• No results found

Internal Audit Charter

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Internal Audit Charter"

Copied!
8
0
0

Loading.... (view fulltext now)

Download now ( 8 Page )

Full text

(1)

INTERNAL AUDIT CHARTER

Introduction...2

Purpose of Internal Audit...2

Scope of internal audit activity...2

Independence...2

Authority and Confidentiality...3

Roles and Responsibilities...3

Standards...5

Relationship with External Auditors...6

Strategic Internal Audit Program (SIAP) the Annual Audit Program...6

Audit Process...6

Reporting to the Audit Committee...7

Quality Assurance Program...7

Risk Management and Integrity Policy...7

Administrative Arrangements...8

Review of the Charter...8

(2)

Introduction

The Director-General has established the Internal Audit and Risk Management Branch as a key component of the ACT Health’s governance framework. It is established to provide an independent appraisal, advisory and assurance functions for the Director-General, senior management and the Audit and Risk Management Committee.

This charter provides the framework for the conduct of the internal audit function in the ACT Health and has been approved by the Director-General on the advice of the ACT Health Audit and Risk Management Committee.

Purpose of Internal Audit

Internal audit provides an independent and objective review and advisory service to:

 provide assurance to the Director-General that the ACT Health ’s financial and operational controls designed to manage the organisation’s risks and achieve the ACT Health’s objectives are operating in an efficient, effective, economical and ethical manner;

 assist management in improving ACT Health’s business performance; and

 provide a value added service to management with the aim of strengthening and improving the risk management and control framework through the promulgation of best practice.

Scope of internal audit activity

Internal Audit activity encompasses the review of all financial and non-financial policies and operations. Internal audit reviews may cover any of the program and activity of ACT Health together with associated entities, such as Shared Services or Calvary Public Hospital, as provided for in relevant business agreements, memoranda of understanding or contracts.

Independence

Independence is essential to the effectiveness of the internal audit function.

Internal Audit has no direct authority or responsibility for the activities it reviews. The internal audit function has no responsibility for developing or implementing procedures or systems and does not perform in-line management functions. The Manager, Internal Audit and Risk Management reports functionally to the Audit and Risk Management Committee and reports directly to the Director-General. The Manager, Internal Audit and Risk Management is accountable to the Director-General for the efficient and effective operation of the internal audit function.

The Manager, Internal Audit and Risk Management has direct access to the Director-General, and Chairperson and other members of the Audit and Risk Management Committee. Periodic meetings will be held between the Manager, Internal Audit and Risk Management and the Chairperson of the Audit and Risk Management Committee.

(3)

Authority and Confidentiality

All reviews are undertaken under the authority of the Director-General.

Subject to compliance with the ACT Health security policies, the Manager, Internal Audit and Risk Management and internal auditors are authorised to have full, free and unrestricted access to all functions, premises, assets, personnel, records, and other documentation and information that the Manager, Internal Audit and Risk Management considers necessary to enable internal audit to meet its responsibilities.

All records, documentation on and information accessed in the course of undertaking internal audit activities are to be used solely for the conduct of these activities. The Manager, Internal Audit and Risk Management, individual internal audit staff and external audit service providers are responsible and accountable for maintaining the confidentiality of the information they receive during the course of their work.

Inter-agency arrangements with other entities also provide for consultation and disclosure of audit matters affecting other entity programs and other circumstances.

Roles and Responsibilities

In the conduct of its activities the ACT Health Internal Audit and Risk Management Branch plays an active role in:

 developing and maintaining a culture of accountability, integrity and adherence to high ethical standards;

 facilitating the integration of risk management into day to day business activities and processes; and

 promoting a culture of cost consciousness and self-assessment. Internal audit and Risk Management Branch has a primary responsibility to advise on governance, risk management and control issues and is required to report inadequately addressed risks and non-effective control processes to management and/or the Audit and Risk Management Committee. Reporting will be escalated to a level consistent with the internal audit assessment of the risk.

