Internal Audit

What is an internal audit?

Internal audit is an independent, objective assurance and consulting activity designed to add value and improve an organisation’s operations. It helps ACU accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes.

Internal audit provides an objective review and advisory service to:

  • assist in achieving a strong interaction between risk management and internal audit and bring innovation to both, so that key risks are identified and assessed, developing the understanding of those risks throughout ACU, including your ability to ‘control’ them
  • becoming a partner on ACU’s journey, knowing what is important to the business, and standing next to business areas to help build institutional capability and capacity to drive strategic change in an uncertain environment
  • bring expertise, innovation and perspectives from beyond through internal audit, particularly in the area of the student experience and effective use of technology
  • provide assurance to the Vice-Chancellor and the Audit and Risk Committee that ACU’s financial and operational controls, designed to manage the organisation’s risks, are operating in an efficient, effective and ethical manner.

Internal audit at ACU

Internal audit at ACU currently operates under an outsourced service delivery model and includes both financial and non-financial risk-based audits. Reporting directly to the Chair, Audit and Risk Committee and Company Secretary, the focus of internal audits generally include, but are not limited to:

  • reviewing the efficiency and effectiveness of internal controls, governance systems and processes, including those relating to corporate, academic, students, learning and teaching, and research functions of the University
  • business continuity management and planning, critical incident management, disaster recovery and emergency response management systems, information technology and cyber-security risks, major projects, processes and practices
  • assessing the economy, efficiency and effectiveness with which the University’s resources are employed
  • ascertaining compliance with legislative requirements, regulations and University policies and procedures
  • recommending improvements in procedures and processes to enhance ACU’s Risk Management Framework.

The governance, objectives, responsibilities and deliverables of internal audit are described in the three documents:

  1. The Internal Audit Charter: [to be developed] developed in line with requirements of authorities including the Financial and Performance Management Standard 2009 (FPMS) and Standard 1000 of the Institute of Internal Auditors Professional Practices Framework (IPPF) which formally defines purpose, authority, and responsibility of an internal audit function.
  2. The Internal Audit Strategic Plan: [to be developed] outlines, in broad terms, the role of internal audit over the medium term, in the context of all the University’s assurance activities.
  3. The Internal Audit Annual Work Plan: [to be developed] outlines the internal audit activities, audit coverage prioritisation, annual work schedule, and the identified auditable areas to be covered within a three year cycle.