Policy Title: Internal Audit Charter Part A Policy 1. Policy Statement 1.

1 Purpose The purpose of Internal Audit in the University is to assist the University Council, the University Audit, Compliance and Risk Committee (hereafter called the Audit Committee), and all members of management and staff in the effective discharge of their responsibilities through a process of systematic and independent audits. The Financial and Performance Management Standard 2009 (Qld) requires that the University develops and implements systems for ensuring its Internal Audit function operates efficiently, effectively and economically. Internal audits provide independent advice and assurance to the University Council, the Audit Committee and management that policies, operations, systems and procedures meet appropriate standards of effectiveness, efficiency and propriety. The Financial and Performance Management Standard 2009 (Qld) requires the Universitys Internal Audit function to operate under an Internal Audit Charter. 1.2 Objectives The objectives of Internal Audit are to provide independent advice and assurance to management that the policies, operations, systems and procedures for which they are responsible: comply with relevant legislation and standards (compliance); are carried out with optimum use of resources (economies and efficiency); and achieve the objectives specified in University Plans (effectiveness).

The objective of the Internal Audit Charter is to provide guidelines for the development and implementation of systems to ensure the Internal Audit function operates efficiently, effectively and economically. 2. Scope a) The scope of Internal Audit shall be sufficiently comprehensive to ensure the effective and regular review of all operational, financial and related activities. b) Internal audit coverage may extend to all areas of the University, including controlled entities, and encompasses financial, accounting, administrative and operational activities including compliance with relevant legislation and regulatory requirements.

Internal Audit Charter Page 1 of 5 PRINT WARNING Printed copies of this Document or part thereof should not be relied upon as a current reference document. ALWAYS refer to the electronic copy for the latest version.

CQUniversity CRICOS Provider Codes: QLD - 00219C; NSW - 01315F; VIC - 01624D

c) The extent and frequency of audits depends upon varying circumstances such as results of previous audit, relative risk associated with activities, materiality and the adequacy of systems of internal control. d) Internal Audit performs assurance services which involve an objective examination of evidence for the purpose of providing an independent assessment on risk management, control, or governance processes for the University. Examples may include financial, performance, compliance, system security, or due diligence engagements. e) Internal Audit may, at the request of the Audit Committee and management, perform consulting services to assist management in meeting its objectives. Examples may include counsel, facilitation, training, or advice. The following will be considered before deciding to include an activity (other than assurance services) in the scope of the function: Any real or perceived conflict of interest (actual or potential) or other limitation on Internal Audits ability to give independent advice on the Universitys operations. The potential for the activity to detract from Internal Audits obligations to the Audit Committee. The impact on the core Internal Audit functions. The availability of skills and knowledge required to effectively perform activities.

3. Definitions used in this Policy All terminology used within this policy is consistent with definitions in the Central Queensland University Glossary. 4. Legislation Financial Accountability Act 2009 (Qld) Financial and Performance Management Standard 2009 (Qld) 5. Policy Approval History Approved by: Council, 4 March 2002 Amendments Authorised by: Executive Director (Corporate Services), 8 April 2005, Council, 17 September 2009. 6. Policy Content 6.1 Operating principles The following operating principles are to be observed to ensure the effectiveness of Internal Audit:
Internal Audit Charter Page 2 of 5 PRINT WARNING Printed copies of this Document or part thereof should not be relied upon as a current reference document. ALWAYS refer to the electronic copy for the latest version.

CQUniversity CRICOS Provider Codes: QLD - 00219C; NSW - 01315F; VIC - 01624D

a) Confidentiality All the work of Internal Audit will be confidential to the University and will not be disclosed to third parties, except for external auditors, without both parties consent. b) Professionalism Audits are to be conducted with impartiality and integrity. The Professional Standards of the Institute of Chartered Accountants in Australia and the Institute of Internal Auditors are to be adhered to. c) Balance Audit reports must maintain an equitable balance between the need for efficiency within the University and the need for effective delivery of its service to students and other stakeholders. d) Risks v Benefits of Control The need for internal controls/quality controls is based on an assessment of the risk, potential benefits, and costs of such controls. Control must be adequate but also cost effective. e) Audit Quality Control Internal Audit quality control is provided by: Review of planning and final reports by the Audit Committee. Review of draft and final reports by responsible managers of the University. Internal Audit must ensure audit assignments are completed by suitably skilled, experienced and competent persons, with regular review of audit plans, working papers and reports.

