internal audit annual report {&vyear.descr} · internal audit annual report 2015/2016 page 3 of...

Internal Audit Annual Report

2015/2016

Internal Audit Annual Report 2015/2016

of 25

Audit Committee Report ......................................................................... 4

Role ................................................................................................................................... 4

Membership....................................................................................................................... 4

Issues before the Audit Committee .................................................................................... 4

Attendance register for Audit Committee meetings 2015/2016 ......................................... 5

Audit Committee Annual Schedule of work........................................................................ 6

Attachment 1 ..................................................................................................................... 9

Internal Audit Report............................................................................. 13

Organisational Independence .......................................................................................... 13

Value Add ........................................................................................................................ 13

Chief Audit Executive / Internal Auditor ........................................................................... 14

Shared Service arrangement Internal Audit ...................................................................... 14

Impacts of unanticipated State Government Fit for the Future submissions ..................... 15

Internal Audit Work ......................................................................................................... 16

Reporting ........................................................................................................................ 16

Audit Coverage and Planning .......................................................................................... 16

Types of Internal Audits undertaken during the year ........................................................ 17

Internal Audits completed during 2015/2016 at Yass Valley Council ................................ 18

Internal Audit Recommendations ..................................................................................... 18

Satisfaction ...................................................................................................................... 19

Looking forward .............................................................................................................. 19

Attachment 2 ................................................................................................................... 20

Attachment 3 ................................................................................................................... 22


of 25

Chairs Comments This is the first annual report of the Yass Valley Council Audit Committee and Internal Audit for the period 2015/2016. The Yass Valley Council Audit Committee (Committee) had its first meeting in June 2015, with a charter adopted by Council at the meeting of 25 February 2015. The Committee provides independent assurance and assistance to Council in respect to risk management, the control framework, legislative compliance, internal audit and external accountability responsibilities. This report outlines the role and the activities of the Committee and the internal audit function during 2015/2016 and provides an overall opinion on the Council’s risk management, control and governance arrangements. As explained in the report, the Internal Audit function has only been operational from the inaugural meeting of the Audit Committee in June 2015. The initial priority of the audit committee at that meeting was to establish the operations of the internal audit function with agreement to a charter and associate audit manual and the establishment of an audit program. Since that time the activities of internal audit has been in line with the agreed audit program of work and the Committee has performed its role in line with its charter. A schedule of work for the Committee was established as a basis for achieving its responsibilities. This included progressively gaining an understanding of Yass Valley Council risk management practices and through presentations from key staff and sighting of policies and procedures. The Committee’s ability to reach an opinion on the status of risk management, control and governance arrangements is limited at this stage of development of the internal audit function in that only some aspects of overall council management practices have been reviewed. Council will recall that I advised Council recently that internal audit coverage and resource for 2016/2017 and subsequent years would need to be increased. The Committee considers that work undertaken in this period has demonstrated the benefits of establishing the audit committee and the internal audit function. The audits undertaken identified some weakness in controls and areas in which management process could be improved. The Committee would like to express its appreciation for the support and cooperation that it has received from all levels of Council personnel and management in answering questions, facilitating audits and responding to audit concerns. Overall, the Council personnel and management displayed openness in discussion and were able to demonstrate their commitment to sound management practices in the areas reviewed and discussed. The Committee would also like to commend the work of Ms Marg Nicholls, the Internal Auditor, who demonstrated a professional approach to our activities in managing and implementing the program. Rob Johnston RFD, FCPA Chair Audit Committee June 2016


of 25

AUDIT COMMITTEE REPORT

Role

The Audit Committee does not replace or change management accountability arrangements; it does, however, enhance the governance framework by providing Council and the General Manager with independent assurance and assistance in the areas of risk management, internal control, governance and financial reporting. An effective committee has the potential to strengthen the control environment (of which it is part) and assist the General Manager and Council to fulfil their stewardship, leadership and control responsibilities.

