Académique Documents
Professionnel Documents
Culture Documents
Prepared by: Maria Mu, CPA, CMIIA, CISA, Manager, Internal Audit
Date: 30/10/2014
Page 1 of 9
A. Introduction
The Internal Audit Charter requires that Internal Audit align its focus and activities to the Universitys
key risks. The proposed Internal Audit functional planning framework consists of two key documents:
an Internal Audit Strategic Plan with a three year outlook that relates the role of internal
audit to the requirements of the University by outlining the broad direction of internal audit
over the medium term, in the context of all the Universitys assurance activities; and
an Internal Audit Annual Work Plan supported by a schedule of potential audits.
Together, these documents serve the purpose of setting out, in strategic and operational terms, the
broad roles and responsibilities of Internal Audit that are included in the Internal Audit Charter and
identify key issues relating to internal audit capability, such as the required skills.
This Annual Work Plan covers a calendar year in line with the Universitys annual budgeting and
planning cycle and specifies the proposed internal audit coverage within the calendar year. It is
reviewed by the Manager, Internal Audit four times a year in line with the Audit Committee meeting
dates, with the preliminary approval provided by the Vice Chancellor, and the formal approval
provided by the Audit Committee of the University Council. Any significant deviation from the formally
approved Internal Audit Annual Work Plan and any impact of resource limitations are communicated
to the Vice Chancellor who provides preliminary approval, and to the Audit Committee for formal
approval.
Financial
o auditing the financial statements of externally funded grants including research, capital
and other special purpose grants/programs; and
o auditing the special purpose financial statements of discrete business operations such as
University Halls of Residence, on behalf of QAO.
In performing financial statement audits, the Manager, Internal Audit or the co-sourced
service partner(s) typically provides an audit opinion and a reasonable level of assurance
Page 2 of 9
to parties outside the University, depending on the purpose for which the financial
statements are prepared.
Engagements of this nature shall be conducted in accordance with the Australian Auditing
Standards, as appropriate.
Compliance
o Compliance has traditionally been a focus area for Internal Audit activities. The objective
of a compliance engagement is to enable the Manager, Internal Audit to express an
opinion on whether the University or an organisational area has complied in all material
aspects, with requirements as measured by the suitable criteria which include:
Federal and State legislation and regulatory requirements;
Federal and State Governments policies and administrative reporting guidelines;
University policies, procedures and Code of Conduct;
contracts to which the University is a party;
strategic plans, or operational programs;
ethics related objectives and programs;
information technology governance standards; and
other standards and good practice control models.
Engagements of this nature shall be conducted in accordance with the Australian
Standard on Assurance Engagement ASAE 3100 Compliance Engagements, as
appropriate.
Performance (improvement)
o Also known as operational engagement, performance (improvement) engagement is
designed to assess the economy, efficiency and effectiveness of the Universitys
business systems and processes.
Engagements of this nature shall be conducted in accordance with the Australian
Standard on Assurance Engagement ASAE 3500 Performance Engagements, as
appropriate.
Page 3 of 9
o
o
o
The percentages of Internal Audit effort to conduct audit support, assurance and advisory activities
will fluctuate over the years depending on the Universitys assurance needs and the Internal Audits
operational needs and priorities such as system, process, and staff professional development
requirements. This is monitored by the Audit Committee.
C. Methodology
Internal Audit adopts a risk based methodology. The planning at both the functional and
engagement levels is based on the risk assessment performed by Manager, Internal Audit to ensure
that it is appropriate to the size, functions and risk profile of the University. In order to provide optimal
audit coverage to the University and minimise duplication of assurance effort, due consideration is
given to the following aspects:
key University business risks;
any key risks or control concerns identified by management;
assurance gaps and emerging needs; and
scope of work of other assurance providers, internal and external.
Internal Audit maintains an open relationship with the external auditor and other assurance providers.
The planning process includes formal consultation with the following key stakeholders:
The Vice Chancellor;
The Chair of the Audit Committee;
University Executives;
Queensland Audit Office (QAO);
Other internal assurance providers:
o Chief of Staff;
o University General Counsel and Head Legal and Assurance;
o Director, Quality, Planning and Analytics; and
o Associate Director, Workplace Health and Safety.
Page 4 of 9
3. Audits that review particular topics across the whole University such as procurement,
casual staff appointment, record management, WHS management, risk management. This
group of engagements are aimed at addressing systemic risks;
4. Audits that review particular processes/activities owned by a particular
Directorate/Colleges or Divisions such as Audit of Fleet and Fuel Cards; and
5. Consultancy/ad hoc advice on new systems, processes and initiatives.
A small contingent time budget can be set aside to accommodate ad hoc or special management
requests, particularly those from the Vice Chancellor and the Audit Committee.
Page 5 of 9
the External Auditor contracted by QAO for JCU for the three year period from 2015-2017 and
preparing reports to the Audit Committee on audit matters.
