T EMORA SHIRE COUNCIL I NTERNAL AUDIT A CTIVE 18 Februrayr 10 1
R eview Details A BOUT THIS RELEASE D OCUMENT NAME: I nternal Audit C ODE NUMBER: G1 8 A UTHOR: E NDORSEMENT DATE: 18 February 10 REVIEW Revision D ate R evision Description Date approved by G eneral Managers C ouncil E ndorsement N ew Policy 18 February 10 G CL P LANNED REVIEW Planned R eview Date R evision Description R eview by 18 Februrayr 10 2
I NTERNAL AUDIT REVIEW Having regard to the Department Local Government s insistence that an Internal Audit Function be established for all Councils, it is appropriate that we as a group review w here we are and how we can move forward under the guidelines established by the D epartment. I will deal with the significant issues Internal Audit Committee, Internal Audit Charter and Plan and the undertaking the Audit as separate items. I will provide solutions to t hose issues as I see it and I note that my solutions may or may not conform with the Department, however, where we differ we may be able to negotiate with the D epartment on those items. The guidelines as provided do envisage groups Councils like us undertaking the I nternal Audit function. They also seem to acknowledge the difficulties in obtaining p ressional staff and Committee members. I think we must accept that when we started this process the Internal Audit function w as somewhat optional and were able to set out own pace and do it in the manner that we deemed appropriate. The fact that the Department are now almost making it mandatory means that we might have to change some our thoughts and the way we w ere going about this function. It also seems to mean that there becomes a degree urgency as regards its implementation and carrying out the processes actually doing t he Audit. I NTERNAL AUDIT COMMITTEE I am suggesting f ollows: that an Internal Audit Committee be established for each Council as M ayor C ouncillor 2 In dependents I am suggesting that the two Independents should comprise as the General Manager and a Director one the other Councils within the group with such Council not being t he one carrying out the Audit. For instance, with Temora, if we look at the schedule t hat I have attached this means that the Council Committee would comprise: t he Mayor, a Councillor, t he General Manager Greater Hume Shire, a Director Greater Hume Shire. 18 Februrayr 10 3
N on voting attendees would be: the General Manager, Tem ora Shire C hief Financial Officer, Steve Firth I am aware that this may be a potential conflict with the Department, however, the fact that we have separated the Committee Membership and the Audit does provide for a l evel independence. A ttached to this as A ppendix 1 I NTERNAL i s AUDIT FUNCTION a copy a draft Audit Committee Charter. The Internal Audit Committee function should be carried out in accordance with the I nternal Audit Plan that we have adopted earlier. I will deal with the plan in the next section. Attached to this report as A ppendix 2 i s a copy the Internal Audit Charter. I am suggesting that the actual Internal Audit should continue to be done by adjoining C ouncils as currently exists. The Council charged with carrying out the audit on another Council would not be those that are providing the independent members the Audit C ommittee. Attached to this report as A ppendix 3 is a copy a proposed plan interaction b etween the Councils as regards membership the Committee and those charged with c arrying out the audit function. In order to achieve a satisfactory response from the Department I believe we will have to ramp up our compliance with the Audit Plan and that rather than doing one or two f unctions every couple years, we will have to stick to a rolling three year programme. I note that the Department in their guidelines accept the fact that the full Internal Audit will not be carried out on an annual basis, but can be done over a rolling three year p eriod. INTE RNAL AUDIT P LAN The guidelines provide that Councils must have an Internal Audit Plan that covers all the activities Council. Whilst this will become a trial and error situation, I believe that the A udit Risk area that we have isolated is heading in the right direction. There are a couple issues that we deleted from that Plan, ie. security, human resource management and business process, that I believe will need to be included in the plan to e nable it to be signed f by the Department. 18 Februrayr 10 4
T he other issue that needs to be addressed is that some Councils opted out certain sections the Audit Plan. I don t believe that this will be acceptable to the Department a s it is not a matter the General Manager or Corporate Services being satisfied that those areas are satisfactory, it is a requirement that the Internal Audit Committee be s atisfied and they in turn can satisfy the Council that these works are being completed. S UMMARY I am aware that the Department may well have some disagreement with some these issues and discussion has been held with them on these matters. However, I think it is best if we can get a plan and a process together and then perhaps take it to Ross W oodward for discussion, we may well be able to negotiate our way through some t he issues. A ction to be taken from here is as follows: 1 ) C onfirm in principle the processes outlined above. 2 ) Confirm the Council interaction as regards the Committee s and the Audit f unction. 3 ) D etermine the content the Audit Plan. 4) Set a time table as regards Committee Meetings and the carrying out the A udit function. 18 Februrayr 10 5