Membership

Membership of the audit committee is made up of three external members and two councillor members with the role of Chair being allocated to an external member. The Audit Committee Charter was resolved at the February 2015 Council meeting. External Chairperson: Mr Rob Johnston External Committee member: Dr Ken Crofts Mr Bruce Papps Council Committee member – Mayor Rowena Abbey

Councillor David Needham In addition, the General Manager Mr David Rowe and the Internal Auditor Mrs Marg Nicholls attends each of the meetings. Invitations are extended to the external auditor and staff as required.

Issues before the Audit Committee

Issues before the Audit Committee during this reporting period included:

Internal audit charter;

Strategic internal audit program

Business processes;

Status of audits and monitoring the implementation of audit recommendations from

current year’s audits through the Audit Recommendations Tracking Report;

Audits completed (external and internal);

Ongoing and miscellaneous matters;

Approved Key Performance Indicators Internal Auditor;

Review of internal audit activity tools;

Emerging Risks;

Business Continuity;

Financial Statements; and

Fraud Control.


of 25

Attendance register for Audit Committee meetings 2015/2016

Clause 6.1 of the Audit Committee Charter requires the Committee to meet at least four times per year, with one of these meetings to include review and endorsement of the annual audited financial reports and external audit opinion. The Audit Committee met on four occasions for the financial year 2015/2016 with the inaugural meeting being 11 June 2015 resulting in five meetings of the Committee. All scheduled items for review were presented to the Audit Committee for consideration. However, the financial statements were considered after approval by Council rather than before. This meant that Council did not have the opportunity to consider the Audit Committee’s views when reviewing the financial statements. Audit Committee / Attendance

Audit Committee and nonvoting attendees

Role Scheduled Attended

Mr Rob Johnston External Member Chair 5 5

Dr Ken Crofts External Member 5 5

Mr Bruce Papps External Member 5 5

Mayor Rowena Abbey Councillor Representative 5 4

Cr David Needham Councillor Representative 5 3

Marg Nicholls (non voting) Internal Auditor 5 5

David Rowe (non voting) General Manager 5 5


of 25

Audit Committee Annual Schedule of work

The Audit Committee has an annual schedule of work which it measures its roles and responsibilities against the Audit Committee Charter. This is detailed as follows

AC Roles and Responsibilities as per AC Charter June 2015

Sept 2015

Dec 2015

Mar 2016

Objective

Provide independent assurance and assistance to YVC on risk management, control, governance and external accountability responsibilities

Authority

Discuss any matters with the external auditor or other external parties (subject to confidentiality considerations)

Request of the General Manager the attendance of any employee at Committee meetings

Obtain external legal or other professional advice considered necessary to meet its responsibilities including requesting their attendance at a meeting

Responsibilities of Members

Understand the relevant legislative and regulatory requirements appropriate to YVC

Contribute the time needed to study and understand the papers provided

Apply good analytical skills, objectivity and good judgement

Administrative arrangements

AC committee meets at least 4 time per year - one of these meetings to review and endorse annual audited financial statements and external audit opinion

AC to agree forward meeting plan

Conflicts of interest must be declared at start of each meeting

New members will receive relevant induction information Chair of AC to initial review of performance of committee at least every 2 years on self assessment basis

Audit Committee Charter review at least every 2 years

AC may consider any other matter deemed of sufficient importance to do so

Any member of AC may request meeting with Chair of AC

Establish number of meetings for coming year

Establish planned work schedule for coming year

Risk Management

Review whether management has in place a current and comprehensive risk management framework and associated procedures for effective identification and management of business and financial risks including fraud

Review whether a sound and effective approach has been followed in developing strategic risk management plans for major projects or undertakings

Review the impact of the risk management framework on its control environment and insurance arrangements


of 25

Review whether a sound and effective approach has been followed in establishing business continuity planning arrangements, including whether plans have been tested periodically

Control Framework

Review whether management has adequate internal controls in place, including over external parties such as contractors and advisors

Review whether management has in place relevant policies and procedures and these are periodically reviewed and updated

Progressively review whether appropriate processes are in place to assess whether policies and procedures are complied with

Review whether appropriate policies and procedures are in place for the management and exercise of delegations

Review whether management has taken steps to embed a culture which is committed to ethical and lawful behaviour