Additional roles and responsibilities are included in ‘Internal Audit Policies and Procedures’

(4)

Internal audit activities will encompass the following areas:

Assurance Activities

Internal audit assurance activities include audits with the following orientation:

Compliance

 compliance with legislative requirements, Australian government and ACT Health policies and procedures;

 the adequacy and effectiveness of internal controls, including information technology system controls such as those in finance, operations, information technology systems and information security;

 the ethical conduct of the Directorate and its employees, contractors and agents;

 the recording, control and use of entity assets and

Performance Improvement

 the economy, efficiency, effectiveness, and ethical conduct of ACT Health ’s business systems and processes.

Advisory Services

Internal Audit and Risk Management Branch will advise the ACT Health ’s management on a range of matters as may be required including:

Management Initiated Audits

 assisting Divisions with delivery of management initiated audits (Audits sponsored by a Division on a specific topic).

New Programmes, Systems and Processes

 providing advice on the development of new programmes and processes and/or significant changes to existing programmes and processes including the design of appropriate controls.

Risk Management

 assisting management by providing technical risk management expertise to identify risks and develop risk mitigation and monitoring strategies as part of the risk management framework;

 facilitating Risk Management across the ACT Health ; and

 monitoring and reporting on the implementation of risk mitigation strategies.

Fraud Control

 assisting management to identify the risks of fraud and develop fraud prevention and monitoring strategies; and

 work with the ACT Health Senior Executive Responsible for Business Integrity and Risk (SERBIR) to coordinate the ACT Health Fraud Control Plan and investigations.

(5)

Audit Support Activities

In the conduct of its audit support activities, the Manager, Internal Audit and Risk Management is responsible for:

 assisting the Audit and Risk Management Committee to discharge its responsibilities;

 providing secretariat support to the Audit and Risk Management Committee;

 monitoring the implementation of agreed recommendations;

 disseminating across ACT Health the better practices and lessons learnt arising from the audit activities; and

 managing the audit function.

Non-Audit Activities

The Director-General may request the Internal Audit and Risk Management Branch complete reviews of selected topics.

Aligned with the ACT Health ’s Corporate Plan 2012-2017 the Internal Audit and Risk Management Branch is responsible for:

 Delivering internal audit and risk management services within the allocated budget Internal Audit and Risk Management will provide information relating to Ministerial queries as and when they occur.

Follow-up activities

The Internal Audit and Risk Management Branch will be responsible for appropriate follow- up of audit engagement findings and recommendations.

Standards

Internal audit activities are conducted in accordance with the ACT Government Framework on Internal Audit and ACT Health values, policies and procedures.

Audit activities are also conducted in accordance with relevant professional standards including:

 Standards for the Professional Practice of Internal Auditing issues by the Internal Auditors;

 Standards relevant to internal audit issued by the Australian Society of Certified Practicing Accountants, Chartered Accountants, Australia, New Zealand and the Risk Management Institution of Australasia;

 The Statement on Information Systems Auditing Standards issue by the Information Systems and Control Association; and

 Standards issued by Standards Australia and the International Standards

(6)

 comply with professional standards of conduct;

 possess the knowledge, skills, and technical proficiency essential to the performance of their duties;

 be skilled in dealing with people and communicating audit, risk management and related issues effectively;

 maintain their technical competence through a program of professional development; and

 exercise due professional care in performing internal audits.

Relationship with External Auditors

Internal Audit is an important element of the Directorate’s internal control systems and is subject to regular reviews by the ACT Auditor-General’s Office. Whilst internal and external audit roles are fundamentally different, activities should be co-ordinated to minimise duplication of effort.

Periodic meetings and contact between internal and external audit shall be held to discuss matters of mutual interest.

External audit will have full and free access to all internal audit plans, working papers and reports.

Strategic Internal Audit Program (SIAP) the Annual Audit Program

The Strategic and Annual Audit Program (SIAP) will be prepared in consultation with the Director- General, Executive Council, Executive Directors across ACT Health and the Audit and Risk Management Committee Members. The SIAP shall be based on the results of risk assessments.

Those functions, processes and activities most prone to significant failure or loss or where the potential for improvement will add greatest value to ACT Health ’s operations will be given priority attention.

The ACT Health Audit and Risk Management Committee and the Director-General approve the Strategic and Annual Audit Program.

Audit Process

The Audit Process is outlined in the ‘Internal Audit Policy and Procedure’ document.

