Internal Audit Management Plan2011 – 2014 (Sep 2010 Revision)

Document Title: Internal Audit Management Plan 2011-2014 (Sep 2010 Revision) Approved by: Associate Director (Internal Audit)

Located at: \\rokfile\chnaudit$\3. Daniel\2010\Audit Administration\1. IA Management Plan

Date approved: 12 October 2010 Review date:

Authored / Administered: Daniel Nolan, Associate Director (Internal Audit) Version: FINAL

Internal Audit Management Plan 2011 – 2014 (Sep 2010 Revision)

TABLE OF CONTENTS

TABLE OF CONTENTS 1

CONTEXT OF MANAGEMENT PLAN 3 INTERNAL AUDIT 3LEGISLATIVE REQUIREMENT 3PLANNING PROCESS 3PURPOSE OF THIS DOCUMENT 3APPROVAL AND REVIEW 4

OUR CORE VALUES 6

OUR STRATEGIC FOCUS AREAS 7

OUR GOALS 8 AUDIT SERVICES 8RISK MANAGEMENT SERVICES 8AUDIT RESOURCES AND INFRASTRUCTURE 8AUDIT STANDARDS AND REQUIREMENTS 8COMMUNICATION 8

OUR STRATEGY 2011 – 2014 10 GOAL 1 AUDIT PLANNING 10GOAL 2 AUDIT REPORTING 11GOAL 3 ADVISORY SERVICES 12GOAL 4 RISK MANAGEMENT SERVICES 12GOAL 5 INTERNAL AUDIT OFFICE 13GOAL 6 WORK ENVIRONMENT 13GOAL 7 COMPLIANCE 14GOAL 8 COMMUNICATION WITH STAFF AND PEERS 14GOAL 9 COMMUNICATION WITH THE UNIVERSITY 15GOAL 10 AUDIT, COMPLIANCE AND RISK COMMITTEE COMMUNICATION 16

APPENDIX A ANNUAL PLANNING METHODOLOGY 17 AUDITABLE AREAS 17

RISK ASSESSMENT PROCESS 17AUDIT COVERAGE 19

APPENDIX B AUDITABLE AREAS 20 COMMERCIAL ACTIVITIES 20FACILITIES MANAGEMENT 20FINANCIAL OPERATIONS 20HUMAN RESOURCES 22INFORMATION SYSTEMS 22COMPLIANCE 23OPERATIONAL CONTINUITY 23REGIONAL AND OFF-SHORE CAMPUSES 23SERVICE DIVISIONS 24STUDENT ACTIVITIES 24TEACHING AND LEARNING ACTIVITIES 24RESEARCH AND RESEARCH TRAINING 25COMMUNITY ENGAGEMENT 25GOVERNANCE AND MANAGEMENT 25

APPENDIX C INTERNAL AUDIT PLAN (2011 -2014) 26

The Table of Contents is hyperlinked to the section headings and the page numbering can be automatically updated by the toggle fields. Do not update entire table, select update page numbers only. Refer to the cross-referencing feature in Microsoft Help for instructions.

4

CONTEXT OF MANAGEMENT PLAN

INTERNAL AUDIT

Internal Audit is an independent and objective appraisal function within CQUniversity. The function operates within a Charter approved by the Audit, Compliance and Risk Committee.

LEGISLATIVE REQUIREMENT

An Internal Audit Management Plan is required by the University Planning Policy, and is also prepared to ensure compliance with section 31(2)(a) of the Financial and Performance Management Standard 2009 (Qld) which states Internal Audit planning “must include the preparation of a strategic audit plan that provides an overall strategy for the internal audit function for a period of at least 1 year.”

PLANNING PROCESS

Internal Audit employs a three-tier planning process:

Management Plan – outlines objectives and strategies for a four year period; Operational Plan – operationalises the Management Plan for a one year period; Individual Audit Plans – developed for each audit performed.

PURPOSE OF THIS DOCUMENT

This document sets out the plan for the delivery of assurance to the University Council via the Audit, Compliance and Risk Committee on the framework of control operating in the University for the period 2011 – 2014 (inclusive).