6.2 Independence Internal Audit has independent and neutral status within the University and for that purpose: a) is directly responsible to the Audit Committee. b) has no executive or managerial powers, authorities, functions or duties except those relating to the Internal Audit function. c) is not involved in the day-to-day internal checking system of any division, faculty or business unit. d) is not responsible for the detailed development or implementation of new systems or procedures but should be consulted before such development commences, and be advised of approved variations or new developments. Any requests by management or the University Audit Committee to extend the scope of internal audit work will be considered in light of potential impact on the independent status of the Internal Audit function within the University.
Internal Audit Charter Page 3 of 5 PRINT WARNING Printed copies of this Document or part thereof should not be relied upon as a current reference document. ALWAYS refer to the electronic copy for the latest version.

CQUniversity CRICOS Provider Codes: QLD - 00219C; NSW - 01315F; VIC - 01624D

6.3 Audit Committee The University will operate and will support the Audit Committee in accordance with the Audit, Compliance and Risk Committee Terms of Reference. The University Audit Committee will receive and consider all reports issued by Internal Audit and ensure follow up action is performed by reviewing the outcome of directions or recommendations made, and progress on the Internal Audit Annual Operational Plan. 6.5 Internal Audit Process a) Planning and Establishment An Internal Audit Management Plan will be developed to provide an overall strategy for the Internal Audit function over a four year period. Annual Operational Plans will be aligned with the Internal Audit Management Plan. Internal Audit will consult with the External Auditor in developing the forward program of audits to ensure work is co-ordinated and may be relied upon for the external audit of year-end financial statements. Audit plans will be forwarded to the External Auditor for review prior to the commencement of internal audit work. Internal Audit will also consult with managers in developing the forward program of audits based on a preliminary risk evaluation. The Annual Operational Plan will be drawn-up from industry best practice in consultation with management and forwarded to the Audit Committee for approval and with due consideration to risk, materiality and essentiality. Plans for each audit will be discussed and where appropriate agreed with managers. Should any problem arise regarding the scope of an audit, the matter will be referred to executive management or the Audit Committee (as appropriate) for decision. Management Plans and Annual Operational Plans for Internal Audit will be approved by the University Audit Committee. b) Reporting Important issues will be discussed with responsible managers during the conduct of the audit. At the conclusion of the audit, exit interviews will be held after which audit reports of detailed findings and recommendations will be presented to relevant managers for comment. This report will reflect the matters discussed at the exit interview. Internal Audit will report directly to the Executive Director (Corporate Services) and the University Audit Committee. A copy of the executive summary and recommendations of reports, together with the managers comments, will be forwarded to the Executive Director (Corporate Services) and the Audit Committee, through the Committee Meeting Papers, to ensure they are kept informed of progress and results of audit. All reports will be presented in written form. c) Follow Up
Internal Audit Charter Page 4 of 5 PRINT WARNING Printed copies of this Document or part thereof should not be relied upon as a current reference document. ALWAYS refer to the electronic copy for the latest version.

CQUniversity CRICOS Provider Codes: QLD - 00219C; NSW - 01315F; VIC - 01624D

Executive management and Internal Audit will follow up the progress on implementation of approved audit recommendations, and report to appropriate managers and the Audit Committee accordingly. Progress reports will be periodically included in Audit Committee Meeting Papers. d) Progress and Performance Report Progress in achieving the Internal Audit Annual Operational Plan will be reported to the Audit Committee at least half yearly for review. 6.6 Access to Information Internal Audit has reasonable access to all relevant information, facilities and staff of the University. 6.7 Relationship with Managers and Staff Internal Audit is an independent function with direct operational responsibility to Executive Director (Corporate Services). Internal Audits primary role is to assist University Council and management in determining the adequacy of management controls and where necessary recommend changes. 6.8 Relationship with External Auditors Close liaison with the External Auditor will be maintained so as to ensure coordination of audit effort, maximum coverage and value for fees. Internal Audit will support the External Auditor to ensure that agreed core and extended procedures, which may be relied upon in the audit of year end financial statements, are performed in accordance with approved audit plans. Internal Audit working files and reports of findings will be available for review by the External Auditor on a periodic and timely basis. Internal Audit may consult with the External Auditor at any other times considered appropriate.

6.9 Review of Charter This charter will be reviewed by the Audit Committee in conjunction with staff of Internal Audit every three years, or sooner where considered necessary. The outcome of the review will be reported to the Audit Committee for endorsement.

Internal Audit Charter Page 5 of 5 PRINT WARNING Printed copies of this Document or part thereof should not be relied upon as a current reference document. ALWAYS refer to the electronic copy for the latest version.

CQUniversity CRICOS Provider Codes: QLD - 00219C; NSW - 01315F; VIC - 01624D