Assessment of financial information

Satisfy itself the annual financial reports comply with applicable Australian Accounting Standards and supported by appropriate management sign-off on the statements and the adequacy of internal controls

Review the external audit opinion, including whether appropriate action has been taken in response to audit recommendations and adjustments

To consider contentious financial report matters in conjunction with council's management and external auditors

Review the processes in place designed to ensure financial information included in the annual report is consistent with the signed financial statements

Satisfy itself there are appropriate mechanisms in place to review and implement, where appropriate, relevant State Government reports and recommendations

Satisfy itself there is a performance management framework linked to organisational objectives and outcomes

Legislative Compliance

Determine whether management has appropriately considered legal and compliance risks as part of risk assessment and management arrangements

Review the effectiveness of the system for monitoring compliance with relevant laws, regulations and associated government policies

Internal Audit

Act as a forum for communications between the Council, General Manager, senior management, internal audit and external audit

Review the internal audit coverage and internal audit plan to ensure the plan has considered the Risk Management Plan and approve the plan

Consider the adequacy of internal audit resources to carry out its responsibilities, including completion of the approved internal audit plan

Review all audit reports and consider significant issues identified in audit reports and action taken on issues raised, including identification and dissemination of better practices


of 25

Monitor the implementation of internal audit recommendations by management

Periodically review the internal audit charter to ensure appropriate organisational structures, authority, access and reporting arrangements are in place

Periodically review the performance of Internal Audit

External Audit

Act as a forum of communication between Council, senior management, internal audit and external audit

Provide input and feedback on the financial statement and performance audit coverage proposed by external audit, and provide feed back on external audit services provided

Review all external plans and report in respect of planned or completed external audits, and monitor the implementation of audit recommendations by management

Consider significant issues raised in relevant external audit reports and better practice guides and recommend actions that should be taken

Reporting

Internal audit performance report to audit committee provided to AC 1st meeting after 30 June each year

Audit committee will report directly to Council at least annually

Council may request the Audit Chair to address Council and to answer any enquiries regarding operation of Audit Committee


of 25

Attachment 1

Audit Committee Charter


of 25


of 25

INTERNAL AUDIT REPORT

This is the inaugural report of the Yass Valley Council Internal Audit function, summarising the internal audit activities for the period 1 July 2015 to 31 May 2016. Standard 2060 of the Institute of Internal Auditors (IIA) International Professional Practices Framework (IPPF) requires that the Chief Audit Executive (CAE) must report periodically to senior management and the audit committee on the internal audit activity. The IPPF is a conceptual framework that organises the authoritative guidance promulgated by the IIA. Authoritative guidance is comprised of two categories (1) mandatory and (2) strongly recommended. At Yass Valley Council, reporting is done both quarterly at each of the Audit Committee meetings and annually. Usually, the Internal Audit Annual Report would be presented to the Audit Committee at its first meeting after the end of the previous financial year. However given that the internal audit function was initially contracted for a 12 month period to 30 June 2016,the report has been prepared to be available for the final audit committee meeting of 16th June 2016.

Organisational Independence

Attribute Standard 1110 of the IPPF requires that the CAE confirms at least annually of the organisational independence of the internal audit activity. At Yass Valley Council, Internal audit reports functionally to the Audit Committee and administratively to the General Manager. Assurance is hereby given that the Internal Audit activity is organisationally independent. In addition to providing assurance that the internal audit activity is organisationally independent, each Internal Auditor must declare annually annual that they confirm to the IIA’s Code of Ethics and advise of no conflict of interest in relation to the work performed during the year. This declaration is attached as Attachment 2.

Value Add

Value is added by the internal audit function by providing independent, objective assurance1 and consulting2 services.

1 Assurance services involve the Internal Auditor’s objective assessment of evidence to provide an independent opinion or conclusions regarding a process, system or other subject matter. The nature and scope of the assurance engagement are determined by the Internal Auditor.

