Frequently Asked Questions

Here are the answers to some of the questions we're asked most often.

What authority does Assurance Services have

Assurance Services is an independent function set up under the authority of the Council. Internal audits are performed on behalf of Council as determined and approved by the Risk Committee.


How do you decide what areas to audit

Audits are determined through a risk assessment process. There are several factors that may impact on the scheduling and timing of audits. For example, we determine the areas, processes, projects and controls that are most strategically important to UON.

These are determined from UON’s Strategic Risk Profile and are detailed in the three year Strategic Internal Audit Plan which is then considered and approved by the Risk Committee.

We also evaluate the risks and possible benefits to be realised from an audit and generally give priority to higher-risk and higher-benefit projects. We plan our audits to ensure consistency with UON’s objectives, that management is getting helpful, relevant and timely information from the audit, and that relevant policies, procedures and regulations are understood and are being followed.

We also receive audit requests from areas which may not have been included in the Internal Audit Plan. These requests are discussed and considered taking into consideration the risks, the skills and expertise needed, resources and impact on UON’s Strategic risks.


How long will the audit take?

It is dependent on the size, complexity and strength of the controls in place. An audit can vary in length from a week or so through to a few months and involves planning, fieldwork, and reporting back on findings. We can provide a firmer indication during our formal engagement, planning and scoping process. This is where we sit down with key people involved to define the scope and requirements of the audit.


How much of my time will be required?

This depends on your role in the audit and is impacted by various factors, for example the nature of the review, the complexity of the area’s operations, ease of access to information and documentation. Some people may be required throughout the audit while other staff may be involved at the planning or the completion phases. We would identify the key resources during our planning meeting and agree these staff with you at that time.


How might I be involved and what will I have to do?

There are key steps in the audit process and each stage requires slightly different input. We might request information in the lead up to meeting with you to help us better understand your risks and policies. Following on from this we might need to meet with you for a discussion on the key processes and identification of controls. We may ask you for some further information or details supporting the current procedures or to support the transactions we are testing. We also meet with you to discuss or explain findings and recommendations from the audit prior to issuing any reports.


What will the benefits be?

Depending on the audit requirements and area of review, we can help you:

  • Identify irregularities or errors
  • Highlight areas of non-compliance with regulation or policy and suggest improvements in your controls
  • Prevent loss of funding due to non-compliance
  • Offer another perspective—looking from the outside in
  • Assist you manage risks using the right internal controls and processes
  • Get good controls built in from the get go for new systems, processes or projects
  • Promote effective internal controls that benefit your area


What do I need to do to prepare?

Working together to agree on the audit scoping and timing, is important to ensure that the internal audit provides benefits to you. During the planning meeting, we will discuss our information needs and the proposed timing for receiving this data.


I'm worried we've got some serious issues to address, what should I do?

If you would like to talk to one of the team we will be more than happy to help. Contact us by phone or email and we can assist you in understanding the extent of your concerns and provide guidance on how to prepare an action plan or to improve controls to address your risks.


What are you actually looking for?

In general, we are reviewing for compliance with UON’s policies and for evidence of sound internal controls. UON’s policies exist to make sure the University meets and complies with necessary regulation and legislation, and that we operate efficiently and effectively.


Can I request an audit?

Yes, please contact us via the details at the bottom of this page.


How do I get an audit or review in my area?

Contact us via we can talk through what your needs are and how we can support you.


How disruptive will the audit be?

We try our best to keep any disruption to a minimum by organising any meetings at a mutually convenient time and spending plenty of time explaining the process up front so we can all prepare and work through any key timing or operational challenges.


What happens if you find any really serious issues?

We have a no surprises audit approach. By that we mean that we discuss issues as they are identified. We can provide guidance on actions to remediate the identified risks and assist you in developing appropriate timeframes to action the issue.

Reports are provided to the Executive Committee and the Risk Committee and these reports will include the agreed actions and timeframes to improve the internal controls.


How confidential is the process?

Any records, document or information we obtain during the course of our activities are used solely for the audit or review. All documents are securely filed with access controlled. Any access to internal audit engagement records must be approved by the Associate Director Assurance Services and access requests from any external parties must be approved by senior management and/or Legal Counsel.


Who gets to see the results?

Reports are provided to you and your Executive. The final reports are presented to the Executive Committee and the Risk Committee.

The External Auditor may also review the report as far as it impacts on their audit process.


Who audits audit?

Assurance Services team members remain independent of schools, faculties, business units or divisions subject to audit processes and maintain an impartial, unbiased attitude and avoid conflicts of interest. We provide an annual independence declaration to the Risk Committee. Assurance Services reports functionally to the Audit Subcommittee and the Associate Director Assurance Services is accountable to the Vice-Chancellor for the efficient and effective management of the internal audit function.

At least once every five years, an external assessment of the assurance function in completed by a qualified and independent assessor. The frequency and form of this review is approved by the Audit Subcommittee.

All Assurance Services team members uphold the principles of integrity, objectivity, confidentiality and competency. Read our full Code of Ethics.