Internal Audit and Risk Management Policy for the NSW Public Sector Mark Pellowe Senior Director, Financial Management and Reporting NSW Treasury 1 The new policy Key policy documents Treasury Circular TC 09/08 Internal Audit and Risk Management Policy (24 August 2009) Treasury Policy & Guidelines Paper TPP 09-5 Internal Audit and Risk Management Policy for the NSW Public Sector (August 2009) Department of Premier and Cabinet Circular C2009-13 Prequalification Scheme: Audit and Risk Committees (4 May 2009) 2 What the new policy will achieve Desired Outcomes Strengthened assurance and accountability Consistent use of internal audit to mitigate business risk Greater focus on risk management More effective use of internal audit resources Stronger external incentives to ‘comply and explain’ 3 Core Requirements Internal Audit Function Internal Audit function must be established Chief Audit Executive (CAE) must be designated Independent Audit and Risk Committee An Audit and Risk Committee must be established ‘Independent’ Chairs and Members Model Charter for Audit and Risk Committee Better practice requirements for operations New mandated requirements 4 Core Requirements (cont.) Enterprise Risk Management Risk management process ‘appropriate to the entity’ Role of ARC – ‘oversight’ of risk management framework Internal Audit Standards Adopted Operation of Internal Audit function consistent with IIA International Standards Additional reporting and monitoring requirements 5 Compliance and reporting Who? The policy DOES apply to: for departments: Department Heads for statutory bodies with governing boards: the Governing Board for other statutory bodies: the Chief Executive Officer The policy does NOT apply to: statutory State Owned Corporations (SOCs) (covered by Treasury’s Commercial Policy guidelines) the Universities 6 Compliance and Reporting By When? First Year WHAT IS REQUIRED? Exceptions sought and 2009/10 TIMETABLE FOR A 30 JUNE 2010 FYE End of third quarter 31 March 2010 Before the FYE 30 June 2010 Attestation Statement to the Treasurer Within 2 months after FYE 31 August 2010 Annual Report Disclosure Within 4 months after FYE 31 October 2010 determinations made (if applicable) Core Requirements IN PLACE (With submission of Annual Report to Minister) 7 Compliance and reporting Monitoring Treasury will: monitor submission of attestation statements monitor conformance periodically review the efficiency and effectiveness of the policy The Auditor-General will: undertake an assurance role in monitoring the sector’s compliance review entity compliance with the policy through the compliance audit and reporting program 8