TEMORA S HIRE COUNCIL I NTERNAL AUDIT CHARTER A ppendix 1 The mission internal auditing is to provide an independent, objective assurance and c onsulting activity designed to add value and improve an organisation s operations. It helps an organisation accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness risk management, control and g overnance pr ocesses. Internal Audit at Temora Shire Council is managed by the Office Manager who is designated Head Internal Audit within the organisation. The Head Internal Audit is t he top position within an organisation for internal audit activities, as defined in The International Standards for the Pressional Practice Internal Auditing (Standards) i ssued by the Institute Internal Auditors. 1. I ntroduction This Internal Audit Charter is a formal statement or purpose, authority and r esponsibility fo r an internal auditing function within the Temora Shire Council. It establishes Internal Audit within the Temora Shire Council and recognizes the importance such an independent and objective service to the o rganisation. I t outlines the legal and operational w ill operate. framework under which Internal Audit It authorizes the Head Internal Audit to promote and direct a broad range internal audits across the Temora Shire Council and, where permitted, e xternal bodies. 2. R ole and Authority T he Head Internal Audit is authorized to direct a comprehensive program internal audit work in the form reviews, previews, consultancy advice, evaluations, appraisals, assessments and investigations functions, processes, c ontrols and governance frameworks in the context the achievement b usiness objectives. 18 Februrayr 10 6
For this purpose, all members the Internal Audit are authorized to have full, free and unrestricted access to all functions, property, personnel, records, i nformation, accounts, files, monies and other documentation, as necessary for t he conduct their work. 18 Februrayr 10 7
3. O bjectivity Independence and Organisational Status Objectivity requires an unbiased mental attitude. As such, all Internal Audit staff s hall perform internal audit engagements in such a manner that they have an honest belief in their work product and that no significant quality compromises are made. Further, it requires Internal Audit staff not to subordinate their j udgement on internal audit matters to that others. T o facilitate this approach, Internal Audit shall have independent status within the Temora Shire Council and for this purpose shall be responsible directly through the Head Internal Audit to the Audit Committee and administratively t o the General Manager. Internal Audit shall be independent the activities reviewed, and therefore shall not undertake any operating responsibilities outside internal audit work. Neither shall Internal Audit staff have any executive o r managerial powers, authorities, functions or duties except those relating to the management Internal Audit. Internal Audit staff and contractors shall report to the Head Internal Audit any situations where they feel their o bjectivity may be impaired. Similarly, the Head Internal Audit should report a ny such situations to the Audit Committee. The work Internal Audit does not relieve the staff the Temora Shire Council from their accountability to discharge their responsibilities. All Temora Shire C ouncil staff are responsible for risk management and the operation and enhancement internal control. This includes responsibility for implementing r emedial action endorsed by management following an internal audit. I nternal Audit shall not be responsible for operational activities on a daily basis, or in the detailed development or implementation new or changed systems, o r for internal checking processes. 4. S cope Work T he scope service provided by Internal Audit shall encompass: T he examination and evaluation the adequacy and effectiveness systems internal control, risk management, governance, and the status e thical behaviour. Ascertaining conformity with the goals and objectives the Temora Shire C ouncil. A ssessment the economic and efficient use res ources. 18 Februrayr 10 8
The examination compliance with policies, procedures, plans and l egislation. A ssessment the reliability and integrity information. A ssessment the safeguarding assets. A ny special investigations as directed by the Audit Committee. All activities the Temora Shire Council whether financial or non- financial, m anual or computerised. 5. T he scope work may include: A ssurance services objective examination evidence for the purpose p roviding an independent assessment on risk management, control, or governance processes for the organisation. Examples may include financial, performance, operational, compliance, system security, and due diligence e ngagements. C onsulting services a dvisory and related client service activities, the nature and scope which are agreed with the client and which are intended to add value and improve an organisation s governance, risk management, and control processes without the internal auditor assuming management r esponsibility. Examples incl ude counsel, advice, facilitation and training. 6. I nternal Audit Methodology Internal Audit shall use the most appropriate methodology for each internal audit engagement, depending on the nature the activity and the pre- d etermined parameters for the engagement. Generally, internal audits will i nclude: P lanning. R eviewing and assessing risks in the context the audit objectives. E xamination and evaluation information. C ommunicating results. F ollowing up on implementation audit recommendations. 7. O perating Principles I nternal Audit shall conform with: T he Standards and Code Ethics issues by the Institute Internal Auditors. 18 Februrayr 10 9