Audit Committee Three External Members

Two Council representatives General Manager

Internal Audit

Function

Administrative reporting Functional reporting


of 25

The audit function brings a systematic, disciplined approach to evaluate and improve office systems, processes and reporting. Accordingly, audit planning must be sufficiently comprehensive to regularly audit/review all facets of Council’s operations, having regard to the functions and duties imposed on Council. In effect, the internal audit function will as part of its approved workplan, audit and or review

compliance with policies, plans, procedures, legislation and regulations;

achievement of established objectives and goals for the operation or process;

reliability and integrity of information;

economic, effective and efficient use of resources; and

safeguarding of assets.

The Internal Auditor attends each quarterly Audit Committee meeting to report on the status of the Internal Audit Plan and present the findings of reviews and audits undertaken.

Chief Audit Executive / Internal Auditor

The Internal Auditor is professionally accredited through the Institute of Internal Auditors an international body for the internal audit profession. The Internal Auditor acts in accordance with the duties and responsibilities set out in Council’s Internal Audit Charter, Audit Committee Charter and the Internal Audit Workplan as well as requirements of an employee of Council. Further, the Internal Auditor must comply with the Code of Ethics (Integrity, Objectivity, Confidentiality and Competency); Rules of Conduct and International Standards as prescribed in IIA’s IPPF.

Shared Service arrangement Internal Audit

The Internal Audit function is a service hosted by Yass Valley Council and shared with Palerang Council and Snowy River Shire Council through an agreement for Shared Services for the financial year 2015/2016. There is one professionally accredited Internal Auditor to provide the internal audit function service. For each Council, this work included setting up of the internal audit function including:

development of reports and audit related templates;

development of audit committee and internal audit charters;

preparation of reports to Council;

preparation of advertisements and EOI documentation for recruitment of external

audit committee members to each of the Councils;

providing administrative support and service to the three audit committees

throughout the year;

undertaking administrative activities in relation to the internal audit function; and

2 Consulting services are advisory in nature, and are generally performed at the specific request of an engagement client. The nature and scope of the consulting engagement are subject to agreement with the engagement client.


of 25

undertaking the scheduled internal audit work program.

The internal auditor prepared the inaugural strategic internal audit work program after discussion with each of the respective General Managers and their executive staff. In most cases, each of the General Managers and their executive selected at least one audit that was similar across all councils. This gave opportunity to identify best practice processes for similar activities to improve efficiency, economy and effectiveness and reduce risk; it also supported consistency and best practice in performance improvements.

Impacts of unanticipated State Government Fit for the Future submissions

From late October 2015 (after only 4 months of the internal audit work program), Directors, General Managers and management had had their own already heavy schedule of work impacted upon by external and operational activities, including position vacancies. One particular area of impact across all three Councils arose from the announcement of the proposed changes in the local government landscape. This included potential amalgamation of councils. Directors and General Managers had to prioritise their available time to deal with State Government tight timeframes for submissions. Each of these impacts caused delays to the internal audit program. For example, internal audit not being able to meet with key staff (due to vacancy in the position or competing demands) to discuss scope or requirements of the next audit or even to schedule an appropriate time to conduct the audit. As a consequence and with approval of the each of the General Managers and the respective Audit Committee, or in the case of Palerang its Audit and Risk Committee, changes to the internal audit work program was agreed and amended at each of the respective Committee’s March 2016 meeting. In the case of Yass Valley Council, this meant that a spot check and an audit were deferred. It was agreed that any outstanding audits would be rescheduled to the upcoming review of the strategic audit plan 2016/2017 anticipated to occur in the first quarter of the 2016/2017 financial year. Subsequent to this agreement, on 12 May 2016 the NSW Government proclaimed the amalgamation of Snowy River Shire Council, Bombala Shire Council and Cooma Monaro Shire Council into the new Council of Snowy Monaro Regional Council and Queanbeyan City Council and Palerang Council into the new Council of Queanbeyan Palerang Regional Council. The scheduled final meeting for Palerang Audit and Risk Committee was cancelled. This then meant that the work for the internal auditor was reduced for both the amalgamated councils (Snowy River and Palerang) and could be expanded for the remaining non amalgamated council Yass. The General Manager sought to effectively employ the internal auditor by involvement in Service Reviews. This work makes up the majority of available time until the end of the contract in June 2016. Work completed by the internal auditor for all the Councils included:

7 completed audits (2 deferred);


of 25

3 completed spot-checks (3 deferred);

Organisation and preparation of business papers and follow up recommendations of

audit committee from the14 quarterly audit committee meetings;

Development of 3 internal audit annual reports (not originally listed as part of the

work);

Specific management initiated requests to replace final audit.

