report - home - cquniversity · web viewthe audit universe and risk assessment to be reviewed to...
TRANSCRIPT
Internal Audit Management Plan2011 – 2014 (Sep 2010 Revision)
Document Title: Internal Audit Management Plan 2011-2014 (Sep 2010 Revision) Approved by: Associate Director (Internal Audit)
Located at: \\rokfile\chnaudit$\3. Daniel\2010\Audit Administration\1. IA Management Plan
Date approved: 12 October 2010 Review date:
Authored / Administered: Daniel Nolan, Associate Director (Internal Audit) Version: FINAL
Internal Audit Management Plan 2011 – 2014 (Sep 2010 Revision)
TABLE OF CONTENTS
TABLE OF CONTENTS 1
CONTEXT OF MANAGEMENT PLAN 3 INTERNAL AUDIT 3LEGISLATIVE REQUIREMENT 3PLANNING PROCESS 3PURPOSE OF THIS DOCUMENT 3APPROVAL AND REVIEW 4
OUR CORE VALUES 6
OUR STRATEGIC FOCUS AREAS 7
OUR GOALS 8 AUDIT SERVICES 8RISK MANAGEMENT SERVICES 8AUDIT RESOURCES AND INFRASTRUCTURE 8AUDIT STANDARDS AND REQUIREMENTS 8COMMUNICATION 8
OUR STRATEGY 2011 – 2014 10 GOAL 1 AUDIT PLANNING 10GOAL 2 AUDIT REPORTING 11GOAL 3 ADVISORY SERVICES 12GOAL 4 RISK MANAGEMENT SERVICES 12GOAL 5 INTERNAL AUDIT OFFICE 13GOAL 6 WORK ENVIRONMENT 13GOAL 7 COMPLIANCE 14GOAL 8 COMMUNICATION WITH STAFF AND PEERS 14GOAL 9 COMMUNICATION WITH THE UNIVERSITY 15GOAL 10 AUDIT, COMPLIANCE AND RISK COMMITTEE COMMUNICATION 16
APPENDIX A ANNUAL PLANNING METHODOLOGY 17 AUDITABLE AREAS 17
RISK ASSESSMENT PROCESS 17AUDIT COVERAGE 19
APPENDIX B AUDITABLE AREAS 20 COMMERCIAL ACTIVITIES 20FACILITIES MANAGEMENT 20FINANCIAL OPERATIONS 20HUMAN RESOURCES 22INFORMATION SYSTEMS 22COMPLIANCE 23OPERATIONAL CONTINUITY 23REGIONAL AND OFF-SHORE CAMPUSES 23SERVICE DIVISIONS 24STUDENT ACTIVITIES 24TEACHING AND LEARNING ACTIVITIES 24RESEARCH AND RESEARCH TRAINING 25COMMUNITY ENGAGEMENT 25GOVERNANCE AND MANAGEMENT 25
APPENDIX C INTERNAL AUDIT PLAN (2011 -2014) 26
The Table of Contents is hyperlinked to the section headings and the page numbering can be automatically updated by the toggle fields. Do not update entire table, select update page numbers only. Refer to the cross-referencing feature in Microsoft Help for instructions.
4
CONTEXT OF MANAGEMENT PLAN
INTERNAL AUDIT
Internal Audit is an independent and objective appraisal function within CQUniversity. The function operates within a Charter approved by the Audit, Compliance and Risk Committee.
LEGISLATIVE REQUIREMENT
An Internal Audit Management Plan is required by the University Planning Policy, and is also prepared to ensure compliance with section 31(2)(a) of the Financial and Performance Management Standard 2009 (Qld) which states Internal Audit planning “must include the preparation of a strategic audit plan that provides an overall strategy for the internal audit function for a period of at least 1 year.”
PLANNING PROCESS
Internal Audit employs a three-tier planning process:
Management Plan – outlines objectives and strategies for a four year period; Operational Plan – operationalises the Management Plan for a one year period; Individual Audit Plans – developed for each audit performed.