Where relevant, the Statement on Information Systems Auditing Standards i ssued by the Information Systems and Co ntrol Association. Relevant auditing standards issued by the Auditing and Assurance Standards B oard. 8. I nternal Audit shall: Possess the knowledge, skills, and technical priciency essential to the p erformance internal audits. B e skilled in dealing e ffectively. with people and in communicating audit issues Maintain their technical competence through a program continuing e ducation. E xercise due pressional care in performing internal audit engagements. 9. I nternal Audit Staff shall: C onduct t hemselves in a pressional manner. Conduct their activities in a manner consistent with the concepts expressed i n the Standards and the Code Ethics. 10. R eporting Arrangements T he Head Internal Audit shall at all times report to the Audit Committee. At each Audit Committee meeting the Head Internal Audit shall submit a report s ummarizing all audit activities undertaken during the period, indicating: I nternal audit engagements completed or in progress. O utcomes each internal audit engageme nt undertaken. R emedial action taken or in progress. On completion each internal audit engagement, Internal Audit shall issue a report to its audit customers detailing the objective and scope the audit, and r esulting issues based on the outcome the audit. Internal Audit shall seek from the responsible senior executive an agreed and endorsed action plan outlining remedial action to be taken, along with an implementation timetable a nd person responsible. Responsible ficers shall have a maximum ten 18 Februrayr 10 10
working days to provide written management responses and action plans r esponse to issues and recommendations contained in internal audit reports. in The Head Internal Audit shall make available all internal audit reports to the A udit Committee. However, the work Internal audit is solely for the benefit the Temora Shire Council and is not to be relied on or provide to any other person or organisation, except where this is formally authorized b the Audit C ommittee or the Head Internal Audi t. In addition to the normal process reporting on work undertaken by Internal Audit, the Head Internal Audit shall draw to the attention the Audit Committee all matters that, in the Head Internal Audit s opinion, warrant r eporting in this matt er. 11. P lanning Requirements Internal Audit uses a risk- based rolling program internal audits to establish an annual Internal Audit Plan to reflect a program audits over a 12 month period. T his approach is designed to be flexible, dynamic and more timely in order to m eet the changing needs and priorities the Temora Shire Council. The Head Internal Audit shall prepare an annual Internal Audit Plan for review and approval by the Audit Committee, showing the proposed areas for audit. T he annual Internal Audit Plan shall be based on an assessment the goals, objectives and business risks the Temora Shire Council and shall also take into consideration e xecutives. any special requirements the Audit Committee and senior T he Head Internal Audit has discretionary authority to adjust the Internal Audit Plan as a result receiving special requests from management to conduct reviews that are not on the plan, with these to be approved at the next meeting o f the Audit Committee. 12. Quality Assurance & Improvement Program The Head Internal Audit shall oversee the development and implementation a quality assurance and improvement program for Internal Audit, to provide a ssurance that internal audit work conforms to the Standards and is focused on c ontinuous improvement. 18 Februrayr 10 11
13. Co- o rdination with External Audit The Head Internal Audit shall periodically consult with the external auditors, to discuss matters mutual interest, to co- ordinate audit activity, and to reduce d uplication o f audit effort. 14. R eview the Internal Audit Charter The Head Internal Audit shall periodically review the Internal Audit Charter to ensure it remains up-to- date and reflects the current scope internal audit w ork. 15. Evaluation Internal A udit The Head Internal Audit shall develop performance measures (key performance indicators) for consideration and endorsement by the Audit Committee, as a means for the performance Internal Audit to be periodically e valuated. I nternal Audit shall also be subject to an independent quality review at least every five years. Such review shall be in line with the Standards Pressional Practice in Internal Audit and be commissioned by and report to the Audit C ommittee. 16. C onflicts Interest I nternal Auditors are not to provide audit services for work for which they may previously have been responsible. Whilst the Standards provide guidance on this point and allow this to occur after 12 months, each instance should be carefully a ssessed. W hen engaging internal audit contractors, the Head Internal Audit shall take steps to identify, evaluate the significance, and manage any perceived or actual c onflicts interest that may impinge upon internal audit work. I nstances perceived or actual conflicts interest by the Head Internal Audit or Internal Audit staff and contractors are to be immediately reported to the A udit Committee by the head Internal Audit. Any changes C ommit tee. to this Internal Audit Charter will be approved by the Audit A pproved: A udit Committee Meeting D ate: 18 Februrayr 10 12