The Plan is established to:

Contribute to the attainment of the University’s strategic goals; Focus Internal Audit attention on areas of high risk; Provide coverage of financial, compliance, operational and information technology areas on a cyclical basis; Provide direction for Internal Audit in the development of new techniques to assist audit efficiency and

effectiveness; Ensure that Internal Audit operates to achieve its responsibilities as documented in the Internal Audit Charter.

Chapter

1

4

APPROVAL AND REVIEW

The Plan will be reviewed by the Audit, Compliance and Risk Committee and recommended to the University Council for approval. An annual review of the Plan will be conducted in September each year to ensure it remains relevant and current. The Plan may be amended during the year if circumstances warrant such action and upon approval by the Audit, Compliance and Risk Committee.

5

OUR MISSION

Internal Audit’s purpose is to provide independent advice and assurance to University management on risk management, control and governance. This is achieved through the performance of systematic, professional and independent audits which measure and evaluate the:

efficiency; effectiveness; economy; and compliance

of controls and systems in achieving the University’s stated objectives.

Chapter

2

6

OUR CORE VALUES

The core values of the Internal Audit function are:

Independence

It is of paramount importance for the effective operation of the Internal Audit function that it operate independently of the structures and systems within the University that are essentially the clients of Internal Audit. Without both actual and perceived independence, Internal Audit lacks the ability to provide meaningful assurances to senior management and the Council of the University.

Balance

When reporting to management it is important that Internal Audit present neutral reports that focus on issues and solutions and are in no way personal or present a biased view of the real situation.

Integrity

The perception of Internal Audit must be one of integrity if Internal Audit is to have its views respected by management and the Council of the University.

Probity

Internal Audit must always be seen to act in a way that is free from the perception of corruption and wrongdoing. Without this, Internal Audit cannot speak with an authoritative voice.

Communication

Internal Audit must always seek to clearly define its objectives and the outcomes of audits performed. Internal Audit will only be effective in what it does by developing relationships with its clients based on openness and mutual respect.

Discretion

In order to be effective Internal Audit must establish its ability to be discrete about its findings. Without discretion, the University will not be open and communicate with Internal Audit in a meaningful way.

Chapter

3

7

OUR STRATEGIC FOCUS AREAS

Internal Audit’s five strategic focus areas for the period of this plan are:

1. Audit Services – financial, operational, compliance, information technology, investigative, consultative

2. Risk Management Services

3. Audit Resources and Infrastructure

4. Audit Standards and Requirements

5. Communication

Strategic goals and related performance indicators for each of these focus areas are discussed in Chapters 5 and 6.

The strategic focus areas detailed above, in conjunction with the scheduled program of audits, will assist the University achieve its strategic objectives as espoused in the CQUniversity Strategic Plan (2011 – 2014).

Chapter

4

9

OUR GOALS

To perform our mission, the Internal Audit function has identified the following goals:

AUDIT SERVICES

1. Maintain an effective audit planning process to best deliver meaningful and responsive internal auditing services to the University.

2. Provide evidence-based audit reports that are objective, with constructive appraisals that can be relied upon, and that add value by improving processes, enhancing the system of internal control and/or achieving significant cost savings.

3. Contribute value through advisory services that prevent potential problems through a proactive auditing approach, and leverage audit coverage given limited resources. Effective performance of this advisory role helps (a) communicate management’s philosophy, vision and objectives on internal control throughout the University, and (b) convey Internal Audit’s presence.

RISK MANAGEMENT SERVICES

4. Contribute to the enhancement of a risk management culture by providing leadership and advice to the University on risk identification, assessment and management.

AUDIT RESOURCES AND INFRASTRUCTURE

5. Provide an Internal Audit office for delivery of audit and advisory services by professional, skilled, knowledgeable, experienced, and reliable audit personnel.

6. Establish an effective work environment by identifying opportunities to improve productivity, quality, and efficiency through technology and facilities.