PURPOSE OF THIS DOCUMENT
This document sets out the plan for the delivery of assurance to the University Council via the Audit, Compliance and Risk Committee on the framework of control operating in the University for the period 2011 – 2014 (inclusive).
The Plan is established to:
Contribute to the attainment of the University’s strategic goals; Focus Internal Audit attention on areas of high risk; Provide coverage of financial, compliance, operational and information technology areas on a cyclical basis; Provide direction for Internal Audit in the development of new techniques to assist audit efficiency and
effectiveness; Ensure that Internal Audit operates to achieve its responsibilities as documented in the Internal Audit Charter.
Chapter
1
4
APPROVAL AND REVIEW
The Plan will be reviewed by the Audit, Compliance and Risk Committee and recommended to the University Council for approval. An annual review of the Plan will be conducted in September each year to ensure it remains relevant and current. The Plan may be amended during the year if circumstances warrant such action and upon approval by the Audit, Compliance and Risk Committee.
5
OUR MISSION
Internal Audit’s purpose is to provide independent advice and assurance to University management on risk management, control and governance. This is achieved through the performance of systematic, professional and independent audits which measure and evaluate the:
efficiency; effectiveness; economy; and compliance
of controls and systems in achieving the University’s stated objectives.
Chapter
2
6
OUR CORE VALUES
The core values of the Internal Audit function are:
Independence
It is of paramount importance for the effective operation of the Internal Audit function that it operate independently of the structures and systems within the University that are essentially the clients of Internal Audit. Without both actual and perceived independence, Internal Audit lacks the ability to provide meaningful assurances to senior management and the Council of the University.
Balance
When reporting to management it is important that Internal Audit present neutral reports that focus on issues and solutions and are in no way personal or present a biased view of the real situation.
Integrity
The perception of Internal Audit must be one of integrity if Internal Audit is to have its views respected by management and the Council of the University.
Probity
Internal Audit must always be seen to act in a way that is free from the perception of corruption and wrongdoing. Without this, Internal Audit cannot speak with an authoritative voice.
Communication
Internal Audit must always seek to clearly define its objectives and the outcomes of audits performed. Internal Audit will only be effective in what it does by developing relationships with its clients based on openness and mutual respect.
Discretion
In order to be effective Internal Audit must establish its ability to be discrete about its findings. Without discretion, the University will not be open and communicate with Internal Audit in a meaningful way.
Chapter
3
7
OUR STRATEGIC FOCUS AREAS
Internal Audit’s five strategic focus areas for the period of this plan are:
1. Audit Services – financial, operational, compliance, information technology, investigative, consultative
2. Risk Management Services
3. Audit Resources and Infrastructure
4. Audit Standards and Requirements
5. Communication
Strategic goals and related performance indicators for each of these focus areas are discussed in Chapters 5 and 6.
The strategic focus areas detailed above, in conjunction with the scheduled program of audits, will assist the University achieve its strategic objectives as espoused in the CQUniversity Strategic Plan (2011 – 2014).
Chapter
4
9
OUR GOALS
To perform our mission, the Internal Audit function has identified the following goals:
AUDIT SERVICES
1. Maintain an effective audit planning process to best deliver meaningful and responsive internal auditing services to the University.
2. Provide evidence-based audit reports that are objective, with constructive appraisals that can be relied upon, and that add value by improving processes, enhancing the system of internal control and/or achieving significant cost savings.
3. Contribute value through advisory services that prevent potential problems through a proactive auditing approach, and leverage audit coverage given limited resources. Effective performance of this advisory role helps (a) communicate management’s philosophy, vision and objectives on internal control throughout the University, and (b) convey Internal Audit’s presence.
RISK MANAGEMENT SERVICES
4. Contribute to the enhancement of a risk management culture by providing leadership and advice to the University on risk identification, assessment and management.
AUDIT RESOURCES AND INFRASTRUCTURE
5. Provide an Internal Audit office for delivery of audit and advisory services by professional, skilled, knowledgeable, experienced, and reliable audit personnel.