Internal Audit Work

As well as conducting internal audits, the internal auditor provides an advisory and consultancy role to management and staff. The internal auditor works strategically to create increasing capability in the effective and efficient use of a limited resource within the internal audit function. The internal auditor must maintain currency in understanding of the trends and practices of the internal audit profession and to continue a program of proficiency and continuing professional development. This includes the enhancement of knowledge, skills and other competencies. For this year the internal auditor attended webinar meetings; Local Government Internal Audit Network meetings (LGIAN) as Chair of LGIAN; IIA Local Government Forum held annually and ACT IIA Chapter meetings and well as providing collegiate opportunities for sharing of information to internal audit colleagues.

Reporting

The internal audit activity must be independent and Internal Auditors must be objective in performing their work3. Objectivity is presumed to be impaired if an Internal Auditor provides assurances services for an activity for which the Internal Auditor had responsibility within the previous year4. There was no impairment for this year.

Audit Coverage and Planning

Internal audit’s overall audit objective is to provide an opinion which is positive and reasonable. Positive means that our opinion will be based on seeing evidence of adequate action. Reasonable means that there will be sufficient evidence underpinning our opinion to make it reliable. However, systems and processes audited or reviewed cannot be entirely guaranteed to be error free. Audit coverage can be achieved by a combination of strategic, operational and compliance audits. Strategic audits will focus on the extent to which risk management, control and governance arrangements are well directed, whilst performance audits will cover the extent to which these arrangements are working in practice, and compliance audits will assess the level of adherence to regulatory guidelines. However, as there is a small internal audit function with limited resources and time it meant that there were many challenges working on the different functional levels, commencing with strategic long term planning, development of a risk-based audit universe which is then translated into an annual work plan through to administrative, reporting and secretariat roles.

3 Attribute Standard 1100 of the IPPF. 4 Attribute Standard 1130.A1


of 25

Internal Audit took account of previous assessments of systems and processes, the length of time since specific systems have been reviewed, our knowledge of the strengths, weaknesses, opportunities and threats (both internal and external) and other sources of assurance such as external audit. Additionally, consultation was held with the General Manager and Directors to provide input into the selection of the internal audit program. Given that the shared service was only for one year and a comprehensive review of the audit universe was not undertaken, this should form a sound foundation step.

Types of Internal Audits undertaken during the year

In general, Council’s internal audit function undertook two types of audit.

1) Compliance audits – which assess whether the operation under review are complying with legislative requirements, government or entity policy and procedures and systems of internal control; and

2) Performance Improvement audits – which are aimed at improving the efficiency and effectiveness of the programme or operations under review.

Assessing performance provides accountability as well as helping to improve the efficiency and effectiveness of the internal audit function. To enable this assessment and to better understand the work performed by the Internal Auditor, the work completed has been divided into four categories5. These four categories are designed to reflect the actual work performed by Internal Auditor.

1) Internal Audits – includes reviews of policy, programmes, operations, internal controls, management information, governance frameworks and ICT systems as well as reviews of all the activities covered by Council, including compliance with relevant legislation;

2) Internal Audit Support Activities – all activities that support the Internal Audit function; that is, the Internal Audit Quarterly Status reports, the development and maintenance of the Internal Audit Strategic Plan, the development of an Internal Audit Annual Work Plan, development of annual Internal audit report to the Audit Committee, secretariat duties and support to the Audit Committee members, attendance at Local Government Internal Audit Network meetings, reporting to the Audit Committee, training and administration;

3) Consultancy activities – advice to staff and management on policy, procedures, processes, documentation and providing assistance as required as well as the provision of internal audit and fraud related training for Council staff; and

4) Non-Audit Activity – this covers all aspects of non-audit related work and meetings as well as participation in some non-specific audit activities. As the internal audit function as council has only a sole practitioner there may from time to time be a greater call on the Internal Auditor to become involved in non audit activity. This includes corporate training not specifically related to internal audit, and involvement in in-house programs for example the mentoring program.

