View Current

Internal Audit Charter

This is the current version of this document. You can provide feedback on this policy to the enquiries contact - refer to the Status and Details on the document's navigation bar.

Section 1 - Establishment

(1) This charter establishes the purpose, scope, authorities and responsibilities, organisational relationships and independence conferred by the University of Newcastle’s (UON) Council on UON’s Assurance Services with respect to carrying out internal audit duties.

(2) An effective internal audit service is required by Section 11 of the Public Finance and Audit Act 1983 and supported by Section 17(A) of the University of Newcastle Act 1989 No 68.

(3) The Internal Audit function, within the context of UON operations, comprises those resources directly associated with the provision of internal audit services, whether they be resources internal or external to UON.

(4) The definition of Internal Audit, the application of the Internal Audit Code of Ethics and the Internal Audit Standards are discussed on a needs basis between the Director, Assurance Services, the Vice-Chancellor and the Risk Committee.

Top of Page

Section 2 - Purpose 

(5) Internal Audit is an important aspect of UON’s governance framework as it provides an independent and objective assurance service to the Council and management. It is based on a systematic and disciplined approach to the evaluation of the adequacy and effectiveness of governance, financial and operational controls throughout the organisation.

(6) Internal Audit assists UON in achieving its objectives by adding value and identifying areas for improvement with the aim being to promote efficiency, economy and effectiveness of management processes as well as reliability and accuracy of operations.

(7) Internal Audit also assists the Risk Committee to discharge its responsibilities related to compliance and accountability, internal controls and governance processes for UON and its controlled entities.

Top of Page

Section 3 - Independence 

(8) The Internal Audit function has independent status within UON to ensure its effectiveness. To achieve this, Internal Audit is:-

  1. functionally responsible to the Council via the Risk Committee;
  2. administratively responsible to the Vice-Chancellor;
  3. independent of any other organisational unit, employee or official of UON.

(9) The Director, Assurance Services and Senior Internal Auditor have unrestricted access to the Chair of the Risk Committee and/or the Vice-Chancellor to raise any concerns about audit matters or other significant risks that in their opinion are not being adequately dealt with by UON.

(10) All Internal Audit activities must be free of influence from any element in the organisation, including matters related to audit selection, scope, procedures, frequency, timing, or report content.

(11) Internal Audit is independent of the activities that it audits to ensure unbiased judgements, proper conduct and impartial advice to management and the Council. Internal Audit must not have any direct operational responsibility or authority over any of the activities reviewed and must not assume responsibilities for the implementation of risk mitigates or controls.

(12) Potential impairments to independence or objectivity relating to other management reviews must be disclosed to the key stakeholders of the engagement prior to acceptance of the engagement.

(13) To further preserve independence, staff working within Internal Audit will not usually undertake secondary employment within UON unless approved by the Risk Committee on the recommendation of the Director, Assurance Services.

Top of Page

Section 4 - Authority

(14) Under the authority of the Council:

  1. Internal Audit will undertake audits in accordance with plans approved by the Risk Committee on behalf of Council.
  2. Internal Audit may undertake further audits and reviews as the Council, Vice-Chancellor, members of the Executive Committee or the University Secretary may from time to time direct.
  3. Internal Audit may also conduct the preliminary fact finding activities required to assess any concerns of possible fraud or corruption that come to its attention. Resulting enquiries and investigation must be discussed and approved with the relevant senior authority (Vice-Chancellor or Member of the Council where the Vice-Chancellor has a conflict of interest).
  4. For the duration of the audit and in carrying out its duties and responsibilities, Internal Audit is entitled to full, free and unrestricted access to all of UON’s activities, records, property, personnel and any other information which the Director, Assurance Services considers necessary to properly fulfil its functions as specified in the Internal Audit Plan, scope of individual audits or other special tasks or investigations.
  5. UON staff (including those employed by a UON controlled entity) are required to fully cooperate with Internal Audit activities and to facilitate the progress of audit work by providing input and assistance in a timely manner.
  6. The Director, Assurance Services, in undertaking the Internal Audit Plan or other tasks as directed under b or c  is authorised to allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives and approve the final audit report in consultation with key stakeholders in the individual audit.
  7. Subject to the availability of approved budget, the Director, Assurance Services is authorised to engage an external service provider to conduct the audit, specific task or investigation, or if additional resources are required. The Director, Assurance Services will decline the consulting engagement if Internal Audit are unable to obtain or lack the knowledge, skills, or other competencies needed to perform all or part of the engagement.
  8. The existence of Internal Audit does not reduce the financial and operational responsibilities of management for the proper execution and control of activities, including responsibilities for the periodic conduct of system appraisals, internal controls and risk management.
Top of Page

Section 5 - Confidentiality

(15) All records, documentation and information accessed in the course of Internal Audit activities are to be used solely for the conduct of these activities. All Internal Audit staff are responsible and accountable for maintaining the confidentiality of information they receive in the course of their work.