TEMORA S HIRE COUNCIL A UDIT COMMITTEE CHARTER A ppendix 2 1. O bjective The objective the Audit Committee (Committee) is to provide independent a ssurance and assistance to the Temora Shire Council on risk management, c ontrol, governance, and external accountability responsibilities. 2. A uthority The Council authorizes the Committee, within the scope its role and r esponsibilities, to: O btain any information it needs from any employee ( subject to their legal obligations to protect information). or external party Discuss any matters with the external auditor or other external parties ( subject to confidentiality considerations). R equest the attendance any employee or councilors m eetings. at Committee Obtain external legal or other pressional advice considered necessary to m eet its responsibilities. 3. C omposition and Tenure T he Committee will consist : 3.1 M embers (voting) M ayor C ouncillor I ndependent external member (General H ume Shire Council) Manager the Greater 18 Februrayr 10 13
Independent external member G reater Hume Shire Council) (Director, Engineering Services, 3.2 Attendee (non- v oting) G eneral Manager G Lavelle H ead Internal Audit J Olsson C hief Financial Officer S F irth 3.3 Invitees (non-v oting) for specific Agenda items R epresentatives the external auditor. Other ficers may attend by invitation as requested by the C ommittee. The independent external member will be appointed for the term Council, after which they will be eligible for extension or re- appointment f ollowing a formal review their performance. The members the Committee, taken collectively, will have a broad range skills and experience relevant to the operations Temora Shire C ouncil. At least one member the Committee shall have accounting or related financial management experience, with understanding a ccounting and auditing standards in a public sector environment. 4. R ole and Responsibilities T he Committee has no executive powers, except those expressly provided by the C ouncil. In carrying out its responsibilities, the Committee must at all times recognize that primary responsibility for management Council rests with the Council and t he General Manager as defined by the L ocal Government Act. The responsibilities the Committee may be revised or expanded by the Council f rom time to time. The Committee s responsibilities are: 4.1 R isk Management Review whether management has in place a current and c omprehensive risk management framework, and associated procedures for effective identification and management business a nd financial risks, including fraud; 18 Februrayr 10 14
Review whether a sound and effective approach has been followed in d eveloping strategic risk management plans for major projects or u ndertakings; Review the impact the risk management framework on its control e nvironment and insurance arrangements; and Review whether a sound and effective approach has been followed in e stablishing business continuity planning arrangements, including w hether plans have been tested periodically. 4.2 C ontrol Framework Review whether management has adequate internal controls in place, i ncluding over external parties such as contractors and advisors; R eview whether management has in place relevant policies and p rocedures, and these are periodically reviewed and updated; Progressively review whether appropriate processes are in place to a ssess whether policies and procedures are complied with; R eview whether appropriate policies and procedures are in place for t he management and exercise delegations; and Review whether management has taken steps to embed a culture w hich is committed to ethical and lawful behavior. 4.3 E xternal Accountability S atisfy itself the annual financial reports comply with applicable Australian Accounting Standards and supported by appropriate management sign- f on the statements and the adequacy internal c ontrols. Review the external audit opinion, including whether appropriate a ction has been taken in response to audit recommendations and a djustments. To consider contentious financial reporting matters in conjunction w ith Council s management and external auditors. Review the processes in place designed to ensure financial i nformation included in the annual report is consistent with the s igned financial statements. 18 Februrayr 10 15