Public Sector Internal Audit, An Investment in Assurance and Business Improvement, Better Practice Guide September 2007;

Australian National Audit Office page 2 5


of 25

Internal Audits completed during 2015/2016 at Yass Valley Council

Audit Name

Audit 1 ICAC Recommendations

Audit 2 Inventory Management

Spotcheck 1 Review Gifts and Benefits

Internal Audit Recommendations

All audit recommendations are followed up by the Internal Auditor and actions taken are reviewed. Any overdue recommendations are reported to the General Manager and followed up with the specific Directors. At each Audit Committee meeting, outstanding or overdue recommendations are reported and the reasons for the delay provided. Requests for extension to target dates are considered by the Audit Committee. It is pleasing to report that there were no instances of overdue recommendations for the period under review. Additionally, any request for reclassification of a category is also submitted to the Audit Committee for its deliberation. In issuing the Audit reports, recommendations are classified into three categories

1. CR1 – High priority recommendation. Requires addressing within 2 months and is assigned to the appropriate member of the Executive and discussed at Executive meetings.

2. CR2 – Medium priority recommendation. Requires addressing within 6 months and is assigned to the appropriate member of the Executive and the relevant manager.

3. CR3 – Low priority recommendation. Requires addressing within 12 months and is assigned to the appropriate manager.

Open Internal Audit Recommendations as at May 2016

Low Priority

Within 12 months to complete

Medium Priority


High Priority


Total

1 1 0 2

Aged Analysis – Open Internal Audit Recommendations as at May 2016

Days Since Report Issued Low Priority

Within12 months to complete

Medium Priority


High Priority


0 – 90 days 0 0 0

91 – 180 days 1 1 0

181 – 365 days 0 0 0

> 365 0 0 0


of 25

A good measure of the effectiveness of the audits is the acceptance of recommendations. The Internal Auditor works closely with each of the divisions which are the subject of performance audits and or compliance audits to ensure that recommendations made are practical and balanced. Listed below are the broad identified findings that have been found to be consistent in all internal audits undertaken since the introduction of the Internal Audit function in 2015. In all cases the internal audits have been undertaken for the first time;

continued improvement in effective internal controls;

continued improvement in administration management and controls;

effective documentation and update of Council policy.

Satisfaction

Internal Audit clients are provided, at the end of the audit, with an opportunity to comment on the way in which the audit was conducted and whether they felt that there was value provided to them. It is not mandatory that the client completes the survey; however they are given every encouragement to do so. The Survey has two parts, the importance that the client places upon the conducting of the audit – (low / medium / high) and the performance of the Internal Auditor from poor through to high level (rating of 1 through to 4).. Completed satisfaction surveys are presented to the Audit Committee.

Looking forward

The aim of internal audit is to assist Council to develop a sound system of internal control throughout all aspects of Council operations and achieve excellence in governance. This is an ongoing body of work with internal auditor continuing to working in a collaborative partnership with Council’s staff and management. 2015/2016 represented a year of introduction of the Internal Audit Function and its role and it is believed that the function did add value and was appreciated by management. It is pleasing to report that there is strong support and acceptance of the value-add that the internal audit function brings to Council in terms of ensuring that internal controls are in place to manage risk and minimise opportunities for poor performance and fraudulent or corrupt activity. It is expected that the internal audit function will be continue to add value and enhance the continuous improvement activities of the new Council. However, in order to do this effectively, an audit universe to capture operational, strategic and fraud and corruption risks must be undertaken and considered and dialogue and engagement with management to determine the strategic program of internal audit work to be conducted. In addition, a review of the Audit Committee Charter and the Internal Audit Charter should be undertaken. Further an increase in financial resources as well as human resources should be considered. I have enjoyed adding to best practice for the Yass Valley Council, enhancing understanding and acceptance of the valuable role of internal audit in governance and administration and thank all those with whom I worked for providing me with open and transparent dealings. Marg Nicholls Internal Auditor May 2016


of 25

Attachment 2

Annual Code of Ethics and Conflict of Interest Declaration Financial Year 2015–2016

Code of Ethics6

Principles

Internal auditors are expected to apply and uphold the following principles:

1. Integrity

The integrity of Internal Auditors establishes trust and thus provides the basis for reliance on their judgment.