(16) Internal Audit reports are deemed to be confidential reports of the Council and will be provided to UON’s appointed external auditors and/or any other government agency in accordance with legislative requirements. Access to Internal Audit records will be managed by the Vice-Chancellor or the Director, Assurance Services after consideration and approval from relevant senior management.

Top of Page

Section 6 - Scope of Responsibilities 

(17) Internal Audit shall, in the performance of its function, consider the following:

  1. compliance, with internal and external legislation and instruments;
  2. the adequacy, reliability, integrity and effectiveness of the financial and operational controls, including IT system controls ;
  3. whether the information technology governance supports UON’s strategies and objectives;
  4. the recording, control and use of UON’s assets;
  5. the efficiency, effectiveness, design, implementation and ethical conduct of UON’s systems and processes with an aim to contribute to the improvement in internal controls and risk management processes; and
  6. the extent to which public and other property, money and resources under the control of UON are accounted for, used and safeguarded from loss, including misuse.

(18) Internal Audit shall, where appropriate and requested, may provide advice to management, including on new projects and programs, with particular emphasis on the matters identified in clause 17.

(19) Internal Audit activities may also cover any controlled entities of UON.

(20) By request from the Council or the Vice-Chancellor, Internal Audit may be asked to engage with associated/related bodies that are part of, attached to or otherwise partially controlled by UON.

(21) Should consulting opportunities arise during an audit engagement, a specific written understanding as to the objectives, scope, respective responsibilities, and other expectations should be reached between the parties with the results of the consulting engagement communicated to stakeholders.

(22) Internal Audit activities does not, in any instance, extend to:-

  1. exercising executive or managerial authority functions except those related to the Internal Audit function;
  2. performing any operational duties for UON or its controlled entities;
  3. initiating or approving accounting transactions outside the Internal Audit area; or
  4. involvement in any day-to-day operations or internal control functions of UON.
Top of Page

Section 7 - Planning 

(23) Following consultation with the Vice-Chancellor and members of the Executive Committee, an Internal Audit Plan will be prepared annually by the Director, Assurance Services for approval of the Risk Committee on behalf of Council.

(24) Amendments to the approved Internal Audit Plan shall be submitted to the Risk Committee for consideration and approval on the recommendation of the Director, Assurance Services.

Top of Page

Section 8 - Professional Standards and Quality Assurance

(25) Internal Audit will conduct activities consistent with this Charter and the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors, noting that:

  1. external audit activities remain the prerogative of the NSW Audit Office, or their agents;
  2. Internal Audit activities do not extend to the coordination of external audit on behalf of the NSW Audit Office although Internal Audit will consult with UON’s external auditors to reduce duplication of audit activity; 
  3. where applicable, Internal Audit will have regard for the standards and practice statements and professional code of ethics issued by Australian and International accounting and auditing organisations.

(26) The Director, Assurance Services will arrange an independent review of the efficiency and effectiveness of the operations of the Internal Audit function as part of a quality assurance program at least every three years.

Top of Page

Section 9 - Reporting 

(27) The Director, Assurance Services will provide the results of internal audits and quality assurance reviews to the Vice-Chancellor and as a general rule, to the Executive Committee and the relevant members of UON management.

(28) The Director, Assurance Services will report to the Risk Committee on:

  1. audits completed;
  2. progress in implementing the Internal Audit Plan including any issues impacting on the approved plan;
  3. progress in implementing agreed audit recommendations including any issues impacting on implementation;
  4. matters arising from previous meetings; and
  5. any other information requested by the Committee.

(29) The Director, Assurance Services will communicate to the Vice-Chancellor and the Risk Committee any instances where management assumes a level of risk that may be outside the UON risk appetite and is unacceptable to UON.

(30) Annually the Director, Assurance Services will provide to the Risk Committee an attestation to support the independence of the internal audit services provided and an attestation to support compliance with the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors.

Top of Page

Section 10 - Audit Recommendations and Actions 

(31) The Director, Assurance Services is responsible for working with relevant management to ensure that a system is in place which supports the implementation of agreed audit recommendations and actions within required time-frames.

Top of Page

Section 11 - Review of Charter

(32) The Director, Assurance Services is responsible for review of this Charter at least annually.

(33) Amendments to this Charter require the approval of the Council on the recommendation of the Risk Committee.