View Document

Internal Audit Charter

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Introduction

(1) Internal Audit is an independent and objective assurance and consulting function established by the University Council (Council), through the Audit and Risk Committee. 

(2) This Charter provides the framework for the conduct of the Internal Audit function in Macquarie University and has been approved by the Council taking into account the advice of the Audit and Risk Committee.

Purpose and Mission of Internal Audit

(3) The purpose of Internal Audit is to evaluate and advise management on the adequacy of internal controls, compliance with University procedures and policies, and the efficiency, economy and effectiveness of such operations and activities. The mission of Internal Audit is to enhance and protect organisational value by providing risk-based and objective assurance, advice, and insight. The Internal Audit activity helps Macquarie University accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of governance, risk management, and control processes.

Role

(4) Internal Audit will:

  1. apply a systematic and disciplined approach aligned to the strategy, priorities and risks of the University to conduct internal audits of the University’s management and administrative operations and activities;
  2. provide assurance to the Audit and Risk Committee and the Vice-Chancellor, that Macquarie University’s processes and controls are designed to achieve its objectives and manage risks, are operating in an efficient, effective and ethical manner; and
  3. provide insights to the Audit and Risk Committee and the Vice-Chancellor as to how these may be improved.

Scope

(5) Internal Audit shall cover all programs and activities of Macquarie University and its controlled entities.

Authority

(6) The Internal Audit function, reports:

  1. functionally, to the Audit and Risk Committee for strategic direction and accountability; and
  2. administratively, to the General Counsel to facilitate day to day operations.

(7) Internal Audit will present all internal audit findings and reports to the Vice-Chancellor and the Audit and Risk Committee and have access to the Chair of the Audit and Risk Committee, as required.

(8) Internal Audit has the authority to access records, physical properties, and personnel pertinent to carrying out any engagement. All records, documentation and information accessed in the course of undertaking Internal Audit activities are to be used solely for the conduct of these activities. All Internal Audit documentation is to remain the property of the Macquarie University, including where Internal Audit services are performed by an external third party provider.

Responsibility

(9) The scope of internal auditing encompasses, but is not limited to, the examination and evaluation of the adequacy and effectiveness of the University’s governance, risk management, and internal controls as well as the quality of performance in carrying out assigned responsibilities to achieve the University’s stated goals and objectives. This includes:

  1. evaluating risk exposure relating to achievement of the University’s strategic objectives;
  2. evaluating the reliability and integrity of information and the means used to identify, measure, classify, and report such information;
  3. evaluating the systems established to ensure compliance with those policies, plans, procedures, laws, and regulations which could have a significant impact on the University;
  4. evaluating the means of safeguarding assets and, as appropriate, verifying the existence of such assets; evaluating the effectiveness and efficiency with which resources are employed;
  5. evaluating operations or programs to ascertain whether results are consistent with established objectives and goals and whether the operations or programs are being carried out as planned;
  6. monitoring and evaluating governance processes; monitoring and evaluating the effectiveness of the University’s risk management processes;
  7. reporting significant risk exposures and control issues, including fraud risks, governance issues, and other matters needed or requested by management or the Audit and Risk Committee; and
  8. evaluating specific operations as requested by management or the Audit and Risk Committee.

(10) In the conduct of its activities, Internal Audit will play an active role in:

  1. developing and maintaining a culture of accountability, compliance, integrity and adherence to high ethical standards;
  2. facilitating the integration of risk management into day-to-day business activities and processes, and promoting self-assessment by management; and
  3. promoting a culture of cost-consciousness.

(11) Internal Audit is responsible for:

  1. maintaining currency in the approach and execution of services;
  2. performing audit services in compliance with professional standards, utilising legislation, statutes, directions, internal policies, procedures and guidelines as benchmarks;
  3. ensuring the appropriate level and expertise of internal audit personnel;
  4. liaising with all relevant internal and external stakeholders;
  5. assisting the Audit and Risk Committee to discharge its responsibilities;
  6. attending the Audit and Risk Committee quarterly meetings;
  7. monitoring and reporting on the progress and closure of internal audit action items agreed by management;
  8. providing additional advice to the University as required; and
  9. disseminating across the entity better practice and lessons learnt arising from its internal audit activities.

