Public Sector Internal Audit An investment in assurance and business improvement Better Practice Guide September 2007 ISBN No 642 809882 © Commonwealth of Australia 2007 COPYRIGHT INFORMATION This work is copyright Apart from any use as permitted under the Copyright Act 1968, no part may be reproduced by any process without prior written permission from the Commonwealth Requests and inquiries concerning reproduction and rights should be addressed to the Commonwealth Copyright Administration, Attorney-General’s Department, Robert Garran Offices, National Circuit, Canberra ACT 2600 http://www.ag.gov.au/cca Questions or comments on the Guide may be referred to the ANAO at the address below The Publications Manager Australian National Audit Office GPO Box 707 Canberra ACT 2601 Email: webmaster@anao.gov.au Website: http://www.anao.gov.au Foreword The responsibilities of internal audit vary considerably across public sector entities, as internal audit organisational arrangements and the way internal audit services are delivered This is to be expected, given the nature, size and complexity of the public sector It is our experience that better practice entities consider an appropriate level of investment in internal audit to be an essential business decision These entities recognise a well resourced and effective internal audit function can play a key role in its governance arrangements By providing assurance on the effectiveness of an entity’s internal control environment and identifying opportunities for performance improvement, internal audit can make a valuable contribution to achieving an entity’s objectives This Guide updates and replaces the Guide issued by the ANAO in 1998 While many of the principles remain the same, the role of internal audit has continued to evolve over time, and this Guide incorporates practices and considerations of a better practice internal audit function in a contemporary public sector environment Consistent with other elements of public sector administration, the roles and responsibilities of internal audit, together with the skills and qualifications of internal audit staff, should be determined within the context of each entity’s governance and risk profile The aim of the Guide is to provide guidance relevant to public sector entities operating under both the Financial Management and Accountability and the Commonwealth Authorities and Companies Acts As with all the ANAO’s Better Practice Guides, each entity is encouraged to use the Guide to identify, and apply, better practice principles and practices that are tailored to its particular circumstances The Guide complements the ANAO’s Better Practice Guide Public Sector Audit Committees issued in February 2005, and is intended as a reference document for Chief Executives, Boards, members of Audit Committees, managers with responsibility for internal audit activities, and internal audit staff Ian McPhee Auditor-General Foreword  Foreword .i Part 1 Introduction 1.1 Coverage 1.2 Common terminology 1.3 Key characteristics of a better practice internal audit function 1.4 Structure of the Guide 1.5 Acknowledgements Key characteristics of a better practice internal audit function Roles and responsibilities of internal audit activities 2.1 Introduction 2.2 The purpose of internal audit 2.3 Internal audit independence 2.4 Internal audit standards and values 2.5 Determining the role of internal audit 2.6 The internal audit charter 13 2.7 Contents of a better practice internal audit charter 14 Planning internal audit activities 16 3.1 Introduction 16 3.2 Internal audit strategic business plan 16 3.3 Purpose of an internal audit strategic business plan 16 3.4 Developing a strategic business plan 17 3.5 Contents of a better practice internal audit strategic business plan 20 3.6 Internal audit annual work plan 21 3.7 Developing a better practice internal audit annual work plan 21 3.8 Contents of an internal audit annual work plan 24 3.9 Costing of individual audits 24 3.10 Amendments to the annual work plan 25 3.11 Timing of audit planning 25 Relationships with key stakeholders 26 4.2 Internal Audit and the Chief Executive 26 4.3 Internal audit and the Board 26 4.4 Internal Audit and the Audit Committee 27 4.5 Internal audit and management 28 4.6 Internal audit and the external auditor 28 4.7 Internal audit and other review activities and external bodies 29 ii 4.1 Introduction 26 4.8 Internal audit and professional bodies 29 Better Practice | Internal Audit in the Public Sector Resourcing the internal audit function 30 5.1 Introduction 30 5.2 Internal audit budget 30 5.3 Service delivery models 31 5.4 Issues to consider in deciding the appropriate delivery model 32 5.5 Service provider panel arrangements 33 5.6 Management of a co-sourced or outsourced function 33 5.7 Head of Internal