A/1.5 QUT Assurance and Audit charter

Policy Owner	Director, Assurance and Audit
Approval Date	07/06/2023
Approval Authority	Risk and Audit Committee
Date of Next Review	01/06/2028

1.5.1 Purpose
1.5.2 Application
1.5.3 Roles and responsibilities
1.5.4 Assurance and Audit objectives and approach
1.5.5 Authority
1.5.6 Independence
1.5.7 Professional practices including standards
1.5.8 Audit
1.5.9 Quality assurance program
1.5.10 Reporting and review
1.5.11 Liaison with external auditors
1.5.12 Delegations
Related Documents
Modification History

1.5.1 Purpose

The Assurance and Audit charter provides a broad framework, professional standards and guidance for the conduct of assurance and audit activities.

Top

1.5.2 Application

This charter applies to all activities undertaken by Assurance and Audit.

Top

1.5.3 Roles and responsibilities

Position	Responsibility
Risk and Audit Committee	approves the Assurance and Audit charter (A/3.3) advises Council and the Vice-Chancellor and President on the performance of functions under the Financial Accountability Act 2009 (Qld) and Financial and Performance Management Standard 2019 (Qld) other responsibilities for Assurance and Audit function as detailed in the Risk and Audit Committee charter (A/3.3)
Director, Assurance and Audit	provides independent and objective assurance to the Risk and Audit Committee on the adequacy and effectiveness of the University's internal control activities provides other advisory assurance services (including training, facilitation and advisory) beyond audit services to assist management with achieving University priorities assists in investigation of suspected corruption and fraudulent activities within the university, reporting to the Vice-President (Administration) and University Registrar, management and Risk and Audit Committee accordingly informs Risk and Audit Committee of emerging trends and current practices in assurance and audit reports on the performance of Assurance and Audit against key performance indicators agreed with the Risk and Audit Committee

Position

Responsibility

Risk and Audit Committee

approves the Assurance and Audit charter (A/3.3)
advises Council and the Vice-Chancellor and President on the performance of functions under the Financial Accountability Act 2009 (Qld) and Financial and Performance Management Standard 2019 (Qld)
other responsibilities for Assurance and Audit function as detailed in the Risk and Audit Committee charter (A/3.3)

Director, Assurance and Audit

provides independent and objective assurance to the Risk and Audit Committee on the adequacy and effectiveness of the University's internal control activities
provides other advisory assurance services (including training, facilitation and advisory) beyond audit services to assist management with achieving University priorities
assists in investigation of suspected corruption and fraudulent activities within the university, reporting to the Vice-President (Administration) and University Registrar, management and Risk and Audit Committee accordingly
informs Risk and Audit Committee of emerging trends and current practices in assurance and audit
reports on the performance of Assurance and Audit against key performance indicators agreed with the Risk and Audit Committee

Top

1.5.4 Assurance and Audit objectives and approach

The primary objective of Assurance and Audit is to add value to the University's operations and assist the university to achieve its corporate goals by providing independent and objective analysis, appraisals, recommendations, counsel and information on the University's systems of internal control, effectiveness of risk management and the quality of performance. This is achieved by examining and evaluating the adequacy, economy, effectiveness and efficiency of risk management, systems of internal control, and the quality of management in a systematic, disciplined and professional manner.

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the effectiveness of the University’s operations. It aims to assist the University by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the University’s risk management, internal controls and governance processes.

Assurance and Audit does not develop or implement procedures or systems and is not engaged in operational or processing functions. This does not exclude Assurance and Audit from suggesting system development projects or being consulted on proposed and/or existing systems, policies and procedures. Assurance and Audit may evaluate and assess significant projects or change initiatives and activities, including structural changes, or changes to processes, systems, services and controls.

An audit or appraisal by Assurance and Audit does not in any way relieve officers of the University of their individual responsibilities and accountabilities.

Top

1.5.5 Authority

The Director, Assurance and Audit, is authorised to direct a broad, comprehensive program of assurance, internal audit and consulting activities across the University. The Director, Assurance and Audit, and staff are authorised to have full, free and unrestricted access to all functions, property, personnel, records, accounts, files and other documentation. Information accessed in the course of audits must be used strictly for audit purposes.

The Director, Assurance and Audit is responsible for the management of internal audits and other assurance (grant audits) and integrity services for the University.

Top

1.5.6 Independence

Independence is essential to the effectiveness of the delivery of assurance and internal audit services. This independence is obtained primarily through organisational status and objectivity.

The Director, Assurance and Audit is functionally responsible to the Risk and Audit Committee for ensuring not only the broadest range of assurance, and internal audit coverage but also adequate consideration of internal audit reports and appropriate action on audit recommendations.

Assurance and Audit operates within the Chancellery directly reporting, for administrative purposes, to the General Counsel. The Director, Assurance and Audit is responsible to the General Counsel for the performance of the internal audit function and the performance of staff in Assurance and Audit, in accordance with the University's relevant human resources policies and procedures.

The General Counsel is responsible for ensuring resourcing support in respect of the Assurance and Audit function within the context and constraints of the University's planning and resourcing framework and principles. Resourcing can be provided by Assurance and Audit staff who are employees of the university, or by external contractors and consultants.

The Director, Assurance and Audit:

has access to the Risk and Audit Committee, as required
may meet separately and privately with the Risk and Audit Committee chair and/or members as required; and
will establish regular meetings with the General Counsel.

Assurance and Audit staff must be independent of the activities they audit and will report to the Director, Assurance and Audit any situations in which a conflict of interest (whether actual, potential or perceived) may arise. Assurance and Audit staff must not assume operating responsibilities and must be objective in performing their work.

