View Current

Internal Audit Charter

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Establishment

(1) This charter establishes the purpose, scope, authorities and responsibilities, organisational relationships and independence conferred by the University of Newcastle’s Council on Assurance Services with respect to carrying out internal audit duties.

(2) An effective internal audit service is required by Section 11 of the Public Finance and Audit Act 1983 and supported by Section 17(A) of the University of Newcastle Act 1989 No 68.

(3) The Internal Audit function, within the context of the University’s operations, comprises those resources directly associated with the provision of internal audit services, whether they be resources internal or external to the University.

(4) The role of Internal Audit, the Core Principles for the Professional Practice of Internal Auditing, the application of the Internal Audit Code of Ethics and the Internal Audit Standards are discussed regularly between the Director, Assurance Services, the Vice-Chancellor and the Risk Committee.

Top of Page

Section 2 - Purpose 

(5) Internal Audit is an important aspect of the University’s governance framework as it provides independent and objective assurance to the Council and management. It is based on a systematic and disciplined approach to the evaluation of the adequacy and effectiveness of governance, risk, financial and operational controls throughout the organisation.

(6) Internal Audit assists the University in achieving its objectives by adding value and identifying areas for improvement with the aim being to promote efficiency, economy and effectiveness of management processes as well as reliability and accuracy of operations.

(7) Internal Audit also assists the Risk Committee to discharge its responsibilities related to compliance and accountability, internal controls and governance processes for the University and its controlled entities.

Top of Page

Section 3 - Independence 

(8) The Internal Audit function has independent status within the University to ensure its effectiveness. To achieve this, Internal Audit is:-

  1. functionally responsible to the Council via the Risk Committee;
  2. administratively responsible to the Vice-Chancellor;
  3. independent of any other organisational unit, employee or official of the University.

(9) The Director, Assurance Services and Senior Internal Auditor have unrestricted access to the Chair of the Risk Committee and/or the Vice-Chancellor to raise any concerns about audit matters or other significant risks that in their opinion are not being adequately dealt with by the University.

(10) All Internal Audit activities must be free of influence from any element in the organisation, including matters related to audit selection, scope, procedures, frequency, timing, or report content.

(11) Internal Audit is independent of the activities that it audits to ensure unbiased judgements, proper conduct and impartial advice to management and the Council. Internal Audit must not have any direct operational responsibility or authority over any of the activities reviewed and must not assume responsibilities for the implementation of risk mitigates or controls.

(12) Where the Director, Assurance Services is responsible for a non-audit activity, safeguards are implemented to maintain independence. The Director, Assurance Services does not perform audit activities as part of managing or performing non-audit activities. Reviews of non-audit activities are managed and performed independently of the Director, Assurance Services and reported directly to the Risk Committee.

(13) Potential impairments to independence or objectivity relating to other management reviews must be disclosed to the key stakeholders of the engagement prior to acceptance of the engagement.

(14) To further preserve independence, staff working within Internal Audit will not usually undertake secondary employment within UON unless approved by the Risk Committee on the recommendation of the Director, Assurance Services.

Top of Page

Section 4 - Authority

(15) Under the authority of the Council:

  1. Internal Audit will undertake audits in accordance with plans approved by the Risk Committee on behalf of Council.
  2. Internal Audit may undertake further audits and reviews as the Council, Council Committee, Vice-Chancellor, or members of the Executive Committee may request from time to time.
  3. Internal Audit may also conduct the preliminary fact finding activities required to assess any concerns of possible fraud or corruption that come to its attention. Resulting enquiries and investigation must be discussed and approved with the relevant senior authority. This will be a Member of the Council where the Vice-Chancellor has a conflict of interest.
  4. For the duration of the audit and in carrying out its duties and responsibilities, Internal Audit is entitled to full, free and unrestricted access to all of the University’s activities, records, property, personnel and any other information which the Director, Assurance Services considers necessary to properly fulfil its functions as specified in the Internal Audit Plan, scope of individual audits or other special tasks or investigations.
  5. University staff (including those employed by a University controlled entity) are required to fully cooperate with Internal Audit activities and to facilitate the progress of audit work by providing input and assistance in an appropriate manner.
  6. The Director, Assurance Services, in undertaking the Internal Audit Plan or other tasks as directed under b or c  is authorised to allocate resources, set frequencies, select subjects, determine scopes of work, apply techniques required to accomplish audit objectives and approve the final audit report in consultation with key stakeholders in the individual audit.
  7. Subject to the availability of approved budget, the Director, Assurance Services is authorised to engage an external service provider to conduct the audit, specific task or investigation, or if additional resources are required. The Director, Assurance Services will decline the consulting engagement if Internal Audit has a conflict of interest which cannot be effectively managed, are unable to obtain or lack the requisite knowledge, skills, or other competencies needed to perform all or part of the engagement.
  8. The existence of Internal Audit does not reduce the financial and operational responsibilities of management for the proper execution and control of activities, including responsibilities for the periodic conduct of system appraisals, internal controls and risk management.
Top of Page

Section 5 - Confidentiality

(16) All records, documentation and information accessed in the course of Internal Audit activities are to be used solely for the conduct of these activities. All Internal Audit staff are responsible and accountable for maintaining the confidentiality of information they receive in the course of their work.

