Internal Audit (policy & procedure)



Similar documents
BOARD CHARTER. Its objectives are to: provide strategic guidance for the Company and effective oversight of management;

Risk Management Committee Charter

Audit, Risk and Compliance Committee Charter

CHECKLIST OF COMPLIANCE WITH THE CIPFA CODE OF PRACTICE FOR INTERNAL AUDIT

South East Water Corporation Finance Audit and Risk Management Committee Charter. October 2012

1.1 Terms of Reference Y P N Comments/Areas for Improvement

Echo Entertainment Group Limited (ABN ) Risk and Compliance Committee Terms of Reference

LSE Internal Audit procedures (to be read in conjunction with the attached flowchart)

3 August 2012 Policy updated to reflect name changes and alignment with current Aurora Energy Group Policy standards.

Compliance. Group Standard

GUIDELINES FOR THE CONDUCT OF PERFORMANCE AUDITS

The Compliance Universe

Internal Audit Division

Policy (Board Approved)

Motor vehicle allowances (policy & procedure)

LGRF. Procurement Probity Plan. July 2012

Quality Assurance Checklist

Financial Management Framework >> Overview Diagram

APES 310 Dealing with Client Monies

APPENDIX: CHECKLIST COMPLIANCE WITH THE CODE

Gladstone Ports Corporation Limited

Registration standard: Endorsement as a nurse practitioner

BRITISH SKY BROADCASTING GROUP PLC MEMORANDUM ON CORPORATE GOVERNANCE

AUDIT COMMITTEE TERMS OF REFERENCE

Board Charter. May 2014

Rolls Royce s Corporate Governance ADOPTED BY RESOLUTION OF THE BOARD OF ROLLS ROYCE HOLDINGS PLC ON 16 JANUARY 2015

Risk Committee Charter

Northern Grampians Shire Council FRAUD CONTROL PLAN

Internal Audit Strategic and Annual Plans 2015/16

PROJECT MANAGEMENT FRAMEWORK

RISK AND COMPLIANCE COMMITTEE CHARTER

CONSULTATION PAPER CP 41 CORPORATE GOVERNANCE REQUIREMENTS FOR CREDIT INSTITUTIONS AND INSURANCE UNDERTAKINGS

HEALTH SERVICE EXECUTIVE NATIONAL FINANCIAL REGULATION LEASE AND RENTAL ARRANGEMENTS NFR-30

OUTSOURCING POLICY

INTERNAL AUDIT FRAMEWORK

Compliance Review Report Internal Audit and Risk Management Policy for the New South Wales Public Sector

DRAFT TEMPLATE FOR DISCUSSION CORPORATE GOVERNANCE COMPLIANCE STATEMENT

APES 320 Quality Control for Firms

Mount Gibson Iron Limited Corporate Governance Policies and Practices Manual Shareholder Communication Policy

Internal Audit Quality Assessment Framework

APES 310 Dealing with Client Monies

APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2014

E Lighting Group Holdings Limited 壹 照 明 集 團 控 股 有 限 公 司 (incorporated in the Cayman Islands with limited liability) Stock Code : 8222

Risk Management. Policy

Hunter Hall International Limited

Procurement of Goods, Services and Works Policy

Guide. Minister s Guide to Auditing for Building Surveyors. April 2014

APPENDIX 50. Enterprise risk management - Risk management overview

A Guide to Corporate Governance for QFC Authorised Firms

Queensland Government Human Services Quality Framework. Quality Pathway Kit for Service Providers

Internal Audit Charter. Version 1 (7 November 2013)

Internal audit service protocol

Practice Note. 10 (Revised) October 2010 AUDIT OF FINANCIAL STATEMENTS OF PUBLIC SECTOR BODIES IN THE UNITED KINGDOM

EXTERNAL PEER REVIEW OF GENERAL INSURANCE LIABILITY VALUATIONS

Macquarie Group Limited Board Charter

Audit and Risk Committee Charter. Knosys Limited ACN (Company)

Welsh Government Response to the Report of the National Assembly for Wales Public Accounts Committee on Grant Management in Wales Final Report