Audit 35 5.8 Resourcing the internal audit unit 37 Efficient and effective work practices 38 6.1 Introduction 38 6.2 Internal audit manual 38 6.3 Managing the internal audit process 39 6.4 Audit reporting 42 6.5 Audit report recommendations 44 6.6 Monitoring recommendations 45 Performance assessment and quality assurance 47 7.1 Introduction 47 7.2 Measuring internal audit performance 47 7.3 Measurement techniques 48 7.4 Internal audit annual performance report 48 7.5 Quality assurance 49 Part Model Internal Audit Charter 51 Part Example internal audit strategic business plan and annual work plan 58 Example list of contents – internal audit manual 74 Example internal audit protocol 76 Pro-forma internal audit annual work plan progress report 79 Pro-forma Implementation of recommendations progress report 80 Example key performance indicators 81 Example client survey questionnaire 82 Example audit committee internal audit questionnaire 83 Example internal audit self-review questionnaire 85 References 87 Index 89 Contents iii iv Better Practice | Internal Audit in the Public Sector Internal Audit in the Public Sector Better Practice Guide Part Part 1  Introduction Public sector managers operate in an increasingly complex and challenging environment This, in part, reflects the increasing demands and expectations of the community, government and the Parliament Public sector managers have a range of resources and mechanisms available to assist them to meet their responsibilities within this environment In both the public and private sectors, internal audit has long been recognised by better practice entities as a valuable resource and entities have given the internal audit function a key role in their governance arrangements In doing this, organisations recognise that internal audit is one of a number of internal assurance and business review type activities that should operate in a coordinated and complementary manner to the benefit of the organisation These other activities include management monitoring, evaluations, quality assurance and control self-assessment arrangements, that are all designed to provide confidence and assurance to Chief Executives and/or Boards that management is meeting its responsibilities and the entity is achieving its objectives Better practice entities also recognise that internal audit should: In both the public and private sectors, internal audit has long been recognised by better practice entities as a valuable resource and entities have given the internal audit function a key role in their governance arrangements b   e operationally independent: that is, internal audit is independent from the activities subject to audit h   ave the visible and active support of the Chief Executive and/or Board, the Audit Committee and senior management h   ave well defined roles, responsibilities and audit plans that are aligned with the entity’s risk profile  have effective relationships with all stakeholders  be properly resourced to enable it to meet its responsibilities  adhere to specified professional standards  have efficient and effective work practices  be fully accountable for its performance, and  be subject to periodic review 1.1  Coverage The principles and considerations outlined in this Guide are generally applicable to all public sector internal audit functions, irrespective of the particular delivery model adopted by the entity to provide internal audit services The principles and considerations outlined in this Guide are generally applicable to all public sector internal audit functions, irrespective of the particular delivery model 1.2  Common terminology For ease of reference and presentation, the following terms are used in this Guide ‘Chief Executive’ is used for the majority of entities subject to the Financial Management and Accountability Act 1997 (FMA Act) where responsibility and accountability rests with the head of the entity The term ‘Board’ is used for entities where a Board is appointed as the governing body of the entity, as is generally the case with entities subject to the Commonwealth Authorities and Companies Act 1997 (CAC Act)  nder the Financial Management and Accountability Act 1997 the Chief Executive is responsible for managing the affairs U of the entity in a way that promotes the efficient, effective and ethical use of Commonwealth resources for which the Chief Executive is responsible Under their enabling legislation, the Boards of Commonwealth authorities and companies subject to the Commonwealth Authorities and Companies Act 1997 are generally similarly responsible for the efficient and effective use of Commonwealth resources   These are discussed in Chapter Introduction  ‘Head of Internal Audit’ is used to describe the person responsible for the management of the internal audit function