6. Establish an effective work environment by identifying opportunities to improve productivity, quality, and efficiency through technology and facilities.
AUDIT STANDARDS AND REQUIREMENTS
7. Comply with standards, requirements, policies, rules impacting Internal Audit as promulgated by relevant governmental, institutional or other professional bodies.
COMMUNICATION
Chapter
5
9
8. Facilitate effective communication within the Internal Audit office and with peers to maintain a high level of professional knowledge.
9. Use effective communication with management, clients, and other stakeholders to improve working relations and increase awareness of the audit function.
10. Maintain a functional relationship with members of the Audit, Compliance and Risk Committee.
16
OUR STRATEGY 2011 – 2014
GOAL 1 AUDIT PLANNING
Strategies:
The annual audit plan to be based on a formal risk assessment process, and reassessed/updated through the year (as considered necessary). Scheduled high risk areas to be completed as planned. (S1)
The risk assessment and resulting annual audit plan to be aligned with the University’s strategic goals and objectives. The Internal Audit function will endeavour to continually identify opportunities to further align audit activity with the University’s objectives. (S2)
The annual audit plan is to meet the needs of major stakeholders/senior management. Input from stakeholders/senior management to be obtained through interviews, risk surveys, and other feedback mechanisms. Participation of management in setting individual audit scopes will provide opportunity for Internal Audit to educate management on their internal control responsibilities. (S3)
The annual audit plan to include new systems, significant business projects, consulting activities, investigations and special requests. (S4)
The areas covered in the annual audit plan to provide coverage across the University. The audit universe and risk assessment to be reviewed to identify neglected areas. (S5)
Flexibility to be built into the annual audit plan. A sufficient number of hours to be reserved for special requests and audit assistance so that no audits covering high risks need to be postponed. (S6)
Key Performance Indicator Related Strategy Target
Risk assessment process performed. S1 By Oct 31 each year.
Number of planning questionnaires sent/interviews undertaken.
S3 All executive management and organisational unit management.
Audit universe reviewed. S5 By Oct 31 each year.
Chapter
6
16
Key Performance Indicator Related Strategy Target
Time allocated for special requests. S6 10% of available hours.
All high risk areas are completed as planned. S6 100%
Percentage of audit plan completed. S6 90%
GOAL 2 AUDIT REPORTING
Strategies:
Audit reports to be timely – within 10 working days from end of fieldwork to draft report, within 10 working days from draft report to final report. (S1)
Continual review of report design to include exploring the use of condensed reporting or other formats to increase functionality and value of audit reporting. (S2)
Follow-up activities to be conducted to determine implementation of recommendations. (S3)
Key Performance Indicator Related Strategy Target
Number of audit reports issued. S1 Ten each year per Senior Auditor.
Percentage of audits where time from end of fieldwork to draft report exceeded 10 working days.
S1 < 10%
Percentage of audits where time from draft report to final report exceeded 10 working days.
S1 < 10 %
Percentage of audit matters accepted by audit clients (by category – High, Medium, Low).
S3 > 90%
Follow-up activities performed. S3 Quarterly.
16
GOAL 3 ADVISORY SERVICES
Strategies:
Auditors to be available to participate in committees/working parties where controls are discussed. (S1)
Auditors to be involved at an early stage in strategic efforts where controls and quality processes are deliberated. Auditors to lend their expertise in the planning stages of projects or systems to help in mitigating risks before the projects or systems become operational. (S2)
Auditors to be available to provide assistance upon request. (S3)
Internal Audit to establish a control self-assessment program for the University. This aims to extend audit coverage, while educating the University community on policies, procedures, regulations and internal control responsibilities. (S4)
Key Performance Indicator Related Strategy Target
Number of management requests for audit actioned.
S3 80% of requests.
Control self-assessment program established. S4 Dec 31, 2010.
