Internal Audit

UOW Internal Audit Charter

This internal audit charter provides the framework for the conduct of the internal audit function of the University of Wollongong (UOW), and the inclusion of the UOW controlled entities - UOW Global Enterprises (onshore) and UOW Pulse – which may be in scope from time to time.

This charter describes how the internal audit function will operate in order to meet its role in the corporate governance of the University.

Purpose of Internal Audit

Internal audit is an independent and objective assurance and consulting activity designed to add value and improve UOW operations. It assists the University to achieve its objectives by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. It provides assurance to the University Council through the Risk, Audit and Compliance Committee (RACC), that new and emerging risks within the sector are being addressed. It also provides assurance that existing financial and operational controls, which are designed to manage risks and achieve objectives, including those which prevent and detect corruption, are operating in an efficient, effective and ethical manner.

Scope of Internal Audit Activity

The internal audit function encompasses the review of organisational risk controls across the University, and may include any activity within faculties, schools, institutes, administrative divisions, units or UOW controlled entities.

Independence

Independence is essential to the effectiveness and integrity of the internal audit function. The internal audit function must be, and must be seen to be, independent of the activities and processes reviewed to ensure objectivity is maintained.

For this purpose the contracted internal auditor:

  • has no direct authority or responsibility for the activities reviewed as part of the internal audit function;
  • has no managerial authority, functions or duties other than delivery of the internal audit services.

Roles and Responsibilities

The Director, Business Improvement and Assurance Division (D/BIAD), and the Manager, Business Assurance (M/BA), are functionally responsible to the RACC and accountable to the Chief Operating Officer (COO), on behalf of the Vice-Chancellor, for the efficient and effective operation of the internal audit function.

In addition, the D/BIAD, and the M/BA:

  • must report to the COO of any situations in which a conflict of interest or bias is present or may be reasonably inferred;
  • has right of access to the Vice-Chancellor as well as the Chair and other members of the RACC when deemed necessary; and,
  • will bring to the attention of the Vice-Chancellor and RACC any matters as appropriate.

In the conduct of its activities, the internal audit function will play an active role in:

  • developing and maintaining a culture of accountability, integrity and adherence to high ethical standards;
  • facilitating the integration of risk management practices into day-to-day business activities and processes;
  • strengthening risk controls where appropriate; and,
  • promoting a culture of process improvement, efficiency, sustainability and self-assessment.

Internal audit has a primary responsibility to provide advice on governance, risk management and control issues, and is required to report to management and RACC on inadequately addressed risks and ineffective control processes. Reporting will be escalated to a level consistent with the internal audit assessment of the risk.

Internal audit will seek the endorsement of the Vice-Chancellor’s Advisory Group (VCAG) for draft audit scopes and draft final reports. Final reports will be reviewed and noted by the RACC.

The existence of the internal audit function does not relieve management from the responsibility of ensuring adequate controls are in place for the proper control of business activities and risks for which they are accountable.

Authority & Confidentiality

All reviews are undertaken under the authority of the RACC. The M/BA, is authorised to direct a broad and comprehensive internal audit program.

Subject to compliance with UOW policy, the M/BA, and internal audit staff (including contractors and external service providers) are authorised to have full, free and unrestricted access to all functions, premises, assets, personnel, records and other documentation and information belonging to the University and its controlled entities, as appropriate, to enable the internal audit function to meet its responsibilities.

All records, documentation and information accessed in the course of an internal audit activity are to be used strictly for internal audit purposes only. The M/BA, and internal audit staff are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work.

Audit Follow-up Activities

The M/BA, is responsible for the appropriate follow-up of audit findings and recommendations for actions. All recommendations will remain open until appropriate actions are agreed as completed by the RACC.

An implementation status report noting details of corrective actions taken in regard to specific recommendations is to be provided on a quarterly basis to the RACC by the staff member responsible for the item.

Dependent upon the significance of the finding, internal audit staff may validate the effectiveness of corrective actions prior to closure of the issue, or after the closure of the issue in a follow-up review.

Standards

Audit activities will be conducted in accordance with relevant professional standards, including but not limited to:

  • The International Standards for the Professional Practice of Internal Auditing contained in The International Professional Practices Framework issued by the Institute of Internal Auditors;
  • The Framework for Assurance Engagements and the Australian Standards on Assurance Engagements issued by the Australian Auditing and Assurance Standards Board; and
  • The Information Technology Assurance Framework issued by ISACA (formerly the Information Systems Audit and Control Association);

All internal audit staff are required to comply with relevant professional standards of conduct and exercise due professional care in performing their duties.

External Audit and other Assurance Activities

Internal audit, in-house audits conducted by BA and other assurance activities should be coordinated to help ensure adequate overall coverage, and to minimise duplication of effort.

External auditors will have full and free access to internal audit working papers and reports.

Audit Planning

The D/BIAD, and the M/BA, in consultation with the COO and with the endorsement of VCAG, will prepare a 3-year rolling internal audit plan for approval by the RACC. The plan will specify which controlled entities are to be included in which audit activities.

UOW controlled entities will also provide an annual report on their own risk and assurance activities to the RACC.

The impact of major business disruptions, resource limitations, and details of any necessary amendments to the plan will be submitted by the D/BIAD, and the M/BA, to the RACC for consideration and approval.

Reporting

In conjunction with the D/BIAD, the M/BA, will report to each meeting of the RACC regarding:

  • Significant risk and control issues arising from internal audit activity;
  • Audits completed;
  • Progress in implementing the internal audit plan; and,
  • The status of the implementation of agreed internal audit recommendations, based on information provided by relevant audit action owners in quarterly implementation status reports.

Review of the Charter

The M/BA, is responsible for maintenance of this Internal Audit Charter to ensure that it remains relevant and up to date.

This charter will be reviewed by the RACC on an annual basis. Any substantive changes must be formally approved by the University Council on the recommendation of the RACC.

Last reviewed: 10 September, 2020