Depending on the circumstances, the Head of Internal Audit can be an employee of the entity, a partner, director or senior employee of an external service provider ‘Audit activities’ consist of:  internal audits: including reviews of entity policies, programmes, operations, internal controls, management information, governance frameworks and IT systems, and Audit activities consist of internal audits and advisory services a   dvisory services: including advice to management regarding existing, new or revised processes, procedures and IT systems, risk management and fraud control facilitation, coordination and training, observer status on management committees and the provision of other formal or informal advice In conducting these services, internal audit does not assume management responsibilities ‘Internal audit support activities’ are activities associated with internal audit or managing the internal audit function including: developing the internal audit strategic business plan and internal audit annual work plan; providing support services to the Audit Committee; monitoring the implementation of agreed internal and external audit report recommendations and those of Parliamentary Committees and other bodies; internal audit staff management and training and liaison with the external auditor ‘Non-audit activities’ are activities where internal audit undertakes management responsibilities including: membership of management committees; the formulation of risk management and fraud control plans; and the conduct of fraud investigations ‘Type of audit’ is a means of classifying the primary focus or orientation of an internal audit The two types of audit referred to in this Guide are: c   ompliance: that the operations under review are complying with legislative requirements, government or entity policy and procedures, and systems of internal control, and p   erformance improvement: aimed at improving the efficiency and effectiveness of the programme or operations under review 1.3  Key characteristics of a better practice internal audit function Characteristics of a better practice internal audit function are outlined on the following page Internal audit support activities are activities associated with internal audit or managing the internal audit function 1.4  Structure of the Guide The Guide is divided into the following three parts: Part 1  Better practice principles and considerations Part 2  Model internal audit charter Part Internal audit toolkit 1.5  Acknowledgements The ANAO appreciates the assistance provided by MKL Consulting in preparing the Guide In addition, many entities and individuals contributed to the development of the Guide These included Chief Executives, chairs and members of a number of public sector audit committees, Heads of Internal Audit as well as a number of people in the internal auditing and accounting professions, and private sector organisations  here the Head of Internal Audit is not an employee of the entity, arrangements need to be put in place to ensure relevant W public sector financial and other legal requirements are met  Also known as ‘systems under development’ audits  These include the Management Advisory Committee, the Ombudsman and the Australian Public Service Commission  n practice, audits will often have more than one focus and there are a number of other terms in use to classify audits For example, I ‘compliance’ audits can be called ‘assurance’ audits, and ‘performance improvement’ audits called ‘performance’ audits   Better Practice | Internal Audit in the Public Sector Part Key characteristics of a better practice internal audit function A better practice internal audit function is distinguished by the following key characteristics:  operationally independent: that is, internal audit is independent from the activities Is subject to audit  appropriately positioned in the entity’s governance framework to ensure the work Is of internal audit complements the work of other internal and external assurance and review providers  Has a well developed business strategy that clearly articulates internal audit’s future role and responsibilities  business focused and has audit plans that are comprehensive and balanced, and are Is linked to the risks in the entity  Has the confidence of key stakeholders including the Chief Executive, the Board (if applicable), the Audit Committee and senior management  Undertakes all audits in accordance with specified auditing standards  Has sufficient financial resources and access to internal audit staff with the necessary skills, experience and personal attributes to achieve what is expected of internal audit  Provides internal audit reports and other services, based on efficient and effective work practices, that are valued by stakeholders  Provides an annual