RMIT University
.
 

back to Internal Audit  home page
 
 
 
 

Frequently Asked Questions

 
>What occurs on an audit?
>What are internal controls?
>What do internal auditors do?
>What is the difference between internal and external auditing?
>How are areas selected for internal audit?
>What is reported by the group?
>What are follow-up audits?
>Who can I talk to regarding potential fraud?
>Who does internal audit report to?
>How does internal audit establish its independence?
>Your questions


What do Internal Auditors do?

The Internal Auditor's task is to assist managers to do their jobs more effectively and efficiently. The group independently reviews and appraises a wide range of activities and is a vital link in the University's management control system. Internal Auditors offer independent, impartial assurance that objectives, policies, plans, procedures and controls are being appropriately implemented. The group acts as a catalyst to focus senior management's attention on issues that are critical to the continuing success of the University. 

The internal audit function within RMIT independently reviews activities as well as assessing and reporting on the effectiveness and efficiency of internal controls. 

These reviews determine whether: 

  • information used for decision-making is reliable; 
  • university policies and procedures and other legal requirements are being followed; 
  • assets are safeguarded; 
  • resources are used economically; and 
  • objectives are achieved in a timely manner.


    • The Internal Auditor's role is to identify and suggest improvements so that remedial action can be taken - usually within the area concerned. In the normal course of an audit, contact is made with the particular managers making the decisions. Managers are provided with an independent assessment of the efficiency and effectiveness of systems and, if necessary, recommendations to improve performance or internal controls in their area. 
     

    What is the difference between internal and external auditing?
     
    Internal Auditors External Auditors
    Audit continuously Audit at year end
    Report to University management  Report to Parliament
    Audit all management systems Audit financial systems
    Are concerned with effective, efficient, economic achievement of strategic goals Are concerned with accurate and complete reporting of financial status
    Concerned with all misreporting, errors or potential fraud Concerned with misreporting, errors or potential fraud of material consequence to financial status

    How are Areas Selected for Internal Audit?

    Planning by Internal Audit is necessary to ensure that responsibilities assigned in the Internal Audit Charter approved by RMIT Council are effectively discharged and to ensure compliance with standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors. 

    Internal auditing standards and best practice indicate that the scope of internal auditing should encompass the examination and evaluation of the adequacy and effectiveness of the organisation’s system of internal control and the quality of performance in carrying out assigned responsibilities. The contemporary role of Internal Audit is therefore far broader than the traditional focus on financial controls and includes both financial and non-financial auditable areas. 

    The total internal audit planning process involves the establishment of a strategic audit plan which is the allocation of audit resources to responsibilities in order to establish a work strategy over a period of time (5 years); an annual audit plan which sets out in more detail the audits to be performed in the forthcoming year and detailed planning of individual audit assignments. 

    Internal Audit Planning


    Strategic
    Audit Plan
    (5 Years)
    [line link]
    Annual
    Audit Plan
    [line link]
    Audit Assignment Plans

    The Strategic Internal Audit Plan serves a variety of purposes, including: 

  • as a means to identify auditable areas/tasks; 
  • management participation in the planning process; 
  • accountability for audit activities; 
  • direction and control; and 
  • liaison with other review activities. 


    • The Strategic Internal Audit Plan is established by the: 

  • identification of the auditable areas; 
  • risk evaluation and priority ranking of such areas; and 
  • preparation of the Strategic Audit Plan.


    • The Strategic Internal Audit Plan is updated annually to reflect changes in the University and the consequential impact on its risk profile. 

    As the Strategic Internal Audit Plan is constructed as a multi-year rolling plan, the first year of the five year plan becomes the basis for the Annual Internal Audit Plan. 

    The Annual Audit Plan is an abstract of the Strategic Audit Plan and contains additional details concerning the type, scope, budget and timing of proposed internal audit tasks. 

    In allocating budget times to the auditable tasks, a proportion of time is reserved to meet a number of non-discretionary tasks including time to perform grant certification audits, time to attend to ad hoc requests by senior University management for what are effectively reassurance type audits and time to undertake follow-up audits. 

    When the Annual Audit Plan is compiled, consideration is also given to the type and scope of assignments to be carried out. No audit plan could accommodate the number of audits required if all audits are classified as full ‘system-based audit’. Consequently, the nature and type of audit will guide the setting of budget times for individual auditable areas/tasks. 

    See also "Program'' under Charter


    What is Reported by the Group?

    Internal Audit reports are aimed at improving the operation of functions performed by the University. Specifically, audit reports will recommend improvements in the effectiveness, efficiency and economy of management systems and controls, compliance with University policies and procedures, legal requirements and sound management principles. 

    Management systems and controls may be insufficient or ineffective in safeguarding assets, conversely they may be excessive and convoluted reducing efficiency and economy of operations. Authority to control must match responsibility for performance. 

    University policies and procedures have been established to provide consistent methods and approaches to management tasks. Breaches of policy and procedure (compliance findings) are reported along with recommendations to improve University policies and procedures where necessary. 

    University strategic objectives and goals may not be met if operational activities are not aligned due to outmode practices or where the goals of the individual, the group, and/or the organisation are not congruent. 

    All findings are discussed with relevant line and senior management prior to finalising the audit report. 

    While in general the audit report is a report by exception, compliance with University Operating Policy and Procedures is also recognised. 


    What are Follow-Up Audits?

    The objective of the "follow-up" audit is to ascertain whether agreed corrective action has been taken by management to address the matters highlighted in the original audit report. A "follow-up" audit is generally conducted around six to twelve months after the final audit report is distributed. 


    Who can I talk to Regarding Potential Fraud?

    If you strongly suspect that "something is wrong": 

  • do not proceed with a detailed investigation; 
  • do not broadcast your suspicions; 
  • do not confront your "suspect(s)"; 
  • do not ignore or "turn a blind eye" to it; 
  • do not allow yourself to become involved; and 
  • contact Internal Audit as soon as possible - confidentiality is guaranteed. 

    •  

    Who does Internal Audit report to?

    The Internal Audit Group has independent reporting status within the University. Internal audit reports quarterly to the Audit Committee of RMIT Council on the results of the completed audits and has access to the Chancellor of the University if required. Internal Audit is part of the Resources Division and reports to the Deputy Vice-Chancellor (Resources) for budgetary and administrative purposes. 

    The group maintain contact with other specialist groups within the University to assist line management. 

    The Internal Audit Group liaises and co-operates with the University's external auditors who are primarily responsible for the audit of RMIT's annual financial statements. 
     


    How Does Internal Audit Maintain its Independence?

    The internal audit function has independent status within the University and for that purpose: 

  • is administratively responsible on a day to day basis to the Deputy Vice-Chancellor (Resources). It reports on a quarterly basis to the Audit Committee of Council and has direct access to the Chancellor of the University if required; 
  • has no executive or managerial powers, authorities, functions or duties except those relating to the management of the internal audit function; 
  • is not responsible for the detailed development or implementation of new systems but should be consulted before such development to enable assessment of the adequacy of planned controls; and 
  • is not involved in the day to day internal checking system in the University.

    •  

    Your Questions

    Any questions that you may have can be directed to the following members by e-mail: 

    Gary Galvan, Director, Internal Audit 
    John Purcell, Associate Director, Internal Audit 
    David Blunden, Associate Director, Internal Audit 
    Sue Chivers, Executive Assistant 

    back to Internal Audit home page

    RMIT UniversityCopyright ©1998 RMIT University - Disclaimer
    Web information: Webmasters' Resources
    URL: http://www.rmit.edu.au/departments/ia/frequest.html
    Last Modified 17 September 1998 by Kieran Dell