Internal Audit Charter

Transcription

1 1 Internal Audit Charter This Charter establishes the authority and responsibilities conferred by the Council of Monash University on the University's Internal Audit unit and the co-sourced provider of internal audit services. Internal auditing is defined by the Institute of Internal Auditors as an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. 1. Role 1.1 Independence is essential to the effectiveness of an internal audit function. Internal Audit is therefore an independent, objective assurance and advisory activity of Monash University designed to add value and improve the University s operations. Its objective and role is to help the University accomplish its objectives by bringing a systematic, disciplined approach to evaluation, effectiveness and improvement in the University s governance, risk management and control processes. 1.2 The Internal Audit function is undertaken by the University s Internal Audit unit and by an external provider under a contractual co-sourcing arrangement. 2. Independence The Internal Audit Unit has independent status within the University. For that purpose:- 2.1 the Director, Internal Audit reports directly to the Vice-Chancellor and holds office on the authority of the chair of the Audit and Risk Committee of Council; 2.2 the Director, Internal Audit is responsible for the management of the Internal Audit unit and the duties involved in the ongoing management and monitoring of the performance of the contract service provider, but has no other executive or managerial powers, authorities, functions or duties. 2.3 The Director, Internal Audit: has unrestricted access to the Audit and Risk Committee; Page 1 of 5

2 2 can meet separately and privately with the Audit and Risk Committee chair and/or members as required; can meet separately and privately with the Vice-Chancellor as required; has no direct responsibility for, or authority over, any of the activities reviewed; is free to determine the scope of internal audits and to perform the required work; and is free to communicate the results of internal audits to the Audit and Risk Committee. 2.4 Independence of the Internal Audit function is facilitated by the Director, Internal Audit functionally reporting to the chair of the Audit and Risk Committee and administratively to the Vice-Chancellor. 3. Authority 3.1 The Director, Internal Audit: is authorised to develop, in collaboration with the external co-sourced provider, and direct a broad, comprehensive Internal Audit Plan; has discretionary authority to adjust the Internal Audit Plan as a result of receiving requests from management to undertake special advisory services or to conduct reviews that are not in the Internal Audit Plan, but any such adjustments must be reported to the chair of the Audit and Risk Committee and submitted to the next meeting of the Audit and Risk Committee for approval or ratification; and is required to manage the use of the co-sourced provider within the scope of the contract with the provider and so as to achieve the most efficient and economic use of the co-sourced provider s staff. 3.2 To facilitate the conduct of the Internal Audit Plan, Council has determined that staff from the Internal Audit unit and the co-sourced provider s internal audit staff will:- have a right of access to all premises and assets of the University and the right to inspect all correspondence, files, records, accounts, data and other documents and forms held by the University as are necessary to perform their duties properly; have the right to require all staff of the University to supply such information, explanations and documentation as is necessary for the proper performance of their duties; and receive full assistance from University staff whilst carrying out their duties. 4. Responsibilities 4.1 appraising the adequacy of controls in the University s administrative systems and information systems; Page 2 of 5

3 3 4.2 assessing management s controls in relation to the income and expenditure of the University; 4.3 assessing management s controls in relation to ensuring the accuracy and adequacy of management information; 4.4 reviewing and evaluating systems, procedures and internal controls and recommending improvements to existing processes, where appropriate; 4.5 reviewing and evaluating systems, procedures and internal controls and recommending improvements to existing processes, where appropriate; 4.6 assessing the adequacy of the Risk Management Framework and policies and the Compliance Framework, and recommending improvements as required; 4.7 ensuring that appropriate auditing resources are directed towards areas of highest risk; 4.8 appraising the economy, efficiency and effectiveness with which University resources are employed; 4.9 providing audit certifications and audit opinions as required; 4.10 providing advice on a range of administrative and financial matters; 4.11 maintaining contact and liaising with the University s external auditors to ensure an effective use of resources and to avoid duplication of effort; 4.12 conducting ad-hoc and confidential investigations at the request of senior management and/ or the Audit and Risk Committee 4.13 monitoring and evaluating the performance of the co-sourced provider and giving the provider constructive feedback on its performance; 4.14 ensuring compliance with the standards detailed in this Charter; and 4.15 conducting such other activities and tasks as may be delegated to him or her by the Vice-Chancellor or directed by the Audit and Risk Committee from time to time. 5. Scope of Activities 5.1 The risk based Internal Audit Plan will be developed on an annual basis by the Director, Internal Audit, in conjunction with the co-sourced provider, and discussed with the chair of the Audit and Risk Committee before being submitted to the Committee for approval. 5.2 The scope of the Internal Audit Plan will include the total activities and operations of: Page 3 of 5

4 4 all academic and administrative departments, organisational and functional units and centres of Monash University, including its off-shore operations; and all auxiliary operations. 6. Reporting 6.1 At the conclusion of each internal audit, a report on the audit outcomes will be issued to the responsible managers and senior management. The audit report must include the audit objectives and scope and, where appropriate, an overall opinion or assessment of controls, recommendations, management actions and proposed implementation dates. Management will be requested to provide comments to the Director, Internal Audit within a timeframe nominated by the Director. This timeframe will generally be two weeks from the date of issue of the draft report to management, unless otherwise agreed. The Director, Internal Audit will determine the most appropriate reporting methodology, dependent upon the nature of the audit/review undertaken. The Director, Internal Audit will make all Internal Audit reports available to the Audit and Risk Committee. 6.2 At each Audit and Risk Committee meeting, the Director, Internal Audit will submit a report summarising all Internal Audit activities undertaken since the last meeting. The format of the report will be as agreed with the chair of the Audit and Risk Committee, but should include (at least): Details of audit reports completed or in progress; The outcomes of Internal Audits undertaken; An update on management action taken to address significant issues, exposures and control issues previously reported; and The Internal Audit unit s progress against the then current Internal Audit Plan. 6.3 Each report by the Director, Internal Audit to the Audit and Risk Committee will include: management s response in respect to issues and recommendations raised in the report; and reference to the person nominated as responsible for ensuring that the management actions are completed. Management action will include a timeframe for completion as agreed with the Director, Internal Audit. Page 4 of 5

5 5 7. Standards 7.1 The Internal Audit function will be conducted in accordance with relevant professional standards including: Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors; Standards relevant to internal audit issued by the CPA Australia and the Institute of Chartered Accountants in Australia; The Statement on Information Systems Auditing Standards issued by the Information Systems and Control Association; and Standards issued by Standards Australia and the International Standards Organisation. 7.2 In the conduct of Internal Audit work, staff of the Internal Audit unit and of the co-sourced provider will: comply with relevant professional standards of conduct; possess the knowledge, skills and technical proficiency relevant to the performance of their duties; be skilled in dealing with people and communicating audit and related issues effectively; maintain their technical competence through a programme of professional development; and exercise due professional care in performing their duties. 7.3 In the conduct of its activities, the Internal Audit unit will play an active role in: helping to develop and maintain a culture of accountability and integrity across the University; and promoting a culture of self-assessment and adherence to high ethical standards. 8. Review The Audit and Risk Committee will review this Charter at regular intervals at such times as the chair and the Director, Internal Audit consider appropriate. Approved by Monash University Audit and Risk Committee 7 September Page 5 of 5