assessment, based on internal audit work undertaken, of the effectiveness of the entity’s system of internal controls Advises the Audit Committee and entity management of patterns, trends or systemic  issues arising from internal audit work 1 Facilitates communication between external audit and entity management Disseminates lessons learnt arising out of its work to relevant areas of the entity  Regularly informs the Audit Committee of progress in the implementation of agreed  internal and external audit and other relevant report recommendations Actively manages any external service providers, and  Is  subject to periodic assessment and review as part of a continuous improvement process Introduction   Example internal audit protocol Exit interview At the conclusion of the fieldwork, internal audit will prepare a first draft report to be used as the basis for discussion at an exit interview The purpose of the exit interview is to:  advise management about the provisional findings, conclusions and recommendations  afford management the opportunity to correct any misunderstandings or misinterpretations  discuss findings and conclusions and obtain management’s views, and  discuss the practicality of recommendations and timeframes for any remedial action Draft report Internal audit will issue a final draft audit report promptly following the exit interview, generally within 10 working days Management comments On receipt of the final draft report, the sponsor and management of the work area under review should:  consider the findings and recommendations in the draft report f  ormally advise internal audit whether management agrees or disagrees with the recommendations in the draft report w   here management agrees with a recommendation, management should prepare an action plan to address the recommendation, set a timeframe for implementing the action plan and nominate the individual responsible for implementation, and w   here management disagrees with a recommendation, the reason for the disagreement should be provided6 Management comments are required within 10 working days of the receipt of the draft report Final report Within working days of the receipt of management comments, internal audit will issue a final report to:  the Chief Executive  the Chair and members of the audit committee  the sponsor, and  the sponsor’s supervisor Where appropriate, lessons learnt and examples of better practice will be disseminated to a wider audience in [entity] A client satisfaction questionnaire will be sent with the final report The sponsor should complete the client satisfaction questionnaire and return it to the Head of Internal Audit The Head of Internal Audit will follow up any feedback indicating possible shortcomings in internal audit performance Monitoring the implementation of agreed recommendations The Audit Committee is responsible for examining all internal audit reports Internal audit assists the Audit Committee in monitoring progress in implementing agreed recommendations Internal audit will, therefore, periodically seek advice from management regarding progress in implementing agreed recommendations  While management agreement is not always necessary, it would be expected that discussions would be held with the sponsor with the aim of reaching agreement The reasons for any disagreement will be included in the final audit report together with any internal audit response 78 Better Practice | Internal Audit in the Public Sector Part Toolkit 79 Progress status1 Original date for consideration by Audit Committee Revised date for consideration by Audit Committee Percentage of estimated days used Last milestone achieved2 Status comment3 Pro-forma internal audit annual work plan progress report Internal audit’s commentary on audit progress An opportunity also exists to advise the Audit Committee of the significance of any findings that are emerging from audits in progress Selected from list of milestones Internal audit’s assessment of audit progress represented by ‘traffic lights’  Report considered by Audit Committee  Management comments received  Draft report issued  Exit interview completed  Fieldwork completed  Fieldwork commenced  Entry interview  Assignment planning commenced Milestones G   Green: On track O   Orange: Some delays R   Red: Significant delays Progress status legend O R Audit title Status of [year] internal audit plan as at [date] Pro-forma internal audit annual work plan progress report 80 Better Practice | Internal Audit in the Public Sector Recommendation/ issue3 Progress status4 Category/priority of recommendation Internal audit’s commentary on the adequacy of progress, as required Internal audit’s assessment of progress represented by appropriate coloured ‘traffic lights’ Summary of recommendation or issue Or date issued, if not considered