TABLE OF CONTENTS
1. Legislative Requirements
2. University Policy
3. Objectives
4. Independence
5. Authority
6. Scope of Internal Audit
7. Frequency of Audit Tasks
8. Responsibilities
9. Reporting
10.
Relationship between Internal Audit & Review and
External Audit
11. Management, Quality Assurance and Staffing
12. The Audit & Risk Management Committee
8
8
9
5
5
7
3
3
4
Page
2
2
3

1.
Legislative Requirements
Section 11 of the Public Finance and Audit Act, 1983 provides:
(1) The Head of an authority shall ensure that there is an effective system of internal control over the financial and related operations of the authority, including:
(a) management policies and requirements made by the provisions of this Act and the prescribed requirements,
(b) sound practices for the efficient, effective and economical management of functions by each organisational branch or section within the authority,
(c) a system of authorisation and recording and procedures adequate to provide accounting control in relation to assets, liabilities, receipts and expenses,
(d) proper segregation of functional responsibilities, and
(e) procedures to review the adequacies of and compliance with the system of internal control.
(2) Wherever practicable, the Head of an authority shall establish and maintain an effective internal audit organisation which shall be responsible to the Head of an authority for:
(a) the regular appraisal of the adequacy of and compliance with the system of internal control,
(b) the review of operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned, and
(c) the reporting directly at regular intervals to the Head of the authority as to the result of any appraisal, inspection, investigation, examination or review made by the internal audit organisation.
2.
University Policy
It is the policy of the University to provide, as a delegated function of the Vice-
Chancellor, an internal audit unit, independent of all other organisational functions, which carries out a comprehensive review and appraisal of all management and administrative operations and activities for the purpose of advising management as to the adequacy of internal controls, compliance with University procedures and policies, and the efficiency, economy and effectiveness of such operations and activities.
2

3. Objective
To assist management at all levels in the effective discharge of its responsibilities by providing it with analyses, appraisals, investigations, recommendations, advice and information concerning the operations and activities reviewed for which it is responsible.
This involves the review, assessment and evaluation of financial, non-financial, qualitative and quantitative information, management practices and operational procedures and systems to obtain an adequate understanding of the operations and activities under audit, review or investigation.
4.
Independence
Internal Audit is an advisory unit having independent status within the University. Its staff shall:
(a) be responsible to the Vice-Chancellor (through the Chief Operating Officer and
DVC) and be independent of any other section or officer of the University;
(b) have no executive or managerial powers, authorities, functions or duties except those relating to the management of the internal audit function;
(c) not be involved in the day to day operation of the University; and
(d) not be responsible for the detailed development or implementation of new systems, but should be consulted during the system development process on the adequacy of control measures to be incorporated in new or amended systems, the system testing to be performed, the adequacy and accuracy of system documentation, and be advised of approved variations or new developments.
5.
Authority
5.1
The authority of Internal Audit is derived from the University’s Senate and
Section 11 (2) of the Public Finance and Audit Act 1983. The delegation of authority, the administrative arrangements, responsibility and accountability in respect of Internal Audit are further explained at Sections 4 and 8 of this Charter.
5.2 The Director, Audi, & Risk Management is authorized to direct a broad, comprehensive program of audits, reviews and investigations within the
University, in accordance with this Charter, established management policies and directives, and in conformity with relevant legislative provisions.
5.3 Internal Audit officers in the course of their duties shall:
(a) have full, free and unrestricted access to the monies, materials, property, vouchers, records, correspondence, documents and other data of the
University, which are necessary for the proper performance of their duties
3

and are permitted to examine all transactions and documentation, review all policies, procedures, management and administrative operations and functions of the University;
(b) have the right, at reasonable times , to enter any premises of the University and to request any officer or employee to furnish all information, documentation and explanations deemed necessary for them to audit or review any function or operation and/or to form an opinion on the adequacy of systems and/or controls . the officer or employee shall respond promptly to such enquiries.
(c) At reasonable times, have relevant discussions with departmental personnel who shall render every assistance to Internal Audit staff in the conduct of their duties.
6. Scope of Internal Audit & Review
The scope of Internal Audit shall be sufficiently comprehensive to ensure the effective and regular review of all management and administrative operations and activities including:
(a) evaluating and appraising the soundness, adequacy and application of accounting, financial, non-financial and operating controls and recommending improvements thereto where necessary;
(b) reviewing the reliability, timeliness, integrity and adequacy of the financial and operating information and data available for decision-making and for accountability purposes;
(c) reviewing as appropriate, the design , development, implementation and documentation of systems and procedures;
(d) reviewing the systems established to ensure the University’s compliance with those policies, practices, plans, procedures, laws and regulations which could have a significant impact on activities, operations and reports.
(e) reviewing the accounting for, and safeguarding of assets, and as appropriate, verifying the existence of such assets;
(f) undertaking investigations as required of potential instances of fraud, corruption, improper conduct maladministration and serious and substantial waste of public monies;
(g) appraising the adequacy of the action taken by line management to correct reported deficiencies, administrative and management issues;
4

