View Document

Internal Audit Charter

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Objective and Scope

(1) At Australian Catholic University (ACU):

  1. Internal audit services are provided by an externally sourced contractor. This contract is managed through the Legal, Assurance and Governance Directorate. In this Charter references to the function of Internal Audit refer to the ACU external contractor unless advised otherwise.
  2. Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve operations. It helps ACU accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.
  3. Internal auditing provides assessment and evaluation of financial and non-financial operational systems, reporting processes and activity effectiveness and efficiency. Further it provides assistance and support to identify deficiencies and opportunities in risk management.
  4. Internal auditing incorporates examination and evaluation of specific activities of ACU identified by the Audit and Risk Committee and / or Vice-Chancellor and President, and through the Strategic Internal Audit Plan which is consultatively developed in light of ACU's strategic priorities. This includes confirming that ACU's risk management, controls, and governance processes, as represented by management, are adequate and functioning effectively to provide a reasonable level of assurance that:
    1. significant financial, managerial, and operating information is accurate, reliable, and timely;
    2. services are delivered efficiently and effectively to obtain best value for money;
    3. exposure to risk and fraud is managed effectively;
    4. resources are acquired economically, used efficiently, and accounted for accurately;
    5. quality and continuous improvement are fostered in the organisation's control processes;
    6. programs, plans and objectives are achieved;
    7. employees' actions comply with applicable laws, regulations, contract provisions, and internal policies, plans, and procedures;
    8. assets, liabilities, and contingencies are managed competently and protected against loss or other negative consequences;
    9. compliance with applicable Australian Accounting Standards and other authoritative pronouncements and regulations is achieved; and
    10. significant legislative or regulatory issues impacting ACU are recognised and addressed.
Top of Page

Section 2 - Authority and Independence

(2) Internal Audit function is an independent contracted function, responsible to Senate and reporting functionally through the Audit and Risk Committee.

(3) Internal audit will report administratively to the Chancellor via the Director, Legal, Assurance and Governance (Dir LAG) who is also ACU Chief Audit Executive (CAE). The Dir LAG will also be the contract manager for the outsourced Internal Audit Provider and will be responsible for ensuring internal audits and other agreed activities are conducted in compliance with this Charter and the Internal Audit Contract. The Dir LAG reports to the Chief Operating Officer who is responsible to the Vice-Chancellor and President for policy and planning matters.

(4) Real or perceived impairments to independence such as conflict of interest or objectivity must be disclosed as soon as possible to the Dir LAG, who, if required, will report disclosure to the Chair, Audit and Risk Committee and / or Vice-Chancellor and President. If the area of concern is in the Legal, Assurance and Governance Directorate's operational area, disclosure or concerns should be made to the Chair, Audit and Risk Committee and / or Vice-Chancellor and President.

(5) In order to fulfil their responsibilities, the Internal Audit contractor is authorised to:

  1. have unrestricted access to all functions, appropriate records, property, and personnel;
  2. have full and free access to the Audit and Risk Committee and Vice-Chancellor and President;
  3. through the Assurance Unit, Legal, Assurance and Governance Directorate, seek to allocate resources, select areas of focus and determine scope of work, and independently apply techniques required to accomplish audit objectives; and
  4. obtain necessary assistance of personnel in ACU where audits are performed, as well as other specialised services from within or outside ACU.

(6) The Internal Audit contractor is authorised to engage in ACU initiated discussions with other areas of ACU operations relating to potential additional consulting engagements, which are not identified in the internal audit work plan.

(7) Internal Audit contractor is not authorised to:

  1. perform operational duties for ACU or its affiliates unless contracted to do so;
  2. initiate or approve accounting transactions; or
  3. direct any ACU employee activities except to the extent such an employee has been appropriately assigned to an auditing team or to otherwise assist internal auditors.
Top of Page

Section 3 - Internal Audit Services

(8) Internal Audit contractor shall conduct financial, operational, compliance, and information technology audits in accordance with approved plans and established policies and procedures, in conformance with the Code of Ethics - The Institute of Internal Auditors and the International Standards for the Professional Practice of Internal Auditing, as well as other applicable professional auditing standards. The Institute of Internal Auditors' Practice Advisories, Practice Guides, and Position Papers will also be adhered to, as applicable, to guide operations.