(17) Internal Audit reports are deemed to be confidential reports of the Council and will be provided to the University’s appointed external auditors and/or any other government agency in accordance with legislative requirements. Access to Internal Audit records will be managed by the Vice-Chancellor or the Director, Assurance Services after consideration and approval from relevant senior management.

Top of Page

Section 6 - Scope of Responsibilities 

(18) Internal Audit shall, in the performance of its function, consider the following:

  1. compliance, with internal and external legislation and instruments;
  2. the adequacy, reliability, integrity and effectiveness of the financial and operational controls, including IT system controls ;
  3. whether the information technology governance supports the University’s strategies and objectives;
  4. the recording, control and use of the University’s assets;
  5. the efficiency, effectiveness, design, implementation and ethical conduct of the University’s systems and processes with an aim to contribute to the improvement in internal controls and risk management processes; and
  6. the extent to which public and other property, money and resources under the control of the University are accounted for, used and safeguarded from loss, including misuse.

(19) Internal Audit shall, where appropriate and requested, provide advice to management, including on new projects and programs, with particular emphasis on the matters identified in clause 18.

(20) Internal Audit activities may also cover any controlled entities of the University.

(21) By request from the Council or the Vice-Chancellor, Internal Audit may be asked to engage with associated/related bodies that are part of, attached to or otherwise partially controlled by the University.

(22) Should consulting opportunities arise during an internal audit engagement, a specific written understanding as to the objectives, scope, respective responsibilities, and other expectations should be reached between the parties with the results of the consulting engagement communicated to stakeholders.

(23) Internal Audit activities does not, in any instance, extend to:-

  1. exercising executive or managerial authority functions except those related to the Internal Audit function;
  2. performing any operational duties for the University or its controlled entities;
  3. initiating or approving accounting transactions outside the Internal Audit area; or
  4. involvement in any day-to-day operations or internal control functions of the University except those related to the Internal Audit function.
Top of Page

Section 7 - Planning 

(24) Following consultation with the Vice-Chancellor, members of the Executive Committee and other relevant parties an Internal Audit Plan will be prepared annually by the Director, Assurance Services for approval of the Risk Committee on behalf of Council.

(25) Amendments to the approved Internal Audit Plan shall be submitted to the Risk Committee for consideration and approval on the recommendation of the Director, Assurance Services.

Top of Page

Section 8 - Professional Standards and Quality Assurance

(26) Internal Audit will conduct activities consistent with this Charter and the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors (IIA), noting that:

  1. external audit activities remain the prerogative of the NSW Audit Office, or their agents;
  2. Internal Audit activities do not extend to the coordination of external audit on behalf of the NSW Audit Office although Internal Audit will consult with the University’s external auditors to reduce duplication of audit activity; 
  3. where applicable, Internal Audit will have regard for the standards and practice statements and professional code of ethics issued by Australian and International accounting and auditing organisations, including the Institute of Internal Auditors and the Accounting Professional and Ethical Standards Board.

(27) The Director, Assurance Services will arrange an independent review of the efficiency and effectiveness of the operations of the Internal Audit function as part of a quality assurance program at least every three years.

Top of Page

Section 9 - Reporting 

(28) The Director, Assurance Services will provide the results of internal audits and quality assurance reviews to the Vice-Chancellor and as a general rule, to the Executive Committee and the relevant members of University management.

(29) The Director, Assurance Services will report to the Risk Committee on:

  1. audits completed;
  2. progress in implementing the Internal Audit Plan including any issues impacting on the approved plan;
  3. progress in implementing agreed audit recommendations including any issues impacting on implementation;
  4. matters arising from previous meetings; and
  5. any other information requested by the Risk Committee.

(30) The Director, Assurance Services will communicate to the Vice-Chancellor and the Risk Committee any instances where management assumes a level of risk that may be outside the risk appetite and is unacceptable to the University.

(31) Annually the Director, Assurance Services will provide to the Risk Committee an attestation to support the independence of the internal audit services provided and an attestation to support compliance with the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors.

Top of Page

Section 10 - Audit Recommendations and Actions 

(32) The Director, Assurance Services is responsible for working with relevant management to ensure that a system is in place which supports the implementation of agreed audit recommendations and actions within required time-frames.

(33) It is the responsibility of management to ensure the agreed audit recommendations are actioned within the required time-frame.

Top of Page

Section 11 - Review of Charter

(34) The Director, Assurance Services is responsible for review of this Charter every two years.

(35) Amendments to this Charter require the approval of the Council on the recommendation of the Risk Committee.