What is an internal audit?

It helps ACU accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, internal controls and governance processes.

Internal audit provides an objective review and advisory service to:

• assist in achieving a strong connection between risk management and internal audit and bring innovation to both, so that key risks are identified and assessed, furthering the institutional understanding of these risks and enhancing ACU's ability to 'control' them
• act as a partner on ACU's journey, understanding what is important to the business, and standing next to business areas to help build institutional capability and capacity to drive strategic change in an uncertain environment
• bring expertise, innovation and perspectives from beyond through internal audit, particularly in the areas of student experience and effective use of technology
• provide assurance to the Vice-Chancellor and the Audit and Risk Committee that ACU's financial and operational controls, designed to manage the organisation's risks, are operating in an efficient, effective and ethical manner.

Internal audit at ACU

Internal audit at ACU currently operates under an outsourced service delivery model and includes both financial and non-financial risk-based audits. Reporting directly to the Chair, Audit and Risk Committee and Company Secretary, the focus of internal audits includes, but are not limited to:

• reviewing the efficiency and effectiveness of internal controls, governance systems and processes, including those relating to corporate, academic, students, learning and teaching, and research functions of the University
• business continuity management and planning, critical incident management, disaster recovery and emergency response management systems, information technology and cyber-security risks, major projects, processes and practices
• assessing the economy, efficiency and effectiveness with which the University's resources are employed
• ascertaining compliance with legislative requirements, regulations and University policies and procedures
• recommending improvements in procedures and processes to enhance ACU's Risk Management Framework.

The governance, objectives, responsibilities and deliverables of internal audit are described in the following four documents:

1. The Internal Audit Charter developed in line with requirements of authorities including the Financial and Performance Management Standard 2009 (FPMS) and Standard 1000 of the Institute of Internal Auditors Professional Practices Framework (IPPF) which formally defines purpose, authority, and responsibility of an internal audit function.
2. The Internal Audit Policy reflects a commitment to provide an independent, objective assurance approach to evaluate and improve the effectiveness of risk management, control, and governance processes across Australian Catholic University (ACU)
3. The Internal Audit Procedures are practical guidelines under which ACU manages the internal audit function in combination with the Policy.
4. The Internal Audit Annual Work Plan outlines the internal audit activities, audit coverage prioritisation, annual work schedule, and the identified auditable areas to be covered within a three-year cycle.