Purpose
This procedure applies to the operations and activities of the organisation and its controlled entities. The scope of the compliance manager ‘s assurance, oversight and advisory responsibilities are outlined in the Internal Audit Charter.
Scope
Internal performance self-assessment every two years, external performance assessment every three years.
This procedure and the Internal Audit Charter outline the role, purpose, operations and reporting obligations of the organisation of the company’s compliance manager .
Procedure and Internal Audit Charter
- Our company maintains an efficient and effective internal audit function as required by the Work Health and Safety Act 2011 and Work Health and Safety Regulations 2011.
- The compliance manager within our company provides the internal audit function in accordance with the Internal Audit Charter.
- The compliance manager has authority from the Chief Executive Officer to obtain full, free and unrestricted access to all functions, premises, assets, personnel, records, systems, information and documentation deemed necessary to enable the unit to meet and discharge its responsibilities as outlined in the Internal Audit Charter.
Objective
Internal audit is an independent, objective assurance and consulting activity that seeks to add value and improve our company‘s operations. The activity assists our company in accomplishing its objectives, by bringing a systematic and disciplined approach to evaluate and improve the effectiveness of risk management, internal control, financial reporting and governance processes.
The internal audit activity provides assurance to our company, executive management, Management Review Committee that key organisational risks are understood and managed appropriately. It also serves as an in-house advisory service providing management with guidance, advice and support in relation to governance, risk and control matters
Roles and Responsibilities
The company’s auditor’s primary responsibility is to provide independent and objective advice, assessment and recommendations to management, in relation to governance, risk management, financial reporting and internal control matters.
In the conduct of their activities, internal audit will play an active role in:
Developing and maintaining a culture of accountability, integrity and adherence to efficient and effective business practices and high ethical standards;
Developing and facilitating continuous improvement of our company’s internal control framework;
Facilitating the integration of risk management into day-to-day business activities and processes; and
Promoting a culture of control cost-consciousness and self-assessment by management.
Assurance Engagements
Internal audit will undertake assurance engagements with the following risk focus:
- Strategic risk
- Emerging risk
- Financial risk
- Operational risk
- Compliance risk
- ICT risk
- Fraud risk
- Project risk
- Financial reporting risk
Advisory Services
Internal audit also provides specialist advice, guidance and consultation services to Management on a range of matters including:
- Data analysis.
- Risk and control insights and better practices.
- Participating in Program / Project Steering Committees as a specialist advisor
- Management requests for assistance.
- Participating in organisational Working Groups and Governance forums.
- Policy establishment and/or review advice.
- Internal control design and cost-effectiveness.
Audit Support Activities
Our company‘s auditor is also responsible for a number of support activities including:
- Monitoring the implementation of internal and external audit recommendations.
- Disseminating better practice guidance and lessons learnt arising from internal and external audit activities.
- Managing the audit function.
Review of Audit Charter
This Charter will be reviewed at least annually and endorsed by the Chief Executive Officer. Any substantive changes will be formally approved by the Chief Executive Officer on the recommendation of the auditor .
Audit Planning
Internal Audit adopts a risk based approach as mandated by the Institute of Internal Auditor’s International Standards for the Professional Practice of Internal Auditing (Standards), and ensures that the priorities of the internal audit activity are consistent with our company‘s goals and objectives.
The Annual Internal Audit Plan is developed based on our company‘s audit-risk universe using a risk-based methodology, including input and collaboration with Senior Management, Management Review Committee and external audit.
The Quality Assurance Manager will review and adjust the plan, as necessary, in response to changes in our company‘s risks, operations, programs, systems and controls.
Any significant deviation from the approved annual plan will be communicated to the Operations Manager through periodic activity and progress reports.
The Annual Internal Audit Plan will be presented and submitted to the CEO for its consideration and endorsement, in accordance with a timetable nominated by the Quality Assurance Manager. A three-year strategic audit outlook will also be developed and considered as part of the organisation’s inclusive endorsement of the annual program of work.
The Operations Manager will communicate the impact of resource limitations and any significant changes in the risk-profile, three-year strategic audit outlook and annual plan.
Standards and Best Practice Tools
Internal Audit activities will be conducted in a manner consistent with the principles of the following professional standards and guidance.
- The Institute of Internal Auditors ‘International Professional Practices Framework (IPPF).
- The Information Systems Audit and Control Association.
- Auditing and Assurance Standards Board.
- Certified Practising Accountant (CPA) Australia.
- Internal Audit activities will also be conducted in accordance with our company‘s policies, procedures and values.
In the conduct of internal audit work, internal audit personnel will comply with relevant professional standards of conduct and exercise due professional care in performing their duties.
Reporting
Internal Audit will keep the Chief Executive Officer and the Quality Assurance Manager informed and up to date on the state of the organisation in regard to risk, control, governance, and the coordination and effectiveness of monitoring activities.
The Auditor will provide a progress report annually covering the progress of the organisation’s audit risk mitigation strategies , including:
- Audit reports issued.
- Progress in completing the annual audit plan
- The status of management implementation of internal and external audit recommendations
- Major advisory activities are undertaken with management
Quality Assurance and Improvement
The Operations Manager is responsible for ensuring appropriate quality assurance and improvement processes are in place for the activities of the auditor.
An annual self-assessment checklist will be completed by the Operations Manager for discussion with the Auditor to facilitate continuous improvement of the internal audit function.
An independent review of the Auditor will be undertaken at least every three years in accordance with the Institute of Internal Auditor’s Standards. The results of this review will be reported to the Chief Executive Officer.
Documentation
- Internal Audit Checklist
- Company Quality Manual