GOAL 4 RISK MANAGEMENT SERVICES
Strategies:
Provision of assurance on the risk management processes. (S1)
Provision of assurance that risks are correctly evaluated. (S2)
Evaluation of risk management processes. (S3)
Evaluation of reporting of key risks. (S4)
Review of the management of key risks. (S5)
Key Performance Indicator Related Strategy Target
Regular review performed. S1-5 Annually.
16
GOAL 5 INTERNAL AUDIT OFFICE
Strategies:
Strategic planning to be performed to foster continuous improvement. The Management Plan to be reviewed regularly. (S1)
Staff development to be encouraged by ensuring on average 40 hours a year for full-time auditors. (S2)
Certification of audit staff to be supported. (S3)
Membership and participation in professional organisations to be promoted. (S4)
Outside experts to be used as needed. (S5)
Staff to be provided with performance feedback and positive performance to be recognised and rewarded. (S6)
Key Performance Indicator Related Strategy Target
Internal Audit Management Plan reviewed. S1 By Oct 31 each year.
Hours of staff development per auditor. S2 40 hours on average per year.
Number of certified staff members. S3 All permanent staff.
Hours of external expert time utilised. S5 As required.
Formal provision of feedback through PRPD process.
S6 Annually.
GOAL 6 WORK ENVIRONMENT
Strategies:
Staff to be educated in the use of available resources, and current audit tools. (S1)
Explore automating audit workpapers and scanning supporting documents. Available automated options to be reviewed. (S2)
The use of on-line or web-based control self assessments (CSAs), with links to policies and procedures, to be investigated. (S3)
Office space and equipment needs to be evaluated. (S4)
16
Key Performance Indicator Related Strategy Target
Hours of training provided. S1 As required.
Review of available audit software performed. S2 Dec 31, 2010.
Investigation of on-line CSAs performed. S3 Dec 31, 2010.
Evaluation performed. S4 By Sep 30 each year.
GOAL 7 COMPLIANCE
Strategies:
The Internal Audit Charter that addresses Internal Audit’s role and mandate to be maintained. The charter to be reviewed and authorised by the Audit, Compliance and Risk Committee. (S1)
The Internal Audit Policies and Procedures Manual to be maintained. The Manual to be reviewed and updated to reflect changes to practices or requirements. (S2)
An external quality assurance review to be performed. (S3)
Quality assurance techniques to ensure compliance to be further developed. (S4)
Key Performance Indicator Related Strategy Target
Internal Audit Charter reviewed. S1 Every three years.
Internal Audit Policies and Procedures Manual reviewed.
S2 By Mar 31 every second year.
External quality assurance review performed. S3 At least once every five years.
GOAL 8 COMMUNICATION WITH STAFF AND PEERS
Strategies:
Participation in professional email lists to be encouraged. (S1)
Regular attendance at meetings/conferences of professional audit organisations/networks to be supported. (S2)
Key Performance Indicator Related Strategy Target
16
Number of audit organisation meetings/ conferences attended.
S2 All ANZUIAG/QTEAN opportunities.
GOAL 9 COMMUNICATION WITH THE UNIVERSITY
Strategies:
The progress of audits to be communicated to audit clients to keep them abreast of issues needing their attention. (S1)
Internal Audit’s Management Plan to be communicated to appropriate management personnel and clients to improve relations. (S2)
A working relationship with External Audit to be maintained. Internal Audit to be apprised of and involved, to the extent appropriate, in External Audit activities. (S3)
The Internal Audit web site to be used to facilitate two-way communication, including a survey form to be made available online to obtain feedback from clients on the quality of Internal Audit activities. (S4)
An audit brochure or pamphlet to be developed and used to answer general questions about Internal Audit at the University. (S5)
Regular communication to be established with audit clients to identify needs, potential audit issues and changes to risks, as well as to obtain feedback. Internal Audit staff to hold regular meetings with University management. (S6)
Key Performance Indicator Related Strategy Target
Mid-point meetings undertaken with audit clients.
S1 All audits scheduled for > 10 days.