AUDIT STANDARDS AND REQUIREMENTS

7. Comply with standards, requirements, policies, rules impacting Internal Audit as promulgated by relevant governmental, institutional or other professional bodies.

COMMUNICATION

Chapter

5

9

8. Facilitate effective communication within the Internal Audit office and with peers to maintain a high level of professional knowledge.

9. Use effective communication with management, clients, and other stakeholders to improve working relations and increase awareness of the audit function.

10. Maintain a functional relationship with members of the Audit, Compliance and Risk Committee.

16

OUR STRATEGY 2011 – 2014

GOAL 1 AUDIT PLANNING

Strategies:

The annual audit plan to be based on a formal risk assessment process, and reassessed/updated through the year (as considered necessary). Scheduled high risk areas to be completed as planned. (S1)

The risk assessment and resulting annual audit plan to be aligned with the University’s strategic goals and objectives. The Internal Audit function will endeavour to continually identify opportunities to further align audit activity with the University’s objectives. (S2)

The annual audit plan is to meet the needs of major stakeholders/senior management. Input from stakeholders/senior management to be obtained through interviews, risk surveys, and other feedback mechanisms. Participation of management in setting individual audit scopes will provide opportunity for Internal Audit to educate management on their internal control responsibilities. (S3)

The annual audit plan to include new systems, significant business projects, consulting activities, investigations and special requests. (S4)

The areas covered in the annual audit plan to provide coverage across the University. The audit universe and risk assessment to be reviewed to identify neglected areas. (S5)

Flexibility to be built into the annual audit plan. A sufficient number of hours to be reserved for special requests and audit assistance so that no audits covering high risks need to be postponed. (S6)

Key Performance Indicator Related Strategy Target

Risk assessment process performed. S1 By Oct 31 each year.

Number of planning questionnaires sent/interviews undertaken.

S3 All executive management and organisational unit management.

Audit universe reviewed. S5 By Oct 31 each year.

Chapter

6

16

Key Performance Indicator Related Strategy Target

Time allocated for special requests. S6 10% of available hours.

All high risk areas are completed as planned. S6 100%

Percentage of audit plan completed. S6 90%

GOAL 2 AUDIT REPORTING

Strategies:

Audit reports to be timely – within 10 working days from end of fieldwork to draft report, within 10 working days from draft report to final report. (S1)

Continual review of report design to include exploring the use of condensed reporting or other formats to increase functionality and value of audit reporting. (S2)

Follow-up activities to be conducted to determine implementation of recommendations. (S3)

Key Performance Indicator Related Strategy Target

Number of audit reports issued. S1 Ten each year per Senior Auditor.

Percentage of audits where time from end of fieldwork to draft report exceeded 10 working days.

S1 < 10%

Percentage of audits where time from draft report to final report exceeded 10 working days.

S1 < 10 %

Percentage of audit matters accepted by audit clients (by category – High, Medium, Low).

S3 > 90%

Follow-up activities performed. S3 Quarterly.

16

GOAL 3 ADVISORY SERVICES

Strategies:

Auditors to be available to participate in committees/working parties where controls are discussed. (S1)

Auditors to be involved at an early stage in strategic efforts where controls and quality processes are deliberated. Auditors to lend their expertise in the planning stages of projects or systems to help in mitigating risks before the projects or systems become operational. (S2)

Auditors to be available to provide assistance upon request. (S3)

Internal Audit to establish a control self-assessment program for the University. This aims to extend audit coverage, while educating the University community on policies, procedures, regulations and internal control responsibilities. (S4)

Key Performance Indicator Related Strategy Target

Number of management requests for audit actioned.

S3 80% of requests.

Control self-assessment program established. S4 Dec 31, 2010.

GOAL 4 RISK MANAGEMENT SERVICES

Strategies:

Provision of assurance on the risk management processes. (S1)

Provision of assurance that risks are correctly evaluated. (S2)

Evaluation of risk management processes. (S3)

Evaluation of reporting of key risks. (S4)

Review of the management of key risks. (S5)

Key Performance Indicator Related Strategy Target

Regular review performed. S1-5 Annually.