Satisfy itself there are appropriate mechanisms in place to review and implement, where appropriate, relevant State Government reports a nd recommendations. S atisfy itself there is a performance management framework linked to o rganizational objectives and outcomes. 4.4 L egislative Compliance Determine whether management has appropriately considered legal and compliance risks as part risk assessment and management a rrangements. R eview the effectiveness the system for monitoring compliance w ith relevant laws, regulations and associated government policies. 4.5 I nternal Audit Act as a forum for communication between the Council, General M anager, senior management, internal audit a nd external audit. Review the internal audit coverage and internal Audit Plan, ensure the plan has considered the Risk Management Plan, and approve the p lan. Consider the adequacy internal audit resources to carry out its r esponsibilities, including completion the approved Internal Audit P lan. Review all audit reports and consider significant issues identified in audit reports and action taken on issues raised, including i dentification and dissemination better practices. M onitor the implementation m anagement. internal audit recommendations by Periodically review the Internal Audit Charter to ensure appropriate organizational structures, authority, access and reporting a rrangements are in place. P eriodically review the performance Interna l Audit. 18 Februrayr 10 16
4.6 E xternal Audit Act as a forum for communication between the Council, General M anager, senior management, internal audit and external audit. Provide input and feedback on the financial statement and p erformance audit coverage proposed by external audit, and provide f eedback on the external audit services provided. Review all external plans and reports in respect planned or completed external audits and monitor the implementation audit r ecommendations by management. C onsider significant issues raised in relevant external audit reports a nd better practice guides, and ensure appropriate action is taken. 4.7 R esponsibilities Members 5. R eporting M embers the Committee are expected to: U nderstand the relevant legislative and regulatory requirements a ppropriate to Temora Shire Council. Contribute the time needed to study and understand the papers p rovided. A pply good analytical skills, objectivity and good judgement. Express opinions frankly, ask questions that go to the fundamental c ore is sues, and pursue independent lines enquiry. At the first Committee meeting p rovide a performance report : after 30 June each year, Internal Audit will The performance Internal Audit for the financial year as measured against a greed k ey performance indicators. The approved Internal Audit Plan work for the previous financial year s howing the current status each audit. 18 Februrayr 10 17
The Committee may, at any time, consider any other matter it deems s ufficient importance to do so. In addition, at any time an individual Committee m ember may request a meeting with the Chair the Committee. 6. A dministrative Arrangements 6.1 M eetings The Committee will meet at least four times per year, with one these m eetings to include review and endorsement the annual audited f inancial reports and external audit opinion. The need for any additional meetings will be decided by the Chair the Committee, though other Committee members may make requests to t he Chair for additional meetings. A forward meeting plan, including meeting dates and agenda items, will be agreed by the Committee each year. The forward meeting plan will cover all Committee responsibilities as detailed in this Audit Committee C harter. 6.2 A ttendance at Meetings and Quorums A quorum will consist a majority Committee members, including at least one independent member. Meetings can be held in person, by t elephone or by video conference. The Head Internal Audit will be invited to attend each meeting unless r equested not to do so by the Chair the Committee. The Committee may also request the Chief Finance Officer or any other employees to p articipate for certain agenda items, as well as the external auditor. 6.3 S ecretariat T he Committee has appointed the Head Internal Audit to provide secretariat support to the Committee. The Secretariat will ensure the agenda for each meeting and supporting papers are circulated, at least one week before the meeting, and ensure minutes the meetings are p repared and maintained. Minutes shall be approved by the Chair and c irculated to each member within three weeks the meeting being held. 18 Februrayr 10 18
6.4 C onflicts Interest Committee members must declare any conflicts interest at the start e ach meeting or before discussion a relevant agenda item or topic. D etails any conflicts interest should be appropriately minuted. Where members or invitees at Committee meetings are deemed to have a real or perceived conflict interest, it may be appropriate they be e xcused from Committee deliberations on the issue where the conflict interest may exist. The final arbiter such a decision is the Chair the C ommittee. 6.5 I nduction New members will receive relevant information and briefings on their a ppointment to a ssist them to meet their Committee responsibilities. 6.6 A ssessment Arrangements The Chair the Committee will initiate a review the performance the Committee at least once every two years. The review will be conducted on a self-a ssessment basis (unless otherwise determined by the Chair), with appropriate input from management and any other r elevant stakeholders, as determined by the Chair. 6.7 R eview Audit Committee Charter A t least once every two years the Audit Committee will review this Audit C ommittee Charter. The Audit Committee will approve any changes to this Audit Committee C harter. A pproved: Audit Committee Meeting Date: 18 Februrayr 10 19
A ppendix 3 INTERNAL AUDIT A UDIT FUNCTION C OMMITTEE C oolamon G undagai C orowa C orowa Coolam on J unee G reater Hume J unee C oolamon G undagai T emora G reater Hume J unee C orowa T emora T emora G reater Hume G undagai 18 Februrayr 10