Email issued by University Secretary and Director (Vice-Chancellor & President’s Division) to University management.
S2 By Dec 31 each year.
Consultation undertaken with External Audit in developing annual plan.
S3 By Oct 31 each year.
Survey form available online. S4 Completed.
Marketing material developed. S5 Completed.
16
Key Performance Indicator Related Strategy Target
Number of communication meetings undertaken with University management.
S6 Quarterly.
GOAL 10 AUDIT, COMPLIANCE AND RISK COMMITTEE COMMUNICATION
Strategies:
The Associate Director (Internal Audit) to attend Audit, Compliance and Risk Committee meetings. (S1)
The Audit, Compliance and Risk Committee to review and approve the Internal Audit Operational Plan. (S2)
The Associate Director (Internal Audit) to meet privately and informally with the members of the Audit, Compliance and Risk Committee to build trust and provide context about the Internal Audit function and its relationship with University management. (S3)
The Associate Director (Internal Audit) to report current risks, major activities, key findings and issues to meetings of the Audit, Compliance and Risk Committee. (S4)
The Associate Director (Internal Audit) to have unrestricted access to the Chair of the Audit, Compliance and Risk Committee. (S5)
Key Performance Indicator Related Strategy Target
Number of Committee meetings attended. S1 All scheduled Committee meetings.
Plan reviewed and approved by Committee. S2 By Nov 30 each year.
Number of private meetings undertaken by Associate Director (Internal Audit) and the Committee members.
S3 All scheduled Committee meetings.
Number of reports presented to the Committee. S4 All scheduled Committee meetings.
17
APPENDIX A ANNUAL PLANNING METHODOLOGY
AUDITABLE AREAS
The operations of the University are allocated to ‘auditable areas’. These auditable areas were identified by Internal Audit based on research, professional judgment, and experience of University operations.
These auditable areas are then assessed to determine a level of risk.
RISK ASSESSMENT PROCESS
Each of the auditable areas is assessed using professional judgement and experience based on the following criteria:
a) Management and control effectiveness – consideration is given to the: existence and quality of documentation of objectives and procedures; adequacy of staff training; adequacy of management reporting; existence of segregation of duties; existence of appropriate audit trails; actual incidence of fraud or loss; quality of systems implementation.
b) Size and materiality – consideration is given to the: asset size, turnover, liquidity, transaction volume; number of staff; turnover of staff.
c) System characteristics – consideration is given to the: evidence of continuity/coherence in multi-phased procedures; existence of ownership and/or accountability; existence of a focused system; level of reliance on other systems; degree of complexity in the system; stability of the system; distance from senior management; management of change.
Chapter
7
19
d) Organisational change – consideration is given to the: frequency of change in management personnel; staff knowledge of objectives and responsibilities; level of morale.
e) Potential for revenue/cost benefit – consideration is given to the: level of asset/staff utilisation; staff workload; speed of decision making processes; existence of adequate planning; existence of adequate management information systems and debt management.
For each criterion above, a score of 1 to 9 is allocated:1 = low risk5 = moderate risk9 = high risk (or not known)
The score for each criterion for each auditable area is totalled (ranging from 5 to 45). Risk rankings are then assigned as follows:
5 to 18 = low risk19 to 32 = moderate risk33 to 45 = high risk
Where more than one auditable area has the same score, the following additional risk factors are considered, to assist in the prioritisation of audits:
f) Visibility of the system – consideration is given to the: existence of adverse media (or potential for it); existence of external reviews/audits (eg. AUQA, QAO); number of public complaints (eg. Ombudsmen, CMC); existence of adverse court rulings.
g) Time since last audit review performed in current year (score – 1); review performed in current year minus 1 (score – 3); review performed in current year minus 2 (score – 5); review performed in current year minus 3 (score – 7).
Note – an additional point is added to the score if significant matters were identified at the last review, or if earlier audit matters were not addressed by the last review.
h) Policy/Legislative requirements no requirements (score – 1); University policy requirements (score – 5); legislative requirements (score – 9).
i) Impact on strategic/operational goals – consideration is given to the: Frequency of expenditure outside of the approved University plan(s); Failure to implement programmes that are part of the University plan(s).
19
AUDIT COVERAGE
Internal Audit is concerned with all aspects of the University’s operations. Our objective is to audit each auditable area (except those classified as low risk) at least once every four years where resources permit. Areas of high risk may be audited more frequently.
20
APPENDIX B AUDITABLE AREAS
The following are the key identified auditable areas that make up the University’s operations: COMMERCIAL ACTIVITIES
Co-operative research centres Bookshop Community Sports Centre Capricornia College Travel Crew Press English Language Centre
FACILITIES MANAGEMENT
Facilities assistance centre Environmental planning and management (including energy and water management) Consultant management Fleet management Security Grounds Maintenance (eg. plumbing, carpentry, electrical work, planning/scheduling) Strategic asset management Capital development and capital budget Project management Space management
FINANCIAL OPERATIONS
Assets: o Deferred tax assetso Casho Receivableso Investmentso Inventorieso Other current assets
Chapter
8
25
Liabilities:o Tax liabilitieso Clearing accounts – Othero Clearing accounts – Staffo Provisionso Creditors and borrowingso Student fee liabilitieso Revenue received in advanceo Other liabilities
Equityo Outside equity interestso Market value gaino Reserves
Revenueo Student feeso Fees and chargeso Donations and bequestso Grantso Investment incomeo Saleso Scholarships and prizeso Accumulated depreciation adjustmento Internal asset transfer adjustmento Inventory tradingo Other revenueso Revaluation incremento Transfers
Expenseso Revaluation decremento Outside equity interestso Salary expenditureo Non-salary expenditureo Depreciation expenses
Cash – Handling and Banking Property, plant and equipment stocktakes Resource allocation, planning and budgeting processes Access to PeopleSoft Financials Reportable gifts and special payments Insurance activities Financial statements – Production/Review Salary sacrifice packaging Procurement Travel Card Usage Procurement Card Usage
25
HUMAN RESOURCES
Workforce planning renewal Recruitment and selection Staff induction, orientation and probation Salaries, superannuation and leave Performance management Staff development – training Staff development – study Staff disputes and grievances End-of-employment activities Access to Alesco and information Equity Health, safety and workers compensation
INFORMATION SYSTEMS
IT projects Plan and organise
o Define a strategic IT plan and directiono Define the information architectureo Determine technological directiono Define the IT processes, organisation and relationshipso Manage the IT investmento Communicate management aims and directiono Manage IT human resourceso Manage qualityo Assess and manage IT riskso Manage projects
Acquire and implemento Identify automated solutionso Acquire and maintain application softwareo Acquire and maintain technology infrastructureo Enable operation and useo Procure IT resourceso Manage changeo Install and accredit solutions and changes
Deliver and supporto Define and manage service levelso Manage third-party serviceso Manage performance and capacityo Ensure continuous serviceo Ensure systems securityo Identify and allocate costso Educate and train userso Manage service desk and incidents
25
o Manage the configurationo Manage problemso Manage datao Manage the physical environmento Manage operations
Monitor and evaluateo Monitor and evaluate IT processeso Monitor and evaluate internal controlo Ensure regulatory complianceo Provide IT governance
COMPLIANCE
Education Services for Overseas Students (ESOS) Act Statutory Bodies Financial Arrangements Act Financial Accountability Act Information Standard 40 – Recordkeeping Half-Yearly Investments and Registers Review Business Continuity Planning – IT Assets National Governance Protocols National Acceptance Protocols Legislative compliance - general University policy compliance – general
OPERATIONAL CONTINUITY
Business continuity managemento Crisis managemento Disaster recoveryo Business continuityo Restoration/recovery
Preventative measures – systems Preventative measures – facilities Incident management
REGIONAL AND OFF-SHORE CAMPUSES
Mackay campus Emerald campus Gladstone campus Bundaberg campus Singapore campus
SERVICE DIVISIONS
25
Library and Academic Learning services Office of Research Vice-Chancellor & President’s Division Public relations and marketing Development and graduate relations
STUDENT ACTIVITIES
Admissions Enrolments Student records Access to CQUcentral Student financials Timetabling Examinations and assessment Graduations Student services Nulloo Yumbah Scholarship administration Prize administration Planning student numbers Academic misconduct and exclusions Customer relationship management software Student recruitment practices
TEACHING AND LEARNING ACTIVITIES
Student assessment and grading Student profile Student progress Curriculum and courses Teaching staff Quality of teaching and learning Learning resources – library and educational technology Learning support Student grievances and appeals Leadership and management of teaching and learning Program and course review/development
25
RESEARCH AND RESEARCH TRAINING
Commissioned research Ethics Quality Human resources/People management Institutional Collaboration Accessibility Intellectual property management Supervision of HDR students HDR students Identification and management of research opportunities Preparation of research applications – Costing and pricing Management of research grant income and expenditure Commercialisation of research
COMMUNITY ENGAGEMENT
Collaborative research with local industries Development of academic programs in partnership with local organisations Community service learning for students Consultancy services for local communities Community involvement with institution affairs
GOVERNANCE AND MANAGEMENT
Governance (incl. Council oversight) Leadership Planning Management Academic governance Risk management Ethics Information (incl. privacy, records management, right to information) Management reporting Quality assurance practices Contract processes/management (eg. cleaning, stationery, printing) Policy documentation
26
APPENDIX C INTERNAL AUDIT PLAN (2011 -2014)
The table below outlines the internal audits proposed to be included in the Operational Plan for 2011 and anticipated audits for 2012 – 2014 (inclusive). The exact scope and time required for each audit will be agreed with management and documented in detail prior to the commencement of audit fieldwork.
No. Audit Title 2011 2012 2013 2014
Commercial Activities
1. Co-operative research centres
2. Bookshop
3. Community Sports Centre
4. Capricornia College
5. Travel Crew
6. Press
7. English Language Centre
Facilities Management
8. Facilities assistance centre
9. Environmental planning/ management
10. Consultant management
11. Fleet management
12. Security
13. Grounds
Chapter
9
36
No. Audit Title 2011 2012 2013 2014
14. Maintenance
15. Strategic asset management
16. Capital development/capital budget
17. Project management
18. Space management
Financial Operations
Assets:
19. o Deferred tax assets
20. o Cash
21. o Receivables
22. o Investments
23. o Inventories
24. o Other current assets
25. o Property, plant and equip.
26. o Intangibles
Liabilities:
27. o Tax liabilities
28. o Clearing accounts – Other
29. o Clearing accounts – Staff
30. o Provisions
31. o Creditors and borrowings
32. o Student fee liabilities
36
No. Audit Title 2011 2012 2013 2014
33. o Revenue received in advance
34. o Other liabilities
Equity:
35. o Outside equity interests
36. o Market value gain
37. o Reserves
Revenue:
38. o Student fees
39. o Fees and charges
40. o Donations and bequests
41. o Grants
42. o Investment income
43. o Sales
44. o Scholarships and prizes
45. o Accumulated depreciation adjustment
46. o Internal asset transfer adjustment
47. o Inventory trading
48. o Other revenues
49. o Revaluation increment
50. o Transfers
Expenses:
51. o Revaluation decrement
52. o Outside equity interests
36
No. Audit Title 2011 2012 2013 2014
53. o Salary expenditure
54. o Non-salary expenditure
55. o Depreciation expenses
Other:
56. Cash – Handling and banking
57. PPE stocktakes
58. Resource allocation, planning and budgeting processes
59. Access to PeopleSoft Financials
60. Reportable gifts and special payments
61. Insurance activities
62. Financial statements – Production/ Review
63. Salary sacrifice packaging
64. Procurement
65. Travel card usage
66. Procurement card usage
67. Mobile phone usage
Human Resources
68. Workforce planning and renewal
69. Recruitment and selection
70. Staff induction, orientation and probation
71. Salaries, superannuation and leave
72. Performance management
36
No. Audit Title 2011 2012 2013 2014
73. Staff development – training
74. Staff development – study
75. Staff disputes and grievances
76. End-of-employment activities
77. Access to ALESCO and information
78. Equity
79. Health, safety and workers compensation
Information Systems
80. IT projects
Plan and Organise:
81. o Define the strategic IT plan and direction
82. o Define the information architecture
83. o Determine technological direction
84. o Define the IT processes, org’n and relationships
85. o Manage the IT investment
86. o Communicate management aims and direction
87. o Manage IT human resources
88. o Manage quality
89. o Assess and manage IT risks
90. o Manage projects
36
No. Audit Title 2011 2012 2013 2014
Acquire and Implement:
91. o Identify automated solutions
92. o Acquire and maintain application software
93. o Acquire and maintain technology infrastructure
94. o Enable operation and use
95. o Procure IT resources
96. o Manage changes
97. o Install and accredit solutions and changes
Deliver and Support:
98. o Define and manage service levels
99. o Manage third-party services
100.
o Manage performance and capacity
101.
o Ensure continuous service
102.
o Ensure systems security
103.
o Identify and allocate costs
104.
o Educate and train users
105.
o Manage service desk and incidents
106.
o Manage the configuration
107.
o Manage problems
108.
o Manage data
109.
o Manage the physical environment
110.
o Manage operations
36
No. Audit Title 2011 2012 2013 2014
Monitor and Evaluate:
111.
o Monitor and evaluate IT processes
112.
o Monitor and evaluate internal control
113.
o Ensure regulatory compliance
114.
o Provide IT governance
Compliance
115.
Education Services for Overseas Students (ESOS) Act
116.
Statutory Bodies Financial Arrangements Act
117.
Financial Accountability Act
118.
Information Standard 40 - Recordkeeping
119.
Half-Yearly Investments and Registers Review
120.
Business Continuity Planning – IT Assets
121.
Legislative compliance – general
122.
University policy compliance – general
Operational Continuity
123.
Business continuity management
124.
Incident management
36
No. Audit Title 2011 2012 2013 2014
127.
Gladstone campus
128.
Bundaberg campus
129.
Singapore campus
Service Divisions
130.
Library and Academic Learning services
131.
Office of Research
132.
Vice-Chancellor & President’s Division
133.
Public relations and marketing
134.
Development and graduate relations
Student Activities
135.
Admissions
136.
Enrolments
137.
Student records
138.
Access to CQUcentral
139.
Timetabling
140.
Examinations and assessment
36
No. Audit Title 2011 2012 2013 2014
145.
Prize administration
146.
Planning student numbers
147.
Academic misconduct and exclusions
148.
CRM software
149.
Student recruitment practices
Teaching and Learning Activities
150.
Student assessment and grading
151.
Student profile
152.
Student progress
153.
Curriculum and courses
154.
Teaching staff
155.
Quality of teaching and learning
156.
Learning resources – library and educational technology
157.
Learning support
158.
Student grievances and appeals
159.
Leadership and management of teaching and learning
36
160.
Program and course review/ development
Research and Research Training
161.
Commissioned research
162.
Ethics
163.
Institutional
36
No. Audit Title 2011 2012 2013 2014
164. Collaboration
165. Accessibility
166. Intellectual property management
167. HDR students (incl. supervision)
168. Identification and management of research opportunities
169. Preparation of research applications – Costing and pricing
170. Management of research grant income and expenditure
171. Commercialisation of research
Community Engagement
172. Collaborative research with local industries
173. Development of academic programs in partnership with local organisations
174. Community service learning for students
175. Consultancy services for local communities
176. Community involvement with institution affairs
Governance and Management
177. Governance (incl. Council oversight)
178. Leadership
179. Planning
180. Management
181. Academic governance