(9) Contracted Internal Audit services and activities will include but are not limited to:

  1. considering scopes of work of external auditors, regulators, and others as appropriate, for the purpose of providing optimal audit coverage to ACU at a reasonable overall cost;
  2. assisting the Assurance Unit in the development and implementation of a flexible annual audit plan using an appropriate risk based methodology, including reviewing the reliability and integrity of financial and operating information and processes used to identify, measure, classify, and report such information, risks or control concerns identified by management. These plans, including any revisions, shall be submitted to the Audit and Risk Committee for review and approval;
  3. assisting the Assurance Unit as requested on verifying resources are acquired in accordance with policies, used economically and efficiently, accounted for accurately, and protected adequately;
  4. assessing compliance with laws, regulations, contract / grant provisions, and internal policies, plans, and procedures for those Internal Audit review areas contracted to do so; and
  5. evaluating emerging audit trends and providing examples of best practice.
Top of Page

Section 4 - Reporting and Monitoring

(10) A written report will be issued following the conclusion of each Internal Audit functional engagement and will be distributed to the Audit and Risk Committee and management as appropriate.

(11) Management will provide the following for inclusion in the Internal Audit report:

  1. a management response and comment on corrective actions taken or to be taken in regard to audit findings and recommendations;
  2. a timetable for anticipated completion of actions to be taken; and
  3. an explanation for any recommended corrective actions which will not be implemented.

(12) If available, management's response will be included within the Internal Audit report issued on conclusion of an Internal Audit engagement. Otherwise this response is required from management of an audited area within thirty days of the audit for inclusion in subsequent drafts of an Internal Audit report.

(13) The Internal Audit contractor will, in association with the Dir LAG, monitor close out of engagement findings and recommendations to ensure they are finalised in a timely manner and in line with management's commitment to address the issues identified. All extreme, high and medium findings will remain in an open issues file until cleared.

(14) The Dir LAG will periodically report to senior management and the Audit and Risk Committee on matters including:

  1. Internal Audit function activity's purpose, authority, and responsibility;
  2. contract performance relative to plan;
  3. commentary and activity concerning significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by senior management and the Audit and Risk Committee; and
  4. annual requirement of the Institute of Internal Auditors (IIA) for CAEs to report on ACU quality assurance and improvement program and current level of conformance.
Top of Page

Section 5 - Quality Review

(15) The Assurance Unit, Legal, Assurance and Governance Directorate, manages a quality assurance program by which the Dir LAG assures operation of Internal Audit activities.

(16) In accordance with the International Professional Practices Framework (IPPF), the contracted Internal Audit function will be subject to a documented quality assurance and improvement program, including engagement and contract performance review. The results, including an evaluation of degree of conformance with IPPF guidelines, will be reported annually to the Audit and Risk Committee and the Vice-Chancellor and President by the Dir LAG.

(17) The Internal Audit function will maintain a quality assurance and improvement program that covers all aspects of the Internal Audit function. The program will include an evaluation of the Internal Audit Function's conformance with the Definition of Internal Auditing and the Standards and an evaluation of whether internal auditors apply the Code of Ethics. The program also assesses the efficiency and effectiveness of the Internal Audit function and identifies opportunities for improvement. The outsourced Internal audit provider will obtain formal feedback from the Dir LAG. This will occur informally throughout the year and formally at least annually.

Top of Page

Section 6 - Approval and Amendment of Charter

(18) The Audit and Risk Committee will review this Charter annually, and recommend changes, as required, to the Vice-Chancellor and President for approval.