IMPLEMENTATION STEERING COMMITTEE
RECORD OF MEETING – 17 APRIL 2008
Attendance: Philip Mussared (Chair), Mark Pellowe, Peter Connelly, Martina
Nightingale, Charlie Sherlock, Stephen Horne, Peter Whitehead, Bill Middleton, Ross
Tyler, Noel Kean, John Holmes, Greg Byrne
Other attendees: Rose Williams (Treasury), Yasmin Parekh (Treasury-minute
taker), Matthew Copper (Cooper Consultants)
Apologies: Heather Watson (NSW Audit Office)
1. Welcome and Introduction
Philip Mussared welcomed the Implementation Steering Committee (ISC) members
and thanked them for agreeing to join the Committee. A list of members is included
at Attachment 1.
2. Presentation of key findings and recommendations of the Review
Peter Connelly presented the key findings and recommendations of the review and
distributed the handout to his presentation “Internal Audit: New Directions” based on
the “Performance Review on the Internal Audit Capacity of the NSW Public Sector”
(Attachment 2).
The ISC was advised that the review had found that there are opportunities to improve
the effectiveness of current NSW Internal Audit requirements based on the interjurisdictional comparison presented in the report.
There was some discussion about the issues that agencies would need to confront in
implementing the review recommendations, including the level of fees needed to
appropriately remunerate independent Chairs and members.
3. Governance arrangements for Internal Audit Review implementation
Philip Mussared outlined the proposed governance arrangements for Internal Audit
Review Implementation including the role to be played by the Implementation
Steering Committee (ISC), and the intention to establish a Practitioner’s Network and
a Human Resource Strategy Sub-committee (see Attachment 3).
The roles are outlined below:
a.
Implementation Steering Committee
The key role of the ISC is to “drive the implementation” of the recommendations.
b.
Audit and Risk Management Practitioners’ Network
The network will provide a forum for Internal Audit (IA) Managers to exchange
knowledge and expertise on internal audit and risk management.
1
c.
Internal Audit Human Resources Strategy Sub-committee
The key role of the sub committee is to formulate and implement an Internal Audit
HR Strategy.
The presentations that were made by Stephen Horne and Martina Nightingale and
discussions that took place under this item have been incorporated under Item 5
Progress on Implementation.
4. Seminar outline
Peter Connelly discussed the Seminars on Review of Internal Audit Capacity in the
NSW Public Sector that will be held on 29 April and 8 May 2008 and provided a copy
of the program to ISC members (see Attachment 4).
5. Progress on implementation
The Committee was advised that the Better Practice Framework had been adopted by
the NSW Government.
The ISC also was advised that the implementation plan for the Performance Review
of Internal Audit Capacity in NSW Public Sector has eight (8) key recommendations
that will need to be implemented over the next 12 months. The ISC discussed the
progress to date as well as future actions that needed to be taken to implement the
recommendations.
5.1 Strengthen policy for internal audit and risk management
There was discussion on the actions required to be taken by Treasury to update
Treasurer’s Direction 720. It was indicated that Treasury would consult prior to
issuing guidelines.
The Department of Commerce will establish a central panel of pre-qualified Chairs
and members of Internal Audit and Risk Management Committees.
ACTIONS TO BE TAKEN:
 Update Treasurer’s Direction 720 which mandates the minimum standards for
internal control and audit by June 2008 (NSW Treasury).
 Establish a Pre-qualification Scheme by June 2008 (Commerce).
5.2 Internal audit compliance assurance
Peter Connelly indicated that the Auditor-General had agreed the NSW Audit Office
will monitor compliance with new guidelines in the Audit Office’s audit program
from 2009-10.
2
ACTION TO BE TAKEN:
 Internal Audit compliance to be undertaken by the NSW Audit Office from
2009-10 (NSW Audit Office).
5.3 Pilot cluster of internal audit resources
To assist the smaller agencies, the Review report recommended agencies share IA
governance and delivery.
The meeting discussed options for establishing pilot clusters of agencies which would
share internal audit resources. A portfolio model was also suggested as an alternative
to a cluster model. It was indicated that the portfolio model would need to rely on
leadership from the main portfolio agency.
The ISC discussed these two options to achieve a grouping of agencies i.e. centralised
model of shared services or use portfolio-based clusters.
ACTION TO BE TAKEN:
 Pilot agency clusters with shared internal audit governance to be established
by June 2008 (DPC).
5.4 Better practice guidelines for internal audit
Mark Pellowe discussed earlier internal control and audit guidelines issued by NSW
Treasury. While these have been useful to agencies’ internal audit staff they need to
be updated to incorporate a better practice framework for Internal Control and Audit.
It was reiterated that Treasury would consult prior to issuing new guidelines.
ACTIONS TO BE TAKEN:
NSW Treasury to:
 Update the Internal Control ‘Best Practice’ guide (blue book)
 Revise and update the Risk Management Tool Kit
 Eliminate the Internal Report Criteria guide (white book).
 Present a strategy for implementing the above actions at the next ISC meeting.
5.5 Audit and risk management practitioner network
Stephen Horne discussed the establishment of the Network. He indicated that this
could be based on the Corruption Prevention model and could also utilise existing
informal Internal Audit networks. He further indicated that the Audit and Risk
Management Practitioners’ Network is to have a specific agenda based on a priority
3
assessment of issues. To ensure that the network is sustainable, it could utilise
technologies including electronic discussion boards, web based portals, email system,
and sharing information and resources (including templates). It was agreed that there
should be a forum for managers of internal audit.
Noel Kean and Ross Tyler agreed to work with Stephen in establishing the Network.
Further volunteers from the ISC and key line agencies will be required.
ACTIONS TO BE TAKEN:
 Stephen Horne is to seek further participants to help establish the Network.
 Establish a Network to exchange internal audit and risk management
knowledge and expertise by June 2008 (IAB).
5.6 Strategy for access and use of technology in internal audit
Charlie Sherlock indicated that the Department of Commerce will develop a strategy
for better use of technology across the NSW Public Sector to support internal audit
and risk management.
He indicated that the Enterprise Resource Planning (ERP) systems and audit related
modules, as well as Commerce’s internal audit system and ACL (Access Control List)
are options that could be explored.
ACTION TO BE TAKEN:
 Develop strategy for better use of technology across the NSW Public Sector to
support internal audit and risk management by June 2008 (Department of
Commerce).
5.7 Internal Audit human resources strategy
Martina Nightingale discussed the development of the human resource strategy for
internal audit and spoke to her paper (Attachment 5). Strategies will need to be
developed to address the following areas:




Recruitment and retention of high quality internal audit staff. This could be
achieved by adopting the ‘people first’ strategy.
A capability set for internal auditors. This is to include training and
development opportunities for existing staff and can be achieved by
approaching managers with knowledge leverage, approaching the Human
Resource staff, and revising the training needs of agency graduate programs
(such as the inter-agency Fast-Track Graduate program).
A recruitment strategy to target Information and Communication Technology
(ICT) auditors.
Provision of training and development opportunities for new and current
auditing staff and audit committee members. To ensure this, work will be
4
needed to identify an appropriate mix of full-time and contract-based staff and
revise the grading for appropriately qualified audit staff. To ensure training is
effective, tiers of different internal audit needs will need to be defined and
synergies created, particularly between diverse agencies.
Martina indicated that volunteers from the ISC and key line agencies would be needed
to participate in the sub-committee. John Holmes indicated his willingness to be a
participant.


Martina Nightingale to seek further participants to establish the subcommittee.
Human Resource Strategy to be developed by October 2008 (DPC).
5.8 Publish internal audit review report
Peter Connelly indicated that the report had been published but not yet released. The
report would be provided to agencies at the Seminar on 29 April 2008 and was
embargoed until that date. A copy of the report was provided to the ISC members.
6. Central pre-qualification panel for Audit and Risk Committee Chair and
independent members
Discussed as item 5.1 above.
7. Other business
Issues raised included:
 Some agencies currently do not have a risk management plan.
 Some agencies with sound risk management have poor linkage to internal
audit.
 There is a need for both independent membership, as well as improved
attendance by members, of audit committees.
 There is a need for quality staff to ensure better compliance. This puts pressure
on agencies to provide competitive salaries. A potential approach is to use a
cluster based audit staff model.
 It was reiterated that the Network should be restricted to Internal Audit
Managers.
8. Date of the next meeting
The next meeting will be held in approximately one month’s time, with the date to be
advised.
It was agreed that the agenda going forward would be structured on the outstanding
key actions.
5
Attachment 1
List of members for the Implementation Steering Committee (ISC)
NAME
TITLE
ORGANISATION
Philip Mussared (Chair)
Deputy Secretary
Operations
Senior Director,
Financial, Management
and Reporting
Executive Director,
Performance Review Unit
NSW Treasury
Dept of Premier and
Cabinet
Dept of Commerce
Stephen Horne
Director,
Workforce Strategy
Chief Auditor,
Audit Branch
Chief Executive
Peter Whitehead
Public Trustee
Mark Pellowe
Peter Connelly
Martina Nightingale
Charlie Sherlock
Bill Middleton
NSW Treasury
Dept of Premier and
Cabinet
Internal Audit Bureau
Attorney General’s
Department
Director,
Dept. of Education and
Audit & Risk Management Training
Ross Tyler
Director, Internal Audit
Department of Health
Noel Kean
Director, Internal Audit
Energy Australia
John Holmes
General Manager
RailCorp
Greg Byrne
Director,
Internal Audit &
Corruption Prevention
WorkCover Authority
Yasmin Parekh, Fast track graduate, NSW Treasury - minute taker
Heather Watson, Director, NSW Audit Office - observer
6
Attachment 2
Internal Audit:
New Directions
Overview of the Review of Internal Audit
Capacity in the NSW Government
April 2008
0
Objectives and Scope
Objectives
• Assess current arrangements and operations
– Legislation and policy
– Audit committees
• Focus on the efficient delivery of internal audit services
and identify opportunities for cost savings.
• Examine linkage between IA and risk management
• Identify areas for improvement
Scope
• Covered all budget sector agencies and SOCs/GBEs
• Excluded the results of external audits and the
performance of entities undertaking such audits.
1
7
Our research approach
Desktop research
Surveys
1. Whole-of-Government: Internal Audit Costs
All NSW agencies and government businesses
(89% response rate representing 99% of expenditure.)
2. Agency: Internal Audit Resources and Practices
Surveys of 24 agencies CAEs and IA chairs
(63% of total NSW Public Sector expenditure.)
Interviews (public/private sector; profession bodies)
2
What we found
• IA resources matches global benchmark
– spend of $50 million pa average of 0.1%
– 400 Audit FTE staff 1:1000
• Core audit services $7.9 m (16%)
• Operational audit
– Internal
$30.5 m (61%)
– External
$11.6 m (23%)
• External audit
$23.9 m
3
8
What we found
• Opportunities to improve effectiveness without
increasing direct costs
• IA performance levels vary across agencies
compared with best practice
• NSW lagged behind other jurisdictions in
governance and guidance
–
–
–
–
No requirement for IA function (only controls)
No mandates for IA committees (independence)
No mandated standards or reporting
No linkage to enterprise risk management
4