by the Audit Committee Including external audit and recommendations of Parliamentary Committees and other relevant bodies G   Green: On track O   Orange: Some delays R   Red: Significant delays Progress status legend Report title and date considered by audit committee2 Manager responsible for implementation Status of the implementation of internal audit and other report1 recommendations as at [date] Original completion date Revised completion date Comment5 Pro-forma Implementation of recommendations progress report Pro-forma Implementation of recommendations progress report Example key performance indicators Example key performance indicators Measuring performance over time using a number of key performance indicators (KPIs) linked to internal audit objectives, and acting on the results, is important for an effective internal audit function The most appropriate KPIs will vary according to the objectives and structure of the internal audit function, but entities are encouraged to review their existing key performance indicators against the following example indicators Performance indicator Performance against plan Target Actual Percentage variation Number of audits completed Number of audits delivered by due date Cost of audit plan Stakeholders Audit Committee assessment of overall contribution of internal audit (from committee survey questionnaire) Client assessment of overall satisfaction (from client survey questionnaire) Number of requests for ad-hoc advice/ assistance from management Staff Not applicable Not applicable Staff satisfaction (from staff survey) Training days per staff member % staff turnover Overall contribution Audit Committee assessment of the extent audits identified key issues (from committee survey questionnaire) Audit Committee assessment of the contribution internal audits made to greater assurance and/or improvements in performance (from Audit Committee survey questionnaire) Clients’ assessment of benefits resulting from internal audits (from client survey questionnaire) Part Toolkit 81 Example client survey questionnaire Example client survey questionnaire To assist in maintaining the efficiency of the audit process and the quality of the audit report it is important to seek the views of management immediately after an audit has been finalised This example client survey questionnaire is designed to assist the Head of Internal Audit to collect the views of management regarding the audit Where there are significant areas of disagreement the Head of Internal Audit should explore the matters further Entities are encouraged to review their existing client survey questionnaire against this example Rating scale Importance: = Low importance Performance: = Strongly Disagree = Medium importance = High importance = Disagree = Agree  = Strongly Agree   Importance Performance The timing of the audit was appropriate 3 My staff and I were given the opportunity to provide input, including any concerns and our perspectives, to the planning process 3 The audit focused on issues that were important 3 The internal auditor(s) kept me informed throughout the process on a timely basis and there were ‘no surprises’ 3 The internal auditor(s) demonstrated a good knowledge of the subject matter 3 The internal auditor(s) demonstrated professionalism and an objective approach 3 There was no undue disruption to my workplace during the audit and our work environment was respected, e.g safeguarding of documents and access to facilities 3 I was given the opportunity to provide input on the findings and conclusions, and on the recommendations made to address them 3 Conclusions reached were adequately supported by relevant facts and thorough analysis 3 The audit was completed on a timely basis 3 The audit report was balanced and constructive 3 Recommendations were useful, realistic, and cost-effective 3 The audit was of benefit in providing me with assurance that there were no major weaknesses and/or helped me to manage my business better 3 Overall, I was satisfied with the audit 3 Please use the space below to explain any specific ratings, to provide additional comments, or to offer suggestions to improve future internal audits Comments: 82 Better Practice | Internal Audit in the Public Sector Example Audit Committee internal audit questionnaire Example Audit Committee internal audit questionnaire The views of the Audit Committee on the performance of internal audit should be sought periodically, but at least annually This example questionnaire is designed for use by the Audit Committee to provide feedback to the Head of Internal Audit on the performance of the internal audit function The questionnaire would generally be completed by each member of the committee Alternatively it can be completed by the committee as a whole Entities are encouraged