Top

1.5.7 Professional practices including standards

Assurance and Audit complies with the following:

The Institute of Internal Auditors, International Professional Practices Framework (IPPF)
Standards on Information Systems Auditing Standards issued by the Information Systems Audit and Control Association
Auditing and Assurance Standards Board (AUASB Auditing Standards) as appropriate to internal auditing.

Assurance and Audit professionals are required to:

comply with professional standards of conduct
possess the knowledge, skills, and technical proficiency essential to the performance of internal audits
be skilled in dealing with people and in communicating audit and risk issues effectively
maintain their technical competence through a program of continuing education, and
exercise due professional care in performing assurance and internal audits and investigations.

Top

1.5.8 Internal audit

Internal audit plans
An Annual Assurance and Audit Plan (Plan) must be prepared by the Director, Assurance and Audit for approval by the Risk and Audit Committee. The Plan is based on an assessment of the University's business risks pertaining to the achievement of the University's priorities outlined in Connections - the QUT Strategy 2023 to 2027. The Plan requires agreement from the Vice-Chancellor and President prior to obtaining approval from the Risk and Audit Committee.

The actual audit performance shall be regularly reviewed against the Plan by the Risk and Audit Committee. Any necessary amendments to the Plan shall be submitted to the Risk and Audit Committee for endorsement.

Scope and frequency of audit
The scope of Assurance and Audit encompasses the examination and evaluation of the adequacy, effectiveness and efficiency of governance, risk management and the systems of internal control and management performance, as well as all activities of the University and its controlled entities. It involves the review of all financial and non-financial operations, including information systems and business processes. The frequency of internal audits shall be assessed based on the relevant risk exposure.

Internal audit technique
Assurance and Audit uses the most appropriate auditing methodology for each audit depending on the nature of the audit, the risk exposure and the predetermined parameters.

Internal audit reports
On conclusion of an internal audit, a copy of the final report on the internal audit outcome shall be issued to the relevant organisational head and shall be circulated to Risk and Audit Committee members.

The report shall present the overall audit objectives, scope, the conclusion based on the outcome of the audit, and an agreed implementation timeframe for audit recommendations.

Assurance and Audit must establish and maintain a system to monitor the university response to recommendations communicated to management.

Coordination of assurance activities
Assurance and Audit will consider the scope of work of other assurance providers, internal and external, as appropriate, for the purpose of providing optimal internal audit coverage to the University in an efficient and effective manner.

Top

1.5.9 Quality assurance program

The Director, Assurance and Audit, must establish and maintain a quality assurance program to evaluate the operations of Assurance and Audit. The program will incorporate benchmarking and review of the function in accordance with the requirement of the Institute of Internal Auditors.

The purpose of this program is to provide assurance that audit work conforms with The Institute of Internal Auditors, International Professional Practices Framework (IPPF) and the Assurance and Audit charter and is both cost effective and efficient. The quality assurance program is to include an independent review of Assurance and Audit once every 5 years.

The Director, Assurance and Audit must communicate the results of the quality assurance program to senior management and the Risk and Audit Committee.

Top

1.5.10 Reporting and review

In accordance with the Risk and Audit Committee meeting schedule, the Director, Assurance and Audit, shall submit to the Risk and Audit Committee a report summarising all assurance and internal audit activities undertaken during the reporting period. An annual report on the performance of Assurance and Audit against the agreed key performance indicators shall be submitted by the Director, Assurance and Audit to the Risk and Audit Committee

This charter is reviewed periodically to ensure it is relevant, aligned with organisational changes and good practices, and an appropriate level of cost-effective value-added services is achieved.

Top

1.5.11 Liaison with external auditors

Internal and external audit activities should be coordinated to ensure adequate audit coverage and to minimise duplication of effort. In accordance with the Institute of Internal Auditors Standards, Assurance and Audit will consult with the external auditor during the preparation of the annual audit plan and individual audits where relevant.

Periodic meetings between Assurance and Audit and external auditors shall be held to discuss matters of mutual interest.

Internal audit programs, working papers and reports may be made available for review by external auditors.

Top

1.5.12 Delegations

Refer to Register of Authorities and Delegations (C062) (QUT staff access only).

Top

Modification History

Date	Sections	Source	Details
07.06.23	All	Risk and Audit Committee	Revised policy to update reporting lines and remove risk management references
08.02.23	All	Governance and Performance	Governance and Performance administrative amendment following Legal and Related Governance Functions CMP, effective 01.02.2023. Enterprise Risk section (A/1.5.9) rescinded.
03.06.20	A/1.5.6	Director, Assurance and Risk Management Services	Administrative changes to update reporting line to Chancellery - effective 01.07.20
21.02.20	All	Risk and Audit Committee	Revised and modernised policy - effective 01.07.20
03.10.14	All	Director, Assurance and Risk Management Services	Revised policy - minor editorial changes only
30.05.13	All	Audit and Risk Management Committee	Revised policy
23.03.11	All	Audit and Risk Management Committee	Periodic review - minor revisions only
31.07.09	All	Governance Services	Editorial amendments consistent with financial legislation and QUT Assurance and Risk Management Services Charter
08.11.06	All	Audit and Risk Management Committee	Revised Charter to incorporate risk management function; renamed to Assurance and Risk Management Charter (formerly QUT Internal Audit Charter)
18.05.05	All	Secretariat	Editorial (relocated and renumbered to A/1.5 - formerly MOPP Appendix 60)
01.09.04	All	Audit and Risk Management Committee	Revised Internal Audit Charter to reflect current reporting arrangements
02.07.03	All	Audit Committee	Revised Internal Audit Charter
29.11.02	All	Audit Committee	Revised Internal Audit Charter
06.07.98	All	Audit Committee	Revised Internal Audit Charter

Top