To ensure effective internal stakeholders engagement, communication, and financial management,
Manager, Internal Audit proposes that the Chief of Staff and/or Head, Legal & Assurance, play a
caretaker role regarding Internal Audit administrative matters while Manager, Internal Audit is on
leave, which include coordinating the Audit Committee reporting and approving the financial
transactions of Internal Audit. It is also expected that the Internal Auditor will perform some higher
duties.
The proposed Work Program for 2015 is tabulated in Table 1 on Page 7, which is developed based
on the in-house Internal Audit staff time budget available.
Subject to approval by the Audit Committee of this Annual Work Plan, monetary budget request will
be submitted for approval through the administrative reporting line (Head, Legal and Assurance, and
Chief of Staff). It is expected that any co-sourcing costs will be fully funded and quarantined from the
Internal Audit profile salaries and general operating budgets.
Any budget and resources limitations and subsequent deletion of scheduled jobs will be
communicated to and agreed with the Audit Committee and the Vice Chancellor, in the usual manner.
Page 6 of 9
Project Title
Type
Sourcing
Time
Budget
in Days
F-15-01
1 Assurance - Financial
Co-sourcing
F-15-02
1 Assurance - Financial
Co-sourcing
F-15-03
1 Assurance - Financial
Co-sourcing
G-15
Grant Audits
1 Assurance - Financial
Co-sourcing
12
C-15-01
2 Assurance - Compliance
In-house
30
C-15-02
2 Assurance - Compliance
In-house
30
C-15-03
2 Assurance - Compliance
Co-sourcing
25
C-15-04
Supplier Selection
2 Assurance - Compliance
Co-sourcing
C-15-05
2 Assurance - Compliance
Co-sourcing
C-15-06
2 Assurance - Compliance
Co-sourcing
10
NA-15-01
4 Productive Non-audit
Activities
Co-sourcing
15
A-15-01
5 Advisory
In-house
14
A-15-02
6 Advisory
In-house
25
AS-15-01
6 Audit Support
In-house
17
AS-15-02
6 Audit Support
In-house
21
AS-15-03
6 Audit Support
In-house
27
AS-15-04
6 Audit Support
In-house
30
AS-15-05
6 Audit Support
In-house
16
AS-15-06
6 Audit Support
In-house
23
AS-15-07
6 Audit Support
In-house
14
AS-15-08
6 Audit Support
In-house
25
AS-15-09
7 Audit Support
In-house
10
NW-15-01
Public Holidays
7 Non-work
N/A
20
NW-15-02
7 Non-work
N/A
17
NW-15-03
Annual Leave
7 Non-work
N/A
56
NW-15-04
7 Non-work
N/A
NW-15-05
Cultural Leave
7 Non-work
N/A
NW-15-06
7 Non-work
N/A
47
Contingency
11
Total
522
Page 7 of 9
2015
1.
Decline in student
numbers (Domestic
vs. International,
coursework vs.
research)
2.
Ineffective oversight of
the third party
academic quality
3.
Poor student
experience & retention
4.
Non-compliance with
legislative and
regulatory
requirements
5.
Non-compliance with
contractual obligations
6.
7.
Ineffective project
management
8.
Ineffective information
and security
management
2016
Marketing
International Student
Application Processing
Indigenous Participation
( Students)
Potential depending on
new risk assessment
Student Enquires
Facility Maintenance
WHS Management
A new Compliance
Framework is currently
being proposed.
Rolling Legislative
compliance audit
schedule
Record Management
Management assurance
activities in plan
Page 8 of 9
2017
Course
Rationalisati
on Process
Rolling
Legislative
compliance
audit
schedule
Project Management
(Excl. Capital)
Key and ID
Management
Course
Approval
Process
Domestic
Student
Application
and
admission
Process
Strategic
Asset
Management
ICT Disaster
Recovery
9.
Ineffective risk
management and
business continuity
management
Version
Prepared by:
Consultation:
Risk Management
Framework
Business
Continuity
Planning
Performance
Management
2014-10-29 Draft
for Approval by the Vice Chancellor and the Audit Committee
Maria Mu, Internal Audit Manager
Prof. Sandra Harding, Vice Chancellor and President
Mr Graham Kirkwood, Chair of the Audit Committee
Ms Tricia Brand, DVC, Services and Resources
Prof. Ian Wronski AO, DVC, Tropical Health and Medicine
Prof. Sally Kift, DVC, Academic
Prof. Dale Anderson, DVC, JCUS
Prof. Paul Gadek, Chair of Academic Board
Ms. Vanessa Cannon, Chief of Staff
Ms. Fiona Macdonald, University General Counsel and
Head, Legal and Assurance
Ms Vicki Hamilton, Director, Quality, Planning and Analytics
Mr Blaise Allen, Associate Director, Workplace Health &
Safety
Queensland Audit Office
31/10/2014
13/11/2014
Page 9 of 9