Who is responsible for reviewing and monitoring responsiveness to the internal audit departments findings and recommendations?

The Audit and Review Committee has responsibilities under four key headings.

Table of Contents Show

Risk identification, management and internal controls
Financial reporting, including accounting policies
Internal and external audits
Relevance and accuracy of information going to the Senate
Effective corporate governance
Internal audit: a vital tool of the audit committee
Reviewing the work of internal audit

Risk identification, management and internal controls

The committee identifies the major risks on which it reports and seeks from management advice on the mechanisms already in place and whether any additional mechanisms are needed.

In relation to the internal control and risk management systems, the committee's responsibilities include:

ensuring the University maintains a current risk identification process and reporting mechanism
assessing the internal processes for managing key risk areas, including but not limited to–
- litigation and claims
- non-compliance with laws and regulations, including environmental, occupational health and safety, industrial relations laws
- business risks other than those dealt with by other Senate committees
addressing the adequacy of the control structure with management, internal committees associated with managing risk and the internal and external auditors
evaluating the process the University has in place for assessing and continuously improving internal controls, particularly those related to areas of significant risk
assessing whether management has controls in place for unusual types of events and/or any potential events that may carry more than an acceptable degree of risk
maintaining an overview of statements and opinions on procedures or practices expressed by such bodies at the Auditor-General, the Parliamentary Commissioner (Ombudsman), the Equal Opportunity Commissioner, Crime and Corruption Commissioner, Information Commissioner, WorkSafe and the Department of Environment Regulation, and advising the Senate accordingly
dealing with the major reviews initiated regularly by management and from time to time by external bodies where there are matters raised which warrant the committee's attention

Financial reporting, including accounting policies

The committee has a primary responsibility to ensure that the University's accounting policies and principles are in accordance with the financial reporting framework.The committee plays a major role in examining the accounting policies that are going to be applied throughout the year and will ultimately be applied in drawing up the year end financial statements.

In assessing changes to alternative accounting principles, the committee requests management to inform them–

whether the methods chosen by management are consistent with the Financial Administration and Audit Act, Treasurer's Instructions, Accounting Standards, Accounting Concepts and Urgent Issues Group (UIG) Consensus Views
of the accounting principles typically used in the tertiary sector
of management's motivation for the change
of the current and future financial statement impact
how the proposed changes are likely to be viewed by the external auditor and Government

The committee assesses significant estimates and judgements in the financial reports by enquiring of management about the process used by management in making material accounting estimates and then enquiring of the external auditor the basis for the auditor's conclusions regarding the reasonableness of those estimates.

The committee also has responsibility to receive and review the University's Annual Report, including the Financial Statements and Performance Indicators, and to recommend its adoption by the Senate. The Committee also receives other statutory annual reports from within the University.

Internal and external audits

The committee has a responsibility to consider carefully issues raised by the external and internal auditors as those issues may have implications on the University's control environment.

The following activities and practices are to be carried out by the committee:

Communicate expectations to both the internal and external auditors.
Monitor and assess the internal and external auditors' performance against expectations.
Support, yet question, the internal and external auditors.
Understand and assess any auditor scope limitations and/or management's response.
Hold regular meetings with the internal and external auditors.
Coordinate the interaction between the internal and external auditors.

The committee is authorised and directed to carry out the following specific duties and responsibilities:

Internal Audit

Review the annual internal audit plan, particularly concerning the overall control environment, irregularities and regulatory compliance, the scope of work and requirements for the Internal Auditors to carry out their audit functions.
Ensure that Internal Audit have sufficient resources to meet the requirements of the approved audit plan.
Ensure the operations of the internal audit function are being maintained in an efficient and effective manner.
Review any non-auditing services to be performed by Internal Audit and the impact these may have on the role of independence.
Review internal audit reports with particular concern for any weaknesses, qualifications of exceptions noted, and where required, management response to these.
Monitor and analyse critically management's responsiveness to internal audit's findings and recommendations.
Monitor progress of internal audit performance against the approved plan and budget.
Assess the extent of reliance placed by external audit on internal audit work.
In consultation with the Senior Deputy Vice-Chancellor, appoint and assess the performance of the Senior Internal Audit Officer.

External Audit

Liaise with the external auditors regarding the scope and general extent of their annual audit plan.
Review with the external auditors their findings and recommendations, including interim audit reports and management's responses and action to correct any noted deficiencies.
Advise the Senate of any issues of concern arising from the external auditors' findings and recommendations, and the extent to which audit recommendations have been or are to be implemented.
Review any other matters relevant to the audit of the University's accounts deemed necessary to ensure compliance with the applicable laws, regulations, standards and policies.

Relevance and accuracy of information going to the Senate

The committee has a responsibility to monitor the relevance and accuracy of information going to the Senate. This will be undertaken whenever requested by the Senate. Where changes seem appropriate, the committee will communicate these to management.

The audit committee must make effective use of the internal audit function in giving assurance on risk management, governance and internal control systems.

Effective corporate governance
Internal audit: a vital tool of the audit committee
Reviewing the work of internal audit

Effective corporate governance

The IIA International Standards define governance as “the combination of processes and structures implemented by the board in order to inform, direct, manage and monitor the activities of the organisation toward the achievement of its objectives”.

According to the Financial Reporting Council’s (FRC’s) UK Corporate Governance Code, the purpose of corporate governance is to facilitate effective, entrepreneurial and prudent management that can deliver the long-term success of the company. Strong corporate governance relies on robust processes for reporting, risk management and internal control. According to the Code, directors should monitor the company’s risk management and internal control systems and, at least annually, carry out a review of their effectiveness, and report on that review in the annual report.

Culture, values and ethics are increasingly important considerations in the governance of organisations. For the first time the 2014 edition of the Corporate Governance Code highlights a key role for the board in establishing culture, values and ethics, considering among other things the culture it wishes to embed, and whether this has been achieved. It is not sufficient for the board simply to set the desired values. The board also needs to ensure they are communicated by management, incentivising the desired behaviours and sanctioning inappropriate behaviour, and must assess whether the desired values and behaviours have become embedded at all levels.

In many organisations audit committees are charged with overseeing, on behalf of the board, the quality of all the above processes. Indeed the establishment of an audit committee is a requirement of the Corporate Governance Code for publicly listed companies on a comply-or-explain basis. In other organisations the board and its individual directors will retain some or all of the functions of committees of the board, such as the audit or risk committee.

Internal audit: a vital tool of the audit committee

The audit committee’s tasks include reviewing the company’s internal controls and, unless expressly addressed by a separate board risk committee composed of independent directors or by the board itself, reviewing the company’s governance and risk management systems. To do this, it utilises the skills and expertise of the internal audit function, agreeing the scope of its work, its priorities and resources.

It must also monitor and review the effectiveness of the organisation’s internal audit function. Where there is no internal audit function, the audit committee should consider annually whether there is a need for it and make a recommendation to the board, and the reasons for the absence of such a function should be explained in the relevant section of the annual report.

The audit committee reviews and approves internal audit’s remit, having regarded the complementary roles of the internal and external audit functions.

It ensures that internal audit is free to work independently and objectively, i.e. free from the influence of those being audited. It ensures that internal audit has the necessary resources and access to information to enable it to fulfil its mandate, and is equipped to perform in accordance with appropriate professional standards for internal auditors (IIA's Code of Ethics and the International Standards for the Professional Practice of Internal Auditing). The committee also approves the appointment or termination of appointment of the Head of Internal Audit, and its chair should play a direct role in decisions concerning the Head of Internal Audit’s appraisal and remuneration.

Reviewing the work of internal audit

In its review of the work of internal audit, the audit committee:

• Ensures that the Head of Internal Audit has direct access to the board chairman and to the audit committee, and is accountable to the audit committee;

• Ensures that internal audit is appropriately tasked and resourced, and has sufficient authority and standing to carry out its tasks effectively;

• Reviews and assesses the annual internal audit work plan;

• Receives a periodic report on the results of the internal auditors’ work;

• Reviews and monitors management’s responsiveness to the internal auditor’s findings and recommendations;

• Meets with the Head of Internal Audit at least once a year without the presence of management; and

• Monitors and assesses the quality and effectiveness of internal audit, and its role in the overall context of the company’s risk management system.

Next: Governance of risk - three lines of defence

Content reviewed: 21 September 2020