Relationship with External Audit

(12) Internal Audit will establish and maintain an open relationship with the external auditor and any other assurance providers. Internal Audit will plan its activity to help ensure the adequacy of overall audit coverage and to minimise duplication of assurance effort.

(13) Periodic meetings and contact between internal and external audit shall be held to discuss matters of mutual interest and facilitate coordination.

(14) External auditors have full and free access to all Internal Audit strategies, plans, working papers and reports.

(15) It is the sole responsibility of the external auditor to determine the extent to which they can rely on the reports, working papers and other documentation for their external audit or other purposes.

Planning and Organisation

(16) Internal Audit will develop and update a three year rolling Internal Audit Plan based on a prioritisation of the audit universe reflecting the Strategic Risk Profile and other sources of assurance, in consultation with internal stakeholders.

(17) At each meeting of the Audit and Risk Committee, the following items will be tabled and discussed:

  1. internal audits completed within the period;
  2. progress in implementing the Internal Audit Plan and any changes to the plan;
  3. implementation status of agreed internal and external audit recommendations; and
  4. insights relating to key risks and the control environment.

(18) Annually the Audit and Risk Committee will receive the following reports:

  1. a report on the overall state of internal controls in Macquarie University and any systemic issues requiring management attention based on the findings and information captured throughout Internal Audit activities; and
  2. the three (3) year rolling Internal Audit Plan.

(19) The Audit and Risk Committee will:

  1. approve the Internal Audit Charter annually;
  2. approve the rolling three year risk-based Internal Audit Plan annually;
  3. approve the budget and resource plan;
  4. receive communications from the General Counsel on the Internal Audit activity’s performance relative to its plan and other matters;
  5. approve decisions with the Vice-Chancellor regarding the appointment and removal of the Internal Audit service provider; and
  6. make appropriate inquiries of management and the General Counsel to determine if there are any inappropriate scope or resource limitations.

Independence and Objectivity

(20) Internal Auditors will have no direct operational responsibility or authority over any of the activities internally audited. Accordingly, they will not implement internal controls, develop procedures, install systems, prepare records, or engage in any other activity that may impair the Internal Auditor’s judgment.

(21) Internal Auditors will exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal Auditors will make a balanced assessment of all the relevant circumstances and not be unduly influenced by their own interests or by others in forming judgments.

(22) The General Counsel will ensure that the Internal Audit function remains free from all conditions that threaten the ability of Internal Auditors to carry out their responsibilities in an unbiased manner, including matters of internal audit selection, scope, procedures, frequency, timing, and report content. If the General Counsel determines that independence or objectivity may be impaired in fact or appearance, the details of impairment will be disclosed to appropriate parties.

(23) The General Counsel, along with the Vice-President, Finance and Resources, will confirm to the Audit and Risk Committee, annually, the independence of the internal audit activity.

(24) Routinely, the Internal Audit service provider reports administratively to the General Counsel. However, in the event of any major fraud, control breakdown or other sensitive issues that arise, the service provider may communicate or work directly with the Chair of the Audit and Risk Committee or Vice-Chancellor as appropriate.

Standards and Quality Assurance

(25) Internal audit activities will be conducted in accordance with this charter which aligns with the Institute of Internal Auditors’ International Professional Practices Framework (IPPF), including its Standards, Core Principles for Professional Practice of Internal Auditing, Definition of Internal Auditing and Code of Ethics.

(26) Internal Audit will maintain a quality assurance and improvement program that covers all aspects of the internal audit activity in accordance with these standards. An external quality assessment of the function will be conducted at least every five years.

(27) In the conduct of internal audit work, Internal Audit staff will:

  1. comply with relevant professional standards of conduct;
  2. possess the knowledge, skills and technical proficiency relevant to the performance of their duties; and
  3. be skilled in dealing with people and communicating internal audit, risk management and related issues effectively, and exercise due professional care in performing their duties.