Gateway review guidebook. for project owners and review teams

Public consultation paper

Information Management Advice 50 Developing a Records Management policy

Council Meeting Agenda 27/07/15

Guide to Assessment and Rating for Services

Board Risk & Compliance Committee Charter

Internal Audit Charter

Audit, Risk Management and Compliance Committee Charter

The Development of Statements of Accounting Concepts and Accounting Standards

Reporting on Control Procedures at Outsourcing Entities

Extractive Industries Transparency Initiative. Validation guide

SOUTH LAKELAND DISTRICT COUNCIL INTERNAL AUDIT FINAL REPORT ACCOUNTING SYSTEM AND GENERAL LEDGER

U & D COAL LIMITED A.C.N BOARD CHARTER

VISION FOR LEARNING AND DEVELOPMENT

INSURANCE ACT 2008 CORPORATE GOVERNANCE CODE OF PRACTICE FOR REGULATED INSURANCE ENTITIES

Drinking Water Quality Management Plan Review and Audit Guideline

National Occupational Standards. Compliance

Standard. Enterprise Architecture Dispensation. 1. Statement. 2. Scope. 3. Dispensation Requests QH-IMP : Approach

NATIONAL GUIDELINES FOR THE ACCREDITATION OF NURSING AND MIDWIFERY PROGRAMS LEADING TO REGISTRATION AND ENDORSEMENT IN AUSTRALIA

august09 tpp Internal Audit and Risk Management Policy for the NSW Public Sector OFFICE OF FINANCIAL MANAGEMENT Policy & Guidelines Paper

Strategic Industry Audit Report

Risk & Compliance Committee Charter. HCF Life Insurance Company Pty Ltd (ACN ) (the Company )

Guideline. Records Management Strategy. Public Record Office Victoria PROS 10/10 Strategic Management. Version Number: 1.0. Issue Date: 19/07/2010

CORPORATE GOVERNANCE - BOARD CHARTER PART A DEFINING GOVERNANCE ROLES

Rural Financial Counselling Service Programme 2016 to 2019 Grant application assessment plan

AMR Corporation Board of Directors Governance Policies

1.2 The conduct of the Board is also governed by the Company's Constitution (Constitution).

Security Trading Policy

Information Management Advice 39 Developing an Information Asset Register

Business Continuity (Policy & Procedure)

Policy. VBA Enterprise Risk Management. Governance Unit

NOMINATION AND SUCCESSION PLANNING COMMITTEE CHARTER. Asciano Limited ABN

Audit of Business Continuity Planning

TRUST SECURITY MANAGEMENT POLICY

CORPORATE PERFORMANCE MANAGEMENT GUIDELINE

How to gather and evaluate information

Cumbria Constabulary. Business Continuity Planning

Transcription:

Internal Audit (policy & procedure) Objective (purpose) The purpose of this document is to ensure the Crime and Corruption Commission s (CCC) internal audit function operates efficiently and effectively in accordance with sections 30-34 of the Financial and Performance Management Standard 2009. Policy & procedure statement Internal audit is an integral part of the CCC corporate governance framework. The Commission recognises that by providing assurance on the effectiveness of the agency s internal control environment and identifying opportunities for performance improvement, internal audit can make a valuable contribution to achieving the CCC s corporate objectives. The Internal Audit Policy and Procedure documents the process and methodology for conducting audits and for managing the Internal Audit function. It is reviewed biennially in conjunction with the Internal Audit Charter. The Internal Audit Charter outlines the role, authority and responsibility conferred by the Commission on the internal audit function within the CCC. Definitions For the purpose of this policy and procedure, the following definitions apply: Term Charter Governance Definition The internal audit charter is a formal document that defines the Internal Audit purpose, authority and responsibility. It establishes the Internal Audit function within the CCC; authorises access to records, personnel, and physical properties relevant to the performance of audit assignments; and defines the scope of internal audit activities. The combination of processes and controls implemented by the CCC to inform, direct, manage, and monitor the activities of the organisation toward the achievement of its objectives. Internal Control The policies, procedures and activities that are part of a control framework, designed to ensure that risks are contained within the risk tolerances established by the CCC. Ver 2 - October 2015 PUBLIC Page 1 of 7

