Associate Director, Risk
“Internal audit provides independent assurance that key operational processes and associated risks are being appropriately identified and managed, and that University's systems and processes accord with and support the pursuit of the University's strategic plan”.
Internal Audit (IA) is a function of risk management. There are 4 categories of internal control objectives:
- Strategic high level goals that support the University’s objectives
- Financial reporting (internal controls)
- Operations (operational controls and policy) and
- Compliance with laws and regulations
Internal audits are designed to provide assurance and confirm compliance to the University Council and its Standing Committees and are separate from those conducted annually by the State Auditor General’s Office.
The University has a four-year rolling Internal Audit program. The program identifies the projects and/or compliance reviews to be conducted for any one year. The audit reports generally include recommendations or opportunities for improvement that are referred to University management for action.
The University’s IA services are out-sourced providing independence and impartiality. PwC are the contracted providers – they conduct the IA reviews in conjunction with senior managers from within the University community. University personnel may be required to contribute to, and participate in the projects or reviews: Kim Cheater (Partner), Marcus Catchpole (Director) or Derick Brumley (Consulting Manager) may contact you.
The IA services are supported internally by General Counsel and Associate Director Risk Services, within the Legal and Risk Branch.
An Information Sheet about the University's Internal Audit Program is provided here. It is designed to help inform you about what to expect when participating in an internal audit.
What we do - we will
- Send you an email to give you a heads-up if your area, or a function within it, is scheduled for an audit
- Assist in communicating to PwC any difficulty you may have meeting a scheduled or agreed timeframe
- Record the risks, along with any recommendations and opportunities identified in the audit report, in the University Risk Register
- Facilitate the quarterly status updates on the implementation of agreed actions – using the risk treatment plan as the status update report
- Respond to any queries or concerns you have about the IA