JCU - Audit and Assurance

Internal_Auditing_at_James_Cook_University

Audit and Assurance Unit

Internal Auditing

at James Cook University

What is Internal Auditing?

Internal audit is an independent assurance function established within an organisation to add value and improve the organisation operations.

Internal auditing can help an organisation accomplish its goals by systematically evaluating and improving the effectiveness of risk management, internal controls and governance processes.

A common misconception is that accounting systems and financial transactions are the only areas reviewed by internal audit. On the contrary, Internal Audit can be utilised by management to review all organisational activities.

The organisation can also benefit from Internal Audit through its involvement in operational matters as they arise, meaning internal audit can be proactive rather than reactive.

Why do we have Internal Audit at JCU?

An effective Internal Audit function is widely viewed as essential component of a strong corporate governance framework in any successful organisation.

In addition, the University is subject to the requirements of the Queensland Financial Administration and Audit Act 1977. This Act requires the University to maintain an adequate internal audit functions and duties conferred or imposed on it under the Act.

As such, Audit and Assurance Unit is able to assist the University to achieve its goal and objectives, and to meet its accountability requirements.

How does Internal Audit work at JCU?

Audit and Assurance Unit’s audit reviews are scheduled into an Annual Work Program which is approved by the Audit and Compliance Committee of the University Council. A copy of our current work program is located on our web site:

http://www.jcu.edu.au/office/intaudit/annualworkplan.html

Notification of the proposed review is given in advance to appropriate management so that relevant personnel can make any necessary preparations.

The objectives and scope of the review are normally discussed prior to the commencement of any work so that everyone clearly understands the work being undertaken.

Audit work is then carried out by staff of the Audit and Assurance Unit in accordance with a program of audit tests designed to minimise staff interruption yet assess the effectiveness and efficiency of the area under review.

Comments and responses on reportable audit findings will be sought from relevant staff as and when the matters arise in the course of the audit.

A draft report is then prepared and discussed with appropriate management prior to its finalisation and issue. In respect of each audit finding there will be a recommended action by Audit and Assurance together with an agreed action by management.

At the completion of each audit, an Audit and Assurance Report will be issued. This report contains only significant audit findings as determined by the Manager, Audit and Assurance Unit in accordance with a risk assessment of the potential consequences of any deficiencies identified by the audit.

Audit and Assurance Reports are issued to the Vice-Chancellor and the Audit and Compliance Committee.

A Control and Efficiency Report may also be issued. This report is issued only to appropriate management and lists those audit findings which are not deemed to be significant, but which still require management attention.

All audit findings are subject to regular follow-up by Audit and Assurance to ensure the audit findings have been satisfactorily resolved. All significant audit findings which have not been finalised are monitored by the Audit and Compliance Committee.

A flowchart outlining the audit process is located on our web site:

http://www.jcu.edu.au/office/intaudit/auditprocess.html.

Will an Audit pick up every error?

No! To detect every error Audit and Assurance would have to check 100% of all transactions and there is insufficient time and resources to do this. The costs involved would outweigh any gains in improving audit findings and recommendations.

Testing of transactions by Audit and Assurance is performed on a sample of items only. This sample is selected by Audit and Assurance using a structured approach.

Who does Audit and Assurance report to?

The Audit and Assurance Unit is directly responsible to the Vice-Chancellor and reports quarterly to the Audit and Compliance Committee.

We are independent of the Corporate and Commercial Division and all University management.

Who audits Audit and Assurance?

James Cook University is subject to annual external audit by the Auditor-General of Queensland under the provisions of the Financial Administration and Audit Act 1977.

The effectiveness of the University’s audit and assurance function is assessed by the external auditors as part of this process.

In addition, Audit and Assurance is subject to external review every three years through professional internal auditing standards issued by the Institute of Internal Auditors.

This review covers compliance with the professional internal auditing standards and quality assurance processes.

How can Audit and Assurance help you?

Audit and Assurance is able to review systems throughout the University to provide advice on how to ensure these systems function efficiently and effectively.

Audit and Assurance can also assist by providing advice on areas about to undergo significant change, to ensure that the necessary controls are built-in from the start.

In addition, Audit and Assurance can review transactions or events to provide advice on whether a proper process has occurred.

If there is anything you wish to have evaluated to gain comfort, or if you have any uncertainty, please contact the Manager, Audit and Assurance Unit at any time for advice.

How can you help Audit and Assurance?

Each year around May, Audit and Assurance plans activities for the next audit year (which runs from June to May). During this planning phase, advice is sought from University staff on areas of risk within the University which could be subject to audit.

All responses are then assessed using a risk methodology, and very high and high risk areas are included in the audit plan for the audit year. Some lower risk areas can also be included, dependent upon availability of resources.

In addition,l Audit and Assurance endeavours to ensure it provides a relevant, value-added service to the University.

As such, at the end of each audit we forward a Client Evaluation Survey to the area to obtain valuable feedback to improve our provision of audit services.

Anybody who has been subject to audit is invited to complete the survey. The survey form is located on our web site:

http://www.jcu.edu.au/office/intaudit/Survey.html.

Services provided by Audit and Assurance

Currently, Audit and Assurance provides the following services:

§ Grant Acquittal Statement Audits

§ Compliance Audits

§ Review of, and Provision of Advice on, Systems, Policies and Procedures introduced or amended by University Management

§ Fraud Investigations

§ Referral point for matters involving the Crime & Misconduct Commission; that is, staff misconduct issues

§ Efficiency Audits

§ Probity Audits

Confidentiality

All information provided to or handled by the Audit and Assurance Unit is treated with the utmost confidentiality.

Audit and Assurance staff have authorised access to all records, information and personnel as is considered reasonable and appropriate in the conduct of their work.

Information provided to the Audit and Assurance Unit can become a protected disclosure for the purposes of protection under the Whistleblowers Protection Act 1994 (Qld).

Audit and Assurance Personnel

The Audit and Assurance Unit comprises the following personnel:

Manager x 5489

Audit and Assurance Officer x 5401

Audit and Assurance Officer x 5182

Our Offices

We are located on the second floor of the Humanities II Building, Rooms 212 – 214.

Common Fax : 07 4781 4010

For more information, please visit our web site:

http://www.jcu.edu.au/office/intaudit/