Department of Treasury and Finance logo

Department of Treasury and Finance
TI No. 108 - Internal Audit
 
Options
Treasurer’s Instruction No108
TitleInternal Audit
Effective date1 July 2009
Objective and BackgroundProvides guidance for establishing and maintaining internal audit functions
Last Reviewed Date30 June 2009
PDF VersionFMTI.0108.pdf

Black letter (or bold) items within these Instructions are mandatory and other plain font items are instructional or for the purpose of providing guidance only.

Background

Internal audit provides an independent and objective review and advisory service to:

  • provide assurance to Agency management that financial and operational (internal) controls, designed to manage risks and achieve outcomes, are operating in an efficient, effective and ethical manner; and
  • assist Agency management in improving processes and performance.

Internal Audit

1. A Head of Agency will ensure that effective internal audit arrangements are established by the Agency.

2. The internal auditor is authorised to perform reviews, evaluations, appraisals, assessments and investigations of functions, processes, controls and governance frameworks, in the context of the achievement of the Agency’s objectives.

3. The Head of Agency will ensure that the internal auditor is properly resourced to enable its responsibilities to be met.

Providing that independence requirements are adhered to, agencies may contract their internal audit function to external providers. However, such an arrangement will not diminish the Head of Agency’s responsibility to oversee and manage the internal audit function.

The internal auditor should have the visible and active support of the Head of Agency, Audit Committee and Senior Management.

Regardless of size, agencies are to ensure that they have an appropriately resourced internal audit function including skilled auditors, appropriate technology tools and adequate budgets.

Authority and confidentiality

4. Subject to relevant Agency security policies, internal auditors are authorised to have full, free and unrestricted access to all functions, property, premises, personnel, records, information, accounts, files and other documentation and information that the internal auditor considers necessary.

5. All records, documentation and information accessed in the course of undertaking internal audit activities are to be used solely for the conduct of these activities. Individual internal audit staff are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work.

Independence of Internal Audit

6. Agencies must provide appropriate independence for internal audit functions, establishing an appropriate degree of separation of the function from Agency management.

7. Where an Agency employs an internal auditor, that position must be independent with no other operational or management responsibilities.

Independence is essential to the effectiveness of the internal audit function. The internal auditor must have no direct authority or responsibility for the activities under review. The internal auditor must have no responsibility for developing or implementing procedures or systems and must not engage in Agency service delivery functions or activities. Additional information on the scope of the internal auditor’s work is contained in paragraph 15.

Audit Committee

8. Each Agency must have an Audit Committee

The Head of Agency is assisted by the Audit Committee through its oversight function to:
  • review the implementation of the annual Internal Audit Plan and implementation of audit recommendations;
  • identify areas worthy of examination by the internal auditor;
  • ensure internal controls are operating effectively;
  • ensure controls are appropriate for achieving the Agency’s objectives;
  • meet the Agency’s statutory and fiduciary duties; and
  • provide a forum for discussing problems and issues that may affect the operations of the internal auditor.

The Audit Committee should be constituted to cater for the particular internal and external influences impacting on the Agency. The membership and conduct of the Audit Committee will therefore vary, depending on the Agency’s size and other circumstances. Membership of an Audit Committee would be expected to be between three and seven members and may include one or more members from outside the Agency.

9. The Audit Committee will have a Charter that establishes its roles and responsibilities and its oversight of the Agency’s internal and external audit functions.

10. The Head of Agency is to approve the Audit Committee Charter.

Key characteristics of an Audit Committee should include:
  • A good understanding of the Audit Committee’s position in the Agency’s governance framework;
  • Members with relevant personal qualities, skills and experience, including at least one member with a strong financial and/or audit background; and
  • A robust and considered process of assessment and continuous improvement.

A strong relationship between the internal auditor and the Audit Committee enables the Committee to meet its responsibilities and carry out its functions. The Audit Committee establishes the role and direction for the internal auditor, and maximises the benefits from the internal audit activity.

