Internal Audit Charter

This charter sets out the purpose of the Internal Audit function and the authority and responsibilities conferred by The University of Melbourne Council on the Director, Internal Audit.

1. Role

Internal Audit is part of the University's Governance framework and is a service unit established to provide an independent appraisal and advisory function for senior management thereby assisting the University in achieving its mission. Its functions include examining, evaluating and monitoring the adequacy and effectiveness of internal controls established to regulate the activities and operations of the University.

The Internal Audit unit is to assist management at all levels in achieving objectives consistent with the Melbourne University Act and the University's strategic plan and to provide detailed assessments as to the efficiency, effectiveness, economy, compliance and financial regularity of the University's operations.

2. Organisational Scope

The field of activity of Internal Audit shall include all the activities and operations of:

• all academic and administrative departments, organisational and functional units and centres;
• all auxiliary operations; and
• all controlled entities.

3. Independence

The Audit and Risk Committee must determine the policy framework in which the Internal Auditor is to operate whilst the administrative responsibility for ensuring the performance of tasks is exercised by the Senior Vice-Principal. The Director, Internal Audit has independent status within the University and for that purpose:

• shall have access to the Vice-Chancellor or to The University of Melbourne Council via Audit and Risk Committee, if required;
• must meet privately at least twice yearly with the Chairperson of Audit and Risk Committee; and
• must have no executive or managerial powers, authorities, functions or duties except those relating to the management of the internal audit office.

4. Powers

The Director, Internal Audit and audit staff:

• have the right of access to all premises of the University and the right to inspect all correspondence, files, records, accounts and all other forms of information held by the University as are necessary for the performance of audit duties; and
• have the right to require all officers of the University to supply such information and explanations as are necessary for the performance of audit duties.

5. Responsibilities

Internal Audit must review the financial policies, procedures, records, accounts and plans of the University and appraise the effectiveness by which the University meets its objectives. This includes:

• reviewing systems and operations and appraising the adequacy of controls;
• recommending improvements to systems and procedures;
• advising on appropriate systems of control and other operational matters;
• appraising the extent of compliance with established policies, procedures and plans;
• assessing the accuracy of management information;
• maintaining a continuous review of the income and expenditure of the University and its associated organisations;
• being involved in the design, implementation and testing of planned controls when major changes are made to various administrative systems but shall not be responsible for the detailed implementation of such systems; and
• conducting ad hoc and confidential investigations as directed by the Vice-Chancellor and/or Senior Vice-Principal.

6. Professional Standards

All internal audit projects must be undertaken with due professional care. In line with standards of professional internal auditing practice the Director, Internal Audit shall ensure:

• that skills, competence, experience and qualifications are appropriate for the audits being performed;
• that all internal audit projects are properly supervised and where required, on the job training provided;
• compliance with all relevant standards and codes of ethics as laid down by the Institute of Internal Auditors and CPA Australia; and
• that all audit staff undertake continuing professional activities and maintain membership of pertinent professional bodies.

7. Audit Plan - Scope and Coverage

As an aid to managing the audit function a rolling three year strategic audit plan is prepared and presented to Audit and Risk Committee annually for comment and approval. In formulating the audit plan and annual work program, the Director, Internal Audit must consult with key audit customers including members of the University's Senior Executive and Heads of Budgetary Divisions.

The strategic audit plan must:

• be sufficiently comprehensive so as to identify all the auditable areas and activities of the University;
• take into consideration an assessment of risk associated with auditable areas and activities, the internal control environment, results of previous audit and materiality;
• be prepared having regard to achieving an appropriate balance between regularity and efficiency audits;
• provide a schedule of audits to be undertaken with the resources available during the period covered by the plan; and
• allow flexibility to accommodate special tasks and projects if requested by the Vice-Chancellor, Senior Vice-Principal or Audit and Risk Committee.

8. Performing Internal Audit Reviews

All internal audit projects undertaken must be in accordance with documented Audit Protocols. These set out the steps which Internal Audit agree to take to ensure that the audit process is mutually beneficial to both Internal Audit and the auditee. These Audit Protocols are amended from time to time in line with internal auditing best practice, changes to auditing standards and customer and Audit and Risk Committee requirements.

9. External Auditor

Where appropriate and within the context of established plans and to the extent that organisational and professional constraints allow, internal audit projects are undertaken with the view of maximising the efficiencies of the internal and external audit processes and minimising audit duplication.