to review their existing Audit Committee internal audit survey questionnaire against this better practice example Rating scale Importance: = Low importance Performance: = Strongly Disagree = Medium importance = High importance = Disagree = Agree = Strongly Agree Importance Performance Audit Committee Papers Audit Committee papers were distributed in sufficient time prior to the meetings 3 Audit papers provided adequate pre-meeting information 3 Audit papers were presented in a professional, well-ordered, clear and concise manner 3 The information provided in the audit papers assisted the Audit Committee to fulfil its responsibilities under its charter 3 Any changes suggested to the audit papers were implemented in a timely manner 3 Internal audit actively participates in meetings 3 Internal audit offers suggestions and solutions to issues during discussions 3 Minutes from meetings are accurate, concise and distributed in a timely manner 3 3 Meetings Internal audit strategic business plan and internal audit annual work plan The strategic business plan and annual work plan were appropriately aligned with the entity’s business and operating environment (including key issues and business risks), its strategy and its key priorities Part Toolkit 83 Example Audit Committee internal audit questionnaire Importance Performance The internal audit strategic business plan and annual audit plan was developed in consultation with the Chief Executive, the Audit Committee and senior management 3 The internal audit strategic business plan and annual audit plan takes into account the work of other sources of assurance and review 3 The issues addressed by each audit assignment were appropriate to the business needs of the entity 3 Audit assignments were completed in a timely manner 3 Reports were well structured and concise 3 Reports reflected a realistic understanding of the area under review 3 Recommendations were practical and cost-effective to implement 3 Better practice suggestions and lessons learnt were disseminated to relevant areas of the entity 3 Audits represented good value for money 3 Audits identified key issues 3 Audits contributed to greater assurance and/or improvements in performance 3 3 Audit reports Overall contribution Overall, internal audit has made a valuable contribution to the achievement of the entity’s objectives Please use the space below to explain any specific ratings, to provide additional comments, or to offer suggestions for improvement Comments: 84 Better Practice | Internal Audit in the Public Sector Example internal audit self-review questionnaire Example internal audit self-review questionnaire This self-review questionnaire is designed to assist the Head of Internal Audit to assess if the key elements of a better practice internal audit function are in place Rating scale Ratings: = Strongly Disagree = Disagree = Agree = Strongly Agree Rating You have the confidence and support of: · the Chief Executive · the Board (where applicable) · the Audit Committee · senior management, and · line management You have direct access to the Chief Executive/Chair of the Board and the Chair of the Audit Committee Internal audit is part of an integrated governance framework The internal audit charter is up to date and clearly articulates the roles, responsibilities and accountability lines of the internal audit function Your role is clear and well understood by management and staff in the entity You have access to all entity records, information and staff in the conduct of your work You and your staff know the entity’s business and the risks it faces There is a strategic internal audit business plan and internal audit annual work plan that is aligned with the entity’s business objectives, risks and major business systems and processes You have access to sufficient skilled and experienced staff and financial resources to meet your responsibilities and the expectations of key stakeholders Internal audit’s working practices are efficient and effective and are supported by an up to date Internal Audit Manual Relevant professional standards are adhered to There is adequate supervision of audit work and review of audit reports Audit reports rate the risk exposure of findings to the entity All audit recommendations are practical, cost-effective to implement and are risk-rated Part Toolkit 85 Example internal audit self-review questionnaire Rating Outstanding agreed internal and external audit, Parliamentary Committee recommendations and those of other relevant bodies, are monitored effectively, and progress in implementing recommendations reported periodically to the Audit Committee Examples of better practice and lessons learnt are disseminated to relevant areas of the entity An annual report that assesses the effectiveness of the entity’s internal