How did we compare?
Requirement
NSW
(Govt)
VIC
(Govt)
Qld
(Govt)
Cwth
(Govt)
Canada
(Govt)
UK
(Govt)
ASX (listed
companies)
USA (listed
companies)
Mandatory
requirement for
internal audit
function








Mandatory Audit
Committee








Mandatory minimum
governance
requirements for
Audit Committees








Standards for
internal audit
activities

~






Internal audit related
reporting








Linkage with risk
management








5
9
What we found
• IA is not mandated but is to occur ‘wherever
practicable’
• Greater independence of Audit & Risk
Committee is required (SoCs better than
Budget Sector).
• Uneven IA capacity across the sector to
mitigate service delivery failure and other risks
• Smaller agencies require greater assistance
for more effective/efficient IA services
• Policy and practice guidance need updating
6
Better IA functions have:
• Strategic focus on higher risk areas
• Enterprise-wide risk management
• Open and trusting relationships with
management while retaining regulatory posture
• IA staff with strong interpersonal and
communication skills
• Expertise to effectively manage outsourced audit
assignments
• Consult with management on solutions and
actions
• Risk rating on audit finding to prioritize
management action
7
10
Better IA functions:
• Track audit outputs to ensure implementation
• Effectively use of technology in internal audit
activities
• Work collaboratively with external auditor (AO)
• Have strong links with other assurance functions
• Implement effective fraud and corruption
prevention strategies
• Shift to a strategic/risk focus rather than
compliance
• Procedures based on recognised standards and
guides.
8
IA Business Model
9
11
Best Practice Framework
Whole-of-Government
1. Governance
(internal audit policy and regulation)
1. Internal audit policy and regulatory expectations
2. Compliance assurance
Agency
2. Governance
1. Independent audit committee (Chair and members)
2. Independence of the internal audit function from
operational management
3. Internal audit reporting and active monitoring
3. Risk management
4. Risk management oversight
5. Integrated risk management practices
6. Risk based audit
4. Control audit
7.
8.
9.
10.
Audit activities
Audit resources
Audit processes and systems
Currency of audit knowledge
10
Agreed actions
Getting the governance right
1. Strengthened NSW policy for internal audit and risk management
–
–
–
–
Adopt Better Practice Framework 
Update policy and guidance by June 08 (Treasury/Implementation Group)
Require Independent IA committees and Chairs
Establish a Prequalification Scheme by June 08 (Commerce)
2. Internal audit compliance assurance in 09-10 (NSW Audit Office) 
3. Pilot agency cluster with shared internal audit governance and
delivery by June 09 (DPC)
Getting the practices right
4. Rationalised, updated and improved better practice guidance for
internal audit by June 08 (Treasury)
5. Networks to exchange internal audit and risk management knowledge
and expertise by June 08 (Treasury) 
Getting the resources right
6. Strategy for access and use of IA technology by June 08 (Commerce)
7. Internal audit human resource development by Nov 08 (PSWO, DPC)
8. Internal Audit Review report published (DPC) 
11
12
Attachment 3
Governance of Internal Audit Review Implementation
Internal Audit Review Implementation Steering Committee
The Internal Audit Review Implementation Steering Committee is the main
Committee overseeing the implementation of the IA review recommendation. It will
consist of senior officers from the following agencies:
Chair: NSW Treasury
Members: 8 to 10 including
Department of Premier and Cabinet
Department of Commerce
Chief Audit Executives of agencies
Members of IA Review Steering Committee
The key role of the Committee is to drive the implementation of the recommendations
in the Internal Audit Review including update of the IA policy and guidance and
overseeing the sub-committees. The Committee is to report back to the Budget
Committee periodically with final report by 12 months.
Audit & Risk Management Practitioner Network
The Audit & Risk Management Practitioner Network Sub-Committee is responsible
for the promotion and operations of the Audit and Risk Management Practitioner
Network. The IA Review recommended this Network be set up to facilitate exchange
of knowledge and expertise on internal and risk management.
Chair: an agency CAE in the IA Review Implementation Steering Committee
Members: 2 to 3 IA Review Implementation Steering Committee
2 to 3 other CAEs in agencies
Professional bodies
Internal Audit Human Resources Strategy Sub-committee
The Sub-committee’s role is to formulate and implement the Internal Audit Human
Resources Strategy. It will consist:
Chair: Public Sector Workforce Office, Department of Premier and Cabinet
Members: 1 to 2 IA Review Implementation Steering Committee
2 to 3 agency representatives from internal audit and/or human resources
areas
The Sub-committee is to report back to the Internal Audit Review Implementation
Steering Committee periodically with final report by 12 months.
13
Attachment 4
Seminar on Review of Internal Audit Capacity in the NSW Public
Sector
Date:


Seminar 1: 29 April (Tuesday) 2 pm to 4 pm
Seminar 2: 8 May (Thursday) 10 am to 12 noon
Venue: Level 41, Reception Area, Governor Macquarie Tower
Agenda
1. Welcome & Introduction (Graeme Head, DPC)
10 min
2. Presentation of Key Findings & Recommendations of the Review
(Peter Connelly, PRU, DPC)
30 min
3. Overview of implementation (Philip Mussared, Treasury)
20 min
4. Compliance with IA Better Practice Framework
(Peter Achtersraat Auditor General)
5 min
5. Institute of Internal Auditors - TBD
5 min
6. Practitioners Network (Stephen Horne IAB)
5 min
7. Internal Audit Human Resource Strategy (Martina Nightingale,
PSWO, DPC)
5 min
8. Questions/ Discussion
40 min
14
Attachment 5
BRIEFING PAPER
Agenda Item: Establish an internal audit human resource committee
Background
Recommendation 7 (Tab 1) of the Review of Internal Audit Capacity in the NSW
Public Sector identifies that the Public Sector Workforce Office (PSWO), Department of
Premier and Cabinet and NSW Treasury via the Accountancy Strategy Group or similar,
develop an internal audit human resource strategy for consideration at the Chief
Executive Committee (CEC) in November 2008.
The strategy will address the following areas:
1. recruit high quality auditor staff
2. retain internal audit seniors and specialists
3. develop a capability set for internal auditors
4. develop a recruitment strategy to target Information and Communication
Technology (ICT) auditors
5. provide training and development opportunities for new and current auditing
staff and audit committee members.
To progress the internal audit human resource strategy, PSWO proposes that a
subcommittee of the Internal Audit Steering Committee be established. The
subcommittee will include agency representatives with audit and human resource
expertise.
The subcommittee will:
 examine key issues affecting the audit workforce
 align audit workforce issues with the NSW Public Sector Workforce Strategy
 identify and develop cross agency and sector initiatives to support the NSW
public sector audit workforce issues
 consider any other issues that might impact positively on the audit workforce.
The subcommittee will be chaired by the Director Workforce Strategy, Public Sector
Workforce Office. The Workforce Planning, Development and Equity Unit of PSWO
will provide executive and secretariat support.
The subcommittee will meet monthly and report to the CEC in November 2008.
Action Required
Nominations are being sought from the Steering Committee for representatives to join
the internal audit human resource committee. Representatives with audit and/or
human resource expertise are required.
The first meeting of the subcommittee will be held in the week commencing Monday
12 May 2008.
15
Please forward your agency’s nomination to Manuela Crouch, Senior Policy Advisor,
Workforce Planning Development and Equity by email
manuela.crouch@dpc.nsw.gov.au or by telephone 9228 3036 by Monday 28 April
2008.
Questions about the subcommittee can be directed to Martina Nightingale, Director
Workforce Strategy, Public Sector Workforce Office (ph 9228 3249 or
martina.nightingale@dpc.nsw.gov.au.
16