2. Objectivity

Internal Auditors exhibit the highest level of professional objectivity in gathering, evaluating, and communicating information about the activity or process being examined. Internal auditors make a balanced assessment of all the relevant circumstances and are not unduly influenced by their own interests or by others in forming judgments.

3. Confidentiality

Internal Auditors respect the value and ownership of information they receive and do not disclose information without appropriate authority unless there is a legal or professional obligation to do so.

4. Competency

Internal Auditors apply the knowledge, skills, and experience needed in the performance of internal audit services.

Rules of Conduct

1. Integrity

Internal Auditors:

1.1. Shall perform their work with honesty, diligence, and responsibility.

1.2. Shall observe the law and make disclosures expected by the law and the profession.

1.3. Shall not knowingly be a party to any illegal activity, or engage in acts that are discreditable to the profession of internal auditing or to the organisation.

1.4. Shall respect and contribute to the legitimate and ethical objectives of the organisation.

2. Objectivity

Internal Auditors:

2.1. Shall not participate in any activity or relationship that may impair or be presumed to impair their unbiased assessment. This participation includes those activities or relationships that may be in conflict with the interests of the organisation.

2.2. Shall not accept anything that may impair or be presumed to impair their professional judgment.

2.3. Shall disclose all material facts known to them that, if not disclosed, may distort the reporting of activities under review.

3. Confidentiality

6 The International Professional Practices Framework (IPPF)issued by the Institute of Internal Auditors


of 25

Internal Auditors:

3.1. Shall be prudent in the use and protection of information acquired in the course of their duties.

3.2. Shall not use information for any personal gain or in any manner that would be contrary to the law or detrimental to the legitimate and ethical objectives of the organisation.

4. Competency

Internal Auditors:

4.1. Shall engage only in those services for which they have the necessary knowledge, skills, and experience.

4.2. Shall perform internal audit services in accordance with the International Standards for the Professional Practice of Internal Auditing.

4.3. Shall continually improve their proficiency and the effectiveness and quality of their services.

Conflict of Interest

Conflict of interest is a situation in which an Internal Auditor, who is in a position of trust, has a competing professional or personal interest. Such competing interests can make it difficult to fulfil his or her duties impartially. A conflict of interest exists even if no unethical or improper act results.

A conflict of interest can create an appearance of impropriety that can undermine confidence in the Internal Auditor, the Internal Audit activity, and the profession. A conflict of interest could impair an individual's ability to perform his or her duties and responsibilities objectively.

Internal Auditors are not to provide audit services for work for which they may previously have been responsible. The Institute of Internal Auditors provides guidance on this point and suggests a period of 12 months, but each instance should be carefully assessed.

When engaging internal audit service providers, the Chief Audit Executive shall take steps to identify, evaluate the significance, and manage any perceived or actual conflict of interest that may impinge upon internal audit work.

Instances of perceived or actual conflict of interest by Internal Auditors including service providers shall immediately be reported it to the Chair of the Audit Committee.

Declaration

I certify that I have conformed to the Code of Ethics and have no conflicts of interest for the period 1 July 2015 to 30 June 2016.

If an issue arises with my professional behaviour that is not in the spirit of the Code of Ethics, or if a conflict of interest should occur in the coming year 2016 to 2017, I shall immediately report it to the Chair of the Audit Committee.

Marg Nicholls PMIIA Internal Auditor May 2016


of 25

Attachment 3

Internal Audit Charter


of 25

internal audit annual report {&vyear.descr} · internal audit annual report 2015/2016 page 3 of...

Documents