A/1.5 QUT Assurance and Audit charter
Policy Owner | Director, Assurance and Audit |
Approval Date | 07/06/2023 |
Approval Authority | Risk and Audit Committee |
Date of Next Review | 01/06/2028 |
1.5.1 Purpose
1.5.2 Application
1.5.3 Roles and responsibilities
1.5.4 Assurance and Audit objectives and approach
1.5.5 Authority
1.5.6 Independence
1.5.7 Professional practices including standards
1.5.8 Audit
1.5.9 Quality assurance program
1.5.10 Reporting and review
1.5.11 Liaison with external auditors
1.5.12 Delegations
Related Documents
Modification History
1.5.1 Purpose
The Assurance and Audit charter provides a broad framework, professional standards and guidance for the conduct of assurance and audit activities.
1.5.2 Application
This charter applies to all activities undertaken by Assurance and Audit.
1.5.3 Roles and responsibilities
Position |
Responsibility |
---|---|
Risk and Audit Committee |
|
Director, Assurance and Audit |
|
1.5.4 Assurance and Audit objectives and approach
The primary objective of Assurance and Audit is to add value to the University's operations and assist the university to achieve its corporate goals by providing independent and objective analysis, appraisals, recommendations, counsel and information on the University's systems of internal control, effectiveness of risk management and the quality of performance. This is achieved by examining and evaluating the adequacy, economy, effectiveness and efficiency of risk management, systems of internal control, and the quality of management in a systematic, disciplined and professional manner.
Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the effectiveness of the University’s operations. It aims to assist the University by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the University’s risk management, internal controls and governance processes.
Assurance and Audit does not develop or implement procedures or systems and is not engaged in operational or processing functions. This does not exclude Assurance and Audit from suggesting system development projects or being consulted on proposed and/or existing systems, policies and procedures. Assurance and Audit may evaluate and assess significant projects or change initiatives and activities, including structural changes, or changes to processes, systems, services and controls.
An audit or appraisal by Assurance and Audit does not in any way relieve officers of the University of their individual responsibilities and accountabilities.
1.5.5 Authority
The Director, Assurance and Audit, is authorised to direct a broad, comprehensive program of assurance, internal audit and consulting activities across the University. The Director, Assurance and Audit, and staff are authorised to have full, free and unrestricted access to all functions, property, personnel, records, accounts, files and other documentation. Information accessed in the course of audits must be used strictly for audit purposes.
The Director, Assurance and Audit is responsible for the management of internal audits and other assurance (grant audits) and integrity services for the University.
1.5.6 Independence
Independence is essential to the effectiveness of the delivery of assurance and internal audit services. This independence is obtained primarily through organisational status and objectivity.
The Director, Assurance and Audit is functionally responsible to the Risk and Audit Committee for ensuring not only the broadest range of assurance, and internal audit coverage but also adequate consideration of internal audit reports and appropriate action on audit recommendations.
Assurance and Audit operates within the Chancellery directly reporting, for administrative purposes, to the General Counsel. The Director, Assurance and Audit is responsible to the General Counsel for the performance of the internal audit function and the performance of staff in Assurance and Audit, in accordance with the University's relevant human resources policies and procedures.
The General Counsel is responsible for ensuring resourcing support in respect of the Assurance and Audit function within the context and constraints of the University's planning and resourcing framework and principles. Resourcing can be provided by Assurance and Audit staff who are employees of the university, or by external contractors and consultants.
The Director, Assurance and Audit:
- has access to the Risk and Audit Committee, as required
- may meet separately and privately with the Risk and Audit Committee chair and/or members as required; and
- will establish regular meetings with the General Counsel.
Assurance and Audit staff must be independent of the activities they audit and will report to the Director, Assurance and Audit any situations in which a conflict of interest (whether actual, potential or perceived) may arise. Assurance and Audit staff must not assume operating responsibilities and must be objective in performing their work.
1.5.7 Professional practices including standards
Assurance and Audit complies with the following:
- The Institute of Internal Auditors, International Professional Practices Framework (IPPF)
- Standards on Information Systems Auditing Standards issued by the Information Systems Audit and Control Association
- Auditing and Assurance Standards Board (AUASB Auditing Standards) as appropriate to internal auditing.
Assurance and Audit professionals are required to:
- comply with professional standards of conduct
- possess the knowledge, skills, and technical proficiency essential to the performance of internal audits
- be skilled in dealing with people and in communicating audit and risk issues effectively
- maintain their technical competence through a program of continuing education, and
- exercise due professional care in performing assurance and internal audits and investigations.
1.5.8 Internal audit
Internal audit plans
An Annual Assurance and Audit Plan (Plan) must be prepared by the Director, Assurance and Audit for approval by the Risk and Audit Committee. The Plan is based on an assessment of the University's business risks pertaining to the achievement of the University's priorities outlined in Connections - the QUT Strategy 2023 to 2027. The Plan requires agreement from the Vice-Chancellor and President prior to obtaining approval from the Risk and Audit Committee.
The actual audit performance shall be regularly reviewed against the Plan by the Risk and Audit Committee. Any necessary amendments to the Plan shall be submitted to the Risk and Audit Committee for endorsement.