(h) appraising the efficiency, economy and effectiveness and utilisation of resources employed in respect of management and administrative operations and activities; and
(i) reviewing management and administrative operations and activities to assist management in ascertaining and ensuring that results are consistent with the
University’s aims and objectives and whether the operations are being carried out as planned within established policies and given directions.
7.
Frequency of Audit Tasks
7.1 The Internal Audit program shall be prepared by the Director, Audit & Risk
Management and approved by the Audit & Risk Management Committee. It shall consist of a one-year plan for the current calendar year based on a master plan covering all relevant auditable areas.
7.2 All major management and administrative systems, functions and organizational units should be examined over cycles from one to three years, frequency being set out in the Internal Audit program.
8. Responsibilities
8.1 The Director, Audit & Risk Management, is responsible for:
(a) Informing and advising management, and discharging this responsibility in a manner consistent with professional standards and within the framework of the objectives and scope of this Charter.
(b) Directing administrative and technical Internal Audit functions and coordinating audit tasks within the overall aims and objectives of the
University.
(c) Developing and executing a comprehensive Internal Audit program over all major management and administrative systems, functions and operations approved by the Vice-Chancellor.
(d) Determining the objectives and scope of audits and reviews and investigations.
(e) Initiating recommendations to the Vice-Chancellor including those relating to:
 modifications and amendments to the Internal Audit programme
5

 the ability to achieve the Internal Audit programme taking into account the adequacy of staff numbers and the skills and expertise necessary to properly perform the audits and reviews programmed.
(f) The development, implementation and oversight of Internal Audit methodologies, practices, procedures and techniques.
(g) The maintenance of professional auditing standards, practices and techniques.
8.2 The Director, Audit & Risk Management is ultimately responsible and accountable to the Vice-Chancellor for the functional control of Internal Audit activities throughout the University and has direct access to the Vice-Chancellor if appropriate circumstances arise.
8.3 However, for administrative support of day-to-day activities and general management control the Director, Audit & Risk Management will report to the
Chief Operating Officer and DVC.
8.4 The Director, Audit & Risk Management and the Internal Audit staff have neither direct responsibility for, nor authority over, any of the operations of staff whose activities are subject to audit, or investigation.
8.5 In order to retain independence and objectivity, the officers of Internal Audit will not be responsible for the development nor install systems procedures, prepare records nor engage in any other activities which they would normally review or appraise.
8.6 However, the Director, Audit & Risk Management will, where necessary,
8.7 Internal Audit exercises and appraisals do not in any way relieve others of their assigned responsibilities. nominate officers of the Department to act on a consultative basis with project teams, including reviews of management activities and computer system development.
9. Reporting
9.1 Prior to the commencement of each audit or review, unless circumstances dictate otherwise, Internal Audit shall inform the appropriate levels of management of the intention to conduct an audit or review, the objectives and scope and the likely duration of the proposed audit or review, the approach to be adopted and the method of reporting for the audit or review.
9.2 During and at the completion of any audit or review, the audit observations, findings and recommendations will be discussed with the appropriate levels of
6

management and/or the line manager concerned. Unless circumstances dictate otherwise, an audit or review report and memorandum detailing the matters raised by Internal Audit will not be finalised or issued without this process having first been followed.
9.3 All audits and reviews will call for an audit or review report, and possibly also the issue of a memorandum to management detailing the matters raised by Internal
Audit.
9.4 Generally the audit or review report and memorandum will be submitted to management. However, as stated in section 8 ‘Responsibilities’, in appropriate circumstances an audit or review report will be submitted to the Vice-Chancellor.
9.5 The submission of the audit or review report under 9.5 should usually be within one month of the conclusion of the discussions referred to in 9.2.
9.6 Internal Audit reports will explain the scope and objectives of the audit or review, present findings and conclusions in an objective manner and make recommendations where appropriate. The reports will include details of the recommendations agreed to with management and the actions taken, management comments on other recommendations, and also identify any recommendations requiring the attention or authority of senior management.
9.7 Management is also responsible for ensuring that any unsatisfactory matters identified during an audit or review are promptly corrected. They shall have the prerogative to decide how and when the appropriate changes will be done unless circumstances dictate otherwise.
9.8 Where the need for a response to the audit or review report or memorandum is indicated, such should be received within 1 month of receipt. The response must be in writing, provide adequate detailed explanation and, where necessary, documentation of specific corrective action taken, or intended, and if no corrective action is proposed, the reasons should be given.
9.9 Internal Audit will determine that corrective action was taken and is achieving the desired results or that management has assumed the risk of not taking corrective action on reported findings.
9.10 The Director, Audit & Risk Management shall provide annual report and quarterly status reports to the Audit & Risk Management Committee.
9.11 Investigations into potential instances of fraud, corruption, improper conduct etc. by their very nature dictate the planning and reporting of such being tailored to the individual circumstances.
7