controls and identifies systemic issues is provided to the Audit Committee The key performance indicators provide effective accountability and drive performance improvement The internal audit function is reviewed periodically 86 4 Better Practice | Internal Audit in the Public Sector References ANAO Audit Reports R   eport No.3, 2004-05 Management of Internal Audit in Commonwealth Organisations Better Practice Guides A   NAO, Public Sector Audit Committees, February, 2005 A   NAO and the Department of Finance and Administration, Developing and Managing Contracts, February, 2007 Auditor-General Act, 1997 Financial Management and Accountability Act, 1997 Financial Management and Accountability Orders, 2005 Commonwealth Authorities and Companies Act, 1997 Department of Finance and Administration, Finance Circulars N   o.2006/08 Certificate of Compliance - FMA Act agencies N   o.2006/11 Compliance Reporting – CAC Act entities HM Treasury, Government Internal Audit Standards, October, 2001 HM Treasury, Government Internal Audit Standards Good Practice Guidance: The Consultancy Role of Internal Audit, February, 2003 HM Treasury, Good Practice Guidance: Reporting, 2003 HM Treasury, Government Internal Audit Standards Good Practice Guide: Audit Strategy, May, 2002 Management of Risk - Principles and Concepts, October, 2004 HM Treasury, Government Internal Audit Standards The Orange Book, HM Treasury and National Audit Office, Co-operation between internal and External AuditorsA Good Practice Guide Treasury Board of Canada Secretariat, A Guide to Planning, Conducting and Reporting on Internal Auditing Assurance Engagements in the Federal Government of Canada, April, 2004 Treasury Board of Canada Secretariat, Internal Auditing Standards for the Government of Canada, April, 2006 Philomena Leung, Barry Cooper and Peter Robertson, The Role of Internal Audit in Corporate Governance & Management, RMIT Publishing, 2004 The Institute of Internal Auditors, Professional Practices Framework (The International Standards for the Professional Practice of Internal Auditing), July, 2006 The Institute of Internal Auditors Australia, Professional Practice Guide for Internal Audit, 2005 References 87 The Institute of Internal Auditors, The Role of Auditing in Public Sector Governance, November, 2006 Standards Australia, HB 158-2006 Delivering assurance based on AS/NZS 4360: 2004 Risk Management, 2006 United States General Accounting Office, Standards for Internal Control in the Federal Government, November, 1999 Auditor-General Alberta, Examination of Internal Audit Departments, August, 2005 88 Better Practice | Internal Audit in the Public Sector Index A Auditing, continuous, 10 Acknowledgements, Auditor-General responsibilities, 12 Advisory services, 2, 10 Auditor-General Act 1997, 12 Annual performance report, 48 Australian government entities audit of financial statements of, 12 Annual work plan amendments to, 25 checklist, 25 comprehensive, 22 contents, 24 contingencies, planning for, 23 developing, 21 example, 25, 58–73 external auditor, views of, 23 nature of, 23 preparation, 21 pro-forma progress report, 41, 79 size, 21 strategic business plan, and, 16 timing of planning, 25 topics, prioritising, 21–2, 23 Audit approaches, 39 classification of, costing of, 24 effective supervision, 40 internal see Internal audit planning, 39 type of, 2, Audit activities definition, Audit Committee example questionnaire, 83 internal audit and, 27 reporting lines, Audit Liaison Officer, 28 Audit report better practice, disseminating, 44 characteristics, 46 confidentiality, 44 cost, measuring, 47 draft, review of, 43 final, review of, 43 recommendations, 42, 44–5, 80 reporting standards, 42 sponsors, consultation with, 43 timeliness, measuring, 47 Australian Public Sector values, Australian Society of Certified Practising Accountants, 29 B Better practice, disseminating, 44 Board definition, delegation by, internal audit and, 26 Budget internal audit, for, 30 strategic business plan, 19 Business improvement reviews, objectives, 19  strategic business plan see Strategic business plan C CAC Act, CAC Act entities financial statements, 12 reporting lines, Certificate of Compliance, Chief Executive definition, delegation by, internal audit and, 26 responsibilities, Chief Financial Officer (CFO) conflict of interest, 10 internal audit function, 10 Client satisfaction surveys, 48 Client survey questionnaire, 82 Communication, effective, 40 Compliance audit, 2, 8–9 Confidentiality, 44 Index 89 Continuous auditing, 10 Corporate objectives, achieving, Cost individual audits, of, 24 in-house service delivery, 32 D Due care, 41 E Evaluations, 1, External audit responsibilities, 12–13 External auditor annual work plan, views about, 23 internal audit and, 28 External quality assurance review, 49 