How the Office of Internal Audit Operates

INTERNAL AUDITING

What is Internal Auditing?

Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve the University's operations. Internal Audit assists Murdoch to accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control and governance processes. At Murdoch University, the Office of Internal Audit is responsible for the internal audit function.

The scope of internal auditing includes a wide range of activities ranging from the maintenance of accounting records, through compliance with policy, to the evaluation of functional and process efficiency and effectiveness. Common misconceptions about internal auditing are that:

  • its appraisals are confined to accounting functions;
  • it is responsible for fraud detection; and
  • it is reactive and bayonets the wounded after the battle has been fought.

The Office of Internal Audit seeks to dispel these notions by:

  • appraising a wide range of areas outside of financial functions;
  • providing advice to the university community on fraud and signs of potential fraud; and
  • providing assistance and advice to the university community on a wide variety of management related issues.

The Requirement for an Internal Audit Function

Murdoch University is required to comply with the Financial Administration and Audit Act (WA) 1985. A requirement of this Act is that the accountable authority (in our case the Senate) must have an effective internal audit function. Apart from this requirement, the community has increasing corporate governance expectations. One of these expectations is that boards (Senate) receive on going - and independent - assessments on the effectiveness and efficiency of controls put in place to ensure that the organisation meets its objectives.

Internal Audit Exists to Help You

We can help your systems, processes and functions to operate more efficiently and effectively. Delivery of this help is by the providing unbiased and objective advice. Directors, Senior Executive Advisory Committee members and staff are most welcome to indicate topics that they would like us to look at as part of our scheduled audits.

Our most effective help is delivered by our involvement in major changes. We can help ensure that procedures necessary for a system, process or function to achieve its goals are built in from the start. This prevents costly rework at a later stage.

The provision of ad hoc advice on procedural issues, interpretation and proposals is another service that the Office of Internal Audit can offer you. We exist to serve the university community in this regard.

Contacting the Office of Internal Audit

All staff in the Office of Internal Audit have voice-mail and e-mail.

The Office of Internal Audit is located on the fourth level in the Chancellery Building.

Internal Audit Reporting Arrangements

The Office of Internal Audit is functionally accountable to the Deputy Vice- Chancellor. Our reports are sent to the Vice-Chancellor and the Senate Audit Committee. These reports include management's response to observations made in the report. There should be no surprises arising from the report's contents as the issues should be resolved by this point. This includes agreeing to disagree.

The Audit Process

Annually, the Office of Internal Audit develops a Strategic Review Plan  for all auditable areas in the university. Development of this plan occurs in consultation with the Vice-Chancellor and members of the Senior Executive Advisory Committee. The basis of the Strategic Review Plan is a risk assessment of all auditable areas in terms of; materiality (or significance of the function), senior management concerns, impact on the university, the period since the last review and perceived management control. The Strategic Review Plan details all audits over a 3 - 5 year period and is approved by the Senate Audit Committee.

The first year of the Strategic Review Plan is the Annual Review Plan. The Annual Review Plan is a list of audits scheduled for performance in the forthcoming year. This plan also details our broad audit objectives and the approximate time we expect to complete the audit. It does not indicate the time of audit as the relevant managers may request a variation to it.

When we conduct an audit we further refine our objectives and scope (audit boundaries). To do this the assigned auditor does the necessary research to gain an understanding of the area subject to audit. On this basis we develop an audit plan that includes our scope and objectives. This information is communicated to the section head and the Senior Executive Advisory Committee member, by way of an entrance conference, to explain what we are doing. Importantly this is the opportunity for these parties to add topics to the audit and understand what we are seeking to do.

After the entrance conference, the auditor; gains a further understanding of the function or system under review, evaluates the controls in place to ensure its effectiveness, and performs test to assess efficiency and effectiveness. Our test results enable the auditor to develop conclusions and recommendations for improvement where appropriate. The results of these processes are documented and reviewed by the Director prior to reporting.

Draft reports, containing our recommendations, are discussed with relevant staff and heads and members of Senior Executive Advisory Committee for validity and practicability prior to their finalisation. These discussions occur in exit conferences where the deadlines and priorities are also agreed. The Senior Executive Advisory Committee member will receive a final copy of the report containing their responses before the report is given to the Vice-Chancellor and the Deputy Vice-Chancellor for consideration.

Following the Vice-Chancellor's consideration, copies of the audit report are distributed to all Executive Deans, SEAC members, the President of Academic Council and members of the Senate Audit Committee.

All audit recommendations are listed for subsequent follow up to ensure managerial action. Follow up actions are reported to the Senate Audit Committee who consider the appropriateness or otherwise of actions taken.

Internal Auditing in Respect of Mistakes and Errors

Internal audit processes do not pick up all errors and mistakes. To do so we would have don the green eyeshade and do a 100% check of all transactions. This is not “modern” internal auditing. As such we do not perform checking functions. It is management's responsibility to incorporate checks and balances in processes and procedures.

Our audit consists of an evaluation of procedure and the identification of controls. We then assess controls for their effectiveness. If we are satisfied that controls are effective, we limit our testing. If errors are found during testing, we assess whether or not there is a problem with the procedure. This could lead to a recommendation for improvement. If controls are absent, our first action is determine their existence elsewhere in the process or function. These are called compensating controls. The absence of controls or compensating controls will lead to a recommendation for improvement if this absence has significant impact on the area under review.

Who Audits the Office of Internal Audit?

Murdoch University is subject to audit by the Office of the Auditor General (or their agents) under the provisions of the Murdoch University Act (WA) 1973 and the Financial Administration and Audit Act (WA) 1985. Our external auditors review the effectiveness of the internal audit function. They assess our work to determine whether or not they can place reliance on our work and reduce their work.

In addition, our clients "audit" us by way of a client survey that is issued at the end of each audit. This allows us to receive feedback and in turn improve our services to you.