Reporting to the Audit Committee

The Manager, Internal Audit and Risk Management will report to each meeting of the Audit and Risk Management Committee on:

 audits completed;

 risk management activities performed during the reporting period; and

(7)

 the status of the implementation of agreed internal and external audit, including relevant ACT Auditor-General performance audit recommendations.

Quality Assurance Program

To assist delivery of the internal audit program the following quality assurance elements will be implemented:

 the quality assurance program should provide assurance that audit work conforms to the Standards for the Professional Practice of Internal Auditing, the Internal Audit Charter and is both cost effective and efficient;

 Internal Audit and Risk Management staff will maintain ongoing professional development;

 The Manager, Internal Audit and Risk Management will prepare a report annually for the Audit and Risk Management Committee, which sets out performance against its annual work plan.

 surveys will be sent to the audit sponsors following the finalisation of audit reports to obtain feedback on performance of the auditors, assessed value of the audit and the quality of the report. This information is provided to the Audit and Risk Management Committee for consideration; and

 The Manager, Internal Audit and Risk Management will arrange for a periodic, independent review of the efficiency and effectiveness of the operations of the internal audit function, at least every five years.

Risk Management and Integrity Policy

In assessing risk, it will be ensured that the requirements of the Risk Management Standard AS/NZS ISO 31000:2009 are incorporated. The following other factors will be considered:

 matters raised by the Minister, the Director-General or Whole of Government Initiatives;

 materiality of moneys processed or assets held;

 public or social sensitivity;

 new programs or systems implemented;

 items significant in terms of departmental goals; and

 timing, findings and coverage of previous audits.

 ensure that all investigations undertaken by ACT Health comply with the Standard for the conduct of inquiries and investigation for ACT Directorates and integrity policy;

and

 commission reviews of procedures and practices considered inadequate to safeguard the integrity of ACT Health and to report to the Director-General on steps necessary to remedy the shortcomings.

(8)

Administrative Arrangements

The Director-General will approve any change to the position of the Manager, Internal Audit and Risk Management. The Audit and Risk Management Committee Chairperson, and the committee as appropriate, will be consulted as part of the process.

As part of the comprehensive quality assurance program, the Manager, Internal Audit and Risk Management will arrange for an independent review of the efficiency and effectiveness of the operations of the internal audit function at least every five years. The results of the quality assurance program and, in particular, of the external review, will be reported to the Audit and Risk Management Committee.

Review of the Charter

The Manager, Internal Audit & Risk Management will review the Internal Audit Charter at least every three years. The Director-General on the recommendation of the Audit and Risk Management Committee will formally approve any substantive changes to the Internal Audit Charter.

Date reviewed by the Audit and Risk Management Committee: September 2015

References

Download now ( DOCX - 8 Page - 124.55 KB )

Related documents

Internal Audit of the Sport Canada Hosting Program

This information should be aligned with Sport Canada’s Performance Management Framework (put in place in April 2009) which is based on the department’s new Program Activity

Educational leadership for international partnerships between New Zealand and east Asian Chinese higher education institutions

be identified as the author of the thesis, and due acknowledgement will be made to the author where appropriate.  You will obtain the author’s permission before publishing

Hull_OFOD9e_MultipleChoice_Questions_and_Answers_Ch12.doc

A calendar spread is created by buying an option with one maturity and selling an option with another maturity when the strike prices are the same and the option types (calls or

Car Dealership Information System

Private Sub Command5_Click() Private Sub Command5_Click() Frame1.Visible = False Frame1.Visible = False Command5.Visible = False Command5.Visible = False Text1.Locked =

Media Training January 2014

• Don’t answer a question that wasn’t asked • Don’t be afraid to say “I don’t know”. • Don’t disclose proprietary or

DISsing the social GGRRAAACCEEESSS

Mercer (eds) Implementing the Social Model of Disability: Theory and Research , Leeds: The Disability Press, pp. (Available from

JOHNSON ELECTRIC HOLDINGS LIMITED (the Company ) and its subsidiaries (collectively the Group )

The AC considers the effectiveness of the Group’s enterprise risk management and internal control systems, the effectiveness of any internal audit function, the independent audit

Internal Audit Strategic and Annual Plans 2015/16

2.2 The outcomes of the internal audit service are detailed in the Internal Audit Charter and can be summarised as; delivering a risk based audit plan in a professional,