framework, 18 F Financial statements Australian Government entities, of, 12 FMA Act, FMA Act entities financial statements, 12 reporting lines, Fraud control, 11–12 G Governance framework, in, 4, Graduates internal audit, rotation through, 37 recruitment programs, 37 Guide coverage, structure, H Head of Internal Audit accountability, 10, 26 appointment, 36 definition, 1–7 responsibilities, 35 role, 35 skills, 36 status, 36 I Independence internal audit, of, 4–5, 8, 10 operational, 4, 8, 10 90 Better Practice | Internal Audit in the Public Sector Information Systems Audit & Control Association, 29 In-house service delivery cost, 32 factors to consider, 32 flexibility, 32 model, 31 staff, 32 viability, 32 Institute of Chartered Accountants in Australia, 29 Institute of Internal Auditors, 4, 29 Professional Practices Framework, Internal audit audit activity, as, budget, 30 characteristics, charter see Internal audit charter co-sourced, 31 definition,  delegation of administrative responsibility for, environmental factors, 7–8 example protocol, 40, 76–8 governance framework, in, 4, in-house, 31 independence, 4–5, 8, 10 key role of, managing process, 39 manual, 38, 74–5 organisational factors, 7–8 outsourced, 31 planning activities, 16 progress, monitoring, 41 purpose, resourcing, 30–7 responsibilities, 4, 15 roles, 4, 6, 15 service delivery models, 31–2 specific considerations, standards, supervision, effective, 40 support activities, 2, 12, 23 unit, resourcing, 37 values, Internal audit charter, approval, 13 contents, 14–15 definition, 13 development, 13 model, 15, 51–5 review of, 13 Internal controls, assessment of effectiveness, 9–10 Internal quality assurance review, 49 framework, 18 IT systems, audits of, 22 continuous auditing, 10 new, implementing, 10 checklist, 25 examples, 25  strategic business plan see Strategic business plan timing of planning, 25 Processes new, 10 probity of, 11 Procurement methods, 11 K Professional bodies Key performance indicators, 47, 81 internal audit and, 29 Knowledge champions, 21 Professional Practices Framework, M Project Completion Advice, 43 Management control self-assessment arrangements, 1, internal audit and, 28 monitoring, 1, strategies, 19 Q Quality assurance, 1, 7, 47–9 external reviews, 49 internal reviews, 49 Model internal audit charter, 15, 51–5 Questionnaires Audit Committee, 83 client survey, 82 self-review, 85 N R New programs, 10 Recommendations audit report, arising from, 42, 44–5 implementation progress report, 80 Measurement techniques, 48 MKL Consulting, advice on, 22 ‘systems under development’ audits, 22 Non-audit activities definition, overview, 12 O Other review activities internal audit and, 29 strategic business plan, 18 Outsourcing choosing service provider, 33 clear deliverables, establishing, 34 management of, 33, 34 service delivery model, 31 service provider panel arrangements, 33 P Performance assessment, 47–9 annual performance report, 48 measurement techniques, 48 Performance improvement audit, 2, 10 Plans annual work plan see Annual work plan audit planning, 39 Report see Audit report Reporting lines, Risk risk profile of entity, 17 sources of, 18 strategic business plan, 17 Risk management, 4, 7, 11 strategic business plan, alignment of, 21 S Self-review questionnaire, 49, 85 Service delivery models, 31–2 Staff attracting and retaining, 32 Stakeholders confidence and trust of, 26 effective communication with, 40 expectations of, 19 key, relationships with, 26 who are, 26 Standards, Index 91 Strategic business plan annual work plan supporting, 16 budget considerations, 19 business objectives, 19 checklist, 25 contents, 20–1 developing, 17–20 example, 25, 58–73 external environment risks, 18 goals and objectives of entity, 17 management strategies, 19 other review activities or functions, 18 period covered by, 16 previous internal audit coverage, 21 purpose, 16–17 risk management plan, alignment with, 21 risk profile of entity, 17 stakeholder expectations, 19 timing of planning, 25 Supervision, effective, 40 Systems, new, 10 T Terminology, 1–2 V Values, W Whole-of-entity perspective, Work practices efficient and effective, 38–46 92 Better Practice | Internal Audit in the Public Sector ... plan relates Example internal audit strategic business plan and internal audit annual work plan Part of the Guide includes an example internal audit strategic business plan and internal audit annual... conducting audits and managing the internal audit function in an internal audit manual is important to: Documenting the policies and procedures for conducting audits and managing the internal audit. .. risk management S and fraud control This can result in work areas being known by such titles as Risk Management and Assurance, Audit and Investigations, Governance and Assurance, and Assurance and