16

GOAL 5 INTERNAL AUDIT OFFICE

Strategies:

Strategic planning to be performed to foster continuous improvement. The Management Plan to be reviewed regularly. (S1)

Staff development to be encouraged by ensuring on average 40 hours a year for full-time auditors. (S2)

Certification of audit staff to be supported. (S3)

Membership and participation in professional organisations to be promoted. (S4)

Outside experts to be used as needed. (S5)

Staff to be provided with performance feedback and positive performance to be recognised and rewarded. (S6)

Key Performance Indicator Related Strategy Target

Internal Audit Management Plan reviewed. S1 By Oct 31 each year.

Hours of staff development per auditor. S2 40 hours on average per year.

Number of certified staff members. S3 All permanent staff.

Hours of external expert time utilised. S5 As required.

Formal provision of feedback through PRPD process.

S6 Annually.

GOAL 6 WORK ENVIRONMENT

Strategies:

Staff to be educated in the use of available resources, and current audit tools. (S1)

Explore automating audit workpapers and scanning supporting documents. Available automated options to be reviewed. (S2)

The use of on-line or web-based control self assessments (CSAs), with links to policies and procedures, to be investigated. (S3)

Office space and equipment needs to be evaluated. (S4)

16

Key Performance Indicator Related Strategy Target

Hours of training provided. S1 As required.

Review of available audit software performed. S2 Dec 31, 2010.

Investigation of on-line CSAs performed. S3 Dec 31, 2010.

Evaluation performed. S4 By Sep 30 each year.

GOAL 7 COMPLIANCE

Strategies:

The Internal Audit Charter that addresses Internal Audit’s role and mandate to be maintained. The charter to be reviewed and authorised by the Audit, Compliance and Risk Committee. (S1)

The Internal Audit Policies and Procedures Manual to be maintained. The Manual to be reviewed and updated to reflect changes to practices or requirements. (S2)

An external quality assurance review to be performed. (S3)

Quality assurance techniques to ensure compliance to be further developed. (S4)

Key Performance Indicator Related Strategy Target

Internal Audit Charter reviewed. S1 Every three years.

Internal Audit Policies and Procedures Manual reviewed.

S2 By Mar 31 every second year.

External quality assurance review performed. S3 At least once every five years.

GOAL 8 COMMUNICATION WITH STAFF AND PEERS

Strategies:

Participation in professional email lists to be encouraged. (S1)

Regular attendance at meetings/conferences of professional audit organisations/networks to be supported. (S2)

Key Performance Indicator Related Strategy Target

16

Number of audit organisation meetings/ conferences attended.

S2 All ANZUIAG/QTEAN opportunities.

GOAL 9 COMMUNICATION WITH THE UNIVERSITY

Strategies:

The progress of audits to be communicated to audit clients to keep them abreast of issues needing their attention. (S1)

Internal Audit’s Management Plan to be communicated to appropriate management personnel and clients to improve relations. (S2)

A working relationship with External Audit to be maintained. Internal Audit to be apprised of and involved, to the extent appropriate, in External Audit activities. (S3)

The Internal Audit web site to be used to facilitate two-way communication, including a survey form to be made available online to obtain feedback from clients on the quality of Internal Audit activities. (S4)

An audit brochure or pamphlet to be developed and used to answer general questions about Internal Audit at the University. (S5)

Regular communication to be established with audit clients to identify needs, potential audit issues and changes to risks, as well as to obtain feedback. Internal Audit staff to hold regular meetings with University management. (S6)

Key Performance Indicator Related Strategy Target

Mid-point meetings undertaken with audit clients.

S1 All audits scheduled for > 10 days.

Email issued by University Secretary and Director (Vice-Chancellor & President’s Division) to University management.

S2 By Dec 31 each year.

Consultation undertaken with External Audit in developing annual plan.

S3 By Oct 31 each year.

Survey form available online. S4 Completed.

Marketing material developed. S5 Completed.