Application This policy and procedure is applicable to all CCC employees. Specifically the Internal Auditor undertakes audits and reviews in accordance with approved plans and conducts management initiated reviews as directed by the Chief Executive Officer. Procedure 1. Audit Planning 1.1 Whole of Universe Strategic Audit Plan (WUSAP) The WUSAP identifies the broad goals to be achieved and strategies to be adopted over a five year period. The Internal Auditor must prepare the WUSAP based upon the CCC s Strategic Plan and focuses on the areas of high risk and those where internal controls are weak. The WUSAP is reviewed and, if acceptable, endorsed by the Audit and Risk Management Committee (ARMC). It is forwarded to the Commission for approval. The WUSAP is reviewed annually by both the Internal Auditor and the ARMC and is referred to the Commission for approval. The WUSAP forms the basis for the preparation of the Annual Internal Audit Plan (AIAP). 1.2 Annual Internal Audit Plan (AIAP) The AIAP is prepared by having discussions with senior management and identifying areas of most risk. The areas of most risk should correlate with the Corporate Risk Register and relevant business unit risk registers. The AIAP is prepared by the Internal Auditor, endorsed by the ARMC and approved by the Commission. It contains details of audits to be completed for the ensuing year and a time budget for the completion of each audit assignment. The progress of the AIAP is monitored quarterly by the ARMC. The identification and prioritisation of individual audit tasks is based on a risk assessment of: materiality; significance of the auditable area in terms of its organisational impact; importance in terms of sensitivity and public accountability; and in consultation with senior management and QAO. Management s views are sought for any special considerations. 1.3 Individual Audit Plans The Internal Auditor prepares audit plans (briefs) for all proposed audits and submits them to the C h a i r m a n a n d Chief Executive Officer for approval. The audit plans will include the following as a minimum: Project title; Objectives; Methodology Scope; Areas of inherent risk; Ver 2 - October 2015 PUBLIC Page 2 of 7

Expected starting date; and Audit resources. The Internal Auditor also prepares an audit test program that demonstrates the audit tests to be completed from which audit findings and recommendations will be derived. The audit plan and test program are prepared as a result of: Preliminary discussions with management and employees of the area under review; Applying risk management strategies; i.e testing in areas at most risk and on materiality; Stating the audit samples to be chosen and the sampling technique Prior audit results; Policy and procedure manuals relevant to the area; and Other reference sources including business plans, service level agreements, and better practice guides etc. The Internal Auditor will establish individual audit files for each audit project. The individual audit plans (brief) would usually be the first document on these files. 2. Conduct of Audit Work 2.1 Overall Audit Approach The internal audit function will use contemporary auditing methodologies and practices in the performance of audits. The methodology used and approach to an audit is dependent on the nature of the area or system under review and the objectives set for the audit. The approach adopted remains the responsibility of the Internal Auditor. 2.2 Preliminary meeting Prior to the commencement of all audit projects, the Internal Auditor must conduct a preliminary meeting with the person(s) responsible for the activity under review, to discuss the audit objectives, scope and approach and any areas of concern or other risk areas they would like to include in the review. The agreed audit objective(s) and scope will be documented and a copy provided to the relevant manager. 2.3 Audit Fieldwork All audit fieldwork/testing must be performed in conjunction with the test program prepared during the planning stage and in accordance with the Institute of Internal Auditors Standards. (The test program may be amended if during the testing phase of the audit it becomes apparent that further testing is required or that a different approach is warranted.) All audit work must be documented and retained on the audit file as evidence to support audit findings and conclusions. 2.4 Exit interview For all audit projects, once audit testing is complete the Internal Auditor must discuss the findings and proposed recommendations at an exit interview with the person responsible for the activity under review. The results of the exit meeting must be documented as it forms the basis for preparation of the draft audit report. Ver 2 - October 2015 PUBLIC Page 3 of 7

3. Audit Reporting 3.1 Draft Audit Report The Internal Auditor must prepare a structured draft audit report so that it states: the objective/s of the audit; scope of the audit; the audit methodology used; summary of audit findings and recommendations that highlight areas of risk; audit conclusion detailed audit findings and recommendations recommendations for further action and/or improvement. An executive summary must be prepared which will identify issues, provide recommendations and actions planned or completed and any continuing risk exposures. The Internal Auditor must keep managers fully briefed throughout the course of the audit and distribute the draft reports to the relevant manager(s) for comment 3.2 Management Comments The Internal Auditor will provide a copy of the draft audit report to management of the area under review and invite management to provide comments on each of the audit findings and recommendations. Management comments should identify the person responsible for implementing actions required and provide an action date for each audit recommendation. The Internal Auditor must include management comments in the Final Audit Report. After inviting comments from management on the contents of the draft audit report, Internal Audit must prepare and issue a final audit report. The final audit report contains all the information in the draft audit report and with any agreed amendments and management comments. The Internal Auditor must address all final audit reports to the Chairman via the Chief Executive Officer for approval and issue copies to all Executive Directors, directors and relevant managers. The ARMC will be provided with a full report of each audit on a timely basis. The Internal Auditor must follow up on agreed management actions to audit findings and recommendations. The ARMC must be provided with a list of outstanding management actions at quarterly meetings and record reasons for any undue delays. The Commission should be informed of delays greater than 6 months, where the audit finding has been rated as high risk. The Internal Auditor will make all audit reports available for review by Queensland Audit Office (QAO) staff. The Internal Auditor will ensure sensitive information is treated in accordance with the CCC s requirements. 3.3 Reporting to the Commission The Commission will be notified of all internal audit reports tabled at ARMC meetings. Ver 2 - October 2015 PUBLIC Page 4 of 7