Scope and frequency of audit
The scope of Assurance and Audit encompasses the examination and evaluation of the adequacy, effectiveness and efficiency of governance, risk management and the systems of internal control and management performance, as well as all activities of the University and its controlled entities. It involves the review of all financial and non-financial operations, including information systems and business processes. The frequency of internal audits shall be assessed based on the relevant risk exposure.
Internal audit technique
Assurance and Audit uses the most appropriate auditing methodology for each audit depending on the nature of the audit, the risk exposure and the predetermined parameters.
Internal audit reports
On conclusion of an internal audit, a copy of the final report on the internal audit outcome shall be issued to the relevant organisational head and shall be circulated to Risk and Audit Committee members.
The report shall present the overall audit objectives, scope, the conclusion based on the outcome of the audit, and an agreed implementation timeframe for audit recommendations.
Assurance and Audit must establish and maintain a system to monitor the university response to recommendations communicated to management.
Coordination of assurance activities
Assurance and Audit will consider the scope of work of other assurance providers, internal and external, as appropriate, for the purpose of providing optimal internal audit coverage to the University in an efficient and effective manner.
1.5.9 Quality assurance program
The Director, Assurance and Audit, must establish and maintain a quality assurance program to evaluate the operations of Assurance and Audit. The program will incorporate benchmarking and review of the function in accordance with the requirement of the Institute of Internal Auditors.
The purpose of this program is to provide assurance that audit work conforms with The Institute of Internal Auditors, International Professional Practices Framework (IPPF) and the Assurance and Audit charter and is both cost effective and efficient. The quality assurance program is to include an independent review of Assurance and Audit once every 5 years.
The Director, Assurance and Audit must communicate the results of the quality assurance program to senior management and the Risk and Audit Committee.
1.5.10 Reporting and review
In accordance with the Risk and Audit Committee meeting schedule, the Director, Assurance and Audit, shall submit to the Risk and Audit Committee a report summarising all assurance and internal audit activities undertaken during the reporting period. An annual report on the performance of Assurance and Audit against the agreed key performance indicators shall be submitted by the Director, Assurance and Audit to the Risk and Audit Committee
This charter is reviewed periodically to ensure it is relevant, aligned with organisational changes and good practices, and an appropriate level of cost-effective value-added services is achieved.
1.5.11 Liaison with external auditors
Internal and external audit activities should be coordinated to ensure adequate audit coverage and to minimise duplication of effort. In accordance with the Institute of Internal Auditors Standards, Assurance and Audit will consult with the external auditor during the preparation of theĀ annual audit plan and individual audits where relevant.
Periodic meetings between Assurance and Audit and external auditors shall be held to discuss matters of mutual interest.
Internal audit programs, working papers and reports may be made available for review by external auditors.
1.5.12 Delegations
Refer to Register of Authorities and Delegations (C062) (QUT staff access only).
Related Documents
MOPP A/1.3 Compliance
MOPP A/2.5 Risk management
MOPP A/2.6 Internal control
MOPP A/3.3 Risk and Audit Committee charter
MOPP B/8.1 QUT Staff Code of Conduct
MOPP B/8.6 Corruption and fraud control
MOPP B/8.7 Conflict of interest
MOPP F/6.2 Information privacy
Assurance and Audit Manual
QUT Corruption and Fraud Control Plan (QUT staff access only)
QUT Risk Management Framework
The Institute of Internal Auditors, International Professional Practices Framework (IPPF)
Modification History
Date |
Sections |
Source |
Details |
07.06.23 | All | Risk and Audit Committee | Revised policy to update reporting lines and remove risk management references |
08.02.23 | All | Governance and Performance | Governance and Performance administrative amendment following Legal and Related Governance Functions CMP, effective 01.02.2023. Enterprise Risk section (A/1.5.9) rescinded. |
03.06.20 | A/1.5.6 | Director, Assurance and Risk Management Services | Administrative changes to update reporting line to Chancellery - effective 01.07.20 |
21.02.20 | All | Risk and Audit Committee | Revised and modernised policy - effective 01.07.20 |
03.10.14 | All | Director, Assurance and Risk Management Services | Revised policy - minor editorial changes only |
30.05.13 | All | Audit and Risk Management Committee | Revised policy |
23.03.11 |
All |
Audit and Risk Management Committee |
Periodic review - minor revisions only |
31.07.09 |
All |
Governance Services |
Editorial amendments consistent with financial legislation and QUT Assurance and Risk Management Services Charter |
08.11.06 |
All |
Audit and Risk Management Committee |
Revised Charter to incorporate risk management function; renamed to Assurance and Risk Management Charter (formerly QUT Internal Audit Charter) |
18.05.05 |
All |
Secretariat |
Editorial (relocated and renumbered to A/1.5 - formerly MOPP Appendix 60) |
01.09.04 |
All |
Audit and Risk Management Committee |
Revised Internal Audit Charter to reflect current reporting arrangements |
02.07.03 |
All |
Audit Committee |
Revised Internal Audit Charter |
29.11.02 |
All |
Audit Committee |
Revised Internal Audit Charter |
06.07.98 |
All |
Audit Committee |
Revised Internal Audit Charter |