Where the Chair of the Audit Committee considers it to be appropriate, the internal auditor and/or the external auditor may, as independent advisors, be invited to attend Audit Committee meetings for relevant agenda items.

Internal Audit Charter

11. The Audit Committee must establish an Internal Audit Charter.

12. The Internal Audit Charter will:

    (a) identify the purpose, authority and responsibility of the internal auditor;
    (b) where relevant, establish the internal auditor’s position within the organisational structure;
    (c) define reporting relationships of the internal auditor with the Head of Agency and the Audit Committee;
    (d) define the internal auditor’s relationship with the Auditor-General; and
    (e) define the scope of the internal auditor’s activities, including any restrictions, together with the reasons for such restrictions.

13. Subject to any changes that the Head of Agency considers necessary, the Head of Agency will approve the Internal Audit Charter on the recommendation of the Audit Committee.

14. The Audit Committee will periodically review the Internal Audit Charter to ensure that it remains up-to-date and reflects the current scope of internal audit work.

Scope of Internal Audit

15. The scope of services provided by the internal auditor will include:

    (a) the examination and evaluation of the adequacy and effectiveness of the Agency’s systems of internal control, risk management and governance;
    (b) the examination of the Agency’s compliance with policies, procedures, plans, legislation and Treasurer’s Instructions;
    (c) assessment of the reliability and integrity of financial management information;
    (d) assessment of the safeguarding of assets;
    (e) any special investigations as directed by the Head of Agency;
    (f) any special investigations as directed by the Audit Committee, subject to approval by the Head of Agency; and
    (g) all activities of the Agency, whether financial, or non-financial, manual or computerised.

The scope of the internal auditor’s work may include the provision of advisory activities, the nature and scope of which are agreed with management and which are intended to add value and improve an Agency’s governance, risk management and control processes. As the outcome of an advisory service may become the subject of future internal audits, the internal auditor should ensure that its independence is not compromised by undertaking such a role.

Internal Audit Planning Requirements

16. The internal auditor will prepare an annual Internal Audit Plan for review by the Audit Committee and approval by the Head of Agency, showing the proposed areas for audit.

17. The Internal Audit Plan will be based on an assessment of the goals, objectives and risks of the Agency and will take into consideration any requirements of the Audit Committee and the Head of Agency.

Good practice internal audit plans will be based on a risk assessment of the Agency’s key strategic and operational areas to establish a program of audits over a 12 month period. This approach is designed to be flexible, dynamic and more timely in order to meet the changing needs and priorities of the Agency.

Reporting

18. The internal auditor will regularly communicate its findings and recommendations to the Head of Agency, Audit Committee and management of the areas audited.

19. On the completion of each internal audit engagement, the internal auditor will provide a Report to the Audit Committee and the Head of Agency, which details the objective and scope of the audit and the findings of the audit.

Audit reports should include background information, the audit objectives, scope, approach, observations/findings, conclusions, recommendations and agreed management actions. Reports should promote better practice options and explain why the recommended changes are necessary and how they add value.

Reports should share the internal auditor’s observations on significant risk exposures, control issues, corporate governance issues, and other related audit matters. By sharing audit criteria, explaining causes and consequences of audit observations, agencies can gain an understanding of the implications and impacts of the audit findings.

Compliance with professional standards

20. Internal auditors will comply with relevant professional standards.

It is important that internal audit work is conducted in accordance with recognised professional standards. Standards that can guide the work of the internal auditor include:
  • the Professional Practices Framework of the Institute of Internal Auditors; and
  • Australian Auditing Standards and Auditing and Assurance Standards issued by the Australian Auditing and Assurance Standards Board.

Implementation of audit recommendations

21. The Head of Agency and the Audit Committee must systematically review progress against audit recommendations and agreed action plans.

Co-ordination with external audit

22. The Audit Committee will periodically consult with the Auditor-General, to discuss matters of mutual interest, to co-ordinate audit activity and to reduce duplication of audit effort.
Sections