Mark Pellowe - NSW Public Sector Audit & Risk Practitioner Network

advertisement
Internal Audit and Risk
Management Policy for the
NSW Public Sector
Mark Pellowe
Senior Director, Financial Management and
Reporting
NSW Treasury
1
The new policy
Key policy documents
 Treasury Circular TC 09/08 Internal Audit and Risk
Management Policy (24 August 2009)
 Treasury Policy & Guidelines Paper TPP 09-5
Internal Audit and Risk Management Policy for the
NSW Public Sector (August 2009)
 Department of Premier and Cabinet Circular
C2009-13 Prequalification Scheme: Audit and Risk
Committees (4 May 2009)
2
What the new policy will achieve
Desired Outcomes
 Strengthened assurance and accountability
 Consistent use of internal audit to mitigate
business risk
 Greater focus on risk management
 More effective use of internal audit resources
 Stronger external incentives to ‘comply and
explain’
3
Core Requirements
Internal Audit Function
 Internal Audit function must be established
 Chief Audit Executive (CAE) must be designated
Independent Audit and Risk Committee
 An Audit and Risk Committee must be established
 ‘Independent’ Chairs and Members
Model Charter for Audit and Risk Committee
 Better practice requirements for operations
 New mandated requirements
4
Core Requirements (cont.)
Enterprise Risk Management


Risk management process ‘appropriate to the entity’
Role of ARC – ‘oversight’ of risk management framework
Internal Audit Standards Adopted


Operation of Internal Audit function consistent with IIA
International Standards
Additional reporting and monitoring requirements
5
Compliance and reporting
Who?
The policy DOES apply to:



for departments: Department Heads
for statutory bodies with governing boards: the Governing Board
for other statutory bodies: the Chief Executive Officer
The policy does NOT apply to:


statutory State Owned Corporations (SOCs) (covered by
Treasury’s Commercial Policy guidelines)
the Universities
6
Compliance and Reporting
By When? First Year
WHAT IS REQUIRED?
Exceptions sought and
2009/10 TIMETABLE
FOR A 30 JUNE 2010 FYE
End of third quarter
31 March 2010
Before the FYE
30 June 2010
Attestation Statement
to the Treasurer
Within 2 months after
FYE
31 August 2010
Annual Report
Disclosure
Within 4 months after
FYE
31 October 2010
determinations made
(if applicable)
Core Requirements
IN PLACE
(With submission of Annual
Report to Minister)
7
Compliance and reporting
Monitoring
 Treasury will:

monitor submission of attestation statements

monitor conformance

periodically review the efficiency and effectiveness of the policy
 The Auditor-General will:

undertake an assurance role in monitoring the sector’s compliance

review entity compliance with the policy through the compliance
audit and reporting program
8
Download