10. Responsibility between Internal Audit & Review and External Audit
10.1 The Director, Audit & Risk Management shall make available to the External
Auditor all Internal Audit working papers, programs, reports, files, flow charts, documentation etc for review, if required.
10.2 Both parties will discuss their audit programs on a regular basis to achieve effective co-ordination, liaison and employment of resources available to both
Internal Audit and External Audit to ensure the widest possible audit & review coverage and minimisation of duplication of effort.
11. Management, Quality Assurance and Staffing
11.1 The Director, Audit & Risk Management is to provide, whenever appropriate, written policies, guidelines and procedures for the guidance of Internal Audit staff.
11.2 The Director, Audit & Risk Management is to establish and maintain a quality assurance function to evaluate the operations of Internal Audit.
11.3 The Director, Audit & Risk Management will be guided by the standards and practices promulgated by Australia’s professional accounting bodies and the
Institute of Internal Auditors as well as any auditing or review guidelines or statements issued by such bodies as the Audit Office and the Public Accounts
Committee.
11.4 The Director, Audit & Risk Management will be active in implementing forthcoming legislative requirements or well anticipated future policies etc set out in draft legislation, Public Accounts Committee reports etc.
11.5 The Director, Audit & Risk Management shall ensure that Internal Audit staff keep abreast of developments in professional standards, practices, procedures, techniques, methodologies and technology and developments in public sector administration impacting, either specifically or generally, on auditing, review and investigation. Appropriate staff training will be provided to assist in achieving this.
11.6 The Director, Audit & Risk Management shall develop, maintain and update the duty statements, job specifications and criteria for all Internal Audit staff positions, viewing such against the present and future Internal Audit needs of the
University.
8

11.7 Audits and reviews will be undertaken for all major management administrative systems, operations functions, activities and the emphasis on the economy, efficiency, effectiveness, compliance, financial and systems analysis aspects for each audit & review will be determined by the Director, Audit & Risk
Management.
11.8 A comprehensive set of Internal Audit working papers should be prepared during each assignment unless circumstances dictate otherwise. The working papers shall include research and preliminary review documentation, planning rationale, systems documentation, details of auditing and review procedures, results of testing, discussion records, field audit reports and correspondence.
12. The Audit & Risk Management Committee
12.1 The Audit & Risk Management Committee is a committee of the University
Senate and has approved Terms of Reference.
12.2 The Internal Audit annual plan is submitted to the Audit & Risk Management
Committee for its endorsement. A report on the performance against plan is provided to each Committee Meeting. An annual report is also prepared by the
Director, Audit & Risk Management and submitted to the Audit & Risk
Management Committee.
12.3 The reports to the Committee will amongst other things detail, as appropriate the following for the focus of the Committee:
• number of audits and reviews programmed and completed;
• management requests for any additional audits, reviews, enquiries, assistance etc;
• number of investigations and review outside of the approved program requested and undertaken;
• areas of vulnerability to the University;
• unresolved, outstanding Internal Audit reports;
• training courses and awareness seminars for University staff perceived and organised by Internal Audit;
• management, administrative and procedural guidelines initiated, developed by or requested from Internal Audit;
• time spent by Internal Audit on systems development programs;
9

•
Internal Audit benchmarking of its operations against other Internal Audit organisations;
• time spent by Internal Audit staff on attachment or secondment to operational units, committees, University wide reviews etc;
• liaison and co-ordination with the External Auditors;
• public sector and private sector developments significantly impacting on the direction, methodologies, and the expectations held etc of Internal
Audit;
• any matters perceived as significantly involving the independence of, or the suppression of, Internal Audit;
• any contingent liabilities (eg litigation matters or similar) which have come to the attention of Internal Audit.
10