3.4 Annual Report At the end of each financial year the Internal Auditor is required to summarise the audit activity and work performed during the year, in a form that is appropriate for publishing in the Agency s Annual Report. The report shall include (as a minimum): A review of performance against the annual audit plan; Any initiatives introduced; and Compliance with regulatory and legislative requirements 4. Engaging Contractors 4.1 Specific Audit Requirements Where external contractors are engaged for audit work, specific requirements for their engagement must include: a description of the services to be supplied including audit coverage; budget approval; the reporting requirements; the term of the contract; resourcing arrangements; security clearances; intellectual property considerations; conflict of interest; and confidentiality obligations. Responsibilities and Authorities The Internal Auditor prepares the Strategic Audit Plan and ensures completion of the audit activities outlined within it. Prepares the Annual Audit Plans and individual audit plans for proposed audits and submits them to the Chairman via the Chief Executive Officer for approval. Prepares audit test programs and establishes audit files for each audit project. Conducts preliminary meeting with t h e person responsible for t h e activity under audit review and documents it as a note to file. Prepares the Internal Audit Brief that includes the audit objectives and scope. Conducts audit testing in conjunction with the test program. Documents all audit work undertaken and records on file. Retains sufficient evidence on file to support any audit findings and conclusions. Documents audit issues identified in an audit and issues them to management for their review and comment. Keeps managers fully briefed throughout the course of the audit. Discusses audit findings with the appropriate executive directors, directors or managers Ver 2 - October 2015 PUBLIC Page 5 of 7

Reviews the draft report with the appropriate person as a preliminary to finalising the report and circulates the report for comment. Requests and incorporates management comments on observations or recommendations into the final audit report. Follows up on internal audit recommendations agreed by management to ensure they have been implemented within a reasonable time. Prepares and issues a final audit report addressed to the Chairman and copied to the Chief Executive Officer, ARMC, Commission Members, all executive directors and relevant managers. Liaises with QAO staff as required, particularly during audit of financial statements and provides internal audit reports and documentation as required. ARMC Reviews and endorses the WUSAP and AIAP. Assesses the performance of the internal audit function. Ensures the audit activity is adequate for the Commission s objectives and risks. Chief Executive Officer Reviews individual audit plans. Assesses the Internal Auditor s Achievement and Capability Plan (ACP) Approves the Auditor s leave and budget expenses. Documents and Records Audit Plan Template (audit brief) Audit Test Program Template Audit Questionnaire Template Draft Audit Report Template Final Audit Report Template Strategic Audit Plan Annual Audit Plan Individual Audit Plans Summary of Audit Observations and Recommendations Template Legislative reference Financial Accountability Act 2009 Finance Accountability Regulation 2009 Financial and Performance Management Standard 2009 Other references CCC Internal Audit Charter CCC ARMC Charter International Standards for the Professional Practice of Internal Auditing, Institute of Internal Auditors Auditing Standards and Practice Statements, issued by CPA Australia, the Institute of Chartered Accountants in Australia and the Information Systems Audit and Control Association. Ver 2 - October 2015 PUBLIC Page 6 of 7

Review triggers This policy will be reviewed biennially. The following stakeholders should be consulted in any review of this policy: Chief Executive Officer Metadata Policy & Procedure Owner/Point of Contact: Author position: Approver s position: Brendan Clarke Internal Auditor Chief Executive Officer Date Approved: October 2015 Policy & Procedure Review Date: December 2016 Document reference No: Key Words: TRIM: 15/034369 (Internal Audit) TRIM: 13/152559 (Corp Gov) Audit, Accountability, Internal Control Ver 2 - October 2015 PUBLIC Page 7 of 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information