16

Key Performance Indicator Related Strategy Target

Number of communication meetings undertaken with University management.

S6 Quarterly.

GOAL 10 AUDIT, COMPLIANCE AND RISK COMMITTEE COMMUNICATION

Strategies:

The Associate Director (Internal Audit) to attend Audit, Compliance and Risk Committee meetings. (S1)

The Audit, Compliance and Risk Committee to review and approve the Internal Audit Operational Plan. (S2)

The Associate Director (Internal Audit) to meet privately and informally with the members of the Audit, Compliance and Risk Committee to build trust and provide context about the Internal Audit function and its relationship with University management. (S3)

The Associate Director (Internal Audit) to report current risks, major activities, key findings and issues to meetings of the Audit, Compliance and Risk Committee. (S4)

The Associate Director (Internal Audit) to have unrestricted access to the Chair of the Audit, Compliance and Risk Committee. (S5)

Key Performance Indicator Related Strategy Target

Number of Committee meetings attended. S1 All scheduled Committee meetings.

Plan reviewed and approved by Committee. S2 By Nov 30 each year.

Number of private meetings undertaken by Associate Director (Internal Audit) and the Committee members.

S3 All scheduled Committee meetings.

Number of reports presented to the Committee. S4 All scheduled Committee meetings.

17

APPENDIX A ANNUAL PLANNING METHODOLOGY

AUDITABLE AREAS

The operations of the University are allocated to ‘auditable areas’. These auditable areas were identified by Internal Audit based on research, professional judgment, and experience of University operations.

These auditable areas are then assessed to determine a level of risk.

RISK ASSESSMENT PROCESS

Each of the auditable areas is assessed using professional judgement and experience based on the following criteria:

a) Management and control effectiveness – consideration is given to the: existence and quality of documentation of objectives and procedures; adequacy of staff training; adequacy of management reporting; existence of segregation of duties; existence of appropriate audit trails; actual incidence of fraud or loss; quality of systems implementation.

b) Size and materiality – consideration is given to the: asset size, turnover, liquidity, transaction volume; number of staff; turnover of staff.

c) System characteristics – consideration is given to the: evidence of continuity/coherence in multi-phased procedures; existence of ownership and/or accountability; existence of a focused system; level of reliance on other systems; degree of complexity in the system; stability of the system; distance from senior management; management of change.

Chapter

7

19

d) Organisational change – consideration is given to the: frequency of change in management personnel; staff knowledge of objectives and responsibilities; level of morale.

e) Potential for revenue/cost benefit – consideration is given to the: level of asset/staff utilisation; staff workload; speed of decision making processes; existence of adequate planning; existence of adequate management information systems and debt management.

For each criterion above, a score of 1 to 9 is allocated:1 = low risk5 = moderate risk9 = high risk (or not known)

The score for each criterion for each auditable area is totalled (ranging from 5 to 45). Risk rankings are then assigned as follows:

5 to 18 = low risk19 to 32 = moderate risk33 to 45 = high risk

Where more than one auditable area has the same score, the following additional risk factors are considered, to assist in the prioritisation of audits:

f) Visibility of the system – consideration is given to the: existence of adverse media (or potential for it); existence of external reviews/audits (eg. AUQA, QAO); number of public complaints (eg. Ombudsmen, CMC); existence of adverse court rulings.

g) Time since last audit review performed in current year (score – 1); review performed in current year minus 1 (score – 3); review performed in current year minus 2 (score – 5); review performed in current year minus 3 (score – 7).

Note – an additional point is added to the score if significant matters were identified at the last review, or if earlier audit matters were not addressed by the last review.

h) Policy/Legislative requirements no requirements (score – 1); University policy requirements (score – 5); legislative requirements (score – 9).

i) Impact on strategic/operational goals – consideration is given to the: Frequency of expenditure outside of the approved University plan(s); Failure to implement programmes that are part of the University plan(s).

19

AUDIT COVERAGE

Internal Audit is concerned with all aspects of the University’s operations. Our objective is to audit each auditable area (except those classified as low risk) at least once every four years where resources permit. Areas of high risk may be audited more frequently.

20

APPENDIX B AUDITABLE AREAS

The following are the key identified auditable areas that make up the University’s operations: COMMERCIAL ACTIVITIES

Co-operative research centres Bookshop Community Sports Centre Capricornia College Travel Crew Press English Language Centre

FACILITIES MANAGEMENT

Facilities assistance centre Environmental planning and management (including energy and water management) Consultant management Fleet management Security Grounds Maintenance (eg. plumbing, carpentry, electrical work, planning/scheduling) Strategic asset management Capital development and capital budget Project management Space management

FINANCIAL OPERATIONS

Assets: o Deferred tax assetso Casho Receivableso Investmentso Inventorieso Other current assets

Chapter

8

25

o Property, plant and equipmento Intangibles

25

Liabilities:o Tax liabilitieso Clearing accounts – Othero Clearing accounts – Staffo Provisionso Creditors and borrowingso Student fee liabilitieso Revenue received in advanceo Other liabilities

Equityo Outside equity interestso Market value gaino Reserves

Revenueo Student feeso Fees and chargeso Donations and bequestso Grantso Investment incomeo Saleso Scholarships and prizeso Accumulated depreciation adjustmento Internal asset transfer adjustmento Inventory tradingo Other revenueso Revaluation incremento Transfers

Expenseso Revaluation decremento Outside equity interestso Salary expenditureo Non-salary expenditureo Depreciation expenses

Cash – Handling and Banking Property, plant and equipment stocktakes Resource allocation, planning and budgeting processes Access to PeopleSoft Financials Reportable gifts and special payments Insurance activities Financial statements – Production/Review Salary sacrifice packaging Procurement Travel Card Usage Procurement Card Usage

25

HUMAN RESOURCES

Workforce planning renewal Recruitment and selection Staff induction, orientation and probation Salaries, superannuation and leave Performance management Staff development – training Staff development – study Staff disputes and grievances End-of-employment activities Access to Alesco and information Equity Health, safety and workers compensation

INFORMATION SYSTEMS

IT projects Plan and organise

o Define a strategic IT plan and directiono Define the information architectureo Determine technological directiono Define the IT processes, organisation and relationshipso Manage the IT investmento Communicate management aims and directiono Manage IT human resourceso Manage qualityo Assess and manage IT riskso Manage projects

Acquire and implemento Identify automated solutionso Acquire and maintain application softwareo Acquire and maintain technology infrastructureo Enable operation and useo Procure IT resourceso Manage changeo Install and accredit solutions and changes

Deliver and supporto Define and manage service levelso Manage third-party serviceso Manage performance and capacityo Ensure continuous serviceo Ensure systems securityo Identify and allocate costso Educate and train userso Manage service desk and incidents

25

o Manage the configurationo Manage problemso Manage datao Manage the physical environmento Manage operations

Monitor and evaluateo Monitor and evaluate IT processeso Monitor and evaluate internal controlo Ensure regulatory complianceo Provide IT governance

COMPLIANCE

Education Services for Overseas Students (ESOS) Act Statutory Bodies Financial Arrangements Act Financial Accountability Act Information Standard 40 – Recordkeeping Half-Yearly Investments and Registers Review Business Continuity Planning – IT Assets National Governance Protocols National Acceptance Protocols Legislative compliance - general University policy compliance – general

OPERATIONAL CONTINUITY

Business continuity managemento Crisis managemento Disaster recoveryo Business continuityo Restoration/recovery

Preventative measures – systems Preventative measures – facilities Incident management

REGIONAL AND OFF-SHORE CAMPUSES

Mackay campus Emerald campus Gladstone campus Bundaberg campus Singapore campus

SERVICE DIVISIONS

25

Library and Academic Learning services Office of Research Vice-Chancellor & President’s Division Public relations and marketing Development and graduate relations

STUDENT ACTIVITIES

Admissions Enrolments Student records Access to CQUcentral Student financials Timetabling Examinations and assessment Graduations Student services Nulloo Yumbah Scholarship administration Prize administration Planning student numbers Academic misconduct and exclusions Customer relationship management software Student recruitment practices

