to appropriate levels of management, including the Executive Leadership Team where required, and the Audit and Risk Committee if required. (38) The Internal Audit function will monitor the completion of corrective actions and depending on the significance of the finding, the Internal Audit function may validate those assertions before recommending closure of the issue. (39) In addition to the reporting of work undertaken by the Internal Audit function in line with the approved Internal Audit plans, the Internal Auditor may draw the Audit and Risk Committee's attention to all matters that, in their opinion, warrant reporting. (40) The Director, Risk and Compliance will develop and maintain quality assurance measures that periodically assess the performance of the Internal Audit function. The Audit and Risk Committee will receive reports, and review and comment, on the performance of the Internal Audit function. (41) External assessments will also be conducted at least once every five years by a qualified, independent reviewer or review team from outside the University. (42) The Director, Risk and Compliance is also responsible for the administration of the Internal Audit function, including monitoring of the budget, human resource administration, the provision of office accommodation, computers and equipment, and support to access information and ensure the cooperation of University staff. (43) The Internal Auditor will review this Internal Audit Charter at least every three years, with any changes endorsed by the Audit and Risk Committee and recommended for approval by the University Council. (44) Nil. (45) Nil. (46) Internal Audit function – in the context of this Charter, the internal audit function comprises resources directly associated with the provision of internal audit services. These resources may be internal or external to the University.Internal Audit Charter
Section 1 - Purpose
Scope
Section 2 - Policy
Internal audit purpose
Guiding principles and standards
Role
Independence and objectivity
Authority and confidentiality
Scope of work
Responsibilities
Internal Audit functions
Internal auditor
Relationship with external audit
Planning
Reporting
Evaluation of Internal Audit
Review of the Internal Audit Charter
Section 3 - Procedures
Section 4 - Guidelines
Section 5 - Glossary
View Current
This is not a current document. To view the current version, click the link in the document's navigation bar.