Internal and External Audit
- Internal Audit
- External Audit
- Managing Audit issues
- Audit and Risk Management Committee
- Information and Contacts
Internal Audit is a key part of an effective governance process; it does not form part of the University's internal control framework itself, but provides an objective evaluation of the effectiveness of that framework.
Internal Audit is an independent assessment activity within the University that focuses on the review of our operations. It assists management of the University by providing independent advice on operations and performance; and by assessing the effectiveness of internal controls and governance framework. The function aims to promote efficiency, economy and effectiveness of management processes as well as reliability and accuracy of operations.
The University's Internal Audit function serves an important role in providing assurance key risk areas are being appropriately addressed and managed and that appropriate controls and activities relating to the key risks identified by management are in place.
Internal Audit also assists the Audit and Risk Management Committee to discharge its responsibilities, in general terms monitoring the University's governance, risk and compliance frameworks and administrative operations, and reviews the activities of the controlled entities on behalf of the Council.
The Internal Audit function at the University is conducted under a co-sourced arrangement between outsourced suppliers and the University's internal audit team. The University has developed its own internal audit framework which is compliant with the Institute of Internal Audit (IIA) standards, uses a risk-based approach, and links into the University's risk management framework.
Internal Audit Plan
The individual audit engagements comprising the 1 year (tactical) and 4 year (strategic) audit plans are determined through a rigorous Internal Audit Planning Methodology which involves assessing potential audit areas against the following criteria:
- Impact of auditable area on strategic objectives
- Area subject to recent internal/external change
- Risk category and overall risk assessment
- Understanding of the university's risk appetite
- Other internal or external reviews being undertaken in the area
- Available resources
- Time since last internal or external audit and estimated audit frequency
- History of audit issues
The Internal and External Audits conducted on the University culminate in reports being presented to University Management that detail issues identified and recommendations on how they should be dealt with. The issues raised are assigned to a person within the organisation to then provide management comments including responding to the recommendations and detailing how the issue will be managed/resolved.
Each issue is assigned to an issue owner whose responsibility it is to provide updates on how the issue is being managed through to its resolution.
The Risk and Assurance Services (RAS) team provides quarterly reporting to the Audit and Risk Management Committee on the progress of the resolutin of issues raised in previous internal and external audit reports.