Internal auditing brings an objective, disciplined approach to evaluating and improving the way an organisation operates.

The Internal Audit function at UQ helps the University accomplish its goals by providing independent advice and assurance on the effectiveness of governance, management processes and internal controls at all levels of the organisation.

Each year, the Internal Audit team devises an Annual Audit Plan, based on UQ's risk areas and strategic needs. This plan determines which areas of the University will be audited in the next 12 months.

The following outlines what staff can expect from the Internal Audit assurance process:

Management is notified

Members of the University Senior Management Group are advised at the beginning of the year which areas have been selected to be audited.

A member of the Internal Audit team will contact management to agree on the timing of the audit, explain the process, and invite participation in the planning process.

Top of page

Preliminary planning

Internal Audit staff will meet with managers in order to understand the nature, size and structure of your work area, including what governs it, what policies may apply, and any associated risks. Other staff may be invited to participate in this discussion over one or several meetings.

With input from management, Internal Audit will develop an Engagement Terms of Reference. This sets out the expected timing of the audit, its scope and deliverables, and who will receive the final report.

Top of page

Fieldwork

Internal Audit will evaluate the existing processes and controls within your area, and test to assess the degree to which they are operating effectively. They will also determine whether the procedures in place are efficient, and compliant with relevant standards and policies.

Top of page

Consultation

Internal Audit will discuss with the relevant staff any areas that have been identified for improvement. They will also confirm the accuracy of the gathered information. Should staff have any concerns, they are encouraged to raise them during the audit process.

Any remedial action required will be addressed during this consultative process.

Top of page

Reporting

The audit lead will draft a report for review by the Associate Director, Internal Audit, before discussing it with the head of the organisational unit or process owner. The report will include:

  • a description of the audit approach and scope
  • conclusions on the issues identified
  • an overall rating
  • Internal Audit recommendations
  • responses by management, including agreed actions and their due dates.

There should be no surprises in the final report, as the issues addressed will have already been discussed with management.

All reports issued by Internal Audit are addressed to the organisational unit head, process owner or project sponsor. The report will also be copied to an approved distribution list, including members of the University Senior Management Group as appropriate. Generally, staff will not be named in the audit report.

Any significant issues identified in audit reports are reported to the Vice-Chancellor’s Risk and Compliance Committee and the Senate Risk and Audit Committee, without identifying individual staff members.

Please note that, although fraud detection is not a specific audit objective, some Internal Audit procedures may uncover fraud-related issues. If any fraud or misconduct is found during the audit process, management will be notified, however staff will not be named in the audit report. Any disciplinary or corrective action will be undertaken by management and not Internal Audit.

Top of page

Quality review

Each audit will be reviewed by the Associate Director, Internal Audit, who ensures that conclusions are supported by appropriate evidence and that the report is fair and balanced.

Top of page

Action tracking and closure of audit findings

Once a final audit report has been issued, Internal Audit will enter the findings into their automated action tracking system. As agreed actions reach their due dates, action owners will be notified, and will need to provide feedback on their progress.

Once all actions have been resolved, the audit findings will be formally closed. Any long outstanding actions will be reported to management, the Vice-Chancellor's Risk and Compliance Committee and the Senate Risk and Audit Committee.

Top of page

Customer satisfaction

Internal Audit aims to provide UQ with a high quality service. Following each audit they will request feedback from local management regarding their experience of the audit process.

Top of page