View Document

QUT Assurance and Audit Charter

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) The Assurance and Audit Charter provides a broad framework, professional standards and guidance for the conduct of assurance and audit activities.

Top of Page

Section 2 - Application

(2) This Charter applies to all activities undertaken by Assurance and Audit.

Top of Page

Section 3 - Roles and Responsibilities

Position
Responsibility
Risk and Audit Committee
Approves the QUT Assurance and Audit Charter.
Advises Council and the Vice-Chancellor and President on the performance of functions under the Financial Accountability Act 2009 (Qld) and Financial and Performance Management Standard 2019 (Qld).
Other responsibilities for Assurance and Audit function as detailed in the Risk and Audit Committee Charter.
Director, Assurance and Audit
Provides independent and objective assurance to the Risk and Audit Committee on the adequacy and effectiveness of the University's internal control activities.
Provides other advisory assurance services (including training, facilitation and advisory) beyond audit services to assist management with achieving University priorities.
Assists in investigation of suspected corruption and fraudulent activities within the University, reporting to the Vice-President (Administration) and University Registrar, management and Risk and Audit Committee accordingly.
Informs Risk and Audit Committee of emerging trends and current practices in assurance and audit.
Reports on the performance of Assurance and Audit against key performance indicators agreed with the Risk and Audit Committee.
Top of Page

Section 4 - Assurance and Audit Objectives and Approach

(3) The primary objective of Assurance and Audit is to add value to the University's operations and assist the University to achieve its corporate goals by providing independent and objective analysis, appraisals, recommendations, counsel and information on the University's systems of internal control, effectiveness of risk management and the quality of performance. This is achieved by examining and evaluating the adequacy, economy, effectiveness and efficiency of risk management, systems of internal control, and the quality of management in a systematic, disciplined and professional manner.

(4) Internal audit is an independent, objective assurance and consulting activity designed to add value and improve the effectiveness of the University’s operations. It aims to assist the University by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of the University’s risk management, internal controls and governance processes.

(5) Assurance and Audit does not develop or implement procedures or systems and is not engaged in operational or processing functions. This does not exclude Assurance and Audit from suggesting system development projects or being consulted on proposed and/or existing systems, policies and procedures. Assurance and Audit may evaluate and assess significant projects or change initiatives and activities, including structural changes, or changes to processes, systems, services and controls.

(6) An audit or appraisal by Assurance and Audit does not in any way relieve officers of the University of their individual responsibilities and accountabilities.

Top of Page

Section 5 - Authority

(7) The Director, Assurance and Audit, is authorised to direct a broad, comprehensive program of assurance, internal audit and consulting activities across the University. The Director, Assurance and Audit, and staff are authorised to have full, free and unrestricted access to all functions, property, personnel, records, accounts, files and other documentation. Information accessed in the course of audits must be used strictly for audit purposes.

(8) The Director, Assurance and Audit is responsible for the management of internal audits and other assurance (grant audits) and integrity services for the University.

Top of Page

Section 6 - Independence

(9) Independence is essential to the effectiveness of the delivery of assurance and internal audit services. This independence is obtained primarily through organisational status and objectivity.

(10) The Director, Assurance and Audit is functionally responsible to the Risk and Audit Committee for ensuring not only the broadest range of assurance and internal audit coverage but also adequate consideration of internal audit reports and appropriate action on audit recommendations.

(11) Assurance and Audit operates within the Chancellery directly reporting, for administrative purposes, to the General Counsel. The Director, Assurance and Audit is responsible to the General Counsel for the performance of the internal audit function and the performance of staff in Assurance and Audit in accordance with the University’s relevant Human Resources policies and procedures.

(12) The General Counsel is responsible for ensuring resourcing support in respect of the Assurance and Audit function within the context and constraints of the University's planning and resourcing framework and principles. Resources can be provided by Assurance and Audit staff who are employees of the University, or by external contractors and consultants.

(13) The Director, Assurance and Audit:

  1. has access to the Risk and Audit Committee as required;
  2. may meet separately and privately with the Risk and Audit Committee chair and/or members as required; and
  3. will establish regular meetings with the General Counsel.

(14) Assurance and Audit staff must be independent of the activities they audit and will report to the Director, Assurance and Audit any situations in which a conflict of interest (whether actual, potential or perceived) may arise. Assurance and Audit staff must not assume operating responsibilities and must be objective in performing their work.

Top of Page

Section 7 - Professional Practices Including Standards

(15) Assurance and Audit complies with the following:

  1. The Institute of Internal Auditors, International Professional Practices Framework (IPPF);
  2. Standards on Information Systems Auditing Standards issued by the Information Systems Audit and Control Association;
  3. Auditing and Assurance Standards Board (AUASB Auditing Standards) as appropriate to internal auditing.

(16) Assurance and Audit professionals are required to:

  1. comply with professional standards of conduct;
  2. possess the knowledge, skills, and technical proficiency essential to the performance of internal audits;
  3. be skilled in dealing with people and in communicating audit and risk issues effectively;
  4. maintain their technical competence through a program of continuing education; and
  5. exercise due professional care in performing assurance and internal audits and investigations.
Top of Page

Section 8 - Internal Audit

Internal Audit Plans

(17) An Annual Assurance and Audit Plan (Plan) must be prepared by the Director, Assurance and Audit for approval by the Risk and Audit Committee. The Plan is based on an assessment of the University's business risks pertaining to the achievement of the University's priorities outlined in Connections - the QUT Strategy 2023 to 2027. The Plan requires agreement from the Vice-Chancellor and President prior to obtaining approval from the Risk and Audit Committee.

(18) The actual audit performance shall be regularly reviewed against the Plan by the Risk and Audit Committee. Any necessary amendments to the Plan shall be submitted to the Risk and Audit Committee for endorsement.

Scope and Frequency of Audit

(19) The scope of Assurance and Audit encompasses the examination and evaluation of the adequacy, effectiveness and efficiency of governance, risk management and the systems of internal control and management performance, as well as all activities of the University and its controlled entities. It involves the review of all financial and non-financial operations, including information systems and business processes. The frequency of internal audits shall be assessed based on the relevant risk exposure.

Internal Audit Technique

(20) Assurance and Audit uses the most appropriate auditing methodology for each audit depending on the nature of the audit, the risk exposure and the predetermined parameters.

Internal Audit Report

(21) On conclusion of an internal audit, a copy of the final report on the internal audit outcome shall be issued to the relevant organisational head and shall be circulated to Risk and Audit Committee members.

(22) The report shall present the overall audit objectives, scope, the conclusion based on the outcome of the audit, and an agreed implementation timeframe for audit recommendations.

(23) Assurance and Audit must establish and maintain a system to monitor the University response to recommendations communicated to management.

Coordination of Assurance Activities

(24) Assurance and Audit will consider the scope of work of other assurance providers, internal and external, as appropriate, for the purpose of providing optimal internal audit coverage to the University in an efficient and effective manner.

Top of Page

Section 9 - Quality Assurance Program

(25) The Director, Assurance and Audit, must establish and maintain a quality assurance program to evaluate the operations of Assurance and Audit. The program will incorporate benchmarking and review of the function in accordance with the requirement of the Institute of Internal Auditors.

(26) The purpose of this program is to provide assurance that audit work conforms with The Institute of Internal Auditors, International Professional Practices Framework (IPPF) and the QUT Assurance and Audit Charter, and is both cost effective and efficient. The quality assurance program is to include an independent review of Assurance and Audit once every 5 years.

(27) The Director, Assurance and Audit must communicate the results of the quality assurance program to senior management and the Risk and Audit Committee.

Top of Page

Section 10 - Reporting and Review

(28) In accordance with the Risk and Audit Committee meeting schedule, the Director, Assurance and Audit, shall submit to the Risk and Audit Committee a report summarising all assurance and internal audit activities undertaken during the reporting period. An annual report on the performance of Assurance and Audit against the agreed key performance indicators shall be submitted by the Director, Assurance and Audit to the Risk and Audit Committee.

(29) This charter is reviewed periodically to ensure it is relevant, aligned with organisational changes and good practices, and an appropriate level of cost-effective value-added services is achieved.

Top of Page

Section 11 - Liaison with External Auditors

(30) Internal and external audit activities should be coordinated to ensure adequate audit coverage and to minimise duplication of effort. In accordance with the Institute of Internal Auditors Standards, Assurance and Audit will consult with the external auditor during the preparation of the annual audit plan and individual audits where relevant.

(31) Periodic meetings between Assurance and Audit and external auditors shall be held to discuss matters of mutual interest.

(32) Internal Audit programs, working papers and reports may be made available for review by external auditors.

Top of Page

Section 12 - Delegations

(33) Refer to Register of Authorities and Delegations (C062) (QUT staff access only)