|
|
|
|
|
|
A/1.5 QUT Assurance and Risk Management Services Charter |
||||||||||||||||||||||||||||||||||||
1.5.1 Objective 1.5.1 ObjectiveThe Assurance and Risk Management Services Charter has been developed to provide a broad framework, professional standards and guidelines for the conduct of assurance, audit and risk management activities. The Charter is subject to an annual review to ensure it is relevant, aligned with organisational changes and good practices, and an appropriate level of cost-effective value-added services is achieved. The Assurance and Risk Management Services Charter is approved by Audit and Risk Management Committee on delegated authority from QUT Council. 1.5.2 Role of Assurance and Risk Management ServicesThe primary purpose of Assurance and Risk Management Services is to add value to the University's operations and assist the University to achieve its corporate goals by providing independent analysis, appraisals, recommendations, counsel and information on the University's systems of internal control, effectiveness of risk management and the quality of performance. This is achieved by examining and evaluating the adequacy, effectiveness and efficiency of risk management, systems of internal control, and the quality of management in an independent and professional manner. Assurance and Risk Management Services should not be involved in setting the risk appetite or taking decisions on risk responses and implementing these responses on behalf of management. The identification, assessment and treatment of risks remain management responsibility and accountability. In addition, Assurance and Risk Management Services should not develop or implement procedures or systems, prepare records, or be engaged in original line processing functions. This does not exclude Assurance and Risk Management professionals from suggesting system development projects or being consulted on proposed and/or existing systems. A review or appraisal by Assurance and Risk Management Services does not in any way relieve officers of the University of their individual responsibilities and accountabilities. 1.5.3 AuthorityThe Director, Assurance and Risk Management Services, is authorised to direct a broad, comprehensive program of assurance, audit and risk management within the University. The Director, Assurance and Risk Management Services, and staff are authorised to have full, free and unrestricted access to all functions, property, personnel, records, accounts, files and other documentation. Information accessed in the course of audits is to be used strictly for audit purposes. The Director, Assurance and Risk Management Services, will have unfettered access to the Vice-Chancellor and to Audit and Risk Management Committee and is responsible for the management of Assurance and Risk Management Services. 1.5.4 IndependenceIndependence is essential to the effectiveness of .the delivery of assurance, audit and risk management services. This independence is obtained primarily through organisational status and objectivity. The Director, Assurance and Risk Management Services is responsible to Audit and Risk Management Committee to ensure not only the broadest range of assurance, audit and risk management coverage but also adequate consideration of audit reports and appropriate action on audit recommendations. Assurance and Risk Management Services operates within the Chancellery directly reporting, for administrative purposes, to the Vice-Chancellor. The Director, Assurance and Risk Management Services is responsible to the Vice-Chancellor for the performance of the assurance, audit and risk management function and the performance of staff in Assurance and Risk Management Services in accordance with the University's relevant management performance schemes. The Vice-Chancellor is responsible for ensuring resourcing support in respect of the assurance and risk management function within the context and constraints of the University's planning and resourcing framework and principles. Resources may be provided in respect of Assurance and Risk Management Services staff who are employees of the University or for contracting for related services by persons other than officers of the University. Assurance and Risk Management Services staff should be independent of the activities they audit and will report to the Director, Assurance and Risk Management Services any situations in which a conflict of interest or bias is present or may be reasonably inferred. Assurance and Risk Management Services staff should not assume operating responsibilities. 1.5.5 ResponsibilitiesDirector, Assurance and Risk Management Services The Director, Assurance and Risk Management Services is responsible to Audit and Risk Management Committee in relation to all assurance and risk management services, including:
Audit and Risk Management Committee Audit and Risk Management Committee ( A/3.2.7 ) advises both Council, and the Vice-Chancellor as accountable officer, on the performance or discharge of functions and duties under the Financial Administration and Audit Act 1977 , the Financial Management Standard 1997 and the QUT Assurance and Risk Management Services Charter. 1.5.6 StandardsAssurance and Risk Management Services shall comply with the following:
Assurance and Risk Management Services professionals are required to:
1.5.7 AuditAudit Plans A Strategic Audit Plan covering five years and an Annual Audit Plan shall be prepared by the Director, Assurance and Risk Management Services for approval by Audit and Risk Management Committee. The Plans shall be based on an assessment of the University's business risks pertaining to the achievement of the University's corporate goals. The Annual Audit Plan requires agreement of the Vice-Chancellor prior to obtaining approval from Audit and Risk Management Committee. The Annual Audit Plan and the actual audit performance shall be regularly reviewed by Audit and Risk Management Committee. Any necessary amendments to the plan shall be submitted to Audit and Risk Management Committee for consideration and approval. Scope and frequency of audit The scope of Assurance and Risk Management Services encompasses the examination and evaluation of the adequacy, effectiveness and efficiency of risk management and the systems of internal control and management performance, as well as all activities of the University and its controlled entities. It involves the review of all financial and non-financial operations, either manual or computerised, including management information systems. Audit technique Assurance and Risk Management Services shall use the most appropriate auditing methodology for each audit depending on the nature of the audit and the predetermined parameters. Audit Report On conclusion of the audit, a copy of the report on the audit outcome shall be issued to the relevant organisational head and to the Vice-Chancellor and shall be circulated to Audit and Risk Management Committee members. The report shall present the audit objectives, scope, the conclusion based on the outcome of the audit, and an agreed implementation timetable for audit recommendations. 1.5.8 University-wide risk managementUniversity-wide risk management is a structured, consistent and continuous process across the whole University for identifying, assessing, deciding on responses to and reporting on opportunities and threats that affect the achievement of the University's corporate goals. Assurance and Risk Management Services is responsible for embedding and coordinating risk management activities within the University. A Risk Management Plan will be developed in conjunction with the Annual Audit Plan (see A/1.5.7 ). 1.5.9 Quality assurance programThe Director, Assurance and Risk Management Services, shall establish and maintain a quality assurance program to evaluate the operations of Assurance and Risk Management Services. The program will incorporate benchmarking and review of the function in accordance with the requirement of the Institute of Internal Auditors. The purpose of this program is to provide assurance that audit work conforms with the Standards for the Professional Practice of Internal Auditing and the Assurance and Risk Management Services Charter, and is both cost effective and efficient. 1.5.10 Quarterly ReportAs soon as practicable after the end of each quarter the Director, Assurance and Risk Management Services, shall submit to Audit and Risk Management Committee a report summarising all assurance, audit and risk management activities undertaken during that quarter. 1.5.11 Liaison with external auditorsInternal and external audit activities should be coordinated to ensure adequate audit coverage and to minimise duplication of effort. Periodic meetings between Assurance and Risk Management Services and external auditors shall be held to discuss matters of mutual interest. Access to audit programs, working papers and reports shall be made available for review by external auditors. Related DocumentsFinancial Administration and Audit Act 1977 Financial Management Standard 1997 Risk Management Standard(AS/NZS 4360:2004) Modification History
|