TEACHING AND LEARNING ACTIVITIES

Student assessment and grading Student profile Student progress Curriculum and courses Teaching staff Quality of teaching and learning Learning resources – library and educational technology Learning support Student grievances and appeals Leadership and management of teaching and learning Program and course review/development

25

RESEARCH AND RESEARCH TRAINING

Commissioned research Ethics Quality Human resources/People management Institutional Collaboration Accessibility Intellectual property management Supervision of HDR students HDR students Identification and management of research opportunities Preparation of research applications – Costing and pricing Management of research grant income and expenditure Commercialisation of research

COMMUNITY ENGAGEMENT

Collaborative research with local industries Development of academic programs in partnership with local organisations Community service learning for students Consultancy services for local communities Community involvement with institution affairs

GOVERNANCE AND MANAGEMENT

Governance (incl. Council oversight) Leadership Planning Management Academic governance Risk management Ethics Information (incl. privacy, records management, right to information) Management reporting Quality assurance practices Contract processes/management (eg. cleaning, stationery, printing) Policy documentation

26

APPENDIX C INTERNAL AUDIT PLAN (2011 -2014)

The table below outlines the internal audits proposed to be included in the Operational Plan for 2011 and anticipated audits for 2012 – 2014 (inclusive). The exact scope and time required for each audit will be agreed with management and documented in detail prior to the commencement of audit fieldwork.

No. Audit Title 2011 2012 2013 2014

Commercial Activities

1. Co-operative research centres

2. Bookshop

3. Community Sports Centre

4. Capricornia College

5. Travel Crew

6. Press

7. English Language Centre

Facilities Management

8. Facilities assistance centre

9. Environmental planning/ management

10. Consultant management

11. Fleet management

12. Security

13. Grounds

Chapter

9

36

36

No. Audit Title 2011 2012 2013 2014

14. Maintenance

15. Strategic asset management

16. Capital development/capital budget

17. Project management

18. Space management

Financial Operations

Assets:

19. o Deferred tax assets

20. o Cash

21. o Receivables

22. o Investments

23. o Inventories

24. o Other current assets

25. o Property, plant and equip.

26. o Intangibles

Liabilities:

27. o Tax liabilities

28. o Clearing accounts – Other

29. o Clearing accounts – Staff

30. o Provisions

31. o Creditors and borrowings

32. o Student fee liabilities

36

No. Audit Title 2011 2012 2013 2014

33. o Revenue received in advance

34. o Other liabilities

Equity:

35. o Outside equity interests

36. o Market value gain

37. o Reserves

Revenue:

38. o Student fees

39. o Fees and charges

40. o Donations and bequests

41. o Grants

42. o Investment income

43. o Sales

44. o Scholarships and prizes

45. o Accumulated depreciation adjustment

46. o Internal asset transfer adjustment

47. o Inventory trading

48. o Other revenues

49. o Revaluation increment

50. o Transfers

Expenses:

51. o Revaluation decrement

52. o Outside equity interests

36

No. Audit Title 2011 2012 2013 2014

53. o Salary expenditure

54. o Non-salary expenditure

55. o Depreciation expenses

Other:

56. Cash – Handling and banking

57. PPE stocktakes

58. Resource allocation, planning and budgeting processes

59. Access to PeopleSoft Financials

60. Reportable gifts and special payments

61. Insurance activities

62. Financial statements – Production/ Review

63. Salary sacrifice packaging

64. Procurement

65. Travel card usage

66. Procurement card usage

67. Mobile phone usage

Human Resources

68. Workforce planning and renewal

69. Recruitment and selection

70. Staff induction, orientation and probation

71. Salaries, superannuation and leave

72. Performance management

36

No. Audit Title 2011 2012 2013 2014

73. Staff development – training

74. Staff development – study

75. Staff disputes and grievances

76. End-of-employment activities

77. Access to ALESCO and information

78. Equity

79. Health, safety and workers compensation

Information Systems

80. IT projects

Plan and Organise:

81. o Define the strategic IT plan and direction

82. o Define the information architecture

83. o Determine technological direction

84. o Define the IT processes, org’n and relationships

85. o Manage the IT investment

86. o Communicate management aims and direction

87. o Manage IT human resources

88. o Manage quality

89. o Assess and manage IT risks

90. o Manage projects

36

No. Audit Title 2011 2012 2013 2014

Acquire and Implement:

91. o Identify automated solutions

92. o Acquire and maintain application software

93. o Acquire and maintain technology infrastructure

94. o Enable operation and use

95. o Procure IT resources

96. o Manage changes

97. o Install and accredit solutions and changes

Deliver and Support:

98. o Define and manage service levels

99. o Manage third-party services

100.

o Manage performance and capacity

101.

o Ensure continuous service

102.

o Ensure systems security

103.

o Identify and allocate costs

104.

o Educate and train users

105.

o Manage service desk and incidents

106.

o Manage the configuration

107.

o Manage problems

108.

o Manage data

109.

o Manage the physical environment

110.

o Manage operations

36

No. Audit Title 2011 2012 2013 2014

Monitor and Evaluate:

111.

o Monitor and evaluate IT processes

112.

o Monitor and evaluate internal control

113.

o Ensure regulatory compliance

114.

o Provide IT governance

Compliance

115.

Education Services for Overseas Students (ESOS) Act

116.

Statutory Bodies Financial Arrangements Act

117.

Financial Accountability Act

118.

Information Standard 40 - Recordkeeping

119.

Half-Yearly Investments and Registers Review

120.

Business Continuity Planning – IT Assets

121.

Legislative compliance – general

122.

University policy compliance – general

Operational Continuity

123.

Business continuity management

124.

Incident management

36

Regional and Off-Shore Campuses

125.

Mackay campus

126.

Emerald campus

36

No. Audit Title 2011 2012 2013 2014

127.

Gladstone campus

128.

Bundaberg campus

129.

Singapore campus

Service Divisions

130.

Library and Academic Learning services

131.

Office of Research

132.

Vice-Chancellor & President’s Division

133.

Public relations and marketing

134.

Development and graduate relations

Student Activities

135.

Admissions

136.

Enrolments

137.

Student records

138.

Access to CQUcentral

139.

Timetabling

140.

Examinations and assessment

36

141.

Graduations

142.

Student services

143.

Nulloo Yumbah

144.

Scholarship administration

36

No. Audit Title 2011 2012 2013 2014

145.

Prize administration

146.

Planning student numbers

147.

Academic misconduct and exclusions

148.

CRM software

149.

Student recruitment practices

Teaching and Learning Activities

150.

Student assessment and grading

151.

Student profile

152.

Student progress

153.

Curriculum and courses

154.

Teaching staff

155.

Quality of teaching and learning

156.

Learning resources – library and educational technology

157.

Learning support

158.

Student grievances and appeals

159.

Leadership and management of teaching and learning

36

160.

Program and course review/ development

Research and Research Training

161.

Commissioned research

162.

Ethics

163.

Institutional

36

No. Audit Title 2011 2012 2013 2014

164. Collaboration

165. Accessibility

166. Intellectual property management

167. HDR students (incl. supervision)

168. Identification and management of research opportunities

169. Preparation of research applications – Costing and pricing

170. Management of research grant income and expenditure

171. Commercialisation of research

Community Engagement

172. Collaborative research with local industries

173. Development of academic programs in partnership with local organisations

174. Community service learning for students

175. Consultancy services for local communities

176. Community involvement with institution affairs

Governance and Management

177. Governance (incl. Council oversight)

178. Leadership

179. Planning

180. Management

181. Academic governance

36

No. Audit Title 2011 2012 2013 2014

182. Risk management

183. Ethics

184. Information (incl. privacy, records management, right to information)

185. Management reporting

186. Quality assurance practices